Initial implementation of image preview proxy. Media proxy tests refactoring.

config/config.exs

@@ -388,6 +388,11 @@
   ],
   whitelist: []
 
+config :pleroma, :media_preview_proxy,
+  enabled: false,
+  limit_dimensions: "400x200",
+  max_body_length: 25 * 1_048_576
+
 config :pleroma, :chat, enabled: true
 
 config :phoenix, :format_encoders, json: Jason

lib/pleroma/helpers/mogrify_helper.ex

@@ -0,0 +1,25 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Helpers.MogrifyHelper do
+  @moduledoc """
+  Handles common Mogrify operations.
+  """
+
+  @spec store_as_temporary_file(String.t(), binary()) :: {:ok, String.t()} | {:error, atom()}
+  @doc "Stores binary content fetched from specified URL as a temporary file."
+  def store_as_temporary_file(url, body) do
+    path = Mogrify.temporary_path_for(%{path: url})
+    with :ok <- File.write(path, body), do: {:ok, path}
+  end
+
+  @spec store_as_temporary_file(String.t(), String.t()) :: Mogrify.Image.t() | any()
+  @doc "Modifies file at specified path by resizing to specified limit dimensions."
+  def in_place_resize_to_limit(path, resize_dimensions) do
+    path
+    |> Mogrify.open()
+    |> Mogrify.resize_to_limit(resize_dimensions)
+    |> Mogrify.save(in_place: true)
+  end
+end

lib/pleroma/web/mastodon_api/views/status_view.ex

@@ -419,6 +419,7 @@ def render("attachment.json", %{attachment: attachment}) do
     [attachment_url | _] = attachment["url"]
     media_type = attachment_url["mediaType"] || attachment_url["mimeType"] || "image"
     href = attachment_url["href"] |> MediaProxy.url()
+    href_preview = attachment_url["href"] |> MediaProxy.preview_url()
 
     type =
       cond do
@@ -434,7 +435,7 @@ def render("attachment.json", %{attachment: attachment}) do
       id: to_string(attachment["id"] || hash_id),
       url: href,
       remote_url: href,
-      preview_url: href,
+      preview_url: href_preview,
       text_url: href,
       type: type,
       description: attachment["name"],

lib/pleroma/web/media_proxy/media_proxy.ex

@@ -20,6 +20,14 @@ def url(url) do
     end
   end
 
+  def preview_url(url) do
+    if disabled?() or whitelisted?(url) do
+      url
+    else
+      encode_preview_url(url)
+    end
+  end
+
   defp disabled?, do: !Config.get([:media_proxy, :enabled], false)
 
   defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
@@ -43,17 +51,29 @@ defp whitelisted?(url) do
     end)
   end
 
-  def encode_url(url) do
+  defp base64_sig64(url) do
     base64 = Base.url_encode64(url, @base64_opts)
 
     sig64 =
       base64
-      |> signed_url
+      |> signed_url()
       |> Base.url_encode64(@base64_opts)
 
+    {base64, sig64}
+  end
+
+  def encode_url(url) do
+    {base64, sig64} = base64_sig64(url)
+
     build_url(sig64, base64, filename(url))
   end
 
+  def encode_preview_url(url) do
+    {base64, sig64} = base64_sig64(url)
+
+    build_preview_url(sig64, base64, filename(url))
+  end
+
   def decode_url(sig, url) do
     with {:ok, sig} <- Base.url_decode64(sig, @base64_opts),
          signature when signature == sig <- signed_url(url) do
@@ -71,10 +91,10 @@ def filename(url_or_path) do
     if path = URI.parse(url_or_path).path, do: Path.basename(path)
   end
 
