From d6977d24afbbcee7ba207bcd4e795f52c4acadba Mon Sep 17 00:00:00 2001 From: alemi Date: Tue, 16 Jul 2024 02:13:40 +0200 Subject: [PATCH] fix: media proxy works for logged out users too --- upub/routes/src/activitypub/application.rs | 40 +++++++++++++--------- upub/routes/src/activitypub/mod.rs | 2 +- 2 files changed, 25 insertions(+), 17 deletions(-) diff --git a/upub/routes/src/activitypub/application.rs b/upub/routes/src/activitypub/application.rs index 2ac3d55..b9418bc 100644 --- a/upub/routes/src/activitypub/application.rs +++ b/upub/routes/src/activitypub/application.rs @@ -48,21 +48,7 @@ pub async fn ap_fetch( State(ctx): State, AuthIdentity(auth): AuthIdentity, Query(query): Query, -) -> crate::ApiResult { - proxy(ctx, query.uri, auth).await -} - -pub async fn proxy_cloak( - State(ctx): State, - AuthIdentity(auth): AuthIdentity, - Path((hmac, uri)): Path<(String, String)>, -) -> crate::ApiResult { - let uri = ctx.uncloak(&hmac, &uri) - .ok_or_else(ApiError::unauthorized)?; - proxy(ctx, uri, auth).await -} - -async fn proxy(ctx: Context, query: String, auth: Identity) -> crate::ApiResult { +) -> crate::ApiResult> { // only local users can request fetches if !ctx.cfg().security.allow_public_debugger && !auth.is_local() { return Err(crate::ApiError::unauthorized()); @@ -70,7 +56,29 @@ async fn proxy(ctx: Context, query: String, auth: Identity) -> crate::ApiResult< let resp = Context::request( Method::GET, - &query, + &query.uri, + None, + ctx.base(), + ctx.pkey(), + &format!("{}+fetch", ctx.domain()), + ) + .await? + .error_for_status()?; + + + Ok(axum::Json(resp.json().await?)) +} + +pub async fn cloak_proxy( + State(ctx): State, + Path((hmac, uri)): Path<(String, String)>, +) -> crate::ApiResult { + let uri = ctx.uncloak(&hmac, &uri) + .ok_or_else(ApiError::unauthorized)?; + + let resp = Context::request( + Method::GET, + &uri, None, ctx.base(), ctx.pkey(), diff --git a/upub/routes/src/activitypub/mod.rs b/upub/routes/src/activitypub/mod.rs index d6ed08f..e2c18c2 100644 --- a/upub/routes/src/activitypub/mod.rs +++ b/upub/routes/src/activitypub/mod.rs @@ -23,7 +23,7 @@ impl ActivityPubRouter for Router { .route("/", get(ap::application::view)) // fetch route, to debug and retreive remote objects .route("/fetch", get(ap::application::ap_fetch)) - .route("/proxy/:hmac/:uri", get(ap::application::proxy_cloak)) + .route("/proxy/:hmac/:uri", get(ap::application::cloak_proxy)) .route("/inbox", post(ap::inbox::post)) .route("/inbox", get(ap::inbox::get)) .route("/inbox/page", get(ap::inbox::page))