]> Untitled Git - lemmy.git/blobdiff - crates/routes/src/images.rs
projects / lemmy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Make functions work with both connection and pool (#3420)
[lemmy.git] / crates / routes / src / images.rs
diff --git a/crates/routes/src/images.rs b/crates/routes/src/images.rs
index 30a6a378ff811fc1806e86733e08a0d84b8ff474..b79a38ffdc86d82ec673419dfec0fc1cf0dc9902 100644 (file)
--- a/crates/routes/src/images.rs
+++ b/crates/routes/src/images.rs
@@ -1,17 +1,30 @@
-use actix_http::header::{HeaderName, ACCEPT_ENCODING, HOST};
-use actix_web::{body::BodyStream, http::StatusCode, web::Data, *};
-use anyhow::anyhow;
+use actix_web::{
+  body::BodyStream,
+  error,
+  http::{
+    header::{HeaderName, ACCEPT_ENCODING, HOST},
+    StatusCode,
+  },
+  web,
+  Error,
+  HttpRequest,
+  HttpResponse,
+};
 use futures::stream::{Stream, StreamExt};
-use lemmy_utils::{claims::Claims, rate_limit::RateLimit, LemmyError};
-use lemmy_websocket::LemmyContext;
+use lemmy_api_common::{context::LemmyContext, utils::local_user_view_from_jwt};
+use lemmy_db_schema::source::local_site::LocalSite;
+use lemmy_utils::{claims::Claims, rate_limit::RateLimitCell, REQWEST_TIMEOUT};
 use reqwest::Body;
 use reqwest_middleware::{ClientWithMiddleware, RequestBuilder};
 use serde::{Deserialize, Serialize};
-use std::time::Duration;
 
-pub fn config(cfg: &mut web::ServiceConfig, client: ClientWithMiddleware, rate_limit: &RateLimit) {
+pub fn config(
+  cfg: &mut web::ServiceConfig,
+  client: ClientWithMiddleware,
+  rate_limit: &RateLimitCell,
+) {
   cfg
-    .app_data(Data::new(client))
+    .app_data(web::Data::new(client))
     .service(
       web::resource("/pictrs/image")
         .wrap(rate_limit.image())
@@ -37,7 +50,15 @@ struct Images {
 #[derive(Deserialize)]
 struct PictrsParams {
   format: Option<String>,
-  thumbnail: Option<String>,
+  thumbnail: Option<i32>,
+}
+
+#[derive(Deserialize)]
+enum PictrsPurgeParams {
+  #[serde(rename = "file")]
+  File(String),
+  #[serde(rename = "alias")]
+  Alias(String),
 }
 
 fn adapt_request(
@@ -50,7 +71,7 @@ fn adapt_request(
 
   let client_request = client
     .request(request.method().clone(), url)
-    .timeout(Duration::from_secs(30));
+    .timeout(REQWEST_TIMEOUT);
 
   request
     .headers()
@@ -79,7 +100,8 @@ async fn upload(
     return Ok(HttpResponse::Unauthorized().finish());
   };
 
-  let image_url = format!("{}/image", pictrs_url(context.settings().pictrs_url)?);
+  let pictrs_config = context.settings().pictrs_config()?;
+  let image_url = format!("{}image", pictrs_config.url);
 
   let mut client_req = adapt_request(&req, &client, image_url);
 
@@ -106,29 +128,37 @@ async fn full_res(
   client: web::Data<ClientWithMiddleware>,
   context: web::Data<LemmyContext>,
 ) -> Result<HttpResponse, Error> {
+  // block access to images if instance is private and unauthorized, public
+  let local_site = LocalSite::read(&mut context.pool())
+    .await
+    .map_err(error::ErrorBadRequest)?;
+  if local_site.private_instance {
+    let jwt = req
+      .cookie("jwt")
+      .expect("No auth header for picture access");
+    if local_user_view_from_jwt(jwt.value(), &context)
+      .await
+      .is_err()
+    {
+      return Ok(HttpResponse::Unauthorized().finish());
+    };
+  }
   let name = &filename.into_inner();
 
   // If there are no query params, the URL is original
-  let pictrs_url_settings = context.settings().pictrs_url;
+  let pictrs_config = context.settings().pictrs_config()?;
   let url = if params.format.is_none() && params.thumbnail.is_none() {
-    format!(
-      "{}/image/original/{}",
-      pictrs_url(pictrs_url_settings)?,
-      name,
-    )
+    format!("{}image/original/{}", pictrs_config.url, name,)
   } else {
-    // Use jpg as a default when none is given
-    let format = params.format.unwrap_or_else(|| "jpg".to_string());
+    // Take file type from name, or jpg if nothing is given
+    let format = params
+      .format
+      .unwrap_or_else(|| name.split('.').last().unwrap_or("jpg").to_string());
 
-    let mut url = format!(
-      "{}/image/process.{}?src={}",
-      pictrs_url(pictrs_url_settings)?,
-      format,
-      name,
-    );
+    let mut url = format!("{}image/process.{}?src={}", pictrs_config.url, format, name,);
 
     if let Some(size) = params.thumbnail {
-      url = format!("{}&thumbnail={}", url, size,);
+      url = format!("{url}&thumbnail={size}",);
     }
     url
   };
@@ -174,12 +204,8 @@ async fn delete(
 ) -> Result<HttpResponse, Error> {
   let (token, file) = components.into_inner();
 
-  let url = format!(
-    "{}/image/delete/{}/{}",
-    pictrs_url(context.settings().pictrs_url)?,
-    &token,
-    &file
-  );
+  let pictrs_config = context.settings().pictrs_config()?;
+  let url = format!("{}image/delete/{}/{}", pictrs_config.url, &token, &file);
 
   let mut client_req = adapt_request(&req, &client, url);
 
@@ -192,10 +218,6 @@ async fn delete(
   Ok(HttpResponse::build(res.status()).body(BodyStream::new(res.bytes_stream())))
 }
 
-fn pictrs_url(pictrs_url: Option<String>) -> Result<String, LemmyError> {
-  pictrs_url.ok_or_else(|| anyhow!("images_disabled").into())
-}
-
 fn make_send<S>(mut stream: S) -> impl Stream<Item = S::Item> + Send + Unpin + 'static
 where
   S: Stream + Unpin + 'static,
Unnamed repository; edit this file 'description' to name the repository.