akkoma/lib/pleroma/web/media_proxy.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MediaProxy do
  alias Pleroma.Config
  alias Pleroma.Helpers.UriHelper
  alias Pleroma.Upload
  alias Pleroma.Web
  alias Pleroma.Web.MediaProxy.Invalidation

  @base64_opts [padding: false]
  @cache_table :banned_urls_cache

  def cache_table, do: @cache_table

  @spec in_banned_urls(String.t()) :: boolean()
  def in_banned_urls(url), do: elem(Cachex.exists?(@cache_table, url(url)), 1)

  def remove_from_banned_urls(urls) when is_list(urls) do
    Cachex.execute!(@cache_table, fn cache ->
      Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))
    end)
  end

  def remove_from_banned_urls(url) when is_binary(url) do
    Cachex.del(@cache_table, url(url))
  end

  def put_in_banned_urls(urls) when is_list(urls) do
    Cachex.execute!(@cache_table, fn cache ->
      Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))
    end)
  end

  def put_in_banned_urls(url) when is_binary(url) do
    Cachex.put(@cache_table, url(url), true)
  end

  def url(url) when is_nil(url) or url == "", do: nil
  def url("/" <> _ = url), do: url

  def url(url) do
    if enabled?() and url_proxiable?(url) do
      encode_url(url)
    else
      url
    end
  end

  @spec url_proxiable?(String.t()) :: boolean()
  def url_proxiable?(url) do
    not local?(url) and not whitelisted?(url)
  end

  def preview_url(url, preview_params \\ []) do
    if preview_enabled?() do
      encode_preview_url(url, preview_params)
    else
      url(url)
    end
  end

  def enabled?, do: Config.get([:media_proxy, :enabled], false)

  # Note: media proxy must be enabled for media preview proxy in order to load all
  #   non-local non-whitelisted URLs through it and be sure that body size constraint is preserved.
  def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :enabled])

  def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())

  def whitelisted?(url) do
    %{host: domain} = URI.parse(url)

    mediaproxy_whitelist_domains =
      [:media_proxy, :whitelist]
      |> Config.get()
      |> Enum.map(&maybe_get_domain_from_url/1)

    whitelist_domains =
      if base_url = Config.get([Upload, :base_url]) do
        %{host: base_domain} = URI.parse(base_url)
        [base_domain | mediaproxy_whitelist_domains]
      else
        mediaproxy_whitelist_domains
      end

    domain in whitelist_domains
  end

  defp maybe_get_domain_from_url("http" <> _ = url) do
    URI.parse(url).host
  end

  defp maybe_get_domain_from_url(domain), do: domain

  defp base64_sig64(url) do
    base64 = Base.url_encode64(url, @base64_opts)

    sig64 =
      base64
      |> signed_url()
      |> Base.url_encode64(@base64_opts)

    {base64, sig64}
  end

  def encode_url(url) do
    {base64, sig64} = base64_sig64(url)

    build_url(sig64, base64, filename(url))
  end

  def encode_preview_url(url, preview_params \\ []) do
    {base64, sig64} = base64_sig64(url)

    build_preview_url(sig64, base64, filename(url), preview_params)
  end

  def decode_url(sig, url) do
    with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
         signature when signature == sig <- signed_url(url) do
      {:ok, Base.url_decode64!(url, @base64_opts)}
    else
      _ -> {:error, :invalid_signature}
    end
  end

  defp signed_url(url) do
    :crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)
  end

  def filename(url_or_path) do
    if path = URI.parse(url_or_path).path, do: Path.basename(path)
  end

  def base_url do
    Config.get([:media_proxy, :base_url], Web.base_url())
  end

  defp proxy_url(path, sig_base64, url_base64, filename) do
    [
      base_url(),
      path,
      sig_base64,
      url_base64,
      filename
    ]
    |> Enum.filter(& &1)
    |> Path.join()
  end

  def build_url(sig_base64, url_base64, filename \\ nil) do
    proxy_url("proxy", sig_base64, url_base64, filename)
  end

  def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do
    uri = proxy_url("proxy/preview", sig_base64, url_base64, filename)

