X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmedia_proxy%2Fcontroller.ex;h=de79cad739b86c841d61b77c6439d3e866b96d5a;hb=b73a1a33de76dc848037a5d0e951866bd21f92c4;hp=dc122fc3a4d5d31da3191c67961f7ad23a747291;hpb=72f7baa6548dbd5cc5ae4c37d9c2e53126203449;p=akkoma diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index dc122fc3a..de79cad73 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -1,59 +1,43 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Web.MediaProxy.MediaProxyController do use Pleroma.Web, :controller - require Logger - - @cache_control %{ - default: "public, max-age=1209600", - error: "public, must-revalidate, max-age=160", - } - - def remote(conn, %{"sig" => sig, "url" => url}) do - config = Application.get_env(:pleroma, :media_proxy, []) - with \ - true <- Keyword.get(config, :enabled, false), - {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url), - url = URI.encode(url), - {:ok, content_type, body} <- proxy_request(url) - do - conn - |> put_resp_content_type(content_type) - |> set_cache_header(:default) - |> send_resp(200, body) + alias Pleroma.{Web.MediaProxy, ReverseProxy} + + @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] + + def remote(conn, params = %{"sig" => sig64, "url" => url64}) do + with config <- Pleroma.Config.get([:media_proxy], []), + true <- Keyword.get(config, :enabled, false), + {:ok, url} <- MediaProxy.decode_url(sig64, url64), + :ok <- filename_matches(Map.has_key?(params, "filename"), conn.request_path, url) do + ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) else - false -> send_error(conn, 404) - {:error, :invalid_signature} -> send_error(conn, 403) - {:error, {:http, _, url}} -> redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true)) - end - end + false -> + send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) - defp proxy_request(link) do - headers = [{"user-agent", "Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{Application.get_env(:pleroma, :instance)[:email]}>"}] - options = [:insecure, {:follow_redirect, true}] - case :hackney.request(:get, link, headers, "", options) do - {:ok, 200, headers, client} -> - headers = Enum.into(headers, Map.new) - {:ok, body} = :hackney.body(client) - {:ok, headers["Content-Type"], body} - {:ok, status, _, _} -> - Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}" - {:error, {:http, :bad_status, link}} - {:error, error} -> - Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}" - {:error, {:http, error, link}} + {:error, :invalid_signature} -> + send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + + {:wrong_filename, filename} -> + redirect(conn, external: MediaProxy.build_url(sig64, url64, filename)) end end - defp set_cache_header(conn, key) do - Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key]) - end + def filename_matches(has_filename, path, url) do + filename = + url + |> MediaProxy.filename() + |> URI.decode() - defp redirect_or_error(conn, url, true), do: redirect(conn, external: url) - defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url) + path = URI.decode(path) - defp send_error(conn, code, body \\ "") do - conn - |> set_cache_header(:error) - |> send_resp(code, body) + if has_filename && filename && Path.basename(path) != filename do + {:wrong_filename, filename} + else + :ok + end end - end