fixed content-disposition inline

3ceca90e · Dominik Hebeler · 231f7a54 · 3ceca90e · 3ceca90e
Commit 3ceca90e authored Mar 16, 2022 by Dominik Hebeler
--- a/app/Http/Controllers/ProxyController.php
+++ b/app/Http/Controllers/ProxyController.php
@@ -17,9 +17,22 @@ class ProxyController extends Controller
    const PROXY_CACHE = 5; # Cache duration in minutes
    const PROXYLINKVALIDHOURS = 1;

+    public function urlgenerator(Request $request)
+    {
+        if (\App::environment() !== "production") {
+            $validatedData = $request->validate([
+                'url' => 'required|url|max:255',
+            ]);
+            $url = $request->input('url', 'https://metager.de');
+            return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
+        } else {
+            abort(400);
+        }
+    }
+
    public function proxyPage(Request $request)
    {
-        if(!$request->filled("url") || !$request->filled("password")){
+        if (!$request->filled("url") || !$request->filled("password")) {
            if (\App::environment() !== "production") {
                return view("development");
            } else {
@@ -76,7 +89,7 @@ class ProxyController extends Controller
        }

        // Check Password
-        if(!self::checkPassword($targetUrl, null, $password)){
+        if (!self::checkPassword($targetUrl, null, $password)) {
            abort(400, "Invalid Request");
        }

@@ -84,7 +97,7 @@ class ProxyController extends Controller
        $host = parse_url($targetUrl, PHP_URL_HOST);
        $selfHost = $request->getHttpHost();
        // The target URL couldn't be parsed. This is probably a malformed URL
-        if($host === false){
+        if ($host === false) {
            abort(404, "Invalid Request");
        }
        // The URL to load itself is a URL to our proxy
@@ -95,9 +108,9 @@ class ProxyController extends Controller

        \App\PrometheusExporter::registerProxyCall();
        $this->writeLog($targetUrl, $request->ip());
-       
+
        $urlToProxy = self::generateProxyUrl($targetUrl);
-       
+
        // Already Fetch the Contents of the website.
        // If it's a Download we can already deliver it
        // Hash Value under which a possible cached file would've been stored
@@ -110,9 +123,9 @@ class ProxyController extends Controller
                $postData = \App\Http\Controllers\DownloadController::generateDownloadLinkParameters($targetUrl);
                $downloadUrl = route('download', $postData);
                return redirect($downloadUrl);
-            }else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){
+            } else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
                return view('curl_errors.6', ["answer" => $answer]);
-            }else if($answer["error"] === 28){
+            } else if ($answer["error"] === 28) {
                // "Operation too slow. Less than 50000 bytes/sec transferred the last 5 seconds"
                abort(408, "The requested webpage did not respond or did respond too slow. Loading it was therefor aborted");
            }
@@ -129,7 +142,7 @@ class ProxyController extends Controller
                    $redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
                }
                return redirect(self::generateProxyWrapperUrl($redLink));
-            } elseif (strtolower($index) === "content-disposition") {
+            } elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
                return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
            } else {
                $headerArray[trim($index)] = trim($value);
@@ -143,7 +156,7 @@ class ProxyController extends Controller

    public function proxy(Request $request)
    {
-        if(!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")){
+        if (!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")) {
            Log::info("Request with missing url, password or valid-until");
            abort(400, "Invalid Request");
        }
@@ -153,7 +166,7 @@ class ProxyController extends Controller
        $validUntil = $request->input("valid-until", "");