    UriHelper.modify_uri_params(uri, preview_params)
  end

  def verify_request_path_and_url(
        %Plug.Conn{params: %{"filename" => _}, request_path: request_path},
        url
      ) do
    verify_request_path_and_url(request_path, url)
  end

  def verify_request_path_and_url(request_path, url) when is_binary(request_path) do
    filename = filename(url)

    if filename && not basename_matches?(request_path, filename) do
      {:wrong_filename, filename}
    else
      :ok
    end
  end

  def verify_request_path_and_url(_, _), do: :ok

  defp basename_matches?(path, filename) do
    basename = Path.basename(path)
    basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename
  end
end
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# Pleroma: A lightweight social networking server`
Update Copyrights 2020-03-03 22:44:49 +00:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
add license boilerplate to pleroma core 2018-12-23 20:04:54 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`defmodule Pleroma.Web.MediaProxy do`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`alias Pleroma.Config`
[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`alias Pleroma.Helpers.UriHelper`
Fix/mediaproxy whitelist base url 2019-08-02 17:07:09 +00:00			`alias Pleroma.Upload`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`alias Pleroma.Web`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`alias Pleroma.Web.MediaProxy.Invalidation`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`@base64_opts [padding: false]`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`@cache_table :banned_urls_cache`

			`def cache_table, do: @cache_table`
mediaproxy: fix empty url & add some tests 2018-11-20 16:46:54 +00:00
Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`@spec in_banned_urls(String.t()) :: boolean()`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`def in_banned_urls(url), do: elem(Cachex.exists?(@cache_table, url(url)), 1)`
fix invalidates media url's 2020-06-14 18:02:57 +00:00
Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`def remove_from_banned_urls(urls) when is_list(urls) do`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`Cachex.execute!(@cache_table, fn cache ->`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`Enum.each(Invalidation.prepare_urls(urls), &Cachex.del(cache, &1))`
			`end)`
			`end`

Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`def remove_from_banned_urls(url) when is_binary(url) do`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`Cachex.del(@cache_table, url(url))`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`end`

Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`def put_in_banned_urls(urls) when is_list(urls) do`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`Cachex.execute!(@cache_table, fn cache ->`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`Enum.each(Invalidation.prepare_urls(urls), &Cachex.put(cache, &1, true))`
			`end)`
			`end`

Change references from "deleted_urls" to "banned_urls" as nothing is handled via media deletions anymore; all actions are manual operations by an admin to ban the url 2020-06-17 18:13:55 +00:00			`def put_in_banned_urls(url) when is_binary(url) do`
added paginate+search for admin/MediaProxy URLs 2020-08-11 07:28:35 +00:00			`Cachex.put(@cache_table, url(url), true)`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`end`

added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`def url(url) when is_nil(url) or url == "", do: nil`
Make credo happy 2019-02-03 17:44:18 +00:00			`def url("/" <> _ = url), do: url`
proxy emojis (i fix emojos better than gargon but sshhhhh) 2017-12-12 11:30:24 +00:00
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`def url(url) do`
[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`if enabled?() and url_proxiable?(url) do`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`encode_url(url)`
[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`else`
			`url`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`end`
			`end`
Format the code. 2018-03-30 13:01:53 +00:00
Remove misleading is_ prefix from boolean function 2020-06-17 18:02:01 +00:00			`@spec url_proxiable?(String.t()) :: boolean()`
			`def url_proxiable?(url) do`
[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`not local?(url) and not whitelisted?(url)`
fix invalidates media url's 2020-06-14 18:02:57 +00:00			`end`

[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`def preview_url(url, preview_params \\ []) do`
[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`if preview_enabled?() do`
[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`encode_preview_url(url, preview_params)`
[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`else`
[#2497] Made media preview proxy fall back to media proxy instead of to source url. Adjusted tests. Refactoring. 2020-09-05 13:16:35 +00:00			`url(url)`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`end`
			`end`

[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`def enabled?, do: Config.get([:media_proxy, :enabled], false)`
Media proxy: fix url encoding 2018-12-07 20:44:04 +00:00
[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`# Note: media proxy must be enabled for media preview proxy in order to load all`
			`# non-local non-whitelisted URLs through it and be sure that body size constraint is preserved.`
[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :enabled])`
media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00
[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())`

			`def whitelisted?(url) do`
Use Pleroma.Config everywhere 2019-05-30 08:33:58 +00:00			`%{host: domain} = URI.parse(url)`

MediaProxy whitelist setting now supports hosts with scheme added deprecation warning about using bare domains 2020-07-11 07:36:36 +00:00			`mediaproxy_whitelist_domains =`
			`[:media_proxy, :whitelist]`
			`\|> Config.get()`
			`\|> Enum.map(&maybe_get_domain_from_url/1)`

