akkoma/lib/pleroma/web/media_proxy/controller.ex

defmodule Pleroma.Web.MediaProxy.MediaProxyController do
  use Pleroma.Web, :controller
  require Logger

  @httpoison Application.get_env(:pleroma, :httpoison)

  @max_body_length 25 * 1_048_576

  @cache_control %{
    default: "public, max-age=1209600",
    error: "public, must-revalidate, max-age=160"
  }

  # Content-types that will not be returned as content-disposition attachments
  # Override with :media_proxy, :safe_content_types in the configuration
  @safe_content_types [
    "image/gif",
    "image/jpeg",
    "image/jpg",
    "image/png",
    "image/svg+xml",
    "audio/mpeg",
    "audio/mp3",
    "video/webm",
    "video/mp4"
  ]

  def remote(conn, params = %{"sig" => sig, "url" => url}) do
    config = Application.get_env(:pleroma, :media_proxy, [])

    with true <- Keyword.get(config, :enabled, false),
         {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
         filename <- Path.basename(URI.parse(url).path),
         true <-
           if(Map.get(params, "filename"),
             do: filename == Path.basename(conn.request_path),
             else: true
           ),
         {:ok, content_type, body} <- proxy_request(url),
         safe_content_type <-
           Enum.member?(
             Keyword.get(config, :safe_content_types, @safe_content_types),
             content_type
           ) do
      conn
      |> put_resp_content_type(content_type)
      |> set_cache_header(:default)
      |> put_resp_header(
        "content-security-policy",
        "default-src 'none'; style-src 'unsafe-inline'; media-src data:; img-src 'self' data:"
      )
      |> put_resp_header("x-xss-protection", "1; mode=block")
      |> put_resp_header("x-content-type-options", "nosniff")
      |> put_attachement_header(safe_content_type, filename)
      |> send_resp(200, body)
    else
      false ->
        send_error(conn, 404)

      {:error, :invalid_signature} ->
        send_error(conn, 403)

      {:error, {:http, _, url}} ->
        redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true))
    end
  end

  defp proxy_request(link) do
    headers = [
      {"user-agent",
       "Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{
         Application.get_env(:pleroma, :instance)[:email]
       }>"}
    ]

    options =
      @httpoison.process_request_options([:insecure, {:follow_redirect, true}]) ++
        [{:pool, :default}]

    with {:ok, 200, headers, client} <- :hackney.request(:get, link, headers, "", options),
         headers = Enum.into(headers, Map.new()),
         {:ok, body} <- proxy_request_body(client),
         content_type <- proxy_request_content_type(headers, body) do
      {:ok, content_type, body}
    else
      {:ok, status, _, _} ->
        Logger.warn("MediaProxy: request failed, status #{status}, link: #{link}")
        {:error, {:http, :bad_status, link}}

      {:error, error} ->
        Logger.warn("MediaProxy: request failed, error #{inspect(error)}, link: #{link}")
        {:error, {:http, error, link}}
    end
  end

  defp set_cache_header(conn, key) do
    Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key])
  end

  defp redirect_or_error(conn, url, true), do: redirect(conn, external: url)
  defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url)

  defp send_error(conn, code, body \\ "") do
    conn
    |> set_cache_header(:error)
    |> send_resp(code, body)
  end

  defp proxy_request_body(client), do: proxy_request_body(client, <<>>)

  defp proxy_request_body(client, body) when byte_size(body) < @max_body_length do
    case :hackney.stream_body(client) do
      {:ok, data} -> proxy_request_body(client, <<body::binary, data::binary>>)
      :done -> {:ok, body}
      {:error, reason} -> {:error, reason}
    end
  end

  defp proxy_request_body(client, _) do
    :hackney.close(client)
    {:error, :body_too_large}
  end

  # TODO: the body is passed here as well because some hosts do not provide a content-type.
  # At some point we may want to use magic numbers to discover the content-type and reply a proper one.
  defp proxy_request_content_type(headers, _body) do
    headers["Content-Type"] || headers["content-type"] || "application/octet-stream"
  end

  defp put_attachement_header(conn, true, _), do: conn

  defp put_attachement_header(conn, false, filename) do
    put_resp_header(conn, "content-disposition", "attachment; filename='#{filename}'")
  end
end
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`defmodule Pleroma.Web.MediaProxy.MediaProxyController do`
			`use Pleroma.Web, :controller`
			`require Logger`

apply proxy settings to media_proxy 2017-12-31 14:25:00 +00:00			`@httpoison Application.get_env(:pleroma, :httpoison)`
Use connection pools. 2018-03-19 16:42:09 +00:00
Format the code. 2018-03-30 13:01:53 +00:00			`@max_body_length 25 * 1_048_576`
Limit body size to 25MB 2017-12-11 01:31:37 +00:00
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`@cache_control %{`
			`default: "public, max-age=1209600",`
Format the code. 2018-03-30 13:01:53 +00:00			`error: "public, must-revalidate, max-age=160"`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`}`

media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00			`# Content-types that will not be returned as content-disposition attachments`
			`# Override with :media_proxy, :safe_content_types in the configuration`
			`@safe_content_types [`
			`"image/gif",`
			`"image/jpeg",`
			`"image/jpg",`
			`"image/png",`
			`"image/svg+xml",`
			`"audio/mpeg",`
			`"audio/mp3",`
			`"video/webm",`
			`"video/mp4"`
			`]`

			`def remote(conn, params = %{"sig" => sig, "url" => url}) do`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`config = Application.get_env(:pleroma, :media_proxy, [])`
Format the code. 2018-03-30 13:01:53 +00:00
			`with true <- Keyword.get(config, :enabled, false),`
			`{:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),`
media_proxy: use path only to retrieve filename 2018-11-13 22:41:33 +00:00			`filename <- Path.basename(URI.parse(url).path),`
media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00			`true <-`
			`if(Map.get(params, "filename"),`
			`do: filename == Path.basename(conn.request_path),`
			`else: true`
			`),`
			`{:ok, content_type, body} <- proxy_request(url),`
			`safe_content_type <-`
			`Enum.member?(`
			`Keyword.get(config, :safe_content_types, @safe_content_types),`
			`content_type`
			`) do`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`conn`
			`\|> put_resp_content_type(content_type)`
			`\|> set_cache_header(:default)`
media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00			`\|> put_resp_header(`
			`"content-security-policy",`
			`"default-src 'none'; style-src 'unsafe-inline'; media-src data:; img-src 'self' data:"`
			`)`
			`\|> put_resp_header("x-xss-protection", "1; mode=block")`
			`\|> put_resp_header("x-content-type-options", "nosniff")`
			`\|> put_attachement_header(safe_content_type, filename)`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`\|> send_resp(200, body)`
			`else`
Format the code. 2018-03-30 13:01:53 +00:00			`false ->`
			`send_error(conn, 404)`

			`{:error, :invalid_signature} ->`
			`send_error(conn, 403)`

			`{:error, {:http, _, url}} ->`
			`redirect_or_error(conn, url, Keyword.get(config, :redirect_on_failure, true))`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`
			`end`

			`defp proxy_request(link) do`
Format the code. 2018-03-30 13:01:53 +00:00			`headers = [`
			`{"user-agent",`
			`"Pleroma/MediaProxy; #{Pleroma.Web.base_url()} <#{`
			`Application.get_env(:pleroma, :instance)[:email]`
			`}>"}`
			`]`

			`options =`
			`@httpoison.process_request_options([:insecure, {:follow_redirect, true}]) ++`
			`[{:pool, :default}]`

			`with {:ok, 200, headers, client} <- :hackney.request(:get, link, headers, "", options),`
			`headers = Enum.into(headers, Map.new()),`
			`{:ok, body} <- proxy_request_body(client),`
			`content_type <- proxy_request_content_type(headers, body) do`
fix content-type and fallback to image/jpeg 2017-12-12 10:45:55 +00:00			`{:ok, content_type, body}`
Limit body size to 25MB 2017-12-11 01:31:37 +00:00			`else`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`{:ok, status, _, _} ->`
Format the code. 2018-03-30 13:01:53 +00:00			`Logger.warn("MediaProxy: request failed, status #{status}, link: #{link}")`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`{:error, {:http, :bad_status, link}}`
Format the code. 2018-03-30 13:01:53 +00:00
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`{:error, error} ->`
Format the code. 2018-03-30 13:01:53 +00:00			`Logger.warn("MediaProxy: request failed, error #{inspect(error)}, link: #{link}")`
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`{:error, {:http, error, link}}`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`
			`end`

Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`defp set_cache_header(conn, key) do`
			`Plug.Conn.put_resp_header(conn, "cache-control", @cache_control[key])`
			`end`

			`defp redirect_or_error(conn, url, true), do: redirect(conn, external: url)`
			`defp redirect_or_error(conn, url, _), do: send_error(conn, 502, "Media proxy error: " <> url)`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00
Improve error handling, add configuration 2017-11-28 20:44:25 +00:00			`defp send_error(conn, code, body \\ "") do`
			`conn`
			`\|> set_cache_header(:error)`
			`\|> send_resp(code, body)`
			`end`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00
Limit body size to 25MB 2017-12-11 01:31:37 +00:00			`defp proxy_request_body(client), do: proxy_request_body(client, <<>>)`
Format the code. 2018-03-30 13:01:53 +00:00
Limit body size to 25MB 2017-12-11 01:31:37 +00:00			`defp proxy_request_body(client, body) when byte_size(body) < @max_body_length do`
			`case :hackney.stream_body(client) do`
Format the code. 2018-03-30 13:01:53 +00:00			`{:ok, data} -> proxy_request_body(client, <<body::binary, data::binary>>)`
Limit body size to 25MB 2017-12-11 01:31:37 +00:00			`:done -> {:ok, body}`
			`{:error, reason} -> {:error, reason}`
			`end`
			`end`
Format the code. 2018-03-30 13:01:53 +00:00
Limit body size to 25MB 2017-12-11 01:31:37 +00:00			`defp proxy_request_body(client, _) do`
			`:hackney.close(client)`
			`{:error, :body_too_large}`
			`end`

fix content-type and fallback to image/jpeg 2017-12-12 10:45:55 +00:00			`# TODO: the body is passed here as well because some hosts do not provide a content-type.`
			`# At some point we may want to use magic numbers to discover the content-type and reply a proper one.`
			`defp proxy_request_content_type(headers, _body) do`
media_proxy: CSP, content-disposition * Adds CSP headers to the media proxy endpoint * Sends `content-disposition: attachment; …` for non-image/video/audio content types The default list can be overwritten with `:media_proxy, :safe_content_types` in the configuration. * Also now appends the filename to the proxy URL (fixes some mobile apps, it was requested a while ago) 2018-11-13 14:58:02 +00:00			`headers["Content-Type"] \|\| headers["content-type"] \|\| "application/octet-stream"`
			`end`

			`defp put_attachement_header(conn, true, _), do: conn`

			`defp put_attachement_header(conn, false, filename) do`
			`put_resp_header(conn, "content-disposition", "attachment; filename='#{filename}'")`
fix content-type and fallback to image/jpeg 2017-12-12 10:45:55 +00:00			`end`
media proxy: good enough wip 2017-11-22 18:06:07 +00:00			`end`