From bc64164d699a55353bb4a02b5bf1bdbde5aeb15f Mon Sep 17 00:00:00 2001
From: Emi Dunn-Rankin <mdunnrankin@gmail.com>
Date: Tue, 2 Aug 2022 21:17:52 -0700
Subject: [PATCH] Sigh, fix HTTPS for images AGAIN with a proxy now

Okay, like in the previous commit, we're dealing with forced HTTPS, on a server that isn't going to cooperate with our dependencies' HTTPS version. And this time, I don't think there's a secret origin server that will accept `http://` requests for us.

Thankfully, we have the perfect hack in our back pocket: our own pre-existing images.neopets.com proxy server! I set the following in our secret `.env` file, and now we're good:

```
NEOPETS_IMAGES_URL_ORIGIN=http://images.neopets-asset-proxy.openneo.net
```
---
 app/models/swf_asset.rb | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/app/models/swf_asset.rb b/app/models/swf_asset.rb
index 4b00efcd..5a6de983 100644
--- a/app/models/swf_asset.rb
+++ b/app/models/swf_asset.rb
@@ -11,7 +11,7 @@ class SwfAsset < ActiveRecord::Base
     'Cache-Control' => 'max-age=315360000',
     'Content-Type' => 'image/png'
   }
-  NEOPETS_ASSET_SERVER = 'http://images.neopets.com'
+  NEOPETS_IMAGES_URL_ORIGIN = ENV['NEOPETS_IMAGES_URL_ORIGIN'] || 'http://images.neopets.com'
 
   set_inheritance_column 'inheritance_type'
 
@@ -248,7 +248,7 @@ class SwfAsset < ActiveRecord::Base
 
   def mall_data=(data)
     self.zone_id = data['zone'].to_i
-    self.url = "#{NEOPETS_ASSET_SERVER}/#{data['url']}"
+    self.url = "#{NEOPETS_IMAGES_URL_ORIGIN}/#{data['url']}"
   end
 
   def self.from_wardrobe_link_params(ids)
@@ -260,17 +260,14 @@ class SwfAsset < ActiveRecord::Base
   end
 
   before_create do
-    uri = URI.parse url
-    # NOTE: Our old Ruby can't do the HTTPS the images.neopets.com server
-    #       wants. We turn it off instead! Sigh. Should be fine since we
-    #       don't anticipate like, an MITM attack against our VPS.
-    #
-    #       Also, we re-parse after setting the scheme, to change the
-    #       class to URI:HTTP. This especially matters for URIs that
-    #       were given to us as "//images.neopets.com", because they
-    #       don't have a `request_uri` method.
-    uri.scheme = 'http'
-    uri = URI.parse(uri.to_s)
+    # HACK: images.neopets.com no longer accepts requests over `http://`, and
+    #       our dependencies don't support the version of HTTPS they want. So,
+    #       we replace images.neopets.com with the NEOPETS_IMAGES_URL_ORIGIN
+    #       specified in the secret `.env` file. (At time of writing, that's
+    #       our proxy: `http://images.neopets-asset-proxy.openneo.net`.)
+    modified_url = url.sub(/^https?:\/\/images.neopets.com/, NEOPETS_IMAGES_URL_ORIGIN)
+
+    uri = URI.parse(modified_url)
     begin
       http = Net::HTTP.new(uri.host, uri.port)
       response = http.get(uri.request_uri)