2018-12-23 21:04:54 +01:00
|
|
|
# Pleroma: A lightweight social networking server
|
2018-12-31 16:41:47 +01:00
|
|
|
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 21:04:54 +01:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2017-11-22 19:06:07 +01:00
|
|
|
defmodule Pleroma.Web.MediaProxy do
|
|
|
|
@base64_opts [padding: false]
|
|
|
|
|
|
|
|
def url(nil), do: nil
|
|
|
|
|
2018-11-20 17:46:54 +01:00
|
|
|
def url(""), do: nil
|
|
|
|
|
2019-02-03 18:44:18 +01:00
|
|
|
def url("/" <> _ = url), do: url
|
2017-12-12 12:30:24 +01:00
|
|
|
|
2017-11-22 19:06:07 +01:00
|
|
|
def url(url) do
|
2019-05-30 10:33:58 +02:00
|
|
|
if !enabled?() or local?(url) or whitelisted?(url) do
|
|
|
|
url
|
|
|
|
else
|
|
|
|
encode_url(url)
|
|
|
|
end
|
|
|
|
end
|
2018-03-30 15:01:53 +02:00
|
|
|
|
2019-05-30 10:33:58 +02:00
|
|
|
defp enabled?, do: Pleroma.Config.get([:media_proxy, :enabled], false)
|
2018-12-07 21:44:04 +01:00
|
|
|
|
2019-05-30 10:33:58 +02:00
|
|
|
defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url())
|
2018-11-13 15:58:02 +01:00
|
|
|
|
2019-05-30 10:33:58 +02:00
|
|
|
defp whitelisted?(url) do
|
|
|
|
%{host: domain} = URI.parse(url)
|
|
|
|
|
|
|
|
Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
|
|
|
|
String.equivalent?(domain, pattern)
|
|
|
|
end)
|
2017-11-22 19:06:07 +01:00
|
|
|
end
|
|
|
|
|
2019-04-26 01:11:47 +02:00
|
|
|
def encode_url(url) do
|
2019-05-30 10:33:58 +02:00
|
|
|
secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
|
2019-04-26 01:11:47 +02:00
|
|
|
|
|
|
|
# Must preserve `%2F` for compatibility with S3
|
|
|
|
# https://git.pleroma.social/pleroma/pleroma/issues/580
|
|
|
|
replacement = get_replacement(url, ":2F:")
|
|
|
|
|
|
|
|
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
|
|
|
|
base64 =
|
|
|
|
url
|
|
|
|
|> String.replace("%2F", replacement)
|
|
|
|
|> URI.decode()
|
|
|
|
|> URI.encode()
|
|
|
|
|> String.replace(replacement, "%2F")
|
|
|
|
|> Base.url_encode64(@base64_opts)
|
|
|
|
|
|
|
|
sig = :crypto.hmac(:sha, secret, base64)
|
|
|
|
sig64 = sig |> Base.url_encode64(@base64_opts)
|
|
|
|
|
|
|
|
build_url(sig64, base64, filename(url))
|
|
|
|
end
|
|
|
|
|
2017-11-22 19:06:07 +01:00
|
|
|
def decode_url(sig, url) do
|
2019-05-30 10:33:58 +02:00
|
|
|
secret = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
|
2017-11-22 19:06:07 +01:00
|
|
|
sig = Base.url_decode64!(sig, @base64_opts)
|
2017-11-28 21:44:25 +01:00
|
|
|
local_sig = :crypto.hmac(:sha, secret, url)
|
2018-03-30 15:01:53 +02:00
|
|
|
|
2017-11-22 19:06:07 +01:00
|
|
|
if local_sig == sig do
|
|
|
|
{:ok, Base.url_decode64!(url, @base64_opts)}
|
|
|
|
else
|
|
|
|
{:error, :invalid_signature}
|
|
|
|
end
|
|
|
|
end
|
2018-11-23 17:40:45 +01:00
|
|
|
|
|
|
|
def filename(url_or_path) do
|
|
|
|
if path = URI.parse(url_or_path).path, do: Path.basename(path)
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_url(sig_base64, url_base64, filename \\ nil) do
|
|
|
|
[
|
|
|
|
Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()),
|
|
|
|
"proxy",
|
|
|
|
sig_base64,
|
|
|
|
url_base64,
|
|
|
|
filename
|
|
|
|
]
|
|
|
|
|> Enum.filter(fn value -> value end)
|
|
|
|
|> Path.join()
|
|
|
|
end
|
2019-02-14 09:55:21 +01:00
|
|
|
|
|
|
|
defp get_replacement(url, replacement) do
|
|
|
|
if String.contains?(url, replacement) do
|
|
|
|
get_replacement(url, replacement <> replacement)
|
|
|
|
else
|
|
|
|
replacement
|
|
|
|
end
|
|
|
|
end
|
2017-11-22 19:06:07 +01:00
|
|
|
end
|