git.squeep.com Git - akkoma/blob - lib/pleroma/web/media_proxy/media_proxy.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MediaProxy do
   6   alias Pleroma.Config
   7   alias Pleroma.Upload
   8   alias Pleroma.Web
   9   alias Pleroma.Web.MediaProxy.Invalidation
  10
  11   @base64_opts [padding: false]
  12
  13   @spec in_banned_urls(String.t()) :: boolean()
  14   def in_banned_urls(url), do: elem(Cachex.exists?(:banned_urls_cache, url(url)), 1)
  15
  16   def remove_from_banned_urls(urls) when is_list(urls) do
  17     Cachex.execute!(:banned_urls_cache, fn cache ->
  18       Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))
  19     end)
  20   end
  21
  22   def remove_from_banned_urls(url) when is_binary(url) do
  23     Cachex.del(:banned_urls_cache, url(url))
  24   end
  25
  26   def put_in_banned_urls(urls) when is_list(urls) do
  27     Cachex.execute!(:banned_urls_cache, fn cache ->
  28       Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))
  29     end)
  30   end
  31
  32   def put_in_banned_urls(url) when is_binary(url) do
  33     Cachex.put(:banned_urls_cache, url(url), true)
  34   end
  35
  36   def url(url) when is_nil(url) or url == "", do: nil
  37   def url("/" <> _ = url), do: url
  38
  39   def url(url) do
  40     if disabled?() or not url_proxiable?(url) do
  41       url
  42     else
  43       encode_url(url)
  44     end
  45   end
  46
  47   @spec url_proxiable?(String.t()) :: boolean()
  48   def url_proxiable?(url) do
  49     if local?(url) or whitelisted?(url) do
  50       false
  51     else
  52       true
  53     end
  54   end
  55
  56   defp disabled?, do: !Config.get([:media_proxy, :enabled], false)
  57
  58   defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
  59
  60   defp whitelisted?(url) do
  61     %{host: domain} = URI.parse(url)
  62
  63     mediaproxy_whitelist_domains =
  64       [:media_proxy, :whitelist]
  65       |> Config.get()
  66       |> Enum.map(&maybe_get_domain_from_url/1)
  67
  68     whitelist_domains =
  69       if base_url = Config.get([Upload, :base_url]) do
  70         %{host: base_domain} = URI.parse(base_url)
  71         [base_domain | mediaproxy_whitelist_domains]
  72       else
  73         mediaproxy_whitelist_domains
  74       end
  75
  76     domain in whitelist_domains
  77   end
  78
  79   defp maybe_get_domain_from_url("http" <> _ = url) do
  80     URI.parse(url).host
  81   end
  82
  83   defp maybe_get_domain_from_url(domain), do: domain
  84
  85   def encode_url(url) do
  86     base64 = Base.url_encode64(url, @base64_opts)
  87
  88     sig64 =
  89       base64
  90       |> signed_url
  91       |> Base.url_encode64(@base64_opts)
  92
  93     build_url(sig64, base64, filename(url))
  94   end
  95
  96   def decode_url(sig, url) do
  97     with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
  98          signature when signature == sig <- signed_url(url) do
  99       {:ok, Base.url_decode64!(url, @base64_opts)}
 100     else
 101       _ -> {:error, :invalid_signature}
 102     end
 103   end
 104
 105   defp signed_url(url) do
 106     :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)
 107   end
 108
 109   def filename(url_or_path) do
 110     if path = URI.parse(url_or_path).path, do: Path.basename(path)
 111   end
 112
 113   def build_url(sig_base64, url_base64, filename \\ nil) do
 114     [
 115       Config.get([:media_proxy, :base_url], Web.base_url()),
 116       "proxy",
 117       sig_base64,
 118       url_base64,
 119       filename
 120     ]
 121     |> Enum.filter(& &1)
 122     |> Path.join()
 123   end
 124 end