-  def build_url(sig_base64, url_base64, filename \\ nil) do
+  defp proxy_url(path, sig_base64, url_base64, filename) do
     [
       Pleroma.Config.get([:media_proxy, :base_url], Web.base_url()),
-      "proxy",
+      path,
       sig_base64,
       url_base64,
       filename
@@ -82,4 +102,29 @@ def build_url(sig_base64, url_base64, filename \\ nil) do
     |> Enum.filter(& &1)
     |> Path.join()
   end
+
+  def build_url(sig_base64, url_base64, filename \\ nil) do
+    proxy_url("proxy", sig_base64, url_base64, filename)
+  end
+
+  def build_preview_url(sig_base64, url_base64, filename \\ nil) do
+    proxy_url("proxy/preview", sig_base64, url_base64, filename)
+  end
+
+  def filename_matches(%{"filename" => _} = _, path, url) do
+    filename = filename(url)
+
+    if filename && not basename_matches?(path, filename) do
+      {:wrong_filename, filename}
+    else
+      :ok
+    end
+  end
+
+  def filename_matches(_, _, _), do: :ok
+
+  defp basename_matches?(path, filename) do
+    basename = Path.basename(path)
+    basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename
+  end
 end

lib/pleroma/web/media_proxy/media_proxy_controller.ex

@@ -5,19 +5,21 @@
 defmodule Pleroma.Web.MediaProxy.MediaProxyController do
   use Pleroma.Web, :controller
 
+  alias Pleroma.Config
+  alias Pleroma.Helpers.MogrifyHelper
   alias Pleroma.ReverseProxy
   alias Pleroma.Web.MediaProxy
 
   @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]]
 
   def remote(conn, %{"sig" => sig64, "url" => url64} = params) do
-    with config <- Pleroma.Config.get([:media_proxy], []),
+    with config <- Config.get([:media_proxy], []),
-         true <- Keyword.get(config, :enabled, false),
+         {_, true} <- {:enabled, Keyword.get(config, :enabled, false)},
          {:ok, url} <- MediaProxy.decode_url(sig64, url64),
-         :ok <- filename_matches(params, conn.request_path, url) do
+         :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do
       ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts))
     else
-      false ->
+      {:enabled, false} ->
         send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404))
 
       {:error, :invalid_signature} ->
@@ -28,20 +30,68 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do
     end
   end
 
-  def filename_matches(%{"filename" => _} = _, path, url) do
+  def preview(conn, %{"sig" => sig64, "url" => url64} = params) do
-    filename = MediaProxy.filename(url)
+    with {_, true} <- {:enabled, Config.get([:media_preview_proxy, :enabled], false)},
-
+         {:ok, url} <- MediaProxy.decode_url(sig64, url64),
-    if filename && does_not_match(path, filename) do
+         :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do
-      {:wrong_filename, filename}
+      handle_preview(conn, url)
     else
-      :ok
+      {:enabled, false} ->
+        send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404))
+
+      {:error, :invalid_signature} ->
+        send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403))
+
+      {:wrong_filename, filename} ->
+        redirect(conn, external: MediaProxy.build_preview_url(sig64, url64, filename))
     end
   end
 
-  def filename_matches(_, _, _), do: :ok
+  defp handle_preview(conn, url) do
+    with {:ok, %{status: status} = head_response} when status in 200..299 <- Tesla.head(url),
+         {_, true} <- {:acceptable_content_length, acceptable_body_length?(head_response)} do
+      content_type = Tesla.get_header(head_response, "content-type")
+      handle_preview(content_type, conn, url)
+    else
+      {_, %{status: status}} ->
+        send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).")
 