			`whitelist_domains =`
			`if base_url = Config.get([Upload, :base_url]) do`
			`%{host: base_domain} = URI.parse(base_url)`
			`[base_domain \| mediaproxy_whitelist_domains]`
Fix/mediaproxy whitelist base url 2019-08-02 17:07:09 +00:00			`else`
MediaProxy whitelist setting now supports hosts with scheme added deprecation warning about using bare domains 2020-07-11 07:36:36 +00:00			`mediaproxy_whitelist_domains`
Fix/mediaproxy whitelist base url 2019-08-02 17:07:09 +00:00			`end`

MediaProxy whitelist setting now supports hosts with scheme added deprecation warning about using bare domains 2020-07-11 07:36:36 +00:00			`domain in whitelist_domains`
			`end`
Fix/mediaproxy whitelist base url 2019-08-02 17:07:09 +00:00
MediaProxy whitelist setting now supports hosts with scheme added deprecation warning about using bare domains 2020-07-11 07:36:36 +00:00			`defp maybe_get_domain_from_url("http" <> _ = url) do`
			`URI.parse(url).host`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`

MediaProxy whitelist setting now supports hosts with scheme added deprecation warning about using bare domains 2020-07-11 07:36:36 +00:00			`defp maybe_get_domain_from_url(domain), do: domain`

Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`defp base64_sig64(url) do`
make sure the url used by proxy is same as origin url encoding or decoding it breaks some of the signed url 2019-07-07 08:28:40 +00:00			`base64 = Base.url_encode64(url, @base64_opts)`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00
			`sig64 =`
			`base64`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`\|> signed_url()`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`\|> Base.url_encode64(@base64_opts)`
Add mediaproxy whitelist capability 2019-04-25 23:11:47 +00:00
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`{base64, sig64}`
			`end`

			`def encode_url(url) do`
			`{base64, sig64} = base64_sig64(url)`

Add mediaproxy whitelist capability 2019-04-25 23:11:47 +00:00			`build_url(sig64, base64, filename(url))`
			`end`

[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`def encode_preview_url(url, preview_params \\ []) do`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`{base64, sig64} = base64_sig64(url)`

[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`build_preview_url(sig64, base64, filename(url), preview_params)`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`end`

media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`def decode_url(sig, url) do`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),`
			`signature when signature == sig <- signed_url(url) do`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`{:ok, Base.url_decode64!(url, @base64_opts)}`
			`else`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`_ -> {:error, :invalid_signature}`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`
			`end`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`defp signed_url(url) do`
			`:crypto.hmac(:sha, Config.get([Web.Endpoint, :secret_key_base]), url)`
			`end`

reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`def filename(url_or_path) do`
			`if path = URI.parse(url_or_path).path, do: Path.basename(path)`
			`end`

[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`def base_url do`
			`Config.get([:media_proxy, :base_url], Web.base_url())`
			`end`

Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`defp proxy_url(path, sig_base64, url_base64, filename) do`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`[`
[#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. 2020-09-05 17:19:09 +00:00			`base_url(),`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`path,`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`sig_base64,`
			`url_base64,`
			`filename`
			`]`
added tests for Web.MediaProxy 2019-07-14 21:01:32 +00:00			`\|> Enum.filter(& &1)`
reverse proxy / uploads 2018-11-23 16:40:45 +00:00			`\|> Path.join()`
			`end`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00
			`def build_url(sig_base64, url_base64, filename \\ nil) do`
			`proxy_url("proxy", sig_base64, url_base64, filename)`
			`end`

[#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). 2020-09-03 17:13:29 +00:00			`def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do`
			`uri = proxy_url("proxy/preview", sig_base64, url_base64, filename)`

[#2497] Media preview proxy: misc. improvements (`static` param support, dynamic fifo pipe path), refactoring. 2020-09-16 19:30:42 +00:00			`UriHelper.modify_uri_params(uri, preview_params)`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`end`

[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`def verify_request_path_and_url(`
			`%Plug.Conn{params: %{"filename" => _}, request_path: request_path},`
			`url`
			`) do`
			`verify_request_path_and_url(request_path, url)`
			`end`

			`def verify_request_path_and_url(request_path, url) when is_binary(request_path) do`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`filename = filename(url)`

[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`if filename && not basename_matches?(request_path, filename) do`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00			`{:wrong_filename, filename}`
			`else`
			`:ok`
			`end`
			`end`

[#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. 2020-05-11 20:21:53 +00:00			`def verify_request_path_and_url(_, _), do: :ok`
Initial implementation of image preview proxy. Media proxy tests refactoring. 2020-05-08 20:06:47 +00:00
			`defp basename_matches?(path, filename) do`
			`basename = Path.basename(path)`
			`basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename`
			`end`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`