aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/media_proxy
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/media_proxy')
-rw-r--r--lib/pleroma/web/media_proxy/controller.ex5
-rw-r--r--lib/pleroma/web/media_proxy/media_proxy.ex15
2 files changed, 17 insertions, 3 deletions
diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex
index de79cad73..c0552d89f 100644
--- a/lib/pleroma/web/media_proxy/controller.ex
+++ b/lib/pleroma/web/media_proxy/controller.ex
@@ -4,11 +4,12 @@
defmodule Pleroma.Web.MediaProxy.MediaProxyController do
use Pleroma.Web, :controller
- alias Pleroma.{Web.MediaProxy, ReverseProxy}
+ alias Pleroma.ReverseProxy
+ alias Pleroma.Web.MediaProxy
@default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]]
- def remote(conn, params = %{"sig" => sig64, "url" => url64}) do
+ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do
with config <- Pleroma.Config.get([:media_proxy], []),
true <- Keyword.get(config, :enabled, false),
{:ok, url} <- MediaProxy.decode_url(sig64, url64),
diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex
index e1eb1472d..39a725a69 100644
--- a/lib/pleroma/web/media_proxy/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy.ex
@@ -9,7 +9,7 @@ defmodule Pleroma.Web.MediaProxy do
def url(""), do: nil
- def url(url = "/" <> _), do: url
+ def url("/" <> _ = url), do: url
def url(url) do
config = Application.get_env(:pleroma, :media_proxy, [])
@@ -19,11 +19,16 @@ defmodule Pleroma.Web.MediaProxy do
else
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+ # Must preserve `%2F` for compatibility with S3 (https://git.pleroma.social/pleroma/pleroma/issues/580)
+ replacement = get_replacement(url, ":2F:")
+
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
base64 =
url
+ |> String.replace("%2F", replacement)
|> URI.decode()
|> URI.encode()
+ |> String.replace(replacement, "%2F")
|> Base.url_encode64(@base64_opts)
sig = :crypto.hmac(:sha, secret, base64)
@@ -60,4 +65,12 @@ defmodule Pleroma.Web.MediaProxy do
|> Enum.filter(fn value -> value end)
|> Path.join()
end
+
+ defp get_replacement(url, replacement) do
+ if String.contains?(url, replacement) do
+ get_replacement(url, replacement <> replacement)
+ else
+ replacement
+ end
+ end
end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 03:20:09 +0000