#![allow(deprecated)] use std::time::Duration; use axum::extract::State; use axum_client_ip::InsecureClientIp; use conduit::{ debug_info, debug_warn, err, info, utils::{self, content_disposition::make_content_disposition, math::ruma_from_usize}, warn, Err, Error, Result, }; use ruma::api::client::media::{ create_content, get_content, get_content_as_filename, get_content_thumbnail, get_media_config, get_media_preview, }; use service::{ media::{FileMeta, MXC_LENGTH}, Services, }; use crate::{Ruma, RumaResponse}; /// Cache control for immutable objects const CACHE_CONTROL_IMMUTABLE: &str = "public,max-age=31536000,immutable"; const CORP_CROSS_ORIGIN: &str = "cross-origin"; /// # `GET /_matrix/media/v3/config` /// /// Returns max upload size. pub(crate) async fn get_media_config_route( State(services): State, _body: Ruma, ) -> Result { Ok(get_media_config::v3::Response { upload_size: ruma_from_usize(services.globals.config.max_request_size), }) } /// # `GET /_matrix/media/v1/config` /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// Returns max upload size. pub(crate) async fn get_media_config_v1_route( State(services): State, body: Ruma, ) -> Result> { get_media_config_route(State(services), body) .await .map(RumaResponse) } /// # `GET /_matrix/media/v3/preview_url` /// /// Returns URL preview. #[tracing::instrument(skip_all, fields(%client), name = "url_preview")] pub(crate) async fn get_media_preview_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result { let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let url = &body.url; if !services.media.url_preview_allowed(url) { debug_info!(%sender_user, %url, "URL is not allowed to be previewed"); return Err!(Request(Forbidden("URL is not allowed to be previewed"))); } match services.media.get_url_preview(url).await { Ok(preview) => { let res = serde_json::value::to_raw_value(&preview).map_err(|e| { warn!(%sender_user, "Failed to convert UrlPreviewData into a serde json value: {e}"); err!(Request(Unknown("Failed to generate a URL preview"))) })?; Ok(get_media_preview::v3::Response::from_raw_value(res)) }, Err(e) => { info!(%sender_user, "Failed to generate a URL preview: {e}"); Err!(Request(Unknown("Failed to generate a URL preview"))) }, } } /// # `GET /_matrix/media/v1/preview_url` /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// Returns URL preview. #[tracing::instrument(skip_all, fields(%client), name = "url_preview")] pub(crate) async fn get_media_preview_v1_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result> { get_media_preview_route(State(services), InsecureClientIp(client), body) .await .map(RumaResponse) } /// # `POST /_matrix/media/v3/upload` /// /// Permanently save media in the server. /// /// - Some metadata will be saved in the database /// - Media will be saved in the media/ directory #[tracing::instrument(skip_all, fields(%client), name = "media_upload")] pub(crate) async fn create_content_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result { let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let mxc = format!("mxc://{}/{}", services.globals.server_name(), utils::random_string(MXC_LENGTH)); let content_disposition = make_content_disposition(None, body.content_type.as_deref(), body.filename.as_deref()); services .media .create( Some(sender_user.clone()), &mxc, Some(&content_disposition), body.content_type.as_deref(), &body.file, ) .await?; Ok(create_content::v3::Response { content_uri: mxc.into(), blurhash: None, }) } /// # `POST /_matrix/media/v1/upload` /// /// Permanently save media in the server. /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// - Some metadata will be saved in the database /// - Media will be saved in the media/ directory #[tracing::instrument(skip_all, fields(%client), name = "media_upload")] pub(crate) async fn create_content_v1_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result> { create_content_route(State(services), InsecureClientIp(client), body) .await .map(RumaResponse) } /// # `GET /_matrix/media/v3/download/{serverName}/{mediaId}` /// /// Load media from our server or over federation. /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_get")] pub(crate) async fn get_content_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result { let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); if let Some(FileMeta { content, content_type, content_disposition, }) = services.media.get(&mxc).await? { let content_disposition = make_content_disposition(content_disposition.as_ref(), content_type.as_deref(), None); let file = content.expect("content"); Ok(get_content::v3::Response { file, content_type: content_type.map(Into::into), content_disposition: Some(content_disposition), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), }) } else if !services.globals.server_is_ours(&body.server_name) && body.allow_remote { let response = get_remote_content( &services, &mxc, &body.server_name, body.media_id.clone(), body.allow_redirect, body.timeout_ms, ) .await .map_err(|e| err!(Request(NotFound(debug_warn!("Fetching media `{mxc}` failed: {e:?}")))))?; let content_disposition = make_content_disposition(response.content_disposition.as_ref(), response.content_type.as_deref(), None); Ok(get_content::v3::Response { file: response.file, content_type: response.content_type, content_disposition: Some(content_disposition), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), }) } else { Err!