From 370ee84b3486eca916c60803a1b1f6751dc121e3 Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Sun, 30 Mar 2025 22:29:45 +0800 Subject: [PATCH] :passport_control: Authorized required to access large file --- pkg/internal/server/api/attachments_api.go | 16 ++++++++++++-- pkg/internal/server/api/stickers_api.go | 4 ++-- pkg/internal/services/opener.go | 25 +++++++++++++--------- settings.toml | 5 +++-- 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/pkg/internal/server/api/attachments_api.go b/pkg/internal/server/api/attachments_api.go index 1386f26..5467a23 100644 --- a/pkg/internal/server/api/attachments_api.go +++ b/pkg/internal/server/api/attachments_api.go @@ -4,6 +4,7 @@ import ( "fmt" "strings" + "github.com/samber/lo" "github.com/spf13/viper" "git.solsynth.dev/hypernet/nexus/pkg/nex/sec" @@ -40,10 +41,21 @@ func openAttachment(c *fiber.Ctx) error { var err error var url, mimetype string + var filesize int64 + size := lo.Ternary(c.QueryBool("preview", true), 1024, -1) if len(region) > 0 { - url, mimetype, err = services.OpenAttachmentByRID(id, c.QueryBool("preview", true), region) + url, filesize, mimetype, err = services.OpenAttachmentByRID(id, size, region) } else { - url, mimetype, err = services.OpenAttachmentByRID(id, c.QueryBool("preview", true)) + url, filesize, mimetype, err = services.OpenAttachmentByRID(id, size) + } + + authenticated := false + if err := sec.EnsureAuthenticated(c); err == nil { + authenticated = true + } + + if filesize > viper.GetInt64("traffic.maximum_size") && !authenticated { + return fiber.NewError(fiber.StatusForbidden, "file is too large, you need authorized to access") } if err != nil { diff --git a/pkg/internal/server/api/stickers_api.go b/pkg/internal/server/api/stickers_api.go index a43ad68..c05aa23 100644 --- a/pkg/internal/server/api/stickers_api.go +++ b/pkg/internal/server/api/stickers_api.go @@ -43,9 +43,9 @@ func openStickerByAlias(c *fiber.Ctx) error { var url, mimetype string if len(region) > 0 { - url, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, true, region) + url, _, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, 256, region) } else { - url, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, true) + url, _, mimetype, err = services.OpenAttachmentByRID(sticker.Attachment.Rid, 288) } if err != nil { diff --git a/pkg/internal/services/opener.go b/pkg/internal/services/opener.go index 9c82045..04283fc 100644 --- a/pkg/internal/services/opener.go +++ b/pkg/internal/services/opener.go @@ -7,6 +7,7 @@ import ( "math/rand/v2" nurl "net/url" "path/filepath" + "strings" "time" "git.solsynth.dev/hypernet/nexus/pkg/nex/cachekit" @@ -28,7 +29,7 @@ func KgAttachmentOpenCache(rid string) string { return fmt.Sprintf("attachment-open#%s", rid) } -func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string, mimetype string, err error) { +func OpenAttachmentByRID(rid string, preferredSize int, region ...string) (url string, filesize int64, mimetype string, err error) { var result *openAttachmentResult if val, err := cachekit.Get[openAttachmentResult]( gap.Ca, @@ -65,6 +66,8 @@ func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string mimetype = result.Attachment.MimeType } + filesize = result.Attachment.Size + var dest models.BaseDestination var rawDest []byte @@ -138,15 +141,17 @@ func OpenAttachmentByRID(rid string, preview bool, region ...string) (url string nurl.QueryEscape(filepath.Join(destConfigured.Path, result.Attachment.Uuid)), ) } - if len(destConfigured.ImageProxyURL) > 0 && preview { - size := viper.GetInt("imageproxy.size") - url = fmt.Sprintf( - "%s/%dx%d,fit/%s", - destConfigured.ImageProxyURL, - size, - size, - url, - ) + if strings.HasPrefix(mimetype, "image") && filesize >= viper.GetInt64("traffic.minimum_size") { + if len(destConfigured.ImageProxyURL) > 0 && preferredSize > 0 { + url = fmt.Sprintf( + "%s/%dx%d,fit/%s", + destConfigured.ImageProxyURL, + preferredSize, + preferredSize, + url, + ) + filesize = int64(preferredSize * preferredSize) + } } return default: diff --git a/settings.toml b/settings.toml index 0912cec..ab9b4ed 100644 --- a/settings.toml +++ b/settings.toml @@ -27,8 +27,9 @@ path = "uploads/permanent" access_baseurl = "http://192.168.50.133:8004" image_proxy_baseurl = "https://io.sn.solsynth.dev" -[imageproxy] -size = 1024 +[traffic] +maximum_size = 20971520 +minimum_size = 1048576 [security] internal_public_key = "keys/internal_public_key.pem"