From ddd0bb69e1d9ea98a0ea30717e9f25bcd50b41a3 Mon Sep 17 00:00:00 2001
From: MIYAGI Hikaru <hcmiya@users.noreply.github.com>
Date: Fri, 29 Jun 2018 22:36:02 +0900
Subject: [PATCH] Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into
 `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901)

If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address.
I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
---
 .env.production.sample                   | 2 --
 app/lib/request.rb                       | 2 +-
 config/initializers/http_client_proxy.rb | 1 -
 docker-compose.yml                       | 1 -
 4 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/.env.production.sample b/.env.production.sample
index 3047f7595..ebb078878 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -229,5 +229,3 @@ STREAMING_CLUSTER_NUM=1
 # http_proxy=http://gateway.local:8118
 # Access control for hidden service.
 # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
-# If you use transparent proxy to access to hidden service, uncomment following for skipping private address check.
-# HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 397614fac..576ed23ca 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -154,7 +154,7 @@ class Request
       alias new open
 
       def thru_hidden_service?(host)
-        Rails.configuration.x.hidden_service_via_transparent_proxy && /\.(onion|i2p)$/.match(host)
+        Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match(host)
       end
     end
   end
diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb
index 52c595c5d..e607aff3c 100644
--- a/config/initializers/http_client_proxy.rb
+++ b/config/initializers/http_client_proxy.rb
@@ -11,7 +11,6 @@ Rails.application.configure do
   end
 
   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
-  config.x.hidden_service_via_transparent_proxy = ENV['HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY'] == 'true'
 end
 
 module Goldfinger
diff --git a/docker-compose.yml b/docker-compose.yml
index b31095a54..c54c73e44 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -83,7 +83,6 @@ services:
 ## Uncomment to enable federation with tor instances along with adding the following ENV variables
 ## http_proxy=http://privoxy:8118
 ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
-## HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true
 #  tor:
 #    build: https://github.com/usbsnowcrash/docker-tor.git
 #    networks:
-- 
GitLab