+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
defmodule Pleroma.Web.MediaProxy.MediaProxyController do
use Pleroma.Web, :controller
- require Logger
-
- def remote(conn, %{"sig" => sig, "url" => url}) do
- {:ok, url} = Pleroma.MediaProxy.decode_url(sig, url)
- url = url |> URI.encode()
- case proxy_request(url) do
- {:ok, content_type, body} ->
- conn
- |> put_resp_content_type(content_type)
- |> set_cache_header(:default)
- |> send_resp(200, body)
- other ->
- conn
- |> set_cache_header(:error)
- |> redirect(external: url)
- end
- end
+ alias Pleroma.{Web.MediaProxy, ReverseProxy}
+
+ @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]]
- defp proxy_request(link) do
- instance = )
- headers = [{"user-agent", "Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{Application.get_env(:pleroma, :instance)[:email]}>"}]
- options = [:insecure, {:follow_redirect, true}]
- case :hackney.request(:get, link, headers, "", options) do
- {:ok, 200, headers, client} ->
- headers = Enum.into(headers, Map.new)
- {:ok, body} = :hackney.body(client)
- {:ok, headers["Content-Type"], body}
- {:ok, status, _, _} ->
- Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}"
- {:error, :bad_status}
- {:error, error} ->
- Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}"
- {:error, error}
+ def remote(conn, params = %{"sig" => sig64, "url" => url64}) do
+ with config <- Pleroma.Config.get([:media_proxy], []),
+ true <- Keyword.get(config, :enabled, false),
+ {:ok, url} <- MediaProxy.decode_url(sig64, url64),
+ :ok <- filename_matches(Map.has_key?(params, "filename"), conn.request_path, url) do
+ ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts))
+ else
+ false ->
+ send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404))
+
+ {:error, :invalid_signature} ->
+ send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403))
+
+ {:wrong_filename, filename} ->
+ redirect(conn, external: MediaProxy.build_url(sig64, url64, filename))
end
end
- @cache_control %{
- default: "public, max-age=1209600",
- error: "public, must-revalidate, max-age=160",
- }
+ def filename_matches(has_filename, path, url) do
+ filename =
+ url
+ |> MediaProxy.filename()
+ |> URI.decode()
- defp set_cache_header(conn, true), do: set_cache_header(conn, :default)
- defp set_cache_header(conn, false), do: set_cache_header(conn, :error)
- defp set_cache_header(conn, key) when is_atom(key), do: set_cache_header(conn, @cache_control[key])
- defp set_cache_header(conn, value) when is_binary(value), do: Plug.Conn.put_resp_header(conn, "cache-control", value)
+ path = URI.decode(path)
+ if has_filename && filename && Path.basename(path) != filename do
+ {:wrong_filename, filename}
+ else
+ :ok
+ end
+ end
end