dockers/pixelfed
3
1
Fork 2
Code Issues 6 Pull requests Releases Activity
pixelfed/patches/0001-remove-IP-logging.patch
chris e512e0d6cd
Some checks failed
dockers/pixelfed/pipeline/head There was a failure building this commit
Details
port_patches
2024-07-14 11:12:43 +02:00

242 lines
11 KiB
Diff
Raw Blame History

From 39b4d1f323e3bed9e2381e04b2dad8ac691f69dc Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Sun, 14 Jul 2024 11:06:12 +0200
Subject: [PATCH 1/6] remove IP logging
Replace unneeded logging of IPs and User-Agent strings with hashed data.
---
.gitattributes | 12 ------------
app/Http/Controllers/Api/ApiV1Dot1Controller.php | 12 ++++++------
app/Http/Controllers/Auth/LoginController.php | 4 ++--
app/Http/Controllers/Auth/RegisterController.php | 2 +-
app/Http/Controllers/CuratedRegisterController.php | 2 +-
app/Http/Controllers/RemoteAuthController.php | 4 ++--
app/Http/Controllers/SeasonalController.php | 4 ++--
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
app/Http/Controllers/UserEmailForgotController.php | 4 ++--
app/Listeners/AuthLogin.php | 4 ++--
app/Listeners/LogFailedLogin.php | 4 ++--
11 files changed, 24 insertions(+), 36 deletions(-)
delete mode 100644 .gitattributes
diff --git a/.gitattributes b/.gitattributes
deleted file mode 100644
index 25c1b1b6..00000000
--- a/.gitattributes
+++ /dev/null
@@ -1,12 +0,0 @@
-* text=auto
-*.css linguist-vendored
-*.scss linguist-vendored
-*.js linguist-vendored
-CHANGELOG.md export-ignore
-
-# Collapse diffs for generated files:
-public/**/*.js text -diff
-public/**/*.json text -diff
-public/**/*.css text -diff
-public/img/* binary -diff
-public/fonts/* binary -diff
diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
index 9a47bb15..0bd5b482 100644
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@@ -283,8 +283,8 @@ class ApiV1Dot1Controller extends Controller
$log->action = 'account.edit.password';
$log->message = 'Password changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
Mail::to($request->user())->send(new PasswordChange($user));
@@ -308,7 +308,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
$agent = new Agent();
- $currentIp = $request->ip();
+ $currentIp = sha1($request->ip());
$activity = AccountLog::whereUserId($user->id)
->whereAction('auth.login')
@@ -487,7 +487,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
- $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.$request->ip(), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
+ $rl = RateLimiter::attempt('pf:apiv1.1:iar:'.sha1($request->ip()), config('pixelfed.app_registration_rate_limit_attempts', 3), function () {}, config('pixelfed.app_registration_rate_limit_decay', 1800));
abort_if(! $rl, 400, 'Too many requests');
$this->validate($request, [
@@ -559,7 +559,7 @@ class ApiV1Dot1Controller extends Controller
$user->email = $email;
$user->password = Hash::make($password);
$user->register_source = 'app';
- $user->app_register_ip = $request->ip();
+ $user->app_register_ip = sha1($request->ip());
$user->app_register_token = Str::random(40);
$user->save();
@@ -617,7 +617,7 @@ class ApiV1Dot1Controller extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404);
}
- $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.$request->ip(), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
+ $rl = RateLimiter::attempt('pf:apiv1.1:iarc:'.sha1($request->ip()), config('pixelfed.app_registration_confirm_rate_limit_attempts', 20), function () {}, config('pixelfed.app_registration_confirm_rate_limit_decay', 1800));
abort_if(! $rl, 429, 'Too many requests');
$request->validate([
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 86ee52c8..3e6a9c4f 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -109,8 +109,8 @@ class LoginController extends Controller
$log->action = 'auth.login';
$log->message = 'Account Login';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 230daea8..1d0e415c 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -165,7 +165,7 @@ class RegisterController extends Controller
'username' => $data['username'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
- 'app_register_ip' => request()->ip(),
+ 'app_register_ip' => sha1(request()->ip()),
]);
}
