Improve error handling, add configuration
This commit is contained in:
parent
e28c110eba
commit
1cb5cbdc6c
3 changed files with 45 additions and 32 deletions
|
@ -47,6 +47,11 @@
|
||||||
limit: 5000,
|
limit: 5000,
|
||||||
registrations_open: true
|
registrations_open: true
|
||||||
|
|
||||||
|
config :pleroma, :media_proxy,
|
||||||
|
enabled: false,
|
||||||
|
redirect_on_failure: true
|
||||||
|
#base_url: "https://cache.pleroma.social"
|
||||||
|
|
||||||
# Import environment specific config. This must remain at the bottom
|
# Import environment specific config. This must remain at the bottom
|
||||||
# of this file so it overrides the configuration defined above.
|
# of this file so it overrides the configuration defined above.
|
||||||
import_config "#{Mix.env}.exs"
|
import_config "#{Mix.env}.exs"
|
||||||
|
|
|
@ -2,19 +2,27 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
|
||||||
use Pleroma.Web, :controller
|
use Pleroma.Web, :controller
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
|
@cache_control %{
|
||||||
|
default: "public, max-age=1209600",
|
||||||
|
error: "public, must-revalidate, max-age=160",
|
||||||
|
}
|
||||||
|
|
||||||
def remote(conn, %{"sig" => sig, "url" => url}) do
|
def remote(conn, %{"sig" => sig, "url" => url}) do
|
||||||
{:ok, url} = Pleroma.Web.MediaProxy.decode_url(sig, url)
|
config = Application.get_env(:pleroma, :media_proxy, [])
|
||||||
url = url |> URI.encode()
|
with \
|
||||||
case proxy_request(url) do
|
true <- Keyword.get(config, :enabled, false),
|
||||||
{:ok, content_type, body} ->
|
{:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
|
||||||
conn
|
url = URI.encode(url),
|
||||||
|> put_resp_content_type(content_type)
|
{:ok, content_type, body} <- proxy_request(url)
|
||||||
|> set_cache_header(:default)
|
do
|
||||||
|> send_resp(200, body)
|
conn
|
||||||
other ->
|
|> put_resp_content_type(content_type)
|
||||||
conn
|
|> set_cache_header(:default)
|
||||||
|> set_cache_header(:error)
|
|> send_resp(200, body)
|
||||||
|> redirect(external: url)
|
else
|
||||||
|
false -> send_error(conn, 404)
|
||||||
|
{:error, :invalid_signature} -> send_error(conn, 403)
|
||||||
|
{:error, {:http, _, url}} -> redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -28,21 +36,24 @@ defp proxy_request(link) do
|
||||||
{:ok, headers["Content-Type"], body}
|
{:ok, headers["Content-Type"], body}
|
||||||
{:ok, status, _, _} ->
|
{:ok, status, _, _} ->
|
||||||
Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}"
|
Logger.warn "MediaProxy: request failed, status #{status}, link: #{link}"
|
||||||
{:error, :bad_status}
|
{:error, {:http, :bad_status, link}}
|
||||||
{:error, error} ->
|
{:error, error} ->
|
||||||
Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}"
|
Logger.warn "MediaProxy: request failed, error #{inspect error}, link: #{link}"
|
||||||
{:error, error}
|
{:error, {:http, error, link}}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@cache_control %{
|
defp set_cache_header(conn, key) do
|
||||||
default: "public, max-age=1209600",
|
Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key])
|
||||||
error: "public, must-revalidate, max-age=160",
|
end
|
||||||
}
|
|
||||||
|
|
||||||
defp set_cache_header(conn, true), do: set_cache_header(conn, :default)
|
defp redirect_or_error(conn, url, true), do: redirect(conn, external: url)
|
||||||
defp set_cache_header(conn, false), do: set_cache_header(conn, :error)
|
defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url)
|
||||||
defp set_cache_header(conn, key) when is_atom(key), do: set_cache_header(conn, @cache_control[key])
|
|
||||||
defp set_cache_header(conn, value) when is_binary(value), do: Plug.Conn.put_resp_header(conn, "cache-control", value)
|
defp send_error(conn, code, body \\ "") do
|
||||||
|
conn
|
||||||
|
|> set_cache_header(:error)
|
||||||
|
|> send_resp(code, body)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,23 +1,25 @@
|
||||||
defmodule Pleroma.Web.MediaProxy do
|
defmodule Pleroma.Web.MediaProxy do
|
||||||
@base64_opts [padding: false]
|
@base64_opts [padding: false]
|
||||||
@base64_key Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
|
||||||
|
|
||||||
def url(nil), do: nil
|
def url(nil), do: nil
|
||||||
|
|
||||||
def url(url) do
|
def url(url) do
|
||||||
if String.starts_with?(url, Pleroma.Web.base_url) do
|
config = Application.get_env(:pleroma, :media_proxy, [])
|
||||||
|
if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url) do
|
||||||
url
|
url
|
||||||
else
|
else
|
||||||
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
||||||
base64 = Base.url_encode64(url, @base64_opts)
|
base64 = Base.url_encode64(url, @base64_opts)
|
||||||
sig = :crypto.hmac(:sha, @base64_key, base64)
|
sig = :crypto.hmac(:sha, secret, base64)
|
||||||
sig64 = sig |> Base.url_encode64(@base64_opts)
|
sig64 = sig |> Base.url_encode64(@base64_opts)
|
||||||
cache_url("#{sig64}/#{base64}")
|
Keyword.get(config, :base_url, Pleroma.Web.base_url) <> "/proxy/#{sig64}/#{base64}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def decode_url(sig, url) do
|
def decode_url(sig, url) do
|
||||||
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
||||||
sig = Base.url_decode64!(sig, @base64_opts)
|
sig = Base.url_decode64!(sig, @base64_opts)
|
||||||
local_sig = :crypto.hmac(:sha, @base64_key, url)
|
local_sig = :crypto.hmac(:sha, secret, url)
|
||||||
if local_sig == sig do
|
if local_sig == sig do
|
||||||
{:ok, Base.url_decode64!(url, @base64_opts)}
|
{:ok, Base.url_decode64!(url, @base64_opts)}
|
||||||
else
|
else
|
||||||
|
@ -25,9 +27,4 @@ def decode_url(sig, url) do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp cache_url(path) do
|
|
||||||
"/proxy/" <> path
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue