From 238d849298735af124c812969fa8020c0ff396b8 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Sun, 8 Apr 2018 18:24:07 +0200
Subject: [PATCH] Can now disable SSL cerification for external requests
---
README.rst | 8 ++++++++
api/funkwhale_api/federation/activity.py | 3 +++
api/funkwhale_api/federation/actors.py | 1 +
api/funkwhale_api/federation/library.py | 3 +++
api/funkwhale_api/federation/webfinger.py | 5 ++++-
api/funkwhale_api/music/views.py | 1 +
6 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/README.rst b/README.rst
index 2e4772ad..f39baead 100644
--- a/README.rst
+++ b/README.rst
@@ -273,3 +273,11 @@ we will default to node1 as the name of your instance.
Assuming your project name is ``node1``, your server will be reachable
at ``https://node1.funkwhale.test/``. Not that you'll have to trust
the SSL Certificate as it's self signed.
+
+When working on federation with traefik, ensure you have this in your ``env``::
+
+ # This will ensure we don't bind any port on the host, and thus enable
+ # multiple instances of funkwhale to be spawned concurrently.
+ WEBPACK_DEVSERVER_PORT_BINDING=
+ # This disable certificate verification
+ EXTERNAL_REQUESTS_VERIFY_SSL=false
diff --git a/api/funkwhale_api/federation/activity.py b/api/funkwhale_api/federation/activity.py
index a674c70e..24a1f782 100644
--- a/api/funkwhale_api/federation/activity.py
+++ b/api/funkwhale_api/federation/activity.py
@@ -3,6 +3,8 @@ import json
import requests_http_signature
import uuid
+from django.conf import settings
+
from funkwhale_api.common import session
from . import models
@@ -74,6 +76,7 @@ def deliver(activity, on_behalf_of, to=[]):
json=activity,
url=recipient_actor.inbox_url,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
}
diff --git a/api/funkwhale_api/federation/actors.py b/api/funkwhale_api/federation/actors.py
index d3a2093a..bb0b99cc 100644
--- a/api/funkwhale_api/federation/actors.py
+++ b/api/funkwhale_api/federation/actors.py
@@ -32,6 +32,7 @@ def get_actor_data(actor_url):
response = session.get_session().get(
actor_url,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Accept': 'application/activity+json',
}
diff --git a/api/funkwhale_api/federation/library.py b/api/funkwhale_api/federation/library.py
index 13608098..f9a1de8f 100644
--- a/api/funkwhale_api/federation/library.py
+++ b/api/funkwhale_api/federation/library.py
@@ -1,5 +1,7 @@
import requests
+from django.conf import settings
+
from funkwhale_api.common import session
from . import actors
@@ -69,6 +71,7 @@ def get_library_data(library_url):
library_url,
auth=auth,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
}
diff --git a/api/funkwhale_api/federation/webfinger.py b/api/funkwhale_api/federation/webfinger.py
index d4170a43..f5cb9963 100644
--- a/api/funkwhale_api/federation/webfinger.py
+++ b/api/funkwhale_api/federation/webfinger.py
@@ -47,7 +47,10 @@ def get_resource(resource_string):
username, hostname = clean_acct(resource, ensure_local=False)
url = 'https://{}/.well-known/webfinger?resource={}'.format(
hostname, resource_string)
- response = session.get_session().get(url, timeout=5)
+ response = session.get_session().get(
+ url,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
+ timeout=5)
response.raise_for_status()
serializer = serializers.ActorWebfingerSerializer(data=response.json())
serializer.is_valid(raise_exception=True)
diff --git a/api/funkwhale_api/music/views.py b/api/funkwhale_api/music/views.py
index 6bbc21db..98048b41 100644
--- a/api/funkwhale_api/music/views.py
+++ b/api/funkwhale_api/music/views.py
@@ -219,6 +219,7 @@ class TrackFileViewSet(viewsets.ReadOnlyModelViewSet):
auth=auth,
stream=True,
timeout=20,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
})
--
GitLab