|
@@ -13,32 +13,44 @@ defmodule Pleroma.Web.MediaProxy do |
|
|
|
|
|
|
|
|
def url(url) do |
|
|
def url(url) do |
|
|
config = Application.get_env(:pleroma, :media_proxy, []) |
|
|
config = Application.get_env(:pleroma, :media_proxy, []) |
|
|
|
|
|
domain = URI.parse(url).host |
|
|
|
|
|
|
|
|
if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) do |
|
|
|
|
|
url |
|
|
|
|
|
else |
|
|
|
|
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] |
|
|
|
|
|
|
|
|
|
|
|
# Must preserve `%2F` for compatibility with S3 |
|
|
|
|
|
# https://git.pleroma.social/pleroma/pleroma/issues/580 |
|
|
|
|
|
replacement = get_replacement(url, ":2F:") |
|
|
|
|
|
|
|
|
|
|
|
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. |
|
|
|
|
|
base64 = |
|
|
|
|
|
|
|
|
cond do |
|
|
|
|
|
!Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) -> |
|
|
url |
|
|
url |
|
|
|> String.replace("%2F", replacement) |
|
|
|
|
|
|> URI.decode() |
|
|
|
|
|
|> URI.encode() |
|
|
|
|
|
|> String.replace(replacement, "%2F") |
|
|
|
|
|
|> Base.url_encode64(@base64_opts) |
|
|
|
|
|
|
|
|
|
|
|
sig = :crypto.hmac(:sha, secret, base64) |
|
|
|
|
|
sig64 = sig |> Base.url_encode64(@base64_opts) |
|
|
|
|
|
|
|
|
Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern -> |
|
|
|
|
|
String.equivalent?(domain, pattern) |
|
|
|
|
|
end) -> |
|
|
|
|
|
url |
|
|
|
|
|
|
|
|
build_url(sig64, base64, filename(url)) |
|
|
|
|
|
|
|
|
true -> |
|
|
|
|
|
encode_url(url) |
|
|
end |
|
|
end |
|
|
end |
|
|
end |
|
|
|
|
|
|
|
|
|
|
|
def encode_url(url) do |
|
|
|
|
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] |
|
|
|
|
|
|
|
|
|
|
|
# Must preserve `%2F` for compatibility with S3 |
|
|
|
|
|
# https://git.pleroma.social/pleroma/pleroma/issues/580 |
|
|
|
|
|
replacement = get_replacement(url, ":2F:") |
|
|
|
|
|
|
|
|
|
|
|
# The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. |
|
|
|
|
|
base64 = |
|
|
|
|
|
url |
|
|
|
|
|
|> String.replace("%2F", replacement) |
|
|
|
|
|
|> URI.decode() |
|
|
|
|
|
|> URI.encode() |
|
|
|
|
|
|> String.replace(replacement, "%2F") |
|
|
|
|
|
|> Base.url_encode64(@base64_opts) |
|
|
|
|
|
|
|
|
|
|
|
sig = :crypto.hmac(:sha, secret, base64) |
|
|
|
|
|
sig64 = sig |> Base.url_encode64(@base64_opts) |
|
|
|
|
|
|
|
|
|
|
|
build_url(sig64, base64, filename(url)) |
|
|
|
|
|
end |
|
|
|
|
|
|
|
|
def decode_url(sig, url) do |
|
|
def decode_url(sig, url) do |
|
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] |
|
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] |
|
|
sig = Base.url_decode64!(sig, @base64_opts) |
|
|
sig = Base.url_decode64!(sig, @base64_opts) |
|
|