akkoma/lib/pleroma/web/media_proxy/media_proxy.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MediaProxy do
  @base64_opts [padding: false]

  def url(nil), do: nil

  def url(""), do: nil

  def url("/" <> _ = url), do: url

  def url(url) do
    if !enabled?() or local?(url) or whitelisted?(url) do
      url
    else
      encode_url(url)
    end
  end

  defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false)

  defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())

  defp whitelisted?(url) do
    %{host: domain} = URI.parse(url)

    Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
      String.equivalent?(domain, pattern)
    end)
  end

  def encode_url(url) do
    secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])

    # Must preserve `%2F` for compatibility with S3
    # https://git.pleroma.social/pleroma/pleroma/issues/580
    replacement = get_replacement(url, ":2F:")

    # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
    base64 =
      url
      |> String.replace("%2F", replacement)
      |> URI.decode()
      |> URI.encode()
      |> String.replace(replacement, "%2F")
      |> Base.url_encode64(@base64_opts)

    sig = :crypto.hmac(:sha, secret, base64)
    sig64 = sig |> Base.url_encode64(@base64_opts)

    build_url(sig64, base64, filename(url))
  end

  def decode_url(sig, url) do
    secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
    sig = Base.url_decode64!(sig, @base64_opts)
    local_sig = :crypto.hmac(:sha, secret, url)

    if local_sig == sig do
      {:ok, Base.url_decode64!(url, @base64_opts)}
    else
      {:error, :invalid_signature}
    end
  end

  def filename(url_or_path) do
    if path = URI.parse(url_or_path).path, do: Path.basename(path)
  end

  def build_url(sig_base64, url_base64, filename \\ nil) do
    [
      Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()),
      "proxy",
      sig_base64,
      url_base64,
      filename
    ]
    |> Enum.filter(fn value -> value end)
    |> Path.join()
  end

  defp get_replacement(url, replacement) do
    if String.contains?(url, replacement) do
      get_replacement(url, replacement <> replacement)
    else
      replacement
    end
  end
end
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# Pleroma: A lightweight social networking server`
update copyright years to 2019 2018-12-31 15:41:47 +00:00			`# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`defmodule Pleroma.Web.MediaProxy do`
			`@base64_opts [padding: false]`

			`def url(nil), do: nil`

mediaproxy: fix empty url & add some tests 2018-11-20 16:46:54 +00:00			`def url(""), do: nil`

Make credo happy 2019-02-03 17:44:18 +00:00			`def url("/" <> _ = url), do: url`
proxy emojis (i fix emojos better than gargon but sshhhhh) 2017-12-12 11:30:24 +00:00
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`def url(url) do`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`if !enabled?() or local?(url) or whitelisted?(url) do`
			`url`
			`else`
			`encode_url(url)`
			`end`
			`end`
Format the code. 2018-03-30 13:01:53 +00:00
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false)`
Media proxy: fix url encoding 2018-12-07 20:44:04 +00:00
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())`
media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`defp whitelisted?(url) do`
			`%{host: domain} = URI.parse(url)`

			`Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->`
			`String.equivalent?(domain, pattern)`
			`end)`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`

Add mediaproxy whitelist capability 2019-04-25 23:11:47 +00:00			`def encode_url(url) do`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])`
Add mediaproxy whitelist capability 2019-04-25 23:11:47 +00:00
			# Must preserve `%2F` for compatibility with S3
			`# https://git.pleroma.social/pleroma/pleroma/issues/580`
			`replacement = get_replacement(url, ":2F:")`

			`# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.`
			`base64 =`
			`url`
			`\|> String.replace("%2F", replacement)`
			`\|> URI.decode()`
			`\|> URI.encode()`
			`\|> String.replace(replacement, "%2F")`
			`\|> Base.url_encode64(@base64_opts)`

			`sig = :crypto.hmac(:sha, secret, base64)`
			`sig64 = sig \|> Base.url_encode64(@base64_opts)`

			`build_url(sig64, base64, filename(url))`
			`end`

media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`def decode_url(sig, url) do`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`sig = Base.url_decode64!(sig, @base64_opts)`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`local_sig = :crypto.hmac(:sha, secret, url)`
Format the code. 2018-03-30 13:01:53 +00:00
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`if local_sig == sig do`
			`{:ok, Base.url_decode64!(url, @base64_opts)}`
			`else`
			`{:error, :invalid_signature}`
			`end`
			`end`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00
			`def filename(url_or_path) do`
			`if path = URI.parse(url_or_path).path, do: Path.basename(path)`
			`end`

			`def build_url(sig_base64, url_base64, filename \\ nil) do`
			`[`
			`Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()),`
			`"proxy",`
			`sig_base64,`
			`url_base64,`
			`filename`
			`]`
			`\|> Enum.filter(fn value -> value end)`
			`\|> Path.join()`
			`end`
fix S3 links encoding in Mediaproxy 2019-02-14 08:55:21 +00:00
			`defp get_replacement(url, replacement) do`
			`if String.contains?(url, replacement) do`
			`get_replacement(url, replacement <> replacement)`
			`else`
			`replacement`
			`end`
			`end`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`