Fix ignoredHosts (#630)

t2bot · Dec 23, 2024 · ea15250 · ea15250
1 parent 24b3ca5
commit ea15250
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -22,6 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 * Ensure the request parameters are correctly set for authenticated media client requests.
 * Ensure remote signing keys expire after at most 7 days.
 * Fixed parsing of `Authorization` headers for federated servers.
+* Ensure `ignoredHosts` is applied to unauthenticated requests.
 
 ## [1.3.7] - July 30, 2024
 

diff --git a/api/r0/download.go b/api/r0/download.go
@@ -74,8 +74,8 @@ func DownloadMedia(r *http.Request, rctx rcontext.RequestContext, auth _apimeta.
 		"authServerName": auth.Server.ServerName,
 	})
 
-	if auth.User.UserId != "" {
-		if !util.IsGlobalAdmin(auth.User.UserId) && util.IsHostIgnored(server) {
+	if util.IsHostIgnored(server) {
+		if auth.User.UserId == "" || !util.IsGlobalAdmin(auth.User.UserId) {
 			rctx.Log.Warn("Request blocked due to domain being ignored.")
 			return _responses.MediaBlocked()
 		}

diff --git a/api/r0/thumbnail.go b/api/r0/thumbnail.go
@@ -67,8 +67,8 @@ func ThumbnailMedia(r *http.Request, rctx rcontext.RequestContext, auth _apimeta
 		"authServerName": auth.Server.ServerName,
 	})
 
-	if auth.User.UserId != "" {
-		if !util.IsGlobalAdmin(auth.User.UserId) && util.IsHostIgnored(server) {
+	if util.IsHostIgnored(server) {
+		if auth.User.UserId == "" || !util.IsGlobalAdmin(auth.User.UserId) {
 			rctx.Log.Warn("Request blocked due to domain being ignored.")
 			return _responses.MediaBlocked()
 		}

diff --git a/api/unstable/info.go b/api/unstable/info.go
@@ -72,7 +72,7 @@ func MediaInfo(r *http.Request, rctx rcontext.RequestContext, user _apimeta.User
 		"allowRemote": downloadRemote,
 	})
 
-	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+	if util.IsHostIgnored(server) && !util.IsGlobalAdmin(user.UserId) {
 		rctx.Log.Warn("Request blocked due to domain being ignored.")
 		return _responses.MediaBlocked()
 	}

diff --git a/api/unstable/local_copy.go b/api/unstable/local_copy.go
@@ -46,7 +46,7 @@ func LocalCopy(r *http.Request, rctx rcontext.RequestContext, user _apimeta.User
 		"allowRemote": downloadRemote,
 	})
 
-	if !util.IsGlobalAdmin(user.UserId) && util.IsHostIgnored(server) {
+	if util.IsHostIgnored(server) && !util.IsGlobalAdmin(user.UserId) {
 		rctx.Log.Warn("Request blocked due to domain being ignored.")
 		return _responses.MediaBlocked()
 	}