HttpResponse,
};
use futures::stream::{Stream, StreamExt};
-use lemmy_utils::{claims::Claims, rate_limit::RateLimit, REQWEST_TIMEOUT};
-use lemmy_websocket::LemmyContext;
+use lemmy_api_common::{context::LemmyContext, utils::local_user_view_from_jwt};
+use lemmy_db_schema::source::local_site::LocalSite;
+use lemmy_utils::{claims::Claims, rate_limit::RateLimitCell, REQWEST_TIMEOUT};
use reqwest::Body;
use reqwest_middleware::{ClientWithMiddleware, RequestBuilder};
use serde::{Deserialize, Serialize};
-pub fn config(cfg: &mut web::ServiceConfig, client: ClientWithMiddleware, rate_limit: &RateLimit) {
+pub fn config(
+ cfg: &mut web::ServiceConfig,
+ client: ClientWithMiddleware,
+ rate_limit: &RateLimitCell,
+) {
cfg
.app_data(web::Data::new(client))
.service(
)
// This has optional query params: /image/{filename}?format=jpg&thumbnail=256
.service(web::resource("/pictrs/image/{filename}").route(web::get().to(full_res)))
- .service(web::resource("/pictrs/image/delete/{token}/{filename}").route(web::get().to(delete)))
- .service(web::resource("/pictrs/internal/purge").route(web::post().to(purge)));
+ .service(web::resource("/pictrs/image/delete/{token}/{filename}").route(web::get().to(delete)));
}
#[derive(Debug, Serialize, Deserialize)]
#[derive(Deserialize)]
struct PictrsParams {
format: Option<String>,
- thumbnail: Option<String>,
+ thumbnail: Option<i32>,
}
#[derive(Deserialize)]
};
let pictrs_config = context.settings().pictrs_config()?;
- let image_url = format!("{}/image", pictrs_config.url);
+ let image_url = format!("{}image", pictrs_config.url);
let mut client_req = adapt_request(&req, &client, image_url);
client: web::Data<ClientWithMiddleware>,
context: web::Data<LemmyContext>,
) -> Result<HttpResponse, Error> {
+ // block access to images if instance is private and unauthorized, public
+ let local_site = LocalSite::read(&mut context.pool())
+ .await
+ .map_err(error::ErrorBadRequest)?;
+ if local_site.private_instance {
+ let jwt = req
+ .cookie("jwt")
+ .expect("No auth header for picture access");
+ if local_user_view_from_jwt(jwt.value(), &context)
+ .await
+ .is_err()
+ {
+ return Ok(HttpResponse::Unauthorized().finish());
+ };
+ }
let name = &filename.into_inner();
// If there are no query params, the URL is original
let pictrs_config = context.settings().pictrs_config()?;
let url = if params.format.is_none() && params.thumbnail.is_none() {
- format!("{}/image/original/{}", pictrs_config.url, name,)
+ format!("{}image/original/{}", pictrs_config.url, name,)
} else {
- // Use jpg as a default when none is given
- let format = params.format.unwrap_or_else(|| "jpg".to_string());
+ // Take file type from name, or jpg if nothing is given
+ let format = params
+ .format
+ .unwrap_or_else(|| name.split('.').last().unwrap_or("jpg").to_string());
- let mut url = format!(
- "{}/image/process.{}?src={}",
- pictrs_config.url, format, name,
- );
+ let mut url = format!("{}image/process.{}?src={}", pictrs_config.url, format, name,);
if let Some(size) = params.thumbnail {
- url = format!("{}&thumbnail={}", url, size,);
+ url = format!("{url}&thumbnail={size}",);
}
url
};
let (token, file) = components.into_inner();
let pictrs_config = context.settings().pictrs_config()?;
- let url = format!("{}/image/delete/{}/{}", pictrs_config.url, &token, &file);
+ let url = format!("{}image/delete/{}/{}", pictrs_config.url, &token, &file);
let mut client_req = adapt_request(&req, &client, url);
Ok(HttpResponse::build(res.status()).body(BodyStream::new(res.bytes_stream())))
}
-async fn purge(
- web::Query(params): web::Query<PictrsPurgeParams>,
- req: HttpRequest,
- client: web::Data<ClientWithMiddleware>,
- context: web::Data<LemmyContext>,
-) -> Result<HttpResponse, Error> {
- let purge_string = match params {
- PictrsPurgeParams::File(f) => format!("file={}", f),
- PictrsPurgeParams::Alias(a) => format!("alias={}", a),
- };
-
- let pictrs_config = context.settings().pictrs_config()?;
- let url = format!("{}/internal/purge?{}", pictrs_config.url, &purge_string);
-
- let mut client_req = adapt_request(&req, &client, url);
-
- if let Some(addr) = req.head().peer_addr {
- client_req = client_req.header("X-Forwarded-For", addr.to_string())
- }
-
- // Add the API token, X-Api-Token header
- client_req = client_req.header("x-api-token", pictrs_config.api_key);
-
- let res = client_req.send().await.map_err(error::ErrorBadRequest)?;
-
- Ok(HttpResponse::build(res.status()).body(BodyStream::new(res.bytes_stream())))
-}
-
fn make_send<S>(mut stream: S) -> impl Stream<Item = S::Item> + Send + Unpin + 'static
where
S: Stream + Unpin + 'static,
projects / lemmy.git / blobdiff