        // Check Password
-        if(!self::checkPassword($targetUrl, $validUntil, $password)){
+        if (!self::checkPassword($targetUrl, $validUntil, $password)) {
            Log::info("Password incorrect");
            abort(400, "Invalid Request");
        }
@@ -174,7 +187,7 @@ class ProxyController extends Controller
        $selfHost = $request->getHttpHost();
        // The target URL couldn't be parsed. This is probably a malformed URL
        // The URL to load itself is a URL to our proxy
-        if($host === false || $host === $selfHost){
+        if ($host === false || $host === $selfHost) {
            Log::info("URL to myself");
            abort(404, "Invalid Request");
        }
@@ -193,7 +206,7 @@ class ProxyController extends Controller
                    "validuntil" => $postData["valid-until"],
                    "password" => $postData["password"]
                ]), 413);
-            }else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){
+            } else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
                return view('curl_errors.6', ["answer" => $answer]);
            }
        }
@@ -219,10 +232,10 @@ class ProxyController extends Controller
                        $parse = parse_url($targetUrl);
                        $redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
                    }
-                    
+
                    $key = md5($request->ip() . microtime(true));
                    $headerArray[trim($index)] = self::generateProxyUrl($redLink);
-                } elseif (strtolower($index) === "content-disposition") {
+                } elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
                    $headerArray[strtolower(trim($index))] = strtolower(trim($value));
                } else {
                    $headerArray[trim($index)] = trim($value);
@@ -243,7 +256,7 @@ class ProxyController extends Controller
            $contentType = strpos($answer["headers"]["content-type"], ";") !== false ? trim(substr($answer["headers"]["content-type"], 0, strpos($answer["headers"]["content-type"], ";"))) : trim($answer["headers"]["content-type"]);
            $contentEncoding = stripos($contentTypeHeader, "charset=") !== false ? trim(substr($contentTypeHeader, stripos($contentTypeHeader, "charset=") + 8)) : null;
            $contentEncoding = rtrim($contentEncoding, ";");
-            if (isset($answer["headers"]["content-disposition"]) && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) {
+            if (isset($answer["headers"]["content-disposition"]) && stripos($answer["headers"]["content-disposition"], "inline") !== 0 && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) {
                return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
            }
            $body = base64_decode($answer["body"]);
@@ -319,7 +332,8 @@ class ProxyController extends Controller
            ->withHeaders($answer["headers"]);
    }

-    private function fetchUrl($targetUrl){
+    private function fetchUrl($targetUrl)
+    {
        $hash = md5($targetUrl);

        if (!Cache::has($hash) || config("proxy.cache.enabled") === false) {
@@ -357,13 +371,14 @@ class ProxyController extends Controller
     * It should take the submitted parameters and add them to the url
     * After that it should redirect to the correct page with the correct parameters
     */
-    public function formget(Request $request, $password, $validUntil, $url){
-        if(empty($password) || empty($validUntil) || empty($url)){
+    public function formget(Request $request, $password, $validUntil, $url)
+    {
+        if (empty($password) || empty($validUntil) || empty($url)) {
            abort(400, "Invalid Request");
        }

        // Check Password
-        if(!self::checkPassword($url, $validUntil, $password)){
+        if (!self::checkPassword($url, $validUntil, $password)) {
            abort(400, "Invalid Request");
        }

@@ -382,7 +397,7 @@ class ProxyController extends Controller
        $selfHost = $request->getHttpHost();
        // The target URL couldn't be parsed. This is probably a malformed URL
        // The URL to load itself is a URL to our proxy
-        if($host === false || $host === $selfHost){
+        if ($host === false || $host === $selfHost) {
            abort(404, "Invalid Request");
        }

@@ -392,12 +407,12 @@ class ProxyController extends Controller
        // The URL itself might contain query parameters
        $containedParameters = array();
        $parts = parse_url($url);
-        if(!empty($parts["query"])){
+        if (!empty($parts["query"])) {
            parse_str($parts["query"], $containedParameters);
        }
        $urlParameters = array_merge($submittedParameters, $containedParameters);

-        if(empty($parts["scheme"]) || empty($parts["host"])){
+        if (empty($parts["scheme"]) || empty($parts["host"])) {
            abort(400, "Invalid Request");
        }

@@ -417,7 +432,8 @@ class ProxyController extends Controller
     * This function generates a URL to a proxied page
     * including the proxy header.
     */
-    public static function generateProxyWrapperUrl($url){
+    public static function generateProxyWrapperUrl($url)
+    {
        $password = self::generatePassword($url, null);
        $sanitizedUrl = self::sanitizeUrl($url);

@@ -425,10 +441,10 @@ class ProxyController extends Controller
        $host = null;
        $path = null;

-        if(!empty($sanitizedParts["host"])){
+        if (!empty($sanitizedParts["host"])) {
            $host = $sanitizedParts["host"];
        }
-        if(!empty($sanitizedParts["path"])){
+        if (!empty($sanitizedParts["path"])) {
            $path = trim($sanitizedParts["path"], "/");
        }

@@ -448,7 +464,8 @@ class ProxyController extends Controller
     * This function generates a URL to a proxied page
     * excluding the proxy header.
     */
-    public static function generateProxyUrl($url){
+    public static function generateProxyUrl($url)
+    {

        $validUntil = self::generateValidUntilDate();
        $password = self::generatePassword($url, $validUntil);
@@ -458,10 +475,10 @@ class ProxyController extends Controller
        $host = null;
        $path = null;

