From bf07b714b45fe1971b3addc93949fc21cf2ac256 Mon Sep 17 00:00:00 2001
From: Jorijn Schrijvershof <jorijn@jorijn.com>
Date: Thu, 27 Jul 2023 19:18:34 +0200
Subject: [PATCH 1/6] customizes the http method for cache busting

---
 app/lib/cache_buster.rb             | 8 +++++---
 config/initializers/cache_buster.rb | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/lib/cache_buster.rb b/app/lib/cache_buster.rb
index 035611518eb52..4905e3c76eb43 100644
--- a/app/lib/cache_buster.rb
+++ b/app/lib/cache_buster.rb
@@ -2,8 +2,9 @@
 
 class CacheBuster
   def initialize(options = {})
-    @secret_header = options[:secret_header] || 'Secret-Header'
-    @secret        = options[:secret] || 'True'
+    @secret_header = options[:secret_header] || nil
+    @secret        = options[:secret] || nil
+    @http_method   = options[:http_method] || 'GET'
   end
 
   def bust(url)
@@ -21,7 +22,8 @@ def request_pool
   end
 
   def build_request(url, http_client)
-    Request.new(:get, url, http_client: http_client).tap do |request|
+    request = Request.new(@http_method.to_sym, url, http_client: http_client)
+    if @secret_header && !@secret_header.empty? && @secret && !@secret.empty?
       request.add_headers(@secret_header => @secret)
     end
   end
diff --git a/config/initializers/cache_buster.rb b/config/initializers/cache_buster.rb
index 227e450f35c1e..a49fba671bfeb 100644
--- a/config/initializers/cache_buster.rb
+++ b/config/initializers/cache_buster.rb
@@ -6,5 +6,6 @@
   config.x.cache_buster = {
     secret_header: ENV['CACHE_BUSTER_SECRET_HEADER'],
     secret: ENV['CACHE_BUSTER_SECRET'],
+    http_method: ENV['CACHE_BUSTER_HTTP_METHOD'] || 'GET',
   }
 end

From d0695fd5158aae8761334f3db2f79d10371af7be Mon Sep 17 00:00:00 2001
From: Renaud Chaput <renchap@gmail.com>
Date: Thu, 17 Aug 2023 16:28:49 +0200
Subject: [PATCH 2/6] Monley patch HTTP.rb to handle PURGE requests

Until https://github.com/httprb/http/pull/757 is merged
---
 app/lib/request.rb     |  2 +-
 config/application.rb  |  1 +
 lib/http_extensions.rb | 10 ++++++++++
 3 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 lib/http_extensions.rb

diff --git a/app/lib/request.rb b/app/lib/request.rb
index e5a9476a8ea71..fa0e3472f6782 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -117,7 +117,7 @@ def add_headers(new_headers)
 
   def perform
     begin
-      response = http_client.public_send(@verb, @url.to_s, @options.merge(headers: headers))
+      response = http_client.request(@verb, @url.to_s, @options.merge(headers: headers))
     rescue => e
       raise e.class, "#{e.message} on #{@url}", e.backtrace[0]
     end
diff --git a/config/application.rb b/config/application.rb
index 372adc16801b6..2a62c37e8be4e 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,6 +51,7 @@
 require_relative '../lib/active_record/database_tasks_extensions'
 require_relative '../lib/active_record/batches'
 require_relative '../lib/simple_navigation/item_extensions'
+require_relative '../lib/http_extensions'
 
 Dotenv::Railtie.load
 
diff --git a/lib/http_extensions.rb b/lib/http_extensions.rb
new file mode 100644
index 0000000000000..2bc0618c4c818
--- /dev/null
+++ b/lib/http_extensions.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Monkey patching until https://github.com/httprb/http/pull/757 is merged
+unless HTTP::Request::METHODS.include?(:purge)
+  module HTTP
+    class Request
+      METHODS = METHODS.dup.push(:purge).freeze
+    end
+  end
+end

From 3ca0f54a83c894dfdcee4a45ac84c7d2f11e1cf1 Mon Sep 17 00:00:00 2001
From: Renaud Chaput <renchap@gmail.com>
Date: Thu, 17 Aug 2023 16:28:59 +0200
Subject: [PATCH 3/6] Fix style

---
 app/lib/cache_buster.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/lib/cache_buster.rb b/app/lib/cache_buster.rb
index 4905e3c76eb43..10812615d9916 100644
--- a/app/lib/cache_buster.rb
+++ b/app/lib/cache_buster.rb
@@ -22,9 +22,9 @@ def request_pool
   end
 
   def build_request(url, http_client)
-    request = Request.new(@http_method.to_sym, url, http_client: http_client)
-    if @secret_header && !@secret_header.empty? && @secret && !@secret.empty?
-      request.add_headers(@secret_header => @secret)
-    end
+    request = Request.new(@http_method.downcase.to_sym, url, http_client: http_client)
+    request.add_headers(@secret_header => @secret) if @secret_header.present? && @secret && !@secret.empty?
+
+    request
   end
 end

From 220f2928fa84828ccd60c9978fea24a56c27d61e Mon Sep 17 00:00:00 2001
From: Renaud Chaput <renchap@gmail.com>
Date: Thu, 17 Aug 2023 16:29:10 +0200
Subject: [PATCH 4/6] Add CacheBuster spec

---
 spec/lib/cache_buster_spec.rb | 56 +++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 spec/lib/cache_buster_spec.rb

diff --git a/spec/lib/cache_buster_spec.rb b/spec/lib/cache_buster_spec.rb
new file mode 100644
index 0000000000000..84085608e8544
--- /dev/null
+++ b/spec/lib/cache_buster_spec.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe CacheBuster do
+  subject { described_class.new(secret_header: secret_header, secret: secret, http_method: http_method) }
+
+  let(:secret_header) { nil }
+  let(:secret) { nil }
+  let(:http_method) { nil }
+
+  let(:purge_url) { 'https://example.com/test_purge' }
+
+  describe '#bust' do
+    shared_examples 'makes_request' do
+      it 'makes an HTTP purging request' do
+        method = http_method&.to_sym || :get
+        stub_request(method, purge_url).to_return(status: 200)
+
+        subject.bust(purge_url)
+
+        test_request = a_request(method, purge_url)
+
+        test_request = test_request.with(headers: { secret_header => secret }) if secret && secret_header
+
+        expect(test_request).to have_been_made.once
+      end
+    end
+
+    context 'when using default options' do
+      include_examples 'makes_request'
+    end
+
+    context 'when specifying a secret header' do
+      let(:secret_header) { 'X-Purge-Secret' }
+      let(:secret) { SecureRandom.hex(20) }
+
+      include_examples 'makes_request'
+    end
+
+    context 'when specifying a PURGE method' do
+      let(:http_method) { 'purge' }
+
+      context 'when not using headers' do
+        include_examples 'makes_request'
+      end
+
+      context 'when specifying a secret header' do
+        let(:secret_header) { 'X-Purge-Secret' }
+        let(:secret) { SecureRandom.hex(20) }
+
+        include_examples 'makes_request'
+      end
+    end
+  end
+end

From 41a293f16b7de664cdec8a977a5df53c1ecd701b Mon Sep 17 00:00:00 2001
From: Renaud Chaput <renchap@gmail.com>
Date: Thu, 17 Aug 2023 16:47:06 +0200
Subject: [PATCH 5/6] Do not remove default header to avoid breaking
 retro-compatibility

---
 app/lib/cache_buster.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/lib/cache_buster.rb b/app/lib/cache_buster.rb
index 10812615d9916..d9f60eab40805 100644
--- a/app/lib/cache_buster.rb
+++ b/app/lib/cache_buster.rb
@@ -2,9 +2,12 @@
 
 class CacheBuster
   def initialize(options = {})
-    @secret_header = options[:secret_header] || nil
-    @secret        = options[:secret] || nil
-    @http_method   = options[:http_method] || 'GET'
+    @secret_header = options[:secret_header] ||
+                     (options[:http_method] ? nil : 'Secret-Header')
+    @secret = options[:secret] ||
+              (options[:http_method] ? nil : 'True')
+
+    @http_method = options[:http_method] || 'GET'
   end
 
   def bust(url)

From 198c9da2a8ae46ca9fc4edcd2da4bb820d4a52c3 Mon Sep 17 00:00:00 2001
From: Renaud Chaput <renchap@gmail.com>
Date: Thu, 17 Aug 2023 17:42:25 +0200
Subject: [PATCH 6/6] Add a deprecation warning for unset cache buster header
 config

---
 app/lib/cache_buster.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/lib/cache_buster.rb b/app/lib/cache_buster.rb
index d9f60eab40805..c54b0da1a11fb 100644
--- a/app/lib/cache_buster.rb
+++ b/app/lib/cache_buster.rb
@@ -2,6 +2,8 @@
 
 class CacheBuster
   def initialize(options = {})
+    ActiveSupport::Deprecation.warn('Default values for the cache buster secret header name and values will be removed in Mastodon 4.3. Please set them explicitely if you rely on those.') unless options[:http_method] || (options[:secret] && options[:secret_header])
+
     @secret_header = options[:secret_header] ||
                      (options[:http_method] ? nil : 'Secret-Header')
     @secret = options[:secret] ||