2020-05-13 12:07:44 +00:00
|
|
|
package alpsviewhtml
|
2020-02-12 13:42:51 +00:00
|
|
|
|
|
|
|
import (
|
2020-02-25 14:45:43 +00:00
|
|
|
"io"
|
|
|
|
"mime"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
|
2020-05-13 12:07:44 +00:00
|
|
|
"git.sr.ht/~emersion/alps"
|
|
|
|
alpsbase "git.sr.ht/~emersion/alps/plugins/base"
|
2020-02-25 14:45:43 +00:00
|
|
|
"github.com/labstack/echo/v4"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
proxyEnabled = true
|
|
|
|
proxyMaxSize = 5 * 1024 * 1024 // 5 MiB
|
2020-02-12 13:42:51 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
2020-05-13 12:07:44 +00:00
|
|
|
p := alps.GoPlugin{Name: "viewhtml"}
|
2020-02-25 14:45:43 +00:00
|
|
|
|
2020-05-13 12:07:44 +00:00
|
|
|
p.Inject("message.html", func(ctx *alps.Context, _data alps.RenderData) error {
|
|
|
|
data := _data.(*alpsbase.MessageRenderData)
|
2020-02-25 15:13:10 +00:00
|
|
|
data.Extra["RemoteResourcesAllowed"] = ctx.QueryParam("allow-remote-resources") == "1"
|
|
|
|
hasRemoteResources := false
|
|
|
|
if v := ctx.Get("viewhtml.hasRemoteResources"); v != nil {
|
|
|
|
hasRemoteResources = v.(bool)
|
|
|
|
}
|
|
|
|
data.Extra["HasRemoteResources"] = hasRemoteResources
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
|
2020-05-13 12:07:44 +00:00
|
|
|
p.GET("/proxy", func(ctx *alps.Context) error {
|
2020-02-25 14:45:43 +00:00
|
|
|
if !proxyEnabled {
|
|
|
|
return echo.NewHTTPError(http.StatusForbidden, "proxy disabled")
|
|
|
|
}
|
|
|
|
|
|
|
|
u, err := url.Parse(ctx.QueryParam("src"))
|
|
|
|
if err != nil {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid URL")
|
|
|
|
}
|
|
|
|
|
|
|
|
if u.Scheme != "https" {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid scheme")
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := http.Get(u.String())
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
mediaType, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
|
|
|
|
if err != nil || !strings.HasPrefix(mediaType, "image/") {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid resource type")
|
|
|
|
}
|
|
|
|
|
|
|
|
size, err := strconv.Atoi(resp.Header.Get("Content-Length"))
|
2020-11-13 17:45:31 +00:00
|
|
|
if err == nil {
|
|
|
|
if size > proxyMaxSize {
|
|
|
|
return echo.NewHTTPError(http.StatusBadRequest, "invalid resource length")
|
|
|
|
}
|
|
|
|
ctx.Response().Header().Set("Content-Length", strconv.Itoa(size))
|
2020-02-25 14:45:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
lr := io.LimitedReader{resp.Body, int64(proxyMaxSize)}
|
|
|
|
return ctx.Stream(http.StatusOK, mediaType, &lr)
|
|
|
|
})
|
|
|
|
|
2020-05-13 12:07:44 +00:00
|
|
|
alps.RegisterPluginLoader(p.Loader())
|
2020-02-12 13:42:51 +00:00
|
|
|
}
|