9b553a1087
* Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago)
135 lines
4.3 KiB
Elixir
135 lines
4.3 KiB
Elixir
defmodule Pleroma.Web.MediaProxy.MediaProxyController do
|
|
use Pleroma.Web, :controller
|
|
require Logger
|
|
|
|
@httpoison Application.get_env(:pleroma, :httpoison)
|
|
|
|
@max_body_length 25 * 1_048_576
|
|
|
|
@cache_control %{
|
|
default: "public, max-age=1209600",
|
|
error: "public, must-revalidate, max-age=160"
|
|
}
|
|
|
|
# Content-types that will not be returned as content-disposition attachments
|
|
# Override with :media_proxy, :safe_content_types in the configuration
|
|
@safe_content_types [
|
|
"image/gif",
|
|
"image/jpeg",
|
|
"image/jpg",
|
|
"image/png",
|
|
"image/svg+xml",
|
|
"audio/mpeg",
|
|
"audio/mp3",
|
|
"video/webm",
|
|
"video/mp4"
|
|
]
|
|
|
|
def remote(conn, params = %{"sig" => sig, "url" => url}) do
|
|
config = Application.get_env(:pleroma, :media_proxy, [])
|
|
|
|
with true <- Keyword.get(config, :enabled, false),
|
|
{:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
|
|
filename <- Path.basename(url),
|
|
true <-
|
|
if(Map.get(params, "filename"),
|
|
do: filename == Path.basename(conn.request_path),
|
|
else: true
|
|
),
|
|
{:ok, content_type, body} <- proxy_request(url),
|
|
safe_content_type <-
|
|
Enum.member?(
|
|
Keyword.get(config, :safe_content_types, @safe_content_types),
|
|
content_type
|
|
) do
|
|
conn
|
|
|> put_resp_content_type(content_type)
|
|
|> set_cache_header(:default)
|
|
|> put_resp_header(
|
|
"content-security-policy",
|
|
"default-src 'none'; style-src 'unsafe-inline'; media-src data:; img-src 'self' data:"
|
|
)
|
|
|> put_resp_header("x-xss-protection", "1; mode=block")
|
|
|> put_resp_header("x-content-type-options", "nosniff")
|
|
|> put_attachement_header(safe_content_type, filename)
|
|
|> send_resp(200, body)
|
|
else
|
|
false ->
|
|
send_error(conn, 404)
|
|
|
|
{:error, :invalid_signature} ->
|
|
send_error(conn, 403)
|
|
|
|
{:error, {:http, _, url}} ->
|
|
redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true))
|
|
end
|
|
end
|
|
|
|
defp proxy_request(link) do
|
|
headers = [
|
|
{"user-agent",
|
|
"Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{
|
|
Application.get_env(:pleroma, :instance)[:email]
|
|
}>"}
|
|
]
|
|
|
|
options =
|
|
@httpoison.process_request_options([:insecure, {:follow_redirect, true}]) ++
|
|
[{:pool, :default}]
|
|
|
|
with {:ok, 200, headers, client} <- :hackney.request(:get, link, headers, "", options),
|
|
headers = Enum.into(headers, Map.new()),
|
|
{:ok, body} <- proxy_request_body(client),
|
|
content_type <- proxy_request_content_type(headers, body) do
|
|
{:ok, content_type, body}
|
|
else
|
|
{:ok, status, _, _} ->
|
|
Logger.warn("MediaProxy: request failed, status #{status}, link: #{link}")
|
|
{:error, {:http, :bad_status, link}}
|
|
|
|
{:error, error} ->
|
|
Logger.warn("MediaProxy: request failed, error #{inspect(error)}, link: #{link}")
|
|
{:error, {:http, error, link}}
|
|
end
|
|
end
|
|
|
|
defp set_cache_header(conn, key) do
|
|
Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key])
|
|
end
|
|
|
|
defp redirect_or_error(conn, url, true), do: redirect(conn, external: url)
|
|
defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url)
|
|
|
|
defp send_error(conn, code, body \\ "") do
|
|
conn
|
|
|> set_cache_header(:error)
|
|
|> send_resp(code, body)
|
|
end
|
|
|
|
defp proxy_request_body(client), do: proxy_request_body(client, <<>>)
|
|
|
|
defp proxy_request_body(client, body) when byte_size(body) < @max_body_length do
|
|
case :hackney.stream_body(client) do
|
|
{:ok, data} -> proxy_request_body(client, <<body::binary, data::binary>>)
|
|
:done -> {:ok, body}
|
|
{:error, reason} -> {:error, reason}
|
|
end
|
|
end
|
|
|
|
defp proxy_request_body(client, _) do
|
|
:hackney.close(client)
|
|
{:error, :body_too_large}
|
|
end
|
|
|
|
# TODO: the body is passed here as well because some hosts do not provide a content-type.
|
|
# At some point we may want to use magic numbers to discover the content-type and reply a proper one.
|
|
defp proxy_request_content_type(headers, _body) do
|
|
headers["Content-Type"] || headers["content-type"] || "application/octet-stream"
|
|
end
|
|
|
|
defp put_attachement_header(conn, true, _), do: conn
|
|
|
|
defp put_attachement_header(conn, false, filename) do
|
|
put_resp_header(conn, "content-disposition", "attachment; filename='#{filename}'")
|
|
end
|
|
end
|