logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://anongit.hacktivis.me/git/pleroma.git/

instance_static.ex (2208B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Plugs.InstanceStatic do
  6.   require Pleroma.Constants
  7.   import Plug.Conn, only: [put_resp_header: 3]
  9.   @moduledoc """
  10.   This is a shim to call `Plug.Static` but with runtime `from` configuration.
  12.   Mountpoints are defined directly in the module to avoid calling the configuration for every request including non-static ones.
  13.   """
  14.   @behaviour Plug
  16.   def file_path(path) do
  17.     instance_path =
  18.       Path.join(Pleroma.Config.get([:instance, :static_dir], "instance/static/"), path)
  20.     frontend_path = Pleroma.Web.Plugs.FrontendStatic.file_path(path, :primary)
  22.     (File.exists?(instance_path) && instance_path) ||
  23.       (frontend_path && File.exists?(frontend_path) && frontend_path) ||
  24.       Path.join(Application.app_dir(:pleroma, "priv/static/"), path)
  25.   end
  27.   def init(opts) do
  28.     opts
  29.     |> Keyword.put(:from, "__unconfigured_instance_static_plug")
  30.     |> Plug.Static.init()
  31.   end
  33.   for only <- Pleroma.Constants.static_only_files() do
  34.     def call(%{request_path: "/" <> unquote(only) <> _} = conn, opts) do
  35.       call_static(
  36.         conn,
  37.         opts,
  38.         Pleroma.Config.get([:instance, :static_dir], "instance/static")
  39.       )
  40.     end
  41.   end
  43.   def call(conn, _) do
  44.     conn
  45.   end
  47.   defp call_static(conn, opts, from) do
  48.     # Prevent content-type spoofing by setting content_types: false
  49.     opts =
  50.       opts
  51.       |> Map.put(:from, from)
  52.       |> Map.put(:content_types, false)
  54.     conn = set_content_type(conn, conn.request_path)
  56.     # Call Plug.Static with our sanitized content-type
  57.     Plug.Static.call(conn, opts)
  58.   end
  60.   defp set_content_type(conn, "/emoji/" <> filepath) do
  61.     real_mime = MIME.from_path(filepath)
  63.     clean_mime =
  64.       Pleroma.Web.Plugs.Utils.get_safe_mime_type(%{allowed_mime_types: ["image"]}, real_mime)
  66.     put_resp_header(conn, "content-type", clean_mime)
  67.   end
  69.   defp set_content_type(conn, filepath) do
  70.     real_mime = MIME.from_path(filepath)
  71.     put_resp_header(conn, "content-type", real_mime)
  72.   end
  73. end
  75. # I think this needs to be uncleaned except for emoji.