use Pleroma.Web, :controller
alias Pleroma.Config
- alias Pleroma.Helpers.MogrifyHelper
+ alias Pleroma.Helpers.MediaHelper
alias Pleroma.ReverseProxy
alias Pleroma.Web.MediaProxy
- @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]]
-
- def remote(conn, %{"sig" => sig64, "url" => url64} = params) do
- with config <- Config.get([:media_proxy], []),
- {_, true} <- {:enabled, Keyword.get(config, :enabled, false)},
+ def remote(conn, %{"sig" => sig64, "url" => url64}) do
+ with {_, true} <- {:enabled, MediaProxy.enabled?()},
{:ok, url} <- MediaProxy.decode_url(sig64, url64),
- :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do
- ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts))
+ {_, false} <- {:in_banned_urls, MediaProxy.in_banned_urls(url)},
+ :ok <- MediaProxy.verify_request_path_and_url(conn, url) do
+ proxy_opts = Config.get([:media_proxy, :proxy_opts], [])
+ ReverseProxy.call(conn, url, proxy_opts)
else
{:enabled, false} ->
send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404))
+ {:in_banned_urls, true} ->
+ send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404))
+
{:error, :invalid_signature} ->
send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403))
end
end
- def preview(conn, %{"sig" => sig64, "url" => url64} = params) do
- with {_, true} <- {:enabled, Config.get([:media_preview_proxy, :enabled], false)},
+ def preview(conn, %{"sig" => sig64, "url" => url64}) do
+ with {_, true} <- {:enabled, MediaProxy.preview_enabled?()},
{:ok, url} <- MediaProxy.decode_url(sig64, url64),
- :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do
+ :ok <- MediaProxy.verify_request_path_and_url(conn, url) do
handle_preview(conn, url)
else
{:enabled, false} ->
end
defp handle_preview(conn, url) do
- with {:ok, %{status: status} = head_response} when status in 200..299 <- Tesla.head(url),
- {_, true} <- {:acceptable_content_length, acceptable_body_length?(head_response)} do
+ with {:ok, %{status: status} = head_response} when status in 200..299 <-
+ Tesla.head(url, opts: [adapter: [timeout: preview_head_request_timeout()]]) do
content_type = Tesla.get_header(head_response, "content-type")
handle_preview(content_type, conn, url)
else
{_, %{status: status}} ->
send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).")
- {:acceptable_content_length, false} ->
- send_resp(conn, :unprocessable_entity, "Source file size exceeds limit.")
+ {:error, :recv_response_timeout} ->
+ send_resp(conn, :failed_dependency, "HEAD request timeout.")
+
+ _ ->
+ send_resp(conn, :failed_dependency, "Can't fetch HTTP headers.")
end
end
- defp handle_preview("image/" <> _, %{params: params} = conn, url) do
- with {:ok, %{status: status, body: body}} when status in 200..299 <- Tesla.get(url),
- {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body),
- resize_dimensions <-
- Map.get(
- params,
- "limit_dimensions",
- Config.get([:media_preview_proxy, :limit_dimensions])
- ),
- %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions) do
- send_file(conn, 200, path)
- else
- {_, %{status: _}} ->
- send_resp(conn, :failed_dependency, "Can't fetch the image.")
+ defp thumbnail_max_dimensions(params) do
+ config = Config.get([:media_preview_proxy], [])
+ thumbnail_max_width =
+ if w = params["thumbnail_max_width"] do
+ String.to_integer(w)
+ else
+ Keyword.fetch!(config, :thumbnail_max_width)
+ end
+
+ thumbnail_max_height =
+ if h = params["thumbnail_max_height"] do
+ String.to_integer(h)
+ else
+ Keyword.fetch!(config, :thumbnail_max_height)
+ end
+
+ {thumbnail_max_width, thumbnail_max_height}
+ end
+
+ defp handle_preview("image/" <> _ = _content_type, %{params: params} = conn, url) do
+ with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params),
+ media_proxy_url <- MediaProxy.url(url),
+ {:ok, thumbnail_binary} <-
+ MediaHelper.ffmpeg_resize_remote(
+ media_proxy_url,
+ %{max_width: thumbnail_max_width, max_height: thumbnail_max_height}
+ ) do
+ conn
+ |> put_resp_header("content-type", "image/jpeg")
+ |> send_resp(200, thumbnail_binary)
+ else
_ ->
send_resp(conn, :failed_dependency, "Can't handle image preview.")
end
send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.")
end
- defp acceptable_body_length?(head_response) do
- max_body_length = Config.get([:media_preview_proxy, :max_body_length], nil)
- content_length = Tesla.get_header(head_response, "content-length")
- content_length = with {int, _} <- Integer.parse(content_length), do: int
+ defp preview_head_request_timeout do
+ Config.get([:media_preview_proxy, :proxy_opts, :head_request_max_read_duration]) ||
+ preview_timeout()
+ end
- content_length == :error or
- max_body_length in [nil, :infinity] or
- content_length <= max_body_length
+ defp preview_timeout do
+ Config.get([:media_preview_proxy, :proxy_opts, :max_read_duration]) ||
+ Config.get([:media_proxy, :proxy_opts, :max_read_duration]) ||
+ ReverseProxy.max_read_duration_default()
end
end
projects / akkoma / blobdiff