# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.ReverseProxy do
- alias Pleroma.HTTP
-
- @keep_req_headers ~w(accept user-agent accept-encoding cache-control if-modified-since) ++
- ~w(if-unmodified-since if-none-match if-range range)
- @resp_cache_headers ~w(etag date last-modified cache-control)
+ @range_headers ~w(range if-range)
+ @keep_req_headers ~w(accept accept-encoding cache-control if-modified-since) ++
+ ~w(if-unmodified-since if-none-match) ++ @range_headers
+ @resp_cache_headers ~w(etag date last-modified)
@keep_resp_headers @resp_cache_headers ++
- ~w(content-type content-disposition content-encoding content-range) ++
- ~w(accept-ranges vary)
+ ~w(content-length content-type content-disposition content-encoding) ++
+ ~w(content-range accept-ranges vary)
@default_cache_control_header "public, max-age=1209600"
@valid_resp_codes [200, 206, 304]
@max_read_duration :timer.seconds(30)
@max_body_length :infinity
+ @failed_request_ttl :timer.seconds(60)
@methods ~w(GET HEAD)
+ @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
+
+ def max_read_duration_default, do: @max_read_duration
+ def default_cache_control_header, do: @default_cache_control_header
+
@moduledoc """
A reverse proxy.
* request: `#{inspect(@keep_req_headers)}`
* response: `#{inspect(@keep_resp_headers)}`
- If no caching headers (`#{inspect(@resp_cache_headers)}`) are returned by upstream, `cache-control` will be
- set to `#{inspect(@default_cache_control_header)}`.
-
Options:
* `redirect_on_failure` (default `false`). Redirects the client to the real remote URL if there's any HTTP
* `max_read_duration` (default `#{inspect(@max_read_duration)}` ms): the total time the connection is allowed to
read from the remote upstream.
+ * `failed_request_ttl` (default `#{inspect(@failed_request_ttl)}` ms): the time the failed request is cached and cannot be retried.
+
* `inline_content_types`:
* `true` will not alter `content-disposition` (up to the upstream),
* `false` will add `content-disposition: attachment` to any request,
* a list of whitelisted content types
- * `keep_user_agent` will forward the client's user-agent to the upstream. This may be useful if the upstream is
- doing content transformation (encoding, …) depending on the request.
-
* `req_headers`, `resp_headers` additional headers.
- * `http`: options for [hackney](https://github.com/benoitc/hackney).
+ * `http`: options for [hackney](https://github.com/benoitc/hackney) or [gun](https://github.com/ninenines/gun).
"""
- @default_hackney_options []
+ @default_options [pool: :media]
@inline_content_types [
"image/gif",
import Plug.Conn
@type option() ::
- {:keep_user_agent, boolean}
- | {:max_read_duration, :timer.time() | :infinity}
+ {:max_read_duration, :timer.time() | :infinity}
| {:max_body_length, non_neg_integer() | :infinity}
+ | {:failed_request_ttl, :timer.time() | :infinity}
| {:http, []}
| {:req_headers, [{String.t(), String.t()}]}
| {:resp_headers, [{String.t(), String.t()}]}
def call(_conn, _url, _opts \\ [])
def call(conn = %{method: method}, url, opts) when method in @methods do
- hackney_opts =
- @default_hackney_options
- |> Keyword.merge(Keyword.get(opts, :http, []))
- |> HTTP.process_request_options()
+ client_opts = Keyword.merge(@default_options, Keyword.get(opts, :http, []))
req_headers = build_req_headers(conn.req_headers, opts)
opts
end
- with {:ok, code, headers, client} <- request(method, url, req_headers, hackney_opts),
- :ok <- header_length_constraint(headers, Keyword.get(opts, :max_body_length)) do
+ with {:ok, nil} <- @cachex.get(:failed_proxy_url_cache, url),
+ {:ok, code, headers, client} <- request(method, url, req_headers, client_opts),
+ :ok <-
+ header_length_constraint(
+ headers,
+ Keyword.get(opts, :max_body_length, @max_body_length)
+ ) do
response(conn, client, url, code, headers, opts)
else
+ {:ok, true} ->
+ conn
+ |> error_or_redirect(url, 500, "Request failed", opts)
+ |> halt()
+
{:ok, code, headers} ->
head_response(conn, url, code, headers, opts)
|> halt()
{:error, {:invalid_http_response, code}} ->
Logger.error("#{__MODULE__}: request to #{inspect(url)} failed with HTTP status #{code}")
+ track_failed_url(url, code, opts)
conn
|> error_or_redirect(
{:error, error} ->
Logger.error("#{__MODULE__}: request to #{inspect(url)} failed: #{inspect(error)}")
+ track_failed_url(url, error, opts)
conn
|> error_or_redirect(url, 500, "Request failed", opts)
|> halt()
end
- defp request(method, url, headers, hackney_opts) do
+ defp request(method, url, headers, opts) do
Logger.debug("#{__MODULE__} #{method} #{url} #{inspect(headers)}")
method = method |> String.downcase() |> String.to_existing_atom()
- case hackney().request(method, url, headers, "", hackney_opts) do
+ case client().request(method, url, headers, "", opts) do
{:ok, code, headers, client} when code in @valid_resp_codes ->
{:ok, code, downcase_headers(headers), client}
{:ok, code, _, _} ->
{:error, {:invalid_http_response, code}}
+ {:ok, code, _} ->
+ {:error, {:invalid_http_response, code}}
+
{:error, error} ->
{:error, error}
end
end
defp response(conn, client, url, status, headers, opts) do
+ Logger.debug("#{__MODULE__} #{status} #{url} #{inspect(headers)}")
+
result =
conn
|> put_resp_headers(build_resp_headers(headers, opts))
halt(conn)
{:error, :closed, conn} ->
- :hackney.close(client)
+ client().close(client)
halt(conn)
{:error, error, conn} ->
"#{__MODULE__} request to #{url} failed while reading/chunking: #{inspect(error)}"
)
- :hackney.close(client)
+ client().close(client)
halt(conn)
end
end
duration,
Keyword.get(opts, :max_read_duration, @max_read_duration)
),
- {:ok, data} <- hackney().stream_body(client),
+ {:ok, data, client} <- client().stream_body(client),
{:ok, duration} <- increase_read_duration(duration),
sent_so_far = sent_so_far + byte_size(data),
- :ok <- body_size_constraint(sent_so_far, Keyword.get(opts, :max_body_size)),
+ :ok <-
+ body_size_constraint(
+ sent_so_far,
+ Keyword.get(opts, :max_body_length, @max_body_length)
+ ),
{:ok, conn} <- chunk(conn, data) do
chunk_reply(conn, client, opts, sent_so_far, duration)
else
end
end
- defp head_response(conn, _url, code, headers, opts) do
+ defp head_response(conn, url, code, headers, opts) do
+ Logger.debug("#{__MODULE__} #{code} #{url} #{inspect(headers)}")
+
conn
|> put_resp_headers(build_resp_headers(headers, opts))
|> send_resp(code, "")
headers
|> downcase_headers()
|> Enum.filter(fn {k, _} -> k in @keep_req_headers end)
- |> (fn headers ->
- headers = headers ++ Keyword.get(opts, :req_headers, [])
-
- if Keyword.get(opts, :keep_user_agent, false) do
- List.keystore(
- headers,
- "user-agent",
- 0,
- {"user-agent", Pleroma.Application.user_agent()}
- )
- else
- headers
- end
- end).()
+ |> build_req_range_or_encoding_header(opts)
+ |> build_req_user_agent_header(opts)
+ |> Keyword.merge(Keyword.get(opts, :req_headers, []))
+ end
+
+ # Disable content-encoding if any @range_headers are requested (see #1823).
+ defp build_req_range_or_encoding_header(headers, _opts) do
+ range? = Enum.any?(headers, fn {header, _} -> Enum.member?(@range_headers, header) end)
+
+ if range? && List.keymember?(headers, "accept-encoding", 0) do
+ List.keydelete(headers, "accept-encoding", 0)
+ else
+ headers
+ end
+ end
+
+ defp build_req_user_agent_header(headers, _opts) do
+ List.keystore(
+ headers,
+ "user-agent",
+ 0,
+ {"user-agent", Pleroma.Application.user_agent()}
+ )
end
defp build_resp_headers(headers, opts) do
|> Enum.filter(fn {k, _} -> k in @keep_resp_headers end)
|> build_resp_cache_headers(opts)
|> build_resp_content_disposition_header(opts)
- |> (fn headers -> headers ++ Keyword.get(opts, :resp_headers, []) end).()
+ |> Keyword.merge(Keyword.get(opts, :resp_headers, []))
end
defp build_resp_cache_headers(headers, _opts) do
has_cache? = Enum.any?(headers, fn {k, _} -> k in @resp_cache_headers end)
- has_cache_control? = List.keymember?(headers, "cache-control", 0)
cond do
- has_cache? && has_cache_control? ->
- headers
-
has_cache? ->
- # There's caching header present but no cache-control -- we need to explicitely override it
- # to public as Plug defaults to "max-age=0, private, must-revalidate"
- List.keystore(headers, "cache-control", 0, {"cache-control", "public"})
+ # There's caching header present but no cache-control -- we need to set our own
+ # as Plug defaults to "max-age=0, private, must-revalidate"
+ List.keystore(
+ headers,
+ "cache-control",
+ 0,
+ {"cache-control", @default_cache_control_header}
+ )
true ->
List.keystore(
defp body_size_constraint(_, _), do: :ok
+ defp check_read_duration(nil = _duration, max), do: check_read_duration(@max_read_duration, max)
+
defp check_read_duration(duration, max)
when is_integer(duration) and is_integer(max) and max > 0 do
if duration > max do
{:ok, :no_duration_limit, :no_duration_limit}
end
- defp hackney, do: Pleroma.Config.get(:hackney, :hackney)
+ defp client, do: Pleroma.ReverseProxy.Client.Wrapper
+
+ defp track_failed_url(url, error, opts) do
+ ttl =
+ unless error in [:body_too_large, 400, 204] do
+ Keyword.get(opts, :failed_request_ttl, @failed_request_ttl)
+ else
+ nil
+ end
+
+ @cachex.put(:failed_proxy_url_cache, url, true, ttl: ttl)
+ end
end
projects / akkoma / blobdiff