git.squeep.com Git - akkoma/blob - lib/pleroma/web/media_proxy.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MediaProxy do
   6   alias Pleroma.Config
   7   alias Pleroma.Helpers.UriHelper
   8   alias Pleroma.Upload
   9   alias Pleroma.Web.Endpoint
  10   alias Pleroma.Web.MediaProxy.Invalidation
  11
  12   @base64_opts [padding: false]
  13   @cache_table :banned_urls_cache
  14
  15   @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
  16
  17   def cache_table, do: @cache_table
  18
  19   @spec in_banned_urls(String.t()) :: boolean()
  20   def in_banned_urls(url), do: elem(@cachex.exists?(@cache_table, url(url)), 1)
  21
  22   def remove_from_banned_urls(urls) when is_list(urls) do
  23     @cachex.execute!(@cache_table, fn cache ->
  24       Enum.each(Invalidation.prepare_urls(urls), &@cachex.del(cache, &1))
  25     end)
  26   end
  27
  28   def remove_from_banned_urls(url) when is_binary(url) do
  29     @cachex.del(@cache_table, url(url))
  30   end
  31
  32   def put_in_banned_urls(urls) when is_list(urls) do
  33     @cachex.execute!(@cache_table, fn cache ->
  34       Enum.each(Invalidation.prepare_urls(urls), &@cachex.put(cache, &1, true))
  35     end)
  36   end
  37
  38   def put_in_banned_urls(url) when is_binary(url) do
  39     @cachex.put(@cache_table, url(url), true)
  40   end
  41
  42   def url(url) when is_nil(url) or url == "", do: nil
  43   def url("/" <> _ = url), do: url
  44
  45   def url(url) do
  46     if enabled?() and url_proxiable?(url) do
  47       encode_url(url)
  48     else
  49       url
  50     end
  51   end
  52
  53   @spec url_proxiable?(String.t()) :: boolean()
  54   def url_proxiable?(url) do
  55     not local?(url) and not whitelisted?(url)
  56   end
  57
  58   def preview_url(url, preview_params \\ []) do
  59     if preview_enabled?() do
  60       encode_preview_url(url, preview_params)
  61     else
  62       url(url)
  63     end
  64   end
  65
  66   def enabled?, do: Config.get([:media_proxy, :enabled], false)
  67
  68   # Note: media proxy must be enabled for media preview proxy in order to load all
  69   #   non-local non-whitelisted URLs through it and be sure that body size constraint is preserved.
  70   def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :enabled])
  71
  72   def local?(url), do: String.starts_with?(url, Endpoint.url())
  73
  74   def whitelisted?(url) do
  75     %{host: domain} = URI.parse(url)
  76
  77     mediaproxy_whitelist_domains =
  78       [:media_proxy, :whitelist]
  79       |> Config.get()
  80       |> Kernel.++(["#{Upload.base_url()}"])
  81       |> Enum.map(&maybe_get_domain_from_url/1)
  82
  83     domain in mediaproxy_whitelist_domains
  84   end
  85
  86   defp maybe_get_domain_from_url("http" <> _ = url) do
  87     URI.parse(url).host
  88   end
  89
  90   defp maybe_get_domain_from_url(domain), do: domain
  91
  92   defp base64_sig64(url) do
  93     base64 = Base.url_encode64(url, @base64_opts)
  94
  95     sig64 =
  96       base64
  97       |> signed_url()
  98       |> Base.url_encode64(@base64_opts)
  99
 100     {base64, sig64}
 101   end
 102
 103   def encode_url(url) do
 104     {base64, sig64} = base64_sig64(url)
 105
 106     build_url(sig64, base64, filename(url))
 107   end
 108
 109   def encode_preview_url(url, preview_params \\ []) do
 110     {base64, sig64} = base64_sig64(url)
 111
 112     build_preview_url(sig64, base64, filename(url), preview_params)
 113   end
 114
 115   def decode_url(sig, url) do
 116     with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
 117          signature when signature == sig <- signed_url(url) do
 118       {:ok, Base.url_decode64!(url, @base64_opts)}
 119     else
 120       _ -> {:error, :invalid_signature}
 121     end
 122   end
 123
 124   def decode_url(encoded) do
 125     [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
 126     decode_url(sig, base64)
 127   end
 128
 129   defp signed_url(url) do
 130     :crypto.mac(:hmac, :sha, Config.get([Endpoint, :secret_key_base]), url)
 131   end
 132
 133   def filename(url_or_path) do
 134     if path = URI.parse(url_or_path).path, do: Path.basename(path)
 135   end
 136
 137   def base_url do
 138     Config.get([:media_proxy, :base_url], Endpoint.url())
 139   end
 140
 141   defp proxy_url(path, sig_base64, url_base64, filename) do
 142     [
 143       base_url(),
 144       path,
 145       sig_base64,
 146       url_base64,
 147       filename
 148     ]
 149     |> Enum.filter(& &1)
 150     |> Path.join()
 151   end
 152
 153   def build_url(sig_base64, url_base64, filename \\ nil) do
 154     proxy_url("proxy", sig_base64, url_base64, filename)
 155   end
 156
 157   def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do
 158     uri = proxy_url("proxy/preview", sig_base64, url_base64, filename)
 159
 160     UriHelper.modify_uri_params(uri, preview_params)
 161   end
 162
 163   def verify_request_path_and_url(
 164         %Plug.Conn{params: %{"filename" => _}, request_path: request_path},
 165         url
 166       ) do
 167     verify_request_path_and_url(request_path, url)
 168   end
 169
 170   def verify_request_path_and_url(request_path, url) when is_binary(request_path) do
 171     filename = filename(url)
 172
 173     if filename && not basename_matches?(request_path, filename) do
 174       {:wrong_filename, filename}
 175     else
 176       :ok
 177     end
 178   end
 179
 180   def verify_request_path_and_url(_, _), do: :ok
 181
 182   defp basename_matches?(path, filename) do
 183     basename = Path.basename(path)
 184     basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename
 185   end
 186 end