reverse proxy / uploads
This one's a bit heavy :)
-
Pleroma.ReverseProxy
:- Basically the mediaproxy but without signed URLs, more reusable
- Friendlier with HTTP headers so the upstream may do caching, optimizations, compression, range ….
- Supports HEAD requests
- Sends the response with chunking while reading upstream
- Limits the time it can read from upstream. Useful to protect against some kind of malicious upstreams (slow loris-like).
-
Pleroma.Web.MediaProxy
now just encodes/decodes/validates URL and uses the reverse proxy. -
Pleroma.Plugs.UploadedMedia
:
The uploaders used to return the remote URL or worse the media proxy URL into the activity. This somewhat wrong because someone may want to migrate/deprecate an uploader at some point, and because the media proxy url were never meant to be persisted -- in case of a server compromise you'd want to change your secret key base, and that would invalidate all the media URL of previous activities.
Now, uploaders may return on put_file
{:ok, {:file, path}}
to instead generate a /media/
URL, which will be handled by this plug. The old behavior can still be used with {:ok, {:url, url}}
.
On a media request, the plug calls the active uploader's get_file
to read from disk, proxy/redirect to a remote url.
If it's a static request, the path is now configured at runtime as well.
-
Partially rewrote
Pleroma.Upload
- Extensions are now guessed by the MIME library.
-
Pleroma.Uploaders
are now given a map of options instead ofshould_dedupe
leaving room for other options -
A mix task to migrate from local storage to possibly any other uploader
-
Pleroma.Application.user_agent()
to be nice and identify ourselves when making http requests