akkoma/lib/pleroma/web/plugs/uploaded_media.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.Plugs.UploadedMedia do
  @moduledoc """
  """

  import Plug.Conn
  import Pleroma.Web.Gettext
  require Logger

  alias Pleroma.Web.MediaProxy

  @behaviour Plug
  # no slashes
  @path "media"

  @default_cache_control_header "public, max-age=1209600"

  def init(_opts) do
    static_plug_opts =
      [
        headers: %{"cache-control" => @default_cache_control_header},
        cache_control_for_etags: @default_cache_control_header
      ]
      |> Keyword.put(:from, "__unconfigured_media_plug")
      |> Keyword.put(:at, "/__unconfigured_media_plug")
      |> Plug.Static.init()

    %{static_plug_opts: static_plug_opts}
  end

  def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
    conn =
      case fetch_query_params(conn) do
        %{query_params: %{"name" => name}} = conn ->
          name = escape_header_value(name)

          put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")

        conn ->
          conn
      end
      |> merge_resp_headers([{"content-security-policy", "script-src none"}])

    config = Pleroma.Config.get(Pleroma.Upload)

    with uploader <- Keyword.fetch!(config, :uploader),
         {:ok, get_method} <- uploader.get_file(file),
         false <- media_is_banned(conn, get_method) do
      get_media(conn, get_method, opts)
    else
      _ ->
        conn
        |> send_resp(:internal_server_error, dgettext("errors", "Failed"))
        |> halt()
    end
  end

  def call(conn, _opts), do: conn

  defp media_is_banned(%{request_path: path} = _conn, {:static_dir, _}) do
    MediaProxy.in_banned_urls(Pleroma.Upload.base_url() <> path)
  end

  defp media_is_banned(_, {:url, url}), do: MediaProxy.in_banned_urls(url)

  defp media_is_banned(_, _), do: false

  defp get_media(conn, {:static_dir, directory}, opts) do
    static_opts =
      Map.get(opts, :static_plug_opts)
      |> Map.put(:at, [@path])
      |> Map.put(:from, directory)

    conn = Plug.Static.call(conn, static_opts)

    if conn.halted do
      conn
    else
      conn
      |> send_resp(:not_found, dgettext("errors", "Not found"))
      |> halt()
    end
  end

  defp get_media(conn, {:url, url}, _) do
    conn
    |> Phoenix.Controller.redirect(external: url)
    |> halt()
  end

  defp get_media(conn, unknown, _) do
    Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")

    conn
    |> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
    |> halt()
  end

  defp escape_header_value(value) do
    value
    |> String.replace("\"", "\\\"")
    |> String.replace("\\r", "")
    |> String.replace("\\n", "")
  end
end
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# Pleroma: A lightweight social networking server`
Bump Copyright to 2021 grep -rl '# Copyright © .* Pleroma' * \| xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;' 2021-01-13 06:49:20 +00:00			`# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

UploadedMedia module name 2020-06-24 06:03:48 +00:00			`defmodule Pleroma.Web.Plugs.UploadedMedia do`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`@moduledoc """`
			`"""`

			`import Plug.Conn`
Wrap error messages into gettext helpers 2019-07-10 09:25:58 +00:00			`import Pleroma.Web.Gettext`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`require Logger`

fix invalidates media url's 2020-06-14 18:02:57 +00:00			`alias Pleroma.Web.MediaProxy`

reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`@behaviour Plug`
			`# no slashes`
			`@path "media"`

Synchronize cache-control header for local media with the mediaproxy 2020-03-13 17:27:50 +00:00			`@default_cache_control_header "public, max-age=1209600"`
Set correct Cache-Control header for local media 2020-03-13 17:02:58 +00:00
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`def init(_opts) do`
			`static_plug_opts =`
uploaded media plug: do not inject compile-time params on every request 2020-03-13 19:12:33 +00:00			`[`
			`headers: %{"cache-control" => @default_cache_control_header},`
			`cache_control_for_etags: @default_cache_control_header`
			`]`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`\|> Keyword.put(:from, "__unconfigured_media_plug")`
			`\|> Keyword.put(:at, "/__unconfigured_media_plug")`
			`\|> Plug.Static.init()`

