Add mediaproxy whitelist capability
This commit is contained in:
parent
8c9227c1f1
commit
24c3e2db2c
4 changed files with 43 additions and 20 deletions
|
@ -326,7 +326,8 @@ config :pleroma, :media_proxy,
|
||||||
follow_redirect: true,
|
follow_redirect: true,
|
||||||
pool: :media
|
pool: :media
|
||||||
]
|
]
|
||||||
]
|
],
|
||||||
|
whitelist: []
|
||||||
|
|
||||||
config :pleroma, :chat, enabled: true
|
config :pleroma, :chat, enabled: true
|
||||||
|
|
||||||
|
|
|
@ -205,6 +205,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
|
||||||
* `enabled`: Enables proxying of remote media to the instance’s proxy
|
* `enabled`: Enables proxying of remote media to the instance’s proxy
|
||||||
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.
|
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts.
|
||||||
* `proxy_opts`: All options defined in `Pleroma.ReverseProxy` documentation, defaults to `[max_body_length: (25*1_048_576)]`.
|
* `proxy_opts`: All options defined in `Pleroma.ReverseProxy` documentation, defaults to `[max_body_length: (25*1_048_576)]`.
|
||||||
|
* `whitelist`: List of domains to bypass the mediaproxy
|
||||||
|
|
||||||
## :gopher
|
## :gopher
|
||||||
* `enabled`: Enables the gopher interface
|
* `enabled`: Enables the gopher interface
|
||||||
|
|
|
@ -13,10 +13,23 @@ defmodule Pleroma.Web.MediaProxy do
|
||||||
|
|
||||||
def url(url) do
|
def url(url) do
|
||||||
config = Application.get_env(:pleroma, :media_proxy, [])
|
config = Application.get_env(:pleroma, :media_proxy, [])
|
||||||
|
domain = URI.parse(url).host
|
||||||
|
|
||||||
if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) do
|
cond do
|
||||||
|
!Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) ->
|
||||||
url
|
url
|
||||||
else
|
|
||||||
|
Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
|
||||||
|
String.equivalent?(domain, pattern)
|
||||||
|
end) ->
|
||||||
|
url
|
||||||
|
|
||||||
|
true ->
|
||||||
|
encode_url(url)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def encode_url(url) do
|
||||||
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
||||||
|
|
||||||
# Must preserve `%2F` for compatibility with S3
|
# Must preserve `%2F` for compatibility with S3
|
||||||
|
@ -37,7 +50,6 @@ defmodule Pleroma.Web.MediaProxy do
|
||||||
|
|
||||||
build_url(sig64, base64, filename(url))
|
build_url(sig64, base64, filename(url))
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
def decode_url(sig, url) do
|
def decode_url(sig, url) do
|
||||||
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
|
||||||
|
|
|
@ -177,4 +177,13 @@ defmodule Pleroma.MediaProxyTest do
|
||||||
{:ok, decoded} = decode_url(sig, base64)
|
{:ok, decoded} = decode_url(sig, base64)
|
||||||
decoded
|
decoded
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "mediaproxy whitelist" do
|
||||||
|
Pleroma.Config.put([:media_proxy, :enabled], true)
|
||||||
|
Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"])
|
||||||
|
url = "https://feld.me/foo.png"
|
||||||
|
|
||||||
|
unencoded = url(url)
|
||||||
|
assert unencoded == url
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue