Can now disable SSL cerification for external requests

238d8492 · Eliot Berriot · 6c0a43a0 · 238d8492 · 238d8492 · 238d8492
Verified Commit 238d8492 authored 6 years ago by Eliot Berriot
--- a/README.rst
+++ b/README.rst
@@ -273,3 +273,11 @@ we will default to node1 as the name of your instance.
 Assuming your project name is ``node1``, your server will be reachable
 at ``https://node1.funkwhale.test/``. Not that you'll have to trust
 the SSL Certificate as it's self signed.
+
+When working on federation with traefik, ensure you have this in your ``env``::
+
+    # This will ensure we don't bind any port on the host, and thus enable
+    # multiple instances of funkwhale to be spawned concurrently.
+    WEBPACK_DEVSERVER_PORT_BINDING=
+    # This disable certificate verification
+    EXTERNAL_REQUESTS_VERIFY_SSL=false
--- a/api/funkwhale_api/federation/activity.py
+++ b/api/funkwhale_api/federation/activity.py
@@ -3,6 +3,8 @@ import json
 import requests_http_signature
 import uuid

+from django.conf import settings
+
 from funkwhale_api.common import session

 from . import models
@@ -74,6 +76,7 @@ def deliver(activity, on_behalf_of, to=[]):
            json=activity,
            url=recipient_actor.inbox_url,
            timeout=5,
+            verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
            headers={
                'Content-Type': 'application/activity+json'
            }

--- a/api/funkwhale_api/federation/actors.py
+++ b/api/funkwhale_api/federation/actors.py
@@ -32,6 +32,7 @@ def get_actor_data(actor_url):
    response = session.get_session().get(
        actor_url,
        timeout=5,
+        verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
        headers={
            'Accept': 'application/activity+json',
        }

--- a/api/funkwhale_api/federation/library.py
+++ b/api/funkwhale_api/federation/library.py
 import requests

+from django.conf import settings
+
 from funkwhale_api.common import session

 from . import actors
@@ -69,6 +71,7 @@ def get_library_data(library_url):
            library_url,
            auth=auth,
            timeout=5,
+            verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
            headers={
                'Content-Type': 'application/activity+json'
            }

--- a/api/funkwhale_api/federation/webfinger.py
+++ b/api/funkwhale_api/federation/webfinger.py
@@ -47,7 +47,10 @@ def get_resource(resource_string):
    username, hostname = clean_acct(resource, ensure_local=False)
    url = 'https://{}/.well-known/webfinger?resource={}'.format(
        hostname, resource_string)
-    response = session.get_session().get(url, timeout=5)
+    response = session.get_session().get(
+        url,
+        verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
+        timeout=5)
    response.raise_for_status()
    serializer = serializers.ActorWebfingerSerializer(data=response.json())
    serializer.is_valid(raise_exception=True)

--- a/api/funkwhale_api/music/views.py
+++ b/api/funkwhale_api/music/views.py
@@ -219,6 +219,7 @@ class TrackFileViewSet(viewsets.ReadOnlyModelViewSet):
                auth=auth,
                stream=True,
                timeout=20,
+                verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
                headers={
                    'Content-Type': 'application/activity+json'
                })