			`%{static_plug_opts: static_plug_opts}`
			`end`

Credo fixes: parameter consistency 2019-02-06 19:19:39 +00:00			`def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do`
WIP: Stop mangling filenames 2019-03-12 06:10:19 +00:00			`conn =`
			`case fetch_query_params(conn) do`
			`%{query_params: %{"name" => name}} = conn ->`
strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00			`name = escape_header_value(name)`
escape quotation marks in Content-Disposition header 2019-03-12 06:21:13 +00:00
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")`
WIP: Stop mangling filenames 2019-03-12 06:10:19 +00:00
			`conn ->`
			`conn`
			`end`
Add CSP to mediaproxy links 2023-05-26 10:46:18 +00:00			`\|> merge_resp_headers([{"content-security-policy", "script-src none"}])`
WIP: Stop mangling filenames 2019-03-12 06:10:19 +00:00
it is changed in compile time we can't change module attributes and endpoint settings in runtime 2019-06-14 15:45:05 +00:00			`config = Pleroma.Config.get(Pleroma.Upload)`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00
			`with uploader <- Keyword.fetch!(config, :uploader),`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`{:ok, get_method} <- uploader.get_file(file),`
Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`false <- media_is_banned(conn, get_method) do`
Use finch everywhere (#33) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33 2022-07-04 16:30:38 +00:00			`get_media(conn, get_method, opts)`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`else`
			`_ ->`
			`conn`
Wrap error messages into gettext helpers 2019-07-10 09:25:58 +00:00			`\|> send_resp(:internal_server_error, dgettext("errors", "Failed"))`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`\|> halt()`
			`end`
			`end`

			`def call(conn, _opts), do: conn`

Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`defp media_is_banned(%{request_path: path} = _conn, {:static_dir, _}) do`
More places we should be using Upload.base_url 2021-01-08 23:05:55 +00:00			`MediaProxy.in_banned_urls(Pleroma.Upload.base_url() <> path)`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`end`

Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`defp media_is_banned(_, {:url, url}), do: MediaProxy.in_banned_urls(url)`
fix invalidates media url's 2020-06-14 18:02:57 +00:00
Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`defp media_is_banned(_, _), do: false`
fix invalidates media url's 2020-06-14 18:02:57 +00:00
Use finch everywhere (#33) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33 2022-07-04 16:30:38 +00:00			`defp get_media(conn, {:static_dir, directory}, opts) do`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`static_opts =`
			`Map.get(opts, :static_plug_opts)`
			`\|> Map.put(:at, [@path])`
			`\|> Map.put(:from, directory)`

			`conn = Plug.Static.call(conn, static_opts)`

			`if conn.halted do`
			`conn`
			`else`
			`conn`
Fix response 2019-07-10 10:40:34 +00:00			`\|> send_resp(:not_found, dgettext("errors", "Not found"))`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`\|> halt()`
			`end`
			`end`

Use finch everywhere (#33) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33 2022-07-04 16:30:38 +00:00			`defp get_media(conn, {:url, url}, _) do`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`conn`
			`\|> Phoenix.Controller.redirect(external: url)`
			`\|> halt()`
			`end`

Use finch everywhere (#33) Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/33 2022-07-04 16:30:38 +00:00			`defp get_media(conn, unknown, _) do`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")`

			`conn`
Fix response 2019-07-10 10:40:34 +00:00			`\|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`\|> halt()`
			`end`
strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
			`defp escape_header_value(value) do`
			`value`
			`\|> String.replace("\"", "\\\"")`
			`\|> String.replace("\\r", "")`
			`\|> String.replace("\\n", "")`
			`end`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`end`