2018-12-23 20:04:54 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2023-01-02 20:38:50 +00:00
|
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 20:04:54 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2020-06-24 06:03:48 +00:00
|
|
|
defmodule Pleroma.Web.Plugs.UploadedMedia do
|
2018-11-23 16:40:45 +00:00
|
|
|
@moduledoc """
|
|
|
|
"""
|
|
|
|
|
|
|
|
import Plug.Conn
|
2019-07-10 09:25:58 +00:00
|
|
|
import Pleroma.Web.Gettext
|
2018-11-23 16:40:45 +00:00
|
|
|
require Logger
|
|
|
|
|
2020-06-14 18:02:57 +00:00
|
|
|
alias Pleroma.Web.MediaProxy
|
|
|
|
|
2018-11-23 16:40:45 +00:00
|
|
|
@behaviour Plug
|
|
|
|
# no slashes
|
|
|
|
@path "media"
|
|
|
|
|
2020-03-13 17:27:50 +00:00
|
|
|
@default_cache_control_header "public, max-age=1209600"
|
2020-03-13 17:02:58 +00:00
|
|
|
|
2018-11-23 16:40:45 +00:00
|
|
|
def init(_opts) do
|
|
|
|
static_plug_opts =
|
2020-03-13 19:12:33 +00:00
|
|
|
[
|
|
|
|
headers: %{"cache-control" => @default_cache_control_header},
|
|
|
|
cache_control_for_etags: @default_cache_control_header
|
|
|
|
]
|
2018-11-23 16:40:45 +00:00
|
|
|
|> Keyword.put(:from, "__unconfigured_media_plug")
|
|
|
|
|> Keyword.put(:at, "/__unconfigured_media_plug")
|
|
|
|
|> Plug.Static.init()
|
|
|
|
|
|
|
|
%{static_plug_opts: static_plug_opts}
|
|
|
|
end
|
|
|
|
|
2019-02-06 19:19:39 +00:00
|
|
|
def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
|
2019-03-12 06:10:19 +00:00
|
|
|
conn =
|
|
|
|
case fetch_query_params(conn) do
|
|
|
|
%{query_params: %{"name" => name}} = conn ->
|
2023-04-17 22:07:39 +00:00
|
|
|
name = String.replace(name, ~s["], ~s[\\"])
|
2019-03-12 06:21:13 +00:00
|
|
|
|
2023-04-17 22:07:39 +00:00
|
|
|
put_resp_header(conn, "content-disposition", ~s[inline; filename="#{name}"])
|
2019-03-12 06:10:19 +00:00
|
|
|
|
|
|
|
conn ->
|
|
|
|
conn
|
|
|
|
end
|
2020-04-15 10:05:22 +00:00
|
|
|
|> merge_resp_headers([{"content-security-policy", "sandbox"}])
|
2019-03-12 06:10:19 +00:00
|
|
|
|
2019-06-14 15:45:05 +00:00
|
|
|
config = Pleroma.Config.get(Pleroma.Upload)
|
2018-11-23 16:40:45 +00:00
|
|
|
|
2023-05-29 18:16:03 +00:00
|
|
|
media_host = Pleroma.Upload.base_url() |> URI.parse() |> Map.get(:host)
|
|
|
|
|
|
|
|
with {:valid_host, true} <- {:valid_host, match?(^media_host, conn.host)},
|
|
|
|
uploader <- Keyword.fetch!(config, :uploader),
|
2018-11-23 16:40:45 +00:00
|
|
|
proxy_remote = Keyword.get(config, :proxy_remote, false),
|
2020-06-14 18:02:57 +00:00
|
|
|
{:ok, get_method} <- uploader.get_file(file),
|
2020-06-17 18:13:55 +00:00
|
|
|
false <- media_is_banned(conn, get_method) do
|
2018-11-23 16:40:45 +00:00
|
|
|
get_media(conn, get_method, proxy_remote, opts)
|
|
|
|
else
|
2023-05-29 18:16:03 +00:00
|
|
|
{:valid_host, false} ->
|
|
|
|
send_resp(conn, 400, Plug.Conn.Status.reason_phrase(400))
|
|
|
|
|> halt()
|
|
|
|
|
2018-11-23 16:40:45 +00:00
|
|
|
_ ->
|
|
|
|
conn
|
2019-07-10 09:25:58 +00:00
|
|
|
|> send_resp(:internal_server_error, dgettext("errors", "Failed"))
|
2018-11-23 16:40:45 +00:00
|
|
|
|> halt()
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(conn, _opts), do: conn
|
|
|
|
|
2020-06-17 18:13:55 +00:00
|
|
|
defp media_is_banned(%{request_path: path} = _conn, {:static_dir, _}) do
|
2021-01-08 23:05:55 +00:00
|
|
|
MediaProxy.in_banned_urls(Pleroma.Upload.base_url() <> path)
|
2020-06-14 18:02:57 +00:00
|
|
|
end
|
|
|
|
|
2020-06-17 18:13:55 +00:00
|
|
|
defp media_is_banned(_, {:url, url}), do: MediaProxy.in_banned_urls(url)
|
2020-06-14 18:02:57 +00:00
|
|
|
|
2020-06-17 18:13:55 +00:00
|
|
|
defp media_is_banned(_, _), do: false
|
2020-06-14 18:02:57 +00:00
|
|
|
|
2018-11-23 16:40:45 +00:00
|
|
|
defp get_media(conn, {:static_dir, directory}, _, opts) do
|
|
|
|
static_opts =
|
|
|
|
Map.get(opts, :static_plug_opts)
|
|
|
|
|> Map.put(:at, [@path])
|
|
|
|
|> Map.put(:from, directory)
|
|
|
|
|
|
|
|
conn = Plug.Static.call(conn, static_opts)
|
|
|
|
|
|
|
|
if conn.halted do
|
|
|
|
conn
|
|
|
|
else
|
|
|
|
conn
|
2019-07-10 10:40:34 +00:00
|
|
|
|> send_resp(:not_found, dgettext("errors", "Not found"))
|
2018-11-23 16:40:45 +00:00
|
|
|
|> halt()
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
defp get_media(conn, {:url, url}, true, _) do
|
2021-01-05 21:06:00 +00:00
|
|
|
proxy_opts = [
|
|
|
|
http: [
|
|
|
|
follow_redirect: true,
|
|
|
|
pool: :upload
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
2018-11-23 16:40:45 +00:00
|
|
|
conn
|
2021-01-05 21:06:00 +00:00
|
|
|
|> Pleroma.ReverseProxy.call(url, proxy_opts)
|
2018-11-23 16:40:45 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
defp get_media(conn, {:url, url}, _, _) do
|
|
|
|
conn
|
|
|
|
|> Phoenix.Controller.redirect(external: url)
|
|
|
|
|> halt()
|
|
|
|
end
|
|
|
|
|
|
|
|
defp get_media(conn, unknown, _, _) do
|
|
|
|
Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")
|
|
|
|
|
|
|
|
conn
|
2019-07-10 10:40:34 +00:00
|
|
|
|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|
2018-11-23 16:40:45 +00:00
|
|
|
|> halt()
|
|
|
|
end
|
|
|
|
end
|