Permalink
Browse files

Proxy fixes.

  • Loading branch information...
flashwave committed Jan 10, 2019
1 parent 36781e7 commit bfa39bc8412afa7bca663109342159baf503d5b5
Showing with 27 additions and 12 deletions.
  1. +13 −9 public/proxy.php
  2. +14 −3 utility.php
@@ -3,22 +3,26 @@
$acceptedProtocols = ['http', 'https'];
$acceptedMimeTypes = [
'image/png', 'image/jpeg', 'image/bmp', 'image/gif', 'image/svg', 'image/svg+xml', 'image/tiff', 'image/webp',
'video/mp4', 'video/webm', 'video/x-msvideo', 'video/mpeg', 'video/ogg',
'audio/aac', 'audio/ogg', 'audio/mp3', 'audio/mpeg', 'audio/wav', 'audio/webm',
'image/png', 'image/jpeg', 'image/bmp', 'image/x-bmp', 'image/gif', 'image/svg', 'image/svg+xml', 'image/tiff', 'image/tiff-fx', 'image/webp',
'video/mp4', 'video/webm', 'video/x-msvideo', 'video/vnd.avi', 'video/msvideo', 'video/avi', 'video/mpeg', 'video/ogg',
'audio/aac', 'audio/aacp', 'audio/3gpp', 'audio/3gpp2', 'audio/mp4', 'audio/mp4a-latm', 'audio/mpeg4-generic',
'audio/ogg', 'audio/mp3', 'audio/mpeg', 'audio/mpa', 'audio/mpa-robust',
'audio/wav', 'audio/vnd.wave', 'audio/wave', 'audio/x-wav', 'audio/webm', 'audio/x-flac', 'audio/flac',
];
header('Cache-Control: max-age=600');
$proxyUrl = rawurldecode($_GET['u'] ?? '');
$proxyHash = $_GET['h'] ?? '';
$splitPath = explode('/', $_SERVER['PATH_INFO'] ?? '', 3);
$proxyHash = $splitPath[1] ?? '';
$proxyUrl = $splitPath[2] ?? '';
if (empty($proxyHash) || empty($proxyUrl)) {
echo render_error(400);
return;
}
$parsedUrl = parse_url($proxyUrl);
$proxyUrlDecoded = base64url_decode($proxyUrl);
$parsedUrl = parse_url($proxyUrlDecoded);
if (empty($parsedUrl['scheme'])
|| empty($parsedUrl['host'])
@@ -28,7 +32,7 @@
}
if (!config_get_default(false, 'Proxy', 'enabled')) {
header('Location: ' . $proxyUrl);
header('Location: ' . $proxyUrlDecoded);
return;
}
@@ -40,7 +44,7 @@
return;
}
$curl = curl_init($proxyUrl);
$curl = curl_init($proxyUrlDecoded);
curl_setopt_array($curl, [
CURLOPT_CERTINFO => false,
CURLOPT_FAILONERROR => false,
@@ -64,7 +68,7 @@
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$fileMime = finfo_buffer($finfo, $curlBody);
$fileMime = strtolower(finfo_buffer($finfo, $curlBody));
finfo_close($finfo);
if (!in_array($fileMime, $acceptedMimeTypes, true)) {
@@ -342,15 +342,26 @@ function is_user_int($value): bool
return ctype_digit(strval($value));
}
// https://secure.php.net/manual/en/function.base64-encode.php#103849
function base64url_encode(string $data): string
{
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
function base64url_decode(string $data): string
{
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
function proxy_media_url(?string $url): ?string
{
if (empty($url) || !config_get_default(false, 'Proxy', 'enabled') || is_local_url($url)) {
return $url;
}
$secret = config_get_default('insecure', 'Proxy', 'secret_key');
$hash = hash_hmac('sha256', rawurldecode($url), $secret);
$encodedUrl = rawurlencode($url);
$encodedUrl = base64url_encode($url);
$hash = hash_hmac('sha256', $encodedUrl, $secret);
return "/proxy.php?h={$hash}&u={$encodedUrl}";
return "/proxy.php/{$hash}/{$encodedUrl}";
}

0 comments on commit bfa39bc

Please sign in to comment.