1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MediaProxy do
10 @base64_opts [padding: false]
12 def url(url) when is_nil(url) or url == "", do: nil
13 def url("/" <> _ = url), do: url
16 if not enabled?() or local?(url) or whitelisted?(url) do
23 # Note: routing all URLs to preview handler (even local and whitelisted).
24 # Preview handler will call url/1 on decoded URLs, and applicable ones will detour media proxy.
25 def preview_url(url) do
26 if preview_enabled?() do
27 encode_preview_url(url)
33 def enabled?, do: Config.get([:media_proxy, :enabled], false)
35 # Note: media proxy must be enabled for media preview proxy in order to load all
36 # non-local non-whitelisted URLs through it and be sure that body size constraint is preserved.
37 def preview_enabled?, do: enabled?() and Config.get([:media_preview_proxy, :enabled], false)
39 def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
41 def whitelisted?(url) do
42 %{host: domain} = URI.parse(url)
44 mediaproxy_whitelist = Config.get([:media_proxy, :whitelist])
46 upload_base_url_domain =
47 if !is_nil(Config.get([Upload, :base_url])) do
48 [URI.parse(Config.get([Upload, :base_url])).host]
53 whitelist = mediaproxy_whitelist ++ upload_base_url_domain
55 Enum.any?(whitelist, fn pattern ->
56 String.equivalent?(domain, pattern)
60 defp base64_sig64(url) do
61 base64 = Base.url_encode64(url, @base64_opts)
66 |> Base.url_encode64(@base64_opts)
71 def encode_url(url) do
72 {base64, sig64} = base64_sig64(url)
74 build_url(sig64, base64, filename(url))
77 def encode_preview_url(url) do
78 {base64, sig64} = base64_sig64(url)
80 build_preview_url(sig64, base64, filename(url))
83 def decode_url(sig, url) do
84 with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
85 signature when signature == sig <- signed_url(url) do
86 {:ok, Base.url_decode64!(url, @base64_opts)}
88 _ -> {:error, :invalid_signature}
92 defp signed_url(url) do
93 :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)
96 def filename(url_or_path) do
97 if path = URI.parse(url_or_path).path, do: Path.basename(path)
100 defp proxy_url(path, sig_base64, url_base64, filename) do
102 Pleroma.Config.get([:media_proxy, :base_url], Web.base_url()),
112 def build_url(sig_base64, url_base64, filename \\ nil) do
113 proxy_url("proxy", sig_base64, url_base64, filename)
116 def build_preview_url(sig_base64, url_base64, filename \\ nil) do
117 proxy_url("proxy/preview", sig_base64, url_base64, filename)
120 def verify_request_path_and_url(
121 %Plug.Conn{params: %{"filename" => _}, request_path: request_path},
124 verify_request_path_and_url(request_path, url)
127 def verify_request_path_and_url(request_path, url) when is_binary(request_path) do
128 filename = filename(url)
130 if filename && not basename_matches?(request_path, filename) do
131 {:wrong_filename, filename}
137 def verify_request_path_and_url(_, _), do: :ok
139 defp basename_matches?(path, filename) do
140 basename = Path.basename(path)
141 basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename