diff options
Diffstat (limited to 'lib/pleroma/web/media_proxy')
| -rw-r--r-- | lib/pleroma/web/media_proxy/controller.ex | 77 | ||||
| -rw-r--r-- | lib/pleroma/web/media_proxy/media_proxy.ex | 30 |
2 files changed, 107 insertions, 0 deletions
diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex new file mode 100644 index 000000000..d6a1866bf --- /dev/null +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -0,0 +1,77 @@ +defmodule Pleroma.Web.MediaProxy.MediaProxyController do + use Pleroma.Web, :controller + require Logger + + @max_body_length 25 * 1048576 + + @cache_control %{ + default: "public, max-age=1209600", + error: "public, must-revalidate, max-age=160", + } + + def remote(conn, %{"sig" => sig, "url" => url}) do + config = Application.get_env(:pleroma, :media_proxy, []) + with \ + true <- Keyword.get(config, :enabled, false), + {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url), + url = URI.encode(url), + {:ok, content_type, body} <- proxy_request(url) + do + conn + |> put_resp_content_type(content_type) + |> set_cache_header(:default) + |> send_resp(200, body) + else + false -> send_error(conn, 404) + {:error, :invalid_signature} -> send_error(conn, 403) + {:error, {:http, _, url}} -> redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true)) + end + end + + defp proxy_request(link) do + headers = [{"user-agent", "Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{Application.get_env(:pleroma, :instance)[:email]}>"}] + options = [:insecure, {:follow_redirect, true}] + with \ + {:ok, 200, headers, client} <- :hackney.request(:get, link, headers, "", options), + {:ok, body} <- proxy_request_body(client) + do + headers = Enum.into(headers, Map.new) + {:ok, headers["Content-Type"], body} + else + {:ok, status, _, _} -> + Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}" + {:error, {:http, :bad_status, link}} + {:error, error} -> + Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}" + {:error, {:http, error, link}} + end + end + + defp set_cache_header(conn, key) do + Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key]) + end + + defp redirect_or_error(conn, url, true), do: redirect(conn, external: url) + defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url) + + defp send_error(conn, code, body \\ "") do + conn + |> set_cache_header(:error) + |> send_resp(code, body) + end + + defp proxy_request_body(client), do: proxy_request_body(client, <<>>) + defp proxy_request_body(client, body) when byte_size(body) < @max_body_length do + case :hackney.stream_body(client) do + {:ok, data} -> proxy_request_body(client, <<body :: binary, data :: binary>>) + :done -> {:ok, body} + {:error, reason} -> {:error, reason} + end + end + defp proxy_request_body(client, _) do + :hackney.close(client) + {:error, :body_too_large} + end + + +end diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex new file mode 100644 index 000000000..21ebdfbbc --- /dev/null +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -0,0 +1,30 @@ +defmodule Pleroma.Web.MediaProxy do + @base64_opts [padding: false] + + def url(nil), do: nil + + def url(url) do + config = Application.get_env(:pleroma, :media_proxy, []) + if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url) do + url + else + secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] + base64 = Base.url_encode64(url, @base64_opts) + sig = :crypto.hmac(:sha, secret, base64) + sig64 = sig |> Base.url_encode64(@base64_opts) + Keyword.get(config, :base_url, Pleroma.Web.base_url) <> "/proxy/#{sig64}/#{base64}" + end + end + + def decode_url(sig, url) do + secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] + sig = Base.url_decode64!(sig, @base64_opts) + local_sig = :crypto.hmac(:sha, secret, url) + if local_sig == sig do + {:ok, Base.url_decode64!(url, @base64_opts)} + else + {:error, :invalid_signature} + end + end + +end |