diff --git a/app/Http/Controllers/CuratedRegisterController.php b/app/Http/Controllers/CuratedRegisterController.php
index 58bddb49..83e2e120 100644
--- a/app/Http/Controllers/CuratedRegisterController.php
+++ b/app/Http/Controllers/CuratedRegisterController.php
@@ -389,7 +389,7 @@ class CuratedRegisterController extends Controller
$cr->email = $request->email;
$cr->username = $request->session()->get('cur-reg.form-username');
$cr->password = bcrypt($request->session()->get('cur-reg.form-password'));
- $cr->ip_address = $request->ip();
+ $cr->ip_address = sha1($request->ip());
$cr->reason_to_join = $request->session()->get('cur-reg.form-reason');
$cr->verify_code = Str::random(40);
$cr->save();
diff --git a/app/Http/Controllers/RemoteAuthController.php b/app/Http/Controllers/RemoteAuthController.php
index e0afd82e..7e58eec5 100644
--- a/app/Http/Controllers/RemoteAuthController.php
+++ b/app/Http/Controllers/RemoteAuthController.php
@@ -329,7 +329,7 @@ class RemoteAuthController extends Controller
'webfinger' => $res['_webfinger'],
], [
'software' => 'mastodon',
- 'ip_address' => $request->ip(),
+ 'ip_address' => sha1($request->ip()),
'bearer_token' => $token,
'verify_credentials' => $res,
'last_verify_credentials_at' => now(),
@@ -712,7 +712,7 @@ class RemoteAuthController extends Controller
'email' => $data['email'],
'password' => Hash::make($data['password']),
'email_verified_at' => config('remote-auth.mastodon.contraints.skip_email_verification') ? now() : null,
- 'app_register_ip' => request()->ip(),
+ 'app_register_ip' => sha1(request()->ip()),
'register_source' => 'mastodon',
])));
diff --git a/app/Http/Controllers/SeasonalController.php b/app/Http/Controllers/SeasonalController.php
index a9f1f98c..352eb102 100644
--- a/app/Http/Controllers/SeasonalController.php
+++ b/app/Http/Controllers/SeasonalController.php
@@ -230,8 +230,8 @@ class SeasonalController extends Controller
'action' => 'seasonal.my2020.view'
],
[
- 'ip_address' => $request->ip(),
- 'user_agent' => $request->userAgent()
+ 'ip_address' => sha1($request->ip()),
+ 'user_agent' => sha1($request->userAgent())
]
]);
return response()->json(200);
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
index ce411e4f..cf21aadb 100644
--- a/app/Http/Controllers/Settings/HomeSettings.php
+++ b/app/Http/Controllers/Settings/HomeSettings.php
@@ -137,8 +137,8 @@ trait HomeSettings
$log->action = 'account.edit.password';
$log->message = 'Password changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
Mail::to($request->user())->send(new PasswordChange($user));
@@ -185,8 +185,8 @@ trait HomeSettings
$log->action = 'account.edit.email';
$log->message = 'Email changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
diff --git a/app/Http/Controllers/UserEmailForgotController.php b/app/Http/Controllers/UserEmailForgotController.php
index 3889b980..c2622d10 100644
--- a/app/Http/Controllers/UserEmailForgotController.php
+++ b/app/Http/Controllers/UserEmailForgotController.php
@@ -80,8 +80,8 @@ class UserEmailForgotController extends Controller
{
UserEmailForgot::create([
'user_id' => $user->id,
- 'ip_address' => $request->ip(),
- 'user_agent' => $request->userAgent(),
+ 'ip_address' => sha1($request->ip()),
+ 'user_agent' => sha1($request->userAgent()),
'email_sent_at' => now()
]);
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
index 90806965..90d6591b 100644
--- a/app/Listeners/AuthLogin.php
+++ b/app/Listeners/AuthLogin.php
@@ -122,8 +122,8 @@ class AuthLogin
$device = DB::transaction(function() use($user) {
return UserDevice::firstOrCreate([
'user_id' => $user->id,
- 'ip' => request()->ip(),
- 'user_agent' => str_limit(request()->userAgent(), 180),
+ 'ip' => sha1(request()->ip()),
+ 'user_agent' => sha1(request()->userAgent()),
]);
});
}
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
index c6ba3305..eff0cf71 100644
--- a/app/Listeners/LogFailedLogin.php
+++ b/app/Listeners/LogFailedLogin.php
@@ -41,8 +41,8 @@ class LogFailedLogin
$log->action = 'auth.failed';
$log->message = 'Failed login attempt';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = sha1($request->ip());
+ $log->user_agent = sha1($request->userAgent());
$log->save();
}
}
--
2.45.2
Reference in a new issue View git blame Copy permalink