alemi/upub
alemi/upub
1
0
Fork 1
Code Issues 4 Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: media proxy works for logged out users too

Browse source
This commit is contained in:
əlemi 2024-07-16 02:13:40 +02:00
parent 2cbf7aff9f
commit d6977d24af
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 25 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
upub/routes/src/activitypub/application.rs
View file

@ -48,21 +48,7 @@ pub async fn ap_fetch(
State(ctx): State<Context>, State(ctx): State<Context>,
AuthIdentity(auth): AuthIdentity, AuthIdentity(auth): AuthIdentity,
Query(query): Query<ProxyQuery>, Query(query): Query<ProxyQuery>,
) -> crate::ApiResult<impl IntoResponse> { ) -> crate::ApiResult<axum::Json<serde_json::Value>> {
proxy(ctx, query.uri, auth).await
}
pub async fn proxy_cloak(
State(ctx): State<Context>,
AuthIdentity(auth): AuthIdentity,
Path((hmac, uri)): Path<(String, String)>,
) -> crate::ApiResult<impl IntoResponse> {
let uri = ctx.uncloak(&hmac, &uri)
.ok_or_else(ApiError::unauthorized)?;
proxy(ctx, uri, auth).await
}
async fn proxy(ctx: Context, query: String, auth: Identity) -> crate::ApiResult<impl IntoResponse> {
// only local users can request fetches // only local users can request fetches
if !ctx.cfg().security.allow_public_debugger && !auth.is_local() { if !ctx.cfg().security.allow_public_debugger && !auth.is_local() {
return Err(crate::ApiError::unauthorized()); return Err(crate::ApiError::unauthorized());
@ -70,7 +56,29 @@ async fn proxy(ctx: Context, query: String, auth: Identity) -> crate::ApiResult<
let resp = Context::request( let resp = Context::request(
Method::GET, Method::GET,
&query, &query.uri,
None,
ctx.base(),
ctx.pkey(),
&format!("{}+fetch", ctx.domain()),
)
.await?
.error_for_status()?;
Ok(axum::Json(resp.json().await?))
}
pub async fn cloak_proxy(
State(ctx): State<Context>,
Path((hmac, uri)): Path<(String, String)>,
) -> crate::ApiResult<impl IntoResponse> {
let uri = ctx.uncloak(&hmac, &uri)
.ok_or_else(ApiError::unauthorized)?;
let resp = Context::request(
Method::GET,
&uri,
None, None,
ctx.base(), ctx.base(),
ctx.pkey(), ctx.pkey(),

2
upub/routes/src/activitypub/mod.rs
View file

@ -23,7 +23,7 @@ impl ActivityPubRouter for Router<upub::Context> {
.route("/", get(ap::application::view)) .route("/", get(ap::application::view))
// fetch route, to debug and retreive remote objects // fetch route, to debug and retreive remote objects
.route("/fetch", get(ap::application::ap_fetch)) .route("/fetch", get(ap::application::ap_fetch))
.route("/proxy/:hmac/:uri", get(ap::application::proxy_cloak)) .route("/proxy/:hmac/:uri", get(ap::application::cloak_proxy))
.route("/inbox", post(ap::inbox::post)) .route("/inbox", post(ap::inbox::post))
.route("/inbox", get(ap::inbox::get)) .route("/inbox", get(ap::inbox::get))
.route("/inbox/page", get(ap::inbox::page)) .route("/inbox/page", get(ap::inbox::page))