1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MediaProxy.MediaProxyController do
6 use Pleroma.Web, :controller
9 alias Pleroma.Helpers.MediaHelper
10 alias Pleroma.Helpers.UriHelper
11 alias Pleroma.ReverseProxy
12 alias Pleroma.Web.MediaProxy
17 def remote(conn, %{"sig" => sig64, "url" => url64}) do
18 with {_, true} <- {:enabled, MediaProxy.enabled?()},
19 {:ok, url} <- MediaProxy.decode_url(sig64, url64),
20 {_, false} <- {:in_banned_urls, MediaProxy.in_banned_urls(url)},
21 :ok <- MediaProxy.verify_request_path_and_url(conn, url) do
22 ReverseProxy.call(conn, url, media_proxy_opts())
25 send_resp(conn, 404, Conn.Status.reason_phrase(404))
27 {:in_banned_urls, true} ->
28 send_resp(conn, 404, Conn.Status.reason_phrase(404))
30 {:error, :invalid_signature} ->
31 send_resp(conn, 403, Conn.Status.reason_phrase(403))
33 {:wrong_filename, filename} ->
34 redirect(conn, external: MediaProxy.build_url(sig64, url64, filename))
38 def preview(%Conn{} = conn, %{"sig" => sig64, "url" => url64}) do
39 with {_, true} <- {:enabled, MediaProxy.preview_enabled?()},
40 {:ok, url} <- MediaProxy.decode_url(sig64, url64),
41 :ok <- MediaProxy.verify_request_path_and_url(conn, url) do
42 handle_preview(conn, url)
45 send_resp(conn, 404, Conn.Status.reason_phrase(404))
47 {:error, :invalid_signature} ->
48 send_resp(conn, 403, Conn.Status.reason_phrase(403))
50 {:wrong_filename, filename} ->
51 redirect(conn, external: MediaProxy.build_preview_url(sig64, url64, filename))
55 defp handle_preview(conn, url) do
56 media_proxy_url = MediaProxy.url(url)
58 with {:ok, %{status: status} = head_response} when status in 200..299 <-
59 Pleroma.HTTP.request("HEAD", media_proxy_url, [], [], pool: :media) do
60 content_type = Tesla.get_header(head_response, "content-type")
61 content_length = Tesla.get_header(head_response, "content-length")
62 content_length = content_length && String.to_integer(content_length)
63 static = conn.params["static"] in ["true", true]
66 static and content_type == "image/gif" ->
67 handle_jpeg_preview(conn, media_proxy_url)
70 drop_static_param_and_redirect(conn)
72 content_type == "image/gif" ->
73 redirect(conn, external: media_proxy_url)
75 min_content_length_for_preview() > 0 and content_length > 0 and
76 content_length < min_content_length_for_preview() ->
77 redirect(conn, external: media_proxy_url)
80 handle_preview(content_type, conn, media_proxy_url)
83 # If HEAD failed, redirecting to media proxy URI doesn't make much sense; returning an error
84 {_, %{status: status}} ->
85 send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).")
87 {:error, :recv_response_timeout} ->
88 send_resp(conn, :failed_dependency, "HEAD request timeout.")
91 send_resp(conn, :failed_dependency, "Can't fetch HTTP headers.")
95 defp handle_preview("image/png" <> _ = _content_type, conn, media_proxy_url) do
96 handle_png_preview(conn, media_proxy_url)
99 defp handle_preview("image/" <> _ = _content_type, conn, media_proxy_url) do
100 handle_jpeg_preview(conn, media_proxy_url)
103 defp handle_preview("video/" <> _ = _content_type, conn, media_proxy_url) do
104 handle_video_preview(conn, media_proxy_url)
107 defp handle_preview(_unsupported_content_type, conn, media_proxy_url) do
108 fallback_on_preview_error(conn, media_proxy_url)
111 defp handle_png_preview(conn, media_proxy_url) do
112 quality = Config.get!([:media_preview_proxy, :image_quality])
113 {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions()
115 with {:ok, thumbnail_binary} <-
116 MediaHelper.image_resize(
119 max_width: thumbnail_max_width,
120 max_height: thumbnail_max_height,
126 |> put_preview_response_headers(["image/png", "preview.png"])
127 |> send_resp(200, thumbnail_binary)
130 fallback_on_preview_error(conn, media_proxy_url)
134 defp handle_jpeg_preview(conn, media_proxy_url) do
135 quality = Config.get!([:media_preview_proxy, :image_quality])
136 {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions()
138 with {:ok, thumbnail_binary} <-
139 MediaHelper.image_resize(
141 %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality}
144 |> put_preview_response_headers()
145 |> send_resp(200, thumbnail_binary)
148 fallback_on_preview_error(conn, media_proxy_url)
152 defp handle_video_preview(conn, media_proxy_url) do
153 with {:ok, thumbnail_binary} <-
154 MediaHelper.video_framegrab(media_proxy_url) do
156 |> put_preview_response_headers()
157 |> send_resp(200, thumbnail_binary)
160 fallback_on_preview_error(conn, media_proxy_url)
164 defp drop_static_param_and_redirect(conn) do
165 uri_without_static_param =
168 |> UriHelper.modify_uri_params(%{}, ["static"])
170 redirect(conn, external: uri_without_static_param)
173 defp fallback_on_preview_error(conn, media_proxy_url) do
174 redirect(conn, external: media_proxy_url)
177 defp put_preview_response_headers(
179 [content_type, filename] = _content_info \\ ["image/jpeg", "preview.jpg"]
182 |> put_resp_header("content-type", content_type)
183 |> put_resp_header("content-disposition", "inline; filename=\"#{filename}\"")
184 |> put_resp_header("cache-control", ReverseProxy.default_cache_control_header())
187 defp thumbnail_max_dimensions do
188 config = media_preview_proxy_config()
190 thumbnail_max_width = Keyword.fetch!(config, :thumbnail_max_width)
191 thumbnail_max_height = Keyword.fetch!(config, :thumbnail_max_height)
193 {thumbnail_max_width, thumbnail_max_height}
196 defp min_content_length_for_preview do
197 Keyword.get(media_preview_proxy_config(), :min_content_length, 0)
200 defp media_preview_proxy_config do
201 Config.get!([:media_preview_proxy])
204 defp media_proxy_opts do
205 Config.get([:media_proxy, :proxy_opts], [])
208 defp sandbox(conn, _params) do
210 |> merge_resp_headers([{"content-security-policy", "sandbox;"}])