-        if(!empty($sanitizedParts["host"])){
+        if (!empty($sanitizedParts["host"])) {
            $host = $sanitizedParts["host"];
        }
-        if(!empty($sanitizedParts["path"])){
+        if (!empty($sanitizedParts["path"])) {
            $path = trim($sanitizedParts["path"], "/");
        }

@@ -473,9 +490,9 @@ class ProxyController extends Controller
            "password" => $password,
        ];

-        try{
+        try {
            return route('proxy', $parameters);
-        }catch (\Exception $e){
+        } catch (\Exception $e) {
            $test = "test";
        }
    }
@@ -484,7 +501,8 @@ class ProxyController extends Controller
     * This function generates a URL to a page that takes submitted form data
     * excluding the proxy header.
     */
-    public static function generateFormgetUrl($url){
+    public static function generateFormgetUrl($url)
+    {

        $validUntil = self::generateValidUntilDate();
        $password = self::generatePassword($url, $validUntil);
@@ -521,7 +539,7 @@ class ProxyController extends Controller
    {
        $data = rtrim($url, "/");

-        if(!empty($validUntil)){
+        if (!empty($validUntil)) {
            $data .= $validUntil;
        }

@@ -535,7 +553,7 @@ class ProxyController extends Controller
    {
        $data = rtrim($url, "/");

-        if(!empty($validUntil)){
+        if (!empty($validUntil)) {
            $data .= $validUntil;
        }

@@ -558,19 +576,20 @@ class ProxyController extends Controller
        }
    }

-    private static function sanitizeUrl($url){
+    private static function sanitizeUrl($url)
+    {
        $parts = parse_url($url);

        // Optional but we only sanitize URLs with scheme and host defined
-        if($parts === false || empty($parts["scheme"]) || empty($parts["host"])){
+        if ($parts === false || empty($parts["scheme"]) || empty($parts["host"])) {
            return $url;
        }

        $sanitizedPath = null;
-        if(!empty($parts["path"])){
+        if (!empty($parts["path"])) {
            $pathParts = explode("/", $parts["path"]);
-            foreach($pathParts as $index => $pathPart){
-                if($index === 0) continue;
+            foreach ($pathParts as $index => $pathPart) {
+                if ($index === 0) continue;
                // The Path part might already be urlencoded
                $sanitizedPath .= "/" . rawurlencode(rawurldecode($pathPart));
            }

--- a/routes/web.php
+++ b/routes/web.php
@@ -35,17 +35,7 @@ Route::get('p/{host?}/{path?}', [ProxyController::class, 'proxy'])->name('proxy'
 // Route with Proxy Header
 Route::get('{host?}/{path?}', [ProxyController::class, 'proxyPage'])->name('proxy-wrapper-page')->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');

-Route::post('{host?}/{path?}', function (Request $request) {
-    if (App::environment() !== "production") {
-        $validatedData = $request->validate([
-            'url' => 'required|url|max:255',
-        ]);
-        $url = $request->input('url', 'https://metager.de');
-        return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
-    }else{
-        abort(400);
-    }
-})->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
+Route::post('{host?}/{path?}', [ProxyController::class, 'urlgenerator'])->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');

 /**
 * This is our old Proxy route
@@ -53,7 +43,7 @@ Route::post('{host?}/{path?}', function (Request $request) {
 * migrate to the new ones and redirect to the new one.
 * 15.01.2021
 */
-Route::get('{password}/{url}', function(Request $request, $password, $url){
+Route::get('{password}/{url}', function (Request $request, $password, $url) {
    $targetUrl = str_replace("<<SLASH>>", "/", $url);
    $targetUrl = str_rot13(base64_decode($targetUrl));
    if (strpos($targetUrl, URL::to('/')) === 0) {
@@ -82,16 +72,16 @@ Route::get('metrics', function (Request $request) {
    ];

    $allowed = false;
-    foreach($allowedNetworks as $part){
-        if(stripos($ip, $part) === 0){
+    foreach ($allowedNetworks as $part) {
+        if (stripos($ip, $part) === 0) {
            $allowed = true;
        }
    }

-    if(!$allowed){
+    if (!$allowed) {
        abort(401);
    }
-    
+
    $registry = \Prometheus\CollectorRegistry::getDefault();

    $renderer = new \Prometheus\RenderTextFormat();
@@ -100,4 +90,3 @@ Route::get('metrics', function (Request $request) {
    return response($result, 200)
        ->header('Content-Type', \Prometheus\RenderTextFormat::MIME_TYPE);
 });
-