(Request(NotFound("Media not found."))) } } /// # `GET /_matrix/media/v1/download/{serverName}/{mediaId}` /// /// Load media from our server or over federation. /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_get")] pub(crate) async fn get_content_v1_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result> { get_content_route(State(services), InsecureClientIp(client), body) .await .map(RumaResponse) } /// # `GET /_matrix/media/v3/download/{serverName}/{mediaId}/{fileName}` /// /// Load media from our server or over federation, permitting desired filename. /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_get")] pub(crate) async fn get_content_as_filename_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result { let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); if let Some(FileMeta { content, content_type, content_disposition, }) = services.media.get(&mxc).await? { let content_disposition = make_content_disposition(content_disposition.as_ref(), content_type.as_deref(), Some(&body.filename)); let file = content.expect("content"); Ok(get_content_as_filename::v3::Response { file, content_type: content_type.map(Into::into), content_disposition: Some(content_disposition), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), }) } else if !services.globals.server_is_ours(&body.server_name) && body.allow_remote { match get_remote_content( &services, &mxc, &body.server_name, body.media_id.clone(), body.allow_redirect, body.timeout_ms, ) .await { Ok(remote_content_response) => { let content_disposition = make_content_disposition( remote_content_response.content_disposition.as_ref(), remote_content_response.content_type.as_deref(), None, ); Ok(get_content_as_filename::v3::Response { content_disposition: Some(content_disposition), content_type: remote_content_response.content_type, file: remote_content_response.file, cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), }) }, Err(e) => Err!(Request(NotFound(debug_warn!("Fetching media `{mxc}` failed: {e:?}")))), } } else { Err!(Request(NotFound("Media not found."))) } } /// # `GET /_matrix/media/v1/download/{serverName}/{mediaId}/{fileName}` /// /// Load media from our server or over federation, permitting desired filename. /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_get")] pub(crate) async fn get_content_as_filename_v1_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result> { get_content_as_filename_route(State(services), InsecureClientIp(client), body) .await .map(RumaResponse) } /// # `GET /_matrix/media/v3/thumbnail/{serverName}/{mediaId}` /// /// Load media thumbnail from our server or over federation. /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_thumbnail_get")] pub(crate) async fn get_content_thumbnail_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result { let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); if let Some(FileMeta { content, content_type, content_disposition, }) = services .media .get_thumbnail( &mxc, body.width .try_into() .map_err(|e| err!(Request(InvalidParam("Width is invalid: {e:?}"))))?, body.height .try_into() .map_err(|e| err!(Request(InvalidParam("Height is invalid: {e:?}"))))?, ) .await? { let content_disposition = make_content_disposition(content_disposition.as_ref(), content_type.as_deref(), None); let file = content.expect("content"); Ok(get_content_thumbnail::v3::Response { file, content_type: content_type.map(Into::into), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), content_disposition: Some(content_disposition), }) } else if !services.globals.server_is_ours(&body.server_name) && body.allow_remote { if services .globals .prevent_media_downloads_from() .contains(&body.server_name) { // we'll lie to the client and say the blocked server's media was not found and // log. the client has no way of telling anyways so this is a security bonus. debug_warn!("Received request for media `{}` on blocklisted server", mxc); return Err!(Request(NotFound("Media not found."))); } match services .sending .send_federation_request( &body.server_name, get_content_thumbnail::v3::Request { allow_remote: body.allow_remote, height: body.height, width: body.width, method: body.method.clone(), server_name: body.server_name.clone(), media_id: body.media_id.clone(), timeout_ms: body.timeout_ms, allow_redirect: body.allow_redirect, animated: body.animated, }, ) .await { Ok(get_thumbnail_response) => { services .media .upload_thumbnail( None, &mxc, None, get_thumbnail_response.content_type.as_deref(), body.width.try_into().expect("all UInts are valid u32s"), body.height.try_into().expect("all UInts are valid u32s"), &get_thumbnail_response.file, ) .await?; let content_disposition = make_content_disposition( get_thumbnail_response.content_disposition.as_ref(), get_thumbnail_response.content_type.as_deref(), None, ); Ok(get_content_thumbnail::v3::Response { file: get_thumbnail_response.file, content_type: get_thumbnail_response.content_type, cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), content_disposition: Some(content_disposition), }) }, Err(e) => Err!(Request(NotFound(debug_warn!("Fetching media `{mxc}` failed: {e:?}")))), } } else { Err!(Request(NotFound("Media not found."))) } } /// # `GET /_matrix/media/v1/thumbnail/{serverName}/{mediaId}` /// /// Load media thumbnail from our server or over federation. /// /// This is a legacy endpoint ("/v1/") that some very old homeservers and/or /// clients may call. conduwuit adds these for compatibility purposes. /// See /// /// - Only allows federation if `allow_remote` is true /// - Only redirects if `allow_redirect` is true /// - Uses client-provided `timeout_ms` if available, else defaults to 20 /// seconds #[tracing::instrument(skip_all, fields(%client), name = "media_thumbnail_get")] pub(crate) async fn get_content_thumbnail_v1_route( State(services): State, InsecureClientIp(client): InsecureClientIp, body: Ruma, ) -> Result> { get_content_thumbnail_route(State(services), InsecureClientIp(client), body) .await .map(RumaResponse) } async fn get_remote_content( services: &Services, mxc: &str, server_name: &ruma::ServerName, media_id: String, allow_redirect: bool, timeout_ms: Duration, ) -> Result { if services .globals .prevent_media_downloads_from() .contains(&server_name.to_owned()) { // we'll lie to the client and say the blocked server's media was not found and // log. the client has no way of telling anyways so this is a security bonus. debug_warn!("Received request for media `{mxc}` on blocklisted server"); return Err!(Request(NotFound("Media not found."))); } let content_response = services .sending .send_federation_request( server_name, get_content::v3::Request { allow_remote: true, server_name: server_name.to_owned(), media_id, timeout_ms, allow_redirect, }, ) .await?; let content_disposition = make_content_disposition( content_response.content_disposition.as_ref(), content_response.content_type.as_deref(), None, ); services .media .create( None, mxc, Some(&content_disposition), content_response.content_type.as_deref(), &content_response.file, ) .await?; Ok(get_content::v3::Response { file: content_response.file, content_type: content_response.content_type, content_disposition: Some(content_disposition), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), }) }