mirror of
https://git.youjo.love/youjo/youjo-be.git
synced 2024-11-20 13:59:55 +01:00
Limit instance emoji to image types
This commit is contained in:
parent
48c39be2f6
commit
3857c7f501
3 changed files with 37 additions and 7 deletions
|
@ -3,8 +3,12 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-only
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
defmodule Pleroma.Web.Plugs.InstanceStatic do
|
defmodule Pleroma.Web.Plugs.InstanceStatic do
|
||||||
|
import Plug.Conn
|
||||||
|
|
||||||
require Pleroma.Constants
|
require Pleroma.Constants
|
||||||
|
|
||||||
|
alias Pleroma.Web.Plugs.Utils
|
||||||
|
|
||||||
@moduledoc """
|
@moduledoc """
|
||||||
This is a shim to call `Plug.Static` but with runtime `from` configuration.
|
This is a shim to call `Plug.Static` but with runtime `from` configuration.
|
||||||
|
|
||||||
|
@ -43,11 +47,25 @@ defmodule Pleroma.Web.Plugs.InstanceStatic do
|
||||||
conn
|
conn
|
||||||
end
|
end
|
||||||
|
|
||||||
defp call_static(conn, opts, from) do
|
defp set_static_content_type(conn, "/emoji/" <> _ = request_path) do
|
||||||
|
real_mime = MIME.from_path(request_path)
|
||||||
|
safe_mime = Utils.get_safe_mime_type(%{allowed_mime_types: ["image"]}, real_mime)
|
||||||
|
|
||||||
|
put_resp_header(conn, "content-type", safe_mime)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp set_static_content_type(conn, request_path) do
|
||||||
|
put_resp_header(conn, "content-type", MIME.from_path(request_path))
|
||||||
|
end
|
||||||
|
|
||||||
|
defp call_static(%{request_path: request_path} = conn, opts, from) do
|
||||||
opts =
|
opts =
|
||||||
opts
|
opts
|
||||||
|> Map.put(:from, from)
|
|> Map.put(:from, from)
|
||||||
|
|> Map.put(:set_content_type, false)
|
||||||
|
|
||||||
Plug.Static.call(conn, opts)
|
conn
|
||||||
|
|> set_static_content_type(request_path)
|
||||||
|
|> Pleroma.Web.Plugs.StaticNoCT.call(opts)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,6 +11,7 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
alias Pleroma.Web.MediaProxy
|
alias Pleroma.Web.MediaProxy
|
||||||
|
alias Pleroma.Web.Plugs.Utils
|
||||||
|
|
||||||
@behaviour Plug
|
@behaviour Plug
|
||||||
# no slashes
|
# no slashes
|
||||||
|
@ -70,14 +71,11 @@ defmodule Pleroma.Web.Plugs.UploadedMedia do
|
||||||
|
|
||||||
defp media_is_banned(_, _), do: false
|
defp media_is_banned(_, _), do: false
|
||||||
|
|
||||||
defp get_safe_mime_type(%{allowed_mime_types: allowed_mime_types} = _opts, mime) do
|
|
||||||
[maintype | _] = String.split(mime, "/", parts: 2)
|
|
||||||
if maintype in allowed_mime_types, do: mime, else: "application/octet-stream"
|
|
||||||
end
|
|
||||||
|
|
||||||
defp set_content_type(conn, opts, filepath) do
|
defp set_content_type(conn, opts, filepath) do
|
||||||
real_mime = MIME.from_path(filepath)
|
real_mime = MIME.from_path(filepath)
|
||||||
clean_mime = get_safe_mime_type(opts, real_mime)
|
clean_mime = Utils.get_safe_mime_type(opts, real_mime)
|
||||||
put_resp_header(conn, "content-type", clean_mime)
|
put_resp_header(conn, "content-type", clean_mime)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
14
lib/pleroma/web/plugs/utils.ex
Normal file
14
lib/pleroma/web/plugs/utils.ex
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Akkoma: Magically expressive social media
|
||||||
|
# Copyright © 2024 Akkoma Authors <https://akkoma.dev>
|
||||||
|
# SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
|
||||||
|
defmodule Pleroma.Web.Plugs.Utils do
|
||||||
|
@moduledoc """
|
||||||
|
Some helper functions shared across several plugs
|
||||||
|
"""
|
||||||
|
|
||||||
|
def get_safe_mime_type(%{allowed_mime_types: allowed_mime_types} = _opts, mime) do
|
||||||
|
[maintype | _] = String.split(mime, "/", parts: 2)
|
||||||
|
if maintype in allowed_mime_types, do: mime, else: "application/octet-stream"
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue