1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MediaProxy do
7 alias Pleroma.Helpers.UriHelper
10 alias Pleroma.Web.MediaProxy.Invalidation
12 @base64_opts [padding: false]
13 @cache_table :banned_urls_cache
15 def cache_table, do: @cache_table
17 @spec in_banned_urls(String.t()) :: boolean()
18 def in_banned_urls(url), do: elem(Cachex.exists?(@cache_table, url(url)), 1)
20 def remove_from_banned_urls(urls) when is_list(urls) do
21 Cachex.execute!(@cache_table, fn cache ->
22 Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))
26 def remove_from_banned_urls(url) when is_binary(url) do
27 Cachex.del(@cache_table, url(url))
30 def put_in_banned_urls(urls) when is_list(urls) do
31 Cachex.execute!(@cache_table, fn cache ->
32 Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))
36 def put_in_banned_urls(url) when is_binary(url) do
37 Cachex.put(@cache_table, url(url), true)
40 def url(url) when is_nil(url) or url == "", do: nil
41 def url("/" <> _ = url), do: url
44 if not enabled?() or not url_proxiable?(url) do
51 @spec url_proxiable?(String.t()) :: boolean()
52 def url_proxiable?(url) do
53 if local?(url) or whitelisted?(url) do
60 # Note: routing all URLs to preview handler (even local and whitelisted).
61 # Preview handler will call url/1 on decoded URLs, and applicable ones will detour media proxy.
62 def preview_url(url, preview_params \\ []) do
63 if preview_enabled?() do
64 encode_preview_url(url, preview_params)
70 def enabled?, do: Config.get([:media_proxy, :enabled], false)
72 # Note: media proxy must be enabled for media preview proxy in order to load all
73 # non-local non-whitelisted URLs through it and be sure that body size constraint is preserved.
74 def preview_enabled?, do: enabled?() and Config.get([:media_preview_proxy, :enabled], false)
76 def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
78 def whitelisted?(url) do
79 %{host: domain} = URI.parse(url)
81 mediaproxy_whitelist_domains =
82 [:media_proxy, :whitelist]
84 |> Enum.map(&maybe_get_domain_from_url/1)
87 if base_url = Config.get([Upload, :base_url]) do
88 %{host: base_domain} = URI.parse(base_url)
89 [base_domain | mediaproxy_whitelist_domains]
91 mediaproxy_whitelist_domains
94 domain in whitelist_domains
97 defp maybe_get_domain_from_url("http" <> _ = url) do
101 defp maybe_get_domain_from_url(domain), do: domain
103 defp base64_sig64(url) do
104 base64 = Base.url_encode64(url, @base64_opts)
109 |> Base.url_encode64(@base64_opts)
114 def encode_url(url) do
115 {base64, sig64} = base64_sig64(url)
117 build_url(sig64, base64, filename(url))
120 def encode_preview_url(url, preview_params \\ []) do
121 {base64, sig64} = base64_sig64(url)
123 build_preview_url(sig64, base64, filename(url), preview_params)
126 def decode_url(sig, url) do
127 with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
128 signature when signature == sig <- signed_url(url) do
129 {:ok, Base.url_decode64!(url, @base64_opts)}
131 _ -> {:error, :invalid_signature}
135 defp signed_url(url) do
136 :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)
139 def filename(url_or_path) do
140 if path = URI.parse(url_or_path).path, do: Path.basename(path)
143 defp proxy_url(path, sig_base64, url_base64, filename) do
145 Config.get([:media_proxy, :base_url], Web.base_url()),
155 def build_url(sig_base64, url_base64, filename \\ nil) do
156 proxy_url("proxy", sig_base64, url_base64, filename)
159 def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do
160 uri = proxy_url("proxy/preview", sig_base64, url_base64, filename)
162 UriHelper.append_uri_params(uri, preview_params)
165 def verify_request_path_and_url(
166 %Plug.Conn{params: %{"filename" => _}, request_path: request_path},
169 verify_request_path_and_url(request_path, url)
172 def verify_request_path_and_url(request_path, url) when is_binary(request_path) do
173 filename = filename(url)
175 if filename && not basename_matches?(request_path, filename) do
176 {:wrong_filename, filename}
182 def verify_request_path_and_url(_, _), do: :ok
184 defp basename_matches?(path, filename) do
185 basename = Path.basename(path)
186 basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename