X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmedia_proxy%2Fcontroller.ex;h=de79cad739b86c841d61b77c6439d3e866b96d5a;hb=0b54c3d6432dea77542596e34057f8d3fc69ca4c;hp=84c6e9c8bcfe1212f63e7573808db7215df7869e;hpb=5f35fdcf5d7bc0dc6054eda06d565268f9e79b33;p=akkoma diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index 84c6e9c8b..de79cad73 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -1,49 +1,43 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.MediaProxy.MediaProxyController do use Pleroma.Web, :controller - require Logger - - def remote(conn, %{"sig" => sig, "url" => url}) do - {:ok, url} = Pleroma.MediaProxy.decode_url(sig, url) - url = url |> URI.encode() - case proxy_request(url) do - {:ok, content_type, body} -> - conn - |> put_resp_content_type(content_type) - |> set_cache_header(:default) - |> send_resp(200, body) - other -> - conn - |> set_cache_header(:error) - |> redirect(external: url) - end - end + alias Pleroma.{Web.MediaProxy, ReverseProxy} + + @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] - defp proxy_request(link) do - instance = ) - headers = [{"user-agent", "Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{Application.get_env(:pleroma, :instance)[:email]}>"}] - options = [:insecure, {:follow_redirect, true}] - case :hackney.request(:get, link, headers, "", options) do - {:ok, 200, headers, client} -> - headers = Enum.into(headers, Map.new) - {:ok, body} = :hackney.body(client) - {:ok, headers["Content-Type"], body} - {:ok, status, _, _} -> - Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}" - {:error, :bad_status} - {:error, error} -> - Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}" - {:error, error} + def remote(conn, params = %{"sig" => sig64, "url" => url64}) do + with config <- Pleroma.Config.get([:media_proxy], []), + true <- Keyword.get(config, :enabled, false), + {:ok, url} <- MediaProxy.decode_url(sig64, url64), + :ok <- filename_matches(Map.has_key?(params, "filename"), conn.request_path, url) do + ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) + else + false -> + send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + + {:error, :invalid_signature} -> + send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + + {:wrong_filename, filename} -> + redirect(conn, external: MediaProxy.build_url(sig64, url64, filename)) end end - @cache_control %{ - default: "public, max-age=1209600", - error: "public, must-revalidate, max-age=160", - } + def filename_matches(has_filename, path, url) do + filename = + url + |> MediaProxy.filename() + |> URI.decode() - defp set_cache_header(conn, true), do: set_cache_header(conn, :default) - defp set_cache_header(conn, false), do: set_cache_header(conn, :error) - defp set_cache_header(conn, key) when is_atom(key), do: set_cache_header(conn, @cache_control[key]) - defp set_cache_header(conn, value) when is_binary(value), do: Plug.Conn.put_resp_header(conn, "cache-control", value) + path = URI.decode(path) + if has_filename && filename && Path.basename(path) != filename do + {:wrong_filename, filename} + else + :ok + end + end end