🛂 Authorized required to access large file

This commit is contained in:
LittleSheep 2025-03-30 22:29:45 +08:00
parent 35e4f9a9ad
commit 370ee84b34
4 changed files with 34 additions and 16 deletions

View File

@ -4,6 +4,7 @@ import (
"fmt"
"strings"
"github.com/samber/lo"
"github.com/spf13/viper"
"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
@ -40,10 +41,21 @@ func openAttachment(c *fiber.Ctx) error {
var err error
var url, mimetype string
var filesize int64
size := lo.Ternary(c.QueryBool("preview", true), 1024, -1)
if len(region) > 0 {
url, mimetype, err = services.OpenAttachmentByRID(id, c.QueryBool("preview", true), region)
url, filesize, mimetype, err = services.OpenAttachmentByRID(id, size, region)
} else {
url, mimetype, err = services.OpenAttachmentByRID(id, c.QueryBool("preview", true))
url, filesize, mimetype, err = services.OpenAttachmentByRID(id, size)
}
authenticated := false
if err := sec.EnsureAuthenticated(c); err == nil {
authenticated = true
}
if filesize > viper.GetInt64("traffic.maximum_size") && !authenticated {
return fiber.NewError(fiber.StatusForbidden, "file is too large, you need authorized to access")
}
if err != nil {

View File

@ -43,9 +43,9 @@ func openStickerByAlias(c *fiber.Ctx) error {
var url, mimetype string
if len(region) > 0 {
url, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, true, region)
url, _, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, 256, region)
} else {
url, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, true)
url, _, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, 288)
}
if err != nil {

View File

@ -7,6 +7,7 @@ import (
"math/rand/v2"
nurl "net/url"
"path/filepath"
"strings"
"time"
"git.solsynth.dev/hypernet/nexus/pkg/nex/cachekit"
@ -28,7 +29,7 @@ func KgAttachmentOpenCache(rid string) string {
return fmt.Sprintf("attachment-open#%s", rid)
}
func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string, mimetype string, err error) {
func OpenAttachmentByRID(rid string, preferredSize int, region ...string) (url string, filesize int64, mimetype string, err error) {
var result *openAttachmentResult
if val, err := cachekit.Get[openAttachmentResult](
gap.Ca,
@ -65,6 +66,8 @@ func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string
mimetype = result.Attachment.MimeType
}
filesize = result.Attachment.Size
var dest models.BaseDestination
var rawDest []byte
@ -138,15 +141,17 @@ func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string
nurl.QueryEscape(filepath.Join(destConfigured.Path, result.Attachment.Uuid)),
)
}
if len(destConfigured.ImageProxyURL) > 0 && preview {
size := viper.GetInt("imageproxy.size")
url = fmt.Sprintf(
"%s/%dx%d,fit/%s",
destConfigured.ImageProxyURL,
size,
size,
url,
)
if strings.HasPrefix(mimetype, "image") && filesize >= viper.GetInt64("traffic.minimum_size") {
if len(destConfigured.ImageProxyURL) > 0 && preferredSize > 0 {
url = fmt.Sprintf(
"%s/%dx%d,fit/%s",
destConfigured.ImageProxyURL,
preferredSize,
preferredSize,
url,
)
filesize = int64(preferredSize * preferredSize)
}
}
return
default:

View File

@ -27,8 +27,9 @@ path = "uploads/permanent"
access_baseurl = "http://192.168.50.133:8004"
image_proxy_baseurl = "https://io.sn.solsynth.dev"
[imageproxy]
size = 1024
[traffic]
maximum_size = 20971520
minimum_size = 1048576
[security]
internal_public_key = "keys/internal_public_key.pem"