Added new proxy authorization by token.

This commit is contained in:
default 2024-11-12 05:38:55 +01:00
parent 36c6538927
commit af92863ebb
3 changed files with 49 additions and 14 deletions

22
data.c
View file

@ -12,6 +12,7 @@
#include "xs_regex.h" #include "xs_regex.h"
#include "xs_match.h" #include "xs_match.h"
#include "xs_unicode.h" #include "xs_unicode.h"
#include "xs_random.h"
#include "snac.h" #include "snac.h"
@ -164,6 +165,23 @@ int srv_open(const char *basedir, int auto_upgrade)
write_default_css(); write_default_css();
} }
/* if proxy_media is set but there is no token seed, create one */
if (xs_is_true(xs_dict_get(srv_config, "proxy_media")) &&
xs_is_null(xs_dict_get(srv_config, "proxy_token_seed"))) {
char rnd[16];
xs_rnd_buf(rnd, sizeof(rnd));
xs *pts = xs_hex_enc(rnd, sizeof(rnd));
xs_dict_set(srv_config, "proxy_token_seed", pts);
if ((f = fopen(cfg_file, "w")) != NULL) {
xs_json_dump(srv_config, 4, f);
fclose(f);
srv_log(xs_fmt("Created proxy_token_seed"));
}
}
return ret; return ret;
} }
@ -3652,13 +3670,13 @@ t_announcement *announcement(const double after)
} }
xs_str *make_url(const char *href, const char *proxy) xs_str *make_url(const char *href, const char *proxy, int by_token)
/* makes an URL, possibly including proxying */ /* makes an URL, possibly including proxying */
{ {
xs_str *url = NULL; xs_str *url = NULL;
if (proxy && !xs_startswith(href, srv_baseurl)) { if (proxy && !xs_startswith(href, srv_baseurl)) {
xs *p = xs_str_cat(xs_dup(proxy), "/proxy/"); xs *p = xs_str_cat(xs_dup(proxy), "/x/");
url = xs_replace(href, "https:/" "/", p); url = xs_replace(href, "https:/" "/", p);
} }
else else

35
html.c
View file

@ -70,7 +70,7 @@ xs_str *replace_shortnames(xs_str *s, const xs_list *tag, int ems, const char *p
if (n && i) { if (n && i) {
const char *u = xs_dict_get(i, "url"); const char *u = xs_dict_get(i, "url");
xs *url = make_url(u, proxy); xs *url = make_url(u, proxy, 0);
xs_html *img = xs_html_sctag("img", xs_html *img = xs_html_sctag("img",
xs_html_attr("loading", "lazy"), xs_html_attr("loading", "lazy"),
@ -122,7 +122,7 @@ xs_html *html_actor_icon(snac *user, xs_dict *actor, const char *date,
v = xs_list_get(v, 0); v = xs_list_get(v, 0);
if ((v = xs_dict_get(v, "url")) != NULL) if ((v = xs_dict_get(v, "url")) != NULL)
avatar = make_url(v, proxy); avatar = make_url(v, proxy, 0);
} }
if (avatar == NULL) if (avatar == NULL)
@ -1973,7 +1973,7 @@ xs_html *html_entry(snac *user, xs_dict *msg, int read_only,
if (content && xs_str_in(content, o_href) != -1) if (content && xs_str_in(content, o_href) != -1)
continue; continue;
xs *href = make_url(o_href, proxy); xs *href = make_url(o_href, proxy, 0);
if (xs_startswith(type, "image/") || strcmp(type, "Image") == 0) { if (xs_startswith(type, "image/") || strcmp(type, "Image") == 0) {
xs_html_add(content_attachments, xs_html_add(content_attachments,
@ -2788,7 +2788,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
const char *p_path; const char *p_path;
int cache = 1; int cache = 1;
int save = 1; int save = 1;
const char *proxy = NULL; int proxy = 0;
const char *v; const char *v;
xs *l = xs_split_n(q_path, "/", 2); xs *l = xs_split_n(q_path, "/", 2);
@ -2816,7 +2816,7 @@ int html_get_handler(const xs_dict *req, const char *q_path,
} }
if (xs_is_true(xs_dict_get(srv_config, "proxy_media"))) if (xs_is_true(xs_dict_get(srv_config, "proxy_media")))
proxy = snac.actor; proxy = 1;
/* return the RSS if requested by Accept header */ /* return the RSS if requested by Accept header */
if (accept != NULL) { if (accept != NULL) {
@ -3194,19 +3194,36 @@ int html_get_handler(const xs_dict *req, const char *q_path,
snac_debug(&snac, 1, xs_fmt("serving RSS")); snac_debug(&snac, 1, xs_fmt("serving RSS"));
} }
else else
if (xs_startswith(p_path, "proxy/") && proxy) { /** remote media by proxy **/ if (proxy && (xs_startswith(p_path, "x/") || xs_startswith(p_path, "y/"))) { /** remote media by proxy **/
if (!login(&snac, req)) { xs *proxy_prefix = NULL;
if (xs_startswith(p_path, "x/")) {
/* proxy usage authorized by http basic auth */
if (login(&snac, req))
proxy_prefix = xs_str_new("x/");
else {
*body = xs_dup(uid); *body = xs_dup(uid);
status = HTTP_STATUS_UNAUTHORIZED; status = HTTP_STATUS_UNAUTHORIZED;
} }
}
else { else {
/* proxy usage authorized by proxy_token */
xs *tks = xs_fmt("%s:%s", xs_dict_get(srv_config, "proxy_token_seed"), snac.actor);
xs *tk = xs_md5_hex(tks, strlen(tks));
xs *p = xs_fmt("y/%s/", tk);
if (xs_startswith(p_path, p))
proxy_prefix = xs_dup(p);
}
if (proxy_prefix) {
/* pick the raw path (including optional ? arguments) */ /* pick the raw path (including optional ? arguments) */
const char *raw_path = xs_dict_get(req, "raw_path"); const char *raw_path = xs_dict_get(req, "raw_path");
/* skip to where the proxy/ string starts */ /* skip to where the proxy/ string starts */
raw_path += xs_str_in(raw_path, "proxy/"); raw_path += xs_str_in(raw_path, proxy_prefix);
xs *url = xs_replace(raw_path, "proxy/", "https:/" "/"); xs *url = xs_replace(raw_path, proxy_prefix, "https:/" "/");
xs *hdrs = xs_dict_new(); xs *hdrs = xs_dict_new();
hdrs = xs_dict_append(hdrs, "user-agent", USER_AGENT); hdrs = xs_dict_append(hdrs, "user-agent", USER_AGENT);

2
snac.h
View file

@ -411,4 +411,4 @@ typedef struct {
} t_announcement; } t_announcement;
t_announcement *announcement(double after); t_announcement *announcement(double after);
xs_str *make_url(const char *href, const char *proxy); xs_str *make_url(const char *href, const char *proxy, int by_token);