-  defp does_not_match(path, filename) do
+      {:acceptable_content_length, false} ->
-    basename = Path.basename(path)
+        send_resp(conn, :unprocessable_entity, "Source file size exceeds limit.")
-    basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename
+    end
+  end
+
+  defp handle_preview("image/" <> _, %{params: params} = conn, url) do
+    with {:ok, %{status: status, body: body}} when status in 200..299 <- Tesla.get(url),
+         {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body),
+         resize_dimensions <-
+           Map.get(
+             params,
+             "limit_dimensions",
+             Config.get([:media_preview_proxy, :limit_dimensions])
+           ),
+         %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions) do
+      send_file(conn, 200, path)
+    else
+      {_, %{status: _}} ->
+        send_resp(conn, :failed_dependency, "Can't fetch the image.")
+
+      _ ->
+        send_resp(conn, :failed_dependency, "Can't handle image preview.")
+    end
+  end
+
+  defp handle_preview(content_type, conn, _url) do
+    send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.")
+  end
+
+  defp acceptable_body_length?(head_response) do
+    max_body_length = Config.get([:media_preview_proxy, :max_body_length], nil)
+    content_length = Tesla.get_header(head_response, "content-length")
+    content_length = with {int, _} <- Integer.parse(content_length), do: int
+
+    content_length == :error or
+      max_body_length in [nil, :infinity] or
+      content_length <= max_body_length
   end
 end

lib/pleroma/web/router.ex

@@ -663,6 +663,8 @@ defmodule Pleroma.Web.Router do
   end
 
   scope "/proxy/", Pleroma.Web.MediaProxy do
+    get("/preview/:sig/:url", MediaProxyController, :preview)
+    get("/preview/:sig/:url/:filename", MediaProxyController, :preview)
     get("/:sig/:url", MediaProxyController, :remote)
     get("/:sig/:url/:filename", MediaProxyController, :remote)
   end

test/web/media_proxy/media_proxy_test.exs

@@ -5,42 +5,44 @@
 defmodule Pleroma.Web.MediaProxyTest do
   use ExUnit.Case
   use Pleroma.Tests.Helpers
-  import Pleroma.Web.MediaProxy
-  alias Pleroma.Web.MediaProxy.MediaProxyController
 
-  setup do: clear_config([:media_proxy, :enabled])
+  alias Pleroma.Config
-  setup do: clear_config(Pleroma.Upload)
+  alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.MediaProxy
 
-  describe "when enabled" do
+  defp decode_result(encoded) do
-    setup do
+    [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
-      Pleroma.Config.put([:media_proxy, :enabled], true)
+    {:ok, decoded} = MediaProxy.decode_url(sig, base64)
-      :ok
+    decoded
   end
 
+  describe "when enabled" do
+    setup do: clear_config([:media_proxy, :enabled], true)
+
     test "ignores invalid url" do
-      assert url(nil) == nil
+      assert MediaProxy.url(nil) == nil
-      assert url("") == nil
+      assert MediaProxy.url("") == nil
     end
 
     test "ignores relative url" do
-      assert url("/local") == "/local"
+      assert MediaProxy.url("/local") == "/local"
-      assert url("/") == "/"
+      assert MediaProxy.url("/") == "/"
     end
 
     test "ignores local url" do
-      local_url = Pleroma.Web.Endpoint.url() <> "/hello"
+      local_url = Endpoint.url() <> "/hello"
-      local_root = Pleroma.Web.Endpoint.url()
+      local_root = Endpoint.url()
-      assert url(local_url) == local_url
+      assert MediaProxy.url(local_url) == local_url
-      assert url(local_root) == local_root
+      assert MediaProxy.url(local_root) == local_root
     end
 
     test "encodes and decodes URL" do
       url = "https://pleroma.soykaf.com/static/logo.png"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
 
       assert String.starts_with?(
                encoded,
-               Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url())
+               Config.get([:media_proxy, :base_url], Pleroma.Web.base_url())
              )
 
       assert String.ends_with?(encoded, "/logo.png")
@@ -50,62 +52,59 @@ test "encodes and decodes URL" do
 
     test "encodes and decodes URL without a path" do
       url = "https://pleroma.soykaf.com"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert decode_result(encoded) == url
     end
 
     test "encodes and decodes URL without an extension" do
       url = "https://pleroma.soykaf.com/path/"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert String.ends_with?(encoded, "/path")
       assert decode_result(encoded) == url
     end
 
     test "encodes and decodes URL and ignores query params for the path" do
       url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert String.ends_with?(encoded, "/logo.png")
       assert decode_result(encoded) == url
     end
 
     test "validates signature" do
-      secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
+      secret_key_base = Config.get([Endpoint, :secret_key_base])
+      clear_config([Endpoint, :secret_key_base], secret_key_base)
 
-      on_exit(fn ->
+      encoded = MediaProxy.url("https://pleroma.social")
-        Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base)
-      end)
 
-      encoded = url("https://pleroma.social")
+      Config.put(
-
+        [Endpoint, :secret_key_base],
-      Pleroma.Config.put(
-        [Pleroma.Web.Endpoint, :secret_key_base],
         "00000000000000000000000000000000000000000000000"
       )
 
       [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
-      assert decode_url(sig, base64) == {:error, :invalid_signature}
+      assert MediaProxy.decode_url(sig, base64) == {:error, :invalid_signature}
     end
 
-    test "filename_matches preserves the encoded or decoded path" do
+    test "`filename_matches/_` preserves the encoded or decoded path" do
-      assert MediaProxyController.filename_matches(
+      assert MediaProxy.filename_matches(
                %{"filename" => "/Hello world.jpg"},
                "/Hello world.jpg",
                "http://pleroma.social/Hello world.jpg"
              ) == :ok
 
-      assert MediaProxyController.filename_matches(
+      assert MediaProxy.filename_matches(
                %{"filename" => "/Hello%20world.jpg"},
                "/Hello%20world.jpg",
                "http://pleroma.social/Hello%20world.jpg"
              ) == :ok
 
-      assert MediaProxyController.filename_matches(
+      assert MediaProxy.filename_matches(
                %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"},
                "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg",
                "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
              ) == :ok
 
-      assert MediaProxyController.filename_matches(
+      assert MediaProxy.filename_matches(
                %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"},
                "/my%2Flong%2Furl%2F2019%2F07%2FS.jp",
                "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
@@ -116,7 +115,7 @@ test "encoded url are tried to match for proxy as `conn.request_path` encodes th
       # conn.request_path will return encoded url
       request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg"
 
-      assert MediaProxyController.filename_matches(
+      assert MediaProxy.filename_matches(
                true,
                request_path,
                "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg"
@@ -124,20 +123,12 @@ test "encoded url are tried to match for proxy as `conn.request_path` encodes th
     end
 
     test "uses the configured base_url" do
-      base_url = Pleroma.Config.get([:media_proxy, :base_url])
+      clear_config([:media_proxy, :base_url], "https://cache.pleroma.social")
-
-      if base_url do
-        on_exit(fn ->
-          Pleroma.Config.put([:media_proxy, :base_url], base_url)
-        end)
-      end
-
-      Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
 
       url = "https://pleroma.soykaf.com/static/logo.png"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
 
-      assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url]))
+      assert String.starts_with?(encoded, Config.get([:media_proxy, :base_url]))
     end
 
     # Some sites expect ASCII encoded characters in the URL to be preserved even if
@@ -148,7 +139,7 @@ test "preserve ASCII encoding" do
       url =
         "https://pleroma.com/%20/%21/%22/%23/%24/%25/%26/%27/%28/%29/%2A/%2B/%2C/%2D/%2E/%2F/%30/%31/%32/%33/%34/%35/%36/%37/%38/%39/%3A/%3B/%3C/%3D/%3E/%3F/%40/%41/%42/%43/%44/%45/%46/%47/%48/%49/%4A/%4B/%4C/%4D/%4E/%4F/%50/%51/%52/%53/%54/%55/%56/%57/%58/%59/%5A/%5B/%5C/%5D/%5E/%5F/%60/%61/%62/%63/%64/%65/%66/%67/%68/%69/%6A/%6B/%6C/%6D/%6E/%6F/%70/%71/%72/%73/%74/%75/%76/%77/%78/%79/%7A/%7B/%7C/%7D/%7E/%7F/%80/%81/%82/%83/%84/%85/%86/%87/%88/%89/%8A/%8B/%8C/%8D/%8E/%8F/%90/%91/%92/%93/%94/%95/%96/%97/%98/%99/%9A/%9B/%9C/%9D/%9E/%9F/%C2%A0/%A1/%A2/%A3/%A4/%A5/%A6/%A7/%A8/%A9/%AA/%AB/%AC/%C2%AD/%AE/%AF/%B0/%B1/%B2/%B3/%B4/%B5/%B6/%B7/%B8/%B9/%BA/%BB/%BC/%BD/%BE/%BF/%C0/%C1/%C2/%C3/%C4/%C5/%C6/%C7/%C8/%C9/%CA/%CB/%CC/%CD/%CE/%CF/%D0/%D1/%D2/%D3/%D4/%D5/%D6/%D7/%D8/%D9/%DA/%DB/%DC/%DD/%DE/%DF/%E0/%E1/%E2/%E3/%E4/%E5/%E6/%E7/%E8/%E9/%EA/%EB/%EC/%ED/%EE/%EF/%F0/%F1/%F2/%F3/%F4/%F5/%F6/%F7/%F8/%F9/%FA/%FB/%FC/%FD/%FE/%FF"
 
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert decode_result(encoded) == url
     end
 
@@ -159,77 +150,55 @@ test "preserve non-unicode characters per RFC3986" do
       url =
         "https://pleroma.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-._~:/?#[]@!$&'()*+,;=|^`{}"
 
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert decode_result(encoded) == url
     end
 
     test "preserve unicode characters" do
       url = "https://ko.wikipedia.org/wiki/위키백과:대문"
 
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
       assert decode_result(encoded) == url
     end
   end
 
   describe "when disabled" do
-    setup do
+    setup do: clear_config([:media_proxy, :enabled], false)
-      enabled = Pleroma.Config.get([:media_proxy, :enabled])
-
-      if enabled do
-        Pleroma.Config.put([:media_proxy, :enabled], false)
-
-        on_exit(fn ->
-          Pleroma.Config.put([:media_proxy, :enabled], enabled)
-          :ok
-        end)
-      end
-
-      :ok
-    end
 
     test "does not encode remote urls" do
-      assert url("https://google.fr") == "https://google.fr"
+      assert MediaProxy.url("https://google.fr") == "https://google.fr"
     end
   end
 
-  defp decode_result(encoded) do
-    [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
-    {:ok, decoded} = decode_url(sig, base64)
-    decoded
-  end
-
   describe "whitelist" do
-    setup do
+    setup do: clear_config([:media_proxy, :enabled], true)
-      Pleroma.Config.put([:media_proxy, :enabled], true)
-      :ok
-    end
 
     test "mediaproxy whitelist" do
-      Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
+      clear_config([:media_proxy, :whitelist], ["google.com", "feld.me"])
       url = "https://feld.me/foo.png"
 
-      unencoded = url(url)
+      unencoded = MediaProxy.url(url)
       assert unencoded == url
     end
 
     test "does not change whitelisted urls" do
-      Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"])
+      clear_config([:media_proxy, :whitelist], ["mycdn.akamai.com"])
-      Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social")
+      clear_config([:media_proxy, :base_url], "https://cache.pleroma.social")
 
       media_url = "https://mycdn.akamai.com"
 
       url = "#{media_url}/static/logo.png"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
 
       assert String.starts_with?(encoded, media_url)
     end
 
     test "ensure Pleroma.Upload base_url is always whitelisted" do
       media_url = "https://media.pleroma.social"
-      Pleroma.Config.put([Pleroma.Upload, :base_url], media_url)
+      clear_config([Pleroma.Upload, :base_url], media_url)
 
       url = "#{media_url}/static/logo.png"
-      encoded = url(url)
+      encoded = MediaProxy.url(url)
 
       assert String.starts_with?(encoded, media_url)
     end