Add mediaproxy whitelist capability

2019-04-25 18:11:47 -05:00 · 2019-04-25 18:11:47 -05:00 · 24c3e2db2c
commit 24c3e2db2c
parent 8c9227c1f1
4 changed files with 43 additions and 20 deletions
--- a/lib/pleroma/web/media_proxy/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy.ex
@ -13,32 +13,44 @@ defmodule Pleroma.Web.MediaProxy do

  def url(url) do
    config = Application.get_env(:pleroma, :media_proxy, [])
+    domain = URI.parse(url).host

-    if !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) do
-      url
-    else
-      secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
-
-      # Must preserve `%2F` for compatibility with S3
-      # https://git.pleroma.social/pleroma/pleroma/issues/580
-      replacement = get_replacement(url, ":2F:")
-
-      # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
-      base64 =
+    cond do
+      !Keyword.get(config, :enabled, false) or String.starts_with?(url, Pleroma.Web.base_url()) ->
        url
-        |> String.replace("%2F", replacement)
-        |> URI.decode()
-        |> URI.encode()
-        |> String.replace(replacement, "%2F")
-        |> Base.url_encode64(@base64_opts)

-      sig = :crypto.hmac(:sha, secret, base64)
-      sig64 = sig |> Base.url_encode64(@base64_opts)
+      Enum.any?(Pleroma.Config.get([:media_proxy, :whitelist]), fn pattern ->
+        String.equivalent?(domain, pattern)
+      end) ->
+        url

-      build_url(sig64, base64, filename(url))
+      true ->
+        encode_url(url)
    end
  end

+  def encode_url(url) do
+    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
+
+    # Must preserve `%2F` for compatibility with S3
+    # https://git.pleroma.social/pleroma/pleroma/issues/580
+    replacement = get_replacement(url, ":2F:")
+
+    # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
+    base64 =
+      url
+      |> String.replace("%2F", replacement)
+      |> URI.decode()
+      |> URI.encode()
+      |> String.replace(replacement, "%2F")
+      |> Base.url_encode64(@base64_opts)
+
+    sig = :crypto.hmac(:sha, secret, base64)
+    sig64 = sig |> Base.url_encode64(@base64_opts)
+
+    build_url(sig64, base64, filename(url))
+  end
+
  def decode_url(sig, url) do
    secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
    sig = Base.url_decode64!(sig, @base64_opts)