reverse proxy / uploads

This one's a bit heavy :)

• Pleroma.ReverseProxy:

  • Basically the mediaproxy but without signed URLs, more reusable
  • Friendlier with HTTP headers so the upstream may do caching, optimizations, compression, range ….
  • Supports HEAD requests
  • Sends the response with chunking while reading upstream
  • Limits the time it can read from upstream. Useful to protect against some kind of malicious upstreams (slow loris-like).

• Pleroma.Web.MediaProxy now just encodes/decodes/validates URL and uses the reverse proxy.

• Pleroma.Plugs.UploadedMedia:

The uploaders used to return the remote URL or worse the media proxy URL into the activity. This somewhat wrong because someone may want to migrate/deprecate an uploader at some point, and because the media proxy url were never meant to be persisted -- in case of a server compromise you'd want to change your secret key base, and that would invalidate all the media URL of previous activities.

Now, uploaders may return on put_file {:ok, {:file, path}} to instead generate a /media/ URL, which will be handled by this plug. The old behavior can still be used with {:ok, {:url, url}}.

On a media request, the plug calls the active uploader's get_file to read from disk, proxy/redirect to a remote url.

If it's a static request, the path is now configured at runtime as well.

• Partially rewrote Pleroma.Upload

  • Extensions are now guessed by the MIME library.

• Pleroma.Uploaders are now given a map of options instead of should_dedupe leaving room for other options

• A mix task to migrate from local storage to possibly any other uploader

• Pleroma.Application.user_agent() to be nice and identify ourselves when making http requests