From 97625b44e7ec96a99b78e910ddcfdabb687f68b3 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Tue, 29 Mar 2022 09:27:37 +0100
Subject: [PATCH] Provide configuration to allow camo-media proxying (#12802)
* Provide configuration to allow camo-media proxying
Fix #916
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---
custom/conf/app.example.ini | 17 +++++++
.../doc/advanced/config-cheat-sheet.en-us.md | 9 +++-
modules/markup/camo.go | 47 +++++++++++++++++++
modules/markup/camo_test.go | 45 ++++++++++++++++++
modules/markup/html.go | 1 +
modules/setting/setting.go | 15 ++++++
6 files changed, 133 insertions(+), 1 deletion(-)
create mode 100644 modules/markup/camo.go
create mode 100644 modules/markup/camo_test.go
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 8c6643b9bc..516d61452e 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -424,6 +424,23 @@ INTERNAL_TOKEN=
;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[camo]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; At the moment we only support images
+;;
+;; if the camo is enabled
+;ENABLED = false
+;; url to a camo image proxy, it **is required** if camo is enabled.
+;SERVER_URL =
+;; HMAC to encode urls with, it **is required** if camo is enabled.
+;HMAC_KEY =
+;; Set to true to use camo for https too lese only non https urls are proxyed
+;ALLWAYS = false
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[oauth2]
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index d9018f982a..ae40e0954b 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -513,7 +513,14 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
- spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
- off - do not check password complexity
- `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
-- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+
+## Camo (`camo`)
+
+- `ENABLED`: **false**: Enable media proxy, we support images only at the moment.
+- `SERVER_URL`: **<empty>**: url of camo server, it **is required** if camo is enabled.
+- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding urls, it **is required** if camo is enabled.
+- `ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed
## OpenID (`openid`)
diff --git a/modules/markup/camo.go b/modules/markup/camo.go
new file mode 100644
index 0000000000..f804447f2d
--- /dev/null
+++ b/modules/markup/camo.go
@@ -0,0 +1,47 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package markup
+
+import (
+ "crypto/hmac"
+ "crypto/sha1"
+ "encoding/base64"
+ "net/url"
+ "strings"
+
+ "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/util"
+)
+
+// CamoEncode encodes a lnk to fit with the go-camo and camo proxy links. The purposes of camo-proxy are:
+// 1. Allow accessing "http://" images on a HTTPS site by using the "https://" URLs provided by camo-proxy.
+// 2. Hide the visitor's real IP (protect privacy) when accessing external images.
+func CamoEncode(link string) string {
+ if strings.HasPrefix(link, setting.Camo.ServerURL) {
+ return link
+ }
+
+ mac := hmac.New(sha1.New, []byte(setting.Camo.HMACKey))
+ _, _ = mac.Write([]byte(link)) // hmac does not return errors
+ macSum := b64encode(mac.Sum(nil))
+ encodedURL := b64encode([]byte(link))
+
+ return util.URLJoin(setting.Camo.ServerURL, macSum, encodedURL)
+}
+
+func b64encode(data []byte) string {
+ return strings.TrimRight(base64.URLEncoding.EncodeToString(data), "=")
+}
+
+func camoHandleLink(link string) string {
+ if setting.Camo.Enabled {
+ lnkURL, err := url.Parse(link)
+ if err == nil && lnkURL.IsAbs() && !strings.HasPrefix(link, setting.AppURL) &&
+ (setting.Camo.Allways || lnkURL.Scheme != "https") {
+ return CamoEncode(link)
+ }
+ }
+ return link
+}
diff --git a/modules/markup/camo_test.go b/modules/markup/camo_test.go
new file mode 100644
index 0000000000..cc917039d8
--- /dev/null
+++ b/modules/markup/camo_test.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package markup
+
+import (
+ "testing"
+
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestCamoHandleLink(t *testing.T) {
+ setting.AppURL = "https://gitea.com"
+ // Test media proxy
+ setting.Camo.Enabled = true
+ setting.Camo.ServerURL = "https://image.proxy"
+ setting.Camo.HMACKey = "geheim"
+
+ assert.Equal(t,
+ "https://gitea.com/img.jpg",
+ camoHandleLink("https://gitea.com/img.jpg"))
+ assert.Equal(t,
+ "https://testimages.org/img.jpg",
+ camoHandleLink("https://testimages.org/img.jpg"))
+ assert.Equal(t,
+ "https://image.proxy/eivin43gJwGVIjR9MiYYtFIk0mw/aHR0cDovL3Rlc3RpbWFnZXMub3JnL2ltZy5qcGc",
+ camoHandleLink("http://testimages.org/img.jpg"))
+
+ setting.Camo.Allways = true
+ assert.Equal(t,
+ "https://gitea.com/img.jpg",
+ camoHandleLink("https://gitea.com/img.jpg"))
+ assert.Equal(t,
+ "https://image.proxy/tkdlvmqpbIr7SjONfHNgEU622y0/aHR0cHM6Ly90ZXN0aW1hZ2VzLm9yZy9pbWcuanBn",
+ camoHandleLink("https://testimages.org/img.jpg"))
+ assert.Equal(t,
+ "https://image.proxy/eivin43gJwGVIjR9MiYYtFIk0mw/aHR0cDovL3Rlc3RpbWFnZXMub3JnL2ltZy5qcGc",
+ camoHandleLink("http://testimages.org/img.jpg"))
+
+ // Restore previous settings
+ setting.Camo.Enabled = false
+}
diff --git a/modules/markup/html.go b/modules/markup/html.go
index 87d05dcabb..af6ae3bf16 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -386,6 +386,7 @@ func visitNode(ctx *RenderContext, procs, textProcs []processor, node *html.Node
attr.Val = util.URLJoin(prefix, attr.Val)
}
+ attr.Val = camoHandleLink(attr.Val)
node.Attr[i] = attr
}
} else if node.Data == "a" {
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index d11f3e65eb..c80fc3d204 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -197,6 +197,13 @@ var (
PasswordCheckPwn bool
SuccessfulTokensCacheSize int
+ Camo = struct {
+ Enabled bool
+ ServerURL string `ini:"SERVER_URL"`
+ HMACKey string `ini:"HMAC_KEY"`
+ Allways bool
+ }{}
+
// UI settings
UI = struct {
ExplorePagingNum int
@@ -1019,6 +1026,14 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
log.Fatal("Failed to map API settings: %v", err)
} else if err = Cfg.Section("metrics").MapTo(&Metrics); err != nil {
log.Fatal("Failed to map Metrics settings: %v", err)
+ } else if err = Cfg.Section("camo").MapTo(&Camo); err != nil {
+ log.Fatal("Failed to map Camo settings: %v", err)
+ }
+
+ if Camo.Enabled {
+ if Camo.ServerURL == "" || Camo.HMACKey == "" {
+ log.Fatal(`Camo settings require "SERVER_URL" and HMAC_KEY`)
+ }
}
u := *appURL