projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'fix/fedsocket-log-spam' into 'develop'
[akkoma] / lib / pleroma / web / media_proxy / media_proxy.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MediaProxy do
6 alias Pleroma.Config
7 alias Pleroma.Upload
8 alias Pleroma.Web
9 alias Pleroma.Web.MediaProxy.Invalidation
10
11 @base64_opts [padding: false]
12 @cache_table :banned_urls_cache
13
14 def cache_table, do: @cache_table
15
16 @spec in_banned_urls(String.t()) :: boolean()
17 def in_banned_urls(url), do: elem(Cachex.exists?(@cache_table, url(url)), 1)
18
19 def remove_from_banned_urls(urls) when is_list(urls) do
20 Cachex.execute!(@cache_table, fn cache ->
21 Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))
22 end)
23 end
24
25 def remove_from_banned_urls(url) when is_binary(url) do
26 Cachex.del(@cache_table, url(url))
27 end
28
29 def put_in_banned_urls(urls) when is_list(urls) do
30 Cachex.execute!(@cache_table, fn cache ->
31 Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))
32 end)
33 end
34
35 def put_in_banned_urls(url) when is_binary(url) do
36 Cachex.put(@cache_table, url(url), true)
37 end
38
39 def url(url) when is_nil(url) or url == "", do: nil
40 def url("/" <> _ = url), do: url
41
42 def url(url) do
43 if disabled?() or not url_proxiable?(url) do
44 url
45 else
46 encode_url(url)
47 end
48 end
49
50 @spec url_proxiable?(String.t()) :: boolean()
51 def url_proxiable?(url) do
52 if local?(url) or whitelisted?(url) do
53 false
54 else
55 true
56 end
57 end
58
59 defp disabled?, do: !Config.get([:media_proxy, :enabled], false)
60
61 defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
62
63 defp whitelisted?(url) do
64 %{host: domain} = URI.parse(url)
65
66 mediaproxy_whitelist_domains =
67 [:media_proxy, :whitelist]
68 |> Config.get()
69 |> Enum.map(&maybe_get_domain_from_url/1)
70
71 whitelist_domains =
72 if base_url = Config.get([Upload, :base_url]) do
73 %{host: base_domain} = URI.parse(base_url)
74 [base_domain | mediaproxy_whitelist_domains]
75 else
76 mediaproxy_whitelist_domains
77 end
78
79 domain in whitelist_domains
80 end
81
82 defp maybe_get_domain_from_url("http" <> _ = url) do
83 URI.parse(url).host
84 end
85
86 defp maybe_get_domain_from_url(domain), do: domain
87
88 def encode_url(url) do
89 base64 = Base.url_encode64(url, @base64_opts)
90
91 sig64 =
92 base64
93 |> signed_url
94 |> Base.url_encode64(@base64_opts)
95
96 build_url(sig64, base64, filename(url))
97 end
98
99 def decode_url(sig, url) do
100 with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
101 signature when signature == sig <- signed_url(url) do
102 {:ok, Base.url_decode64!(url, @base64_opts)}
103 else
104 _ -> {:error, :invalid_signature}
105 end
106 end
107
108 defp signed_url(url) do
109 :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)
110 end
111
112 def filename(url_or_path) do
113 if path = URI.parse(url_or_path).path, do: Path.basename(path)
114 end
115
116 def build_url(sig_base64, url_base64, filename \\ nil) do
117 [
118 Config.get([:media_proxy, :base_url], Web.base_url()),
119 "proxy",
120 sig_base64,
121 url_base64,
122 filename
123 ]
124 |> Enum.filter(& &1)
125 |> Path.join()
126 end
127 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git