diff options
| author |  default | 2024-11-12 05:38:55 +0100 |
|---|---|---|
| committer | default | 2024-11-12 05:38:55 +0100 |
| commit | af92863ebbfc040909b6dbb89b887cecd3371508 (patch) | |
| tree | 8a9a4f7789bda8b97ba154ba82e505f72a3f787a /html.c | |
| parent | Bumped version (I forgot to do it several commits ago 🤦). (diff) | |
| download | snac2-af92863ebbfc040909b6dbb89b887cecd3371508.tar.gz snac2-af92863ebbfc040909b6dbb89b887cecd3371508.tar.xz snac2-af92863ebbfc040909b6dbb89b887cecd3371508.zip | |
Added new proxy authorization by token.
Diffstat (limited to 'html.c')
| -rw-r--r-- | html.c | 39 |
1 files changed, 28 insertions, 11 deletions
| @@ -70,7 +70,7 @@ xs_str *replace_shortnames(xs_str *s, const xs_list *tag, int ems, const char *p | |||
| 70 | 70 | ||
| 71 | if (n && i) { | 71 | if (n && i) { |
| 72 | const char *u = xs_dict_get(i, "url"); | 72 | const char *u = xs_dict_get(i, "url"); |
| 73 | xs *url = make_url(u, proxy); | 73 | xs *url = make_url(u, proxy, 0); |
| 74 | 74 | ||
| 75 | xs_html *img = xs_html_sctag("img", | 75 | xs_html *img = xs_html_sctag("img", |
| 76 | xs_html_attr("loading", "lazy"), | 76 | xs_html_attr("loading", "lazy"), |
| @@ -122,7 +122,7 @@ xs_html *html_actor_icon(snac *user, xs_dict *actor, const char *date, | |||
| 122 | v = xs_list_get(v, 0); | 122 | v = xs_list_get(v, 0); |
| 123 | 123 | ||
| 124 | if ((v = xs_dict_get(v, "url")) != NULL) | 124 | if ((v = xs_dict_get(v, "url")) != NULL) |
| 125 | avatar = make_url(v, proxy); | 125 | avatar = make_url(v, proxy, 0); |
| 126 | } | 126 | } |
| 127 | 127 | ||
| 128 | if (avatar == NULL) | 128 | if (avatar == NULL) |
| @@ -1973,7 +1973,7 @@ xs_html *html_entry(snac *user, xs_dict *msg, int read_only, | |||
| 1973 | if (content && xs_str_in(content, o_href) != -1) | 1973 | if (content && xs_str_in(content, o_href) != -1) |
| 1974 | continue; | 1974 | continue; |
| 1975 | 1975 | ||
| 1976 | xs *href = make_url(o_href, proxy); | 1976 | xs *href = make_url(o_href, proxy, 0); |
| 1977 | 1977 | ||
| 1978 | if (xs_startswith(type, "image/") || strcmp(type, "Image") == 0) { | 1978 | if (xs_startswith(type, "image/") || strcmp(type, "Image") == 0) { |
| 1979 | xs_html_add(content_attachments, | 1979 | xs_html_add(content_attachments, |
| @@ -2788,7 +2788,7 @@ int html_get_handler(const xs_dict *req, const char *q_path, | |||
| 2788 | const char *p_path; | 2788 | const char *p_path; |
| 2789 | int cache = 1; | 2789 | int cache = 1; |
| 2790 | int save = 1; | 2790 | int save = 1; |
| 2791 | const char *proxy = NULL; | 2791 | int proxy = 0; |
| 2792 | const char *v; | 2792 | const char *v; |
| 2793 | 2793 | ||
| 2794 | xs *l = xs_split_n(q_path, "/", 2); | 2794 | xs *l = xs_split_n(q_path, "/", 2); |
| @@ -2816,7 +2816,7 @@ int html_get_handler(const xs_dict *req, const char *q_path, | |||
| 2816 | } | 2816 | } |
| 2817 | 2817 | ||
| 2818 | if (xs_is_true(xs_dict_get(srv_config, "proxy_media"))) | 2818 | if (xs_is_true(xs_dict_get(srv_config, "proxy_media"))) |
| 2819 | proxy = snac.actor; | 2819 | proxy = 1; |
| 2820 | 2820 | ||
| 2821 | /* return the RSS if requested by Accept header */ | 2821 | /* return the RSS if requested by Accept header */ |
| 2822 | if (accept != NULL) { | 2822 | if (accept != NULL) { |
| @@ -3194,19 +3194,36 @@ int html_get_handler(const xs_dict *req, const char *q_path, | |||
| 3194 | snac_debug(&snac, 1, xs_fmt("serving RSS")); | 3194 | snac_debug(&snac, 1, xs_fmt("serving RSS")); |
| 3195 | } | 3195 | } |
| 3196 | else | 3196 | else |
| 3197 | if (xs_startswith(p_path, "proxy/") && proxy) { /** remote media by proxy **/ | 3197 | if (proxy && (xs_startswith(p_path, "x/") || xs_startswith(p_path, "y/"))) { /** remote media by proxy **/ |
| 3198 | if (!login(&snac, req)) { | 3198 | xs *proxy_prefix = NULL; |
| 3199 | *body = xs_dup(uid); | 3199 | |
| 3200 | status = HTTP_STATUS_UNAUTHORIZED; | 3200 | if (xs_startswith(p_path, "x/")) { |
| 3201 | /* proxy usage authorized by http basic auth */ | ||
| 3202 | if (login(&snac, req)) | ||
| 3203 | proxy_prefix = xs_str_new("x/"); | ||
| 3204 | else { | ||
| 3205 | *body = xs_dup(uid); | ||
| 3206 | status = HTTP_STATUS_UNAUTHORIZED; | ||
| 3207 | } | ||
| 3201 | } | 3208 | } |
| 3202 | else { | 3209 | else { |
| 3210 | /* proxy usage authorized by proxy_token */ | ||
| 3211 | xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), snac.actor); | ||
| 3212 | xs *tk = xs_md5_hex(tks, strlen(tks)); | ||
| 3213 | xs *p = xs_fmt("y/%s/", tk); | ||
| 3214 | |||
| 3215 | if (xs_startswith(p_path, p)) | ||
| 3216 | proxy_prefix = xs_dup(p); | ||
| 3217 | } | ||
| 3218 | |||
| 3219 | if (proxy_prefix) { | ||
| 3203 | /* pick the raw path (including optional ? arguments) */ | 3220 | /* pick the raw path (including optional ? arguments) */ |
| 3204 | const char *raw_path = xs_dict_get(req, "raw_path"); | 3221 | const char *raw_path = xs_dict_get(req, "raw_path"); |
| 3205 | 3222 | ||
| 3206 | /* skip to where the proxy/ string starts */ | 3223 | /* skip to where the proxy/ string starts */ |
| 3207 | raw_path += xs_str_in(raw_path, "proxy/"); | 3224 | raw_path += xs_str_in(raw_path, proxy_prefix); |
| 3208 | 3225 | ||
| 3209 | xs *url = xs_replace(raw_path, "proxy/", "https:/" "/"); | 3226 | xs *url = xs_replace(raw_path, proxy_prefix, "https:/" "/"); |
| 3210 | xs *hdrs = xs_dict_new(); | 3227 | xs *hdrs = xs_dict_new(); |
| 3211 | 3228 | ||
| 3212 | hdrs = xs_dict_append(hdrs, "user-agent", USER_AGENT); | 3229 | hdrs = xs_dict_append(hdrs, "user-agent", USER_AGENT); |