Commit 3ceca90e authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

fixed content-disposition inline

parent 231f7a54
......@@ -17,9 +17,22 @@ class ProxyController extends Controller
const PROXY_CACHE = 5; # Cache duration in minutes
const PROXYLINKVALIDHOURS = 1;
public function urlgenerator(Request $request)
{
if (\App::environment() !== "production") {
$validatedData = $request->validate([
'url' => 'required|url|max:255',
]);
$url = $request->input('url', 'https://metager.de');
return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
} else {
abort(400);
}
}
public function proxyPage(Request $request)
{
if(!$request->filled("url") || !$request->filled("password")){
if (!$request->filled("url") || !$request->filled("password")) {
if (\App::environment() !== "production") {
return view("development");
} else {
......@@ -76,7 +89,7 @@ class ProxyController extends Controller
}
// Check Password
if(!self::checkPassword($targetUrl, null, $password)){
if (!self::checkPassword($targetUrl, null, $password)) {
abort(400, "Invalid Request");
}
......@@ -84,7 +97,7 @@ class ProxyController extends Controller
$host = parse_url($targetUrl, PHP_URL_HOST);
$selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL
if($host === false){
if ($host === false) {
abort(404, "Invalid Request");
}
// The URL to load itself is a URL to our proxy
......@@ -95,9 +108,9 @@ class ProxyController extends Controller
\App\PrometheusExporter::registerProxyCall();
$this->writeLog($targetUrl, $request->ip());
$urlToProxy = self::generateProxyUrl($targetUrl);
// Already Fetch the Contents of the website.
// If it's a Download we can already deliver it
// Hash Value under which a possible cached file would've been stored
......@@ -110,9 +123,9 @@ class ProxyController extends Controller
$postData = \App\Http\Controllers\DownloadController::generateDownloadLinkParameters($targetUrl);
$downloadUrl = route('download', $postData);
return redirect($downloadUrl);
}else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){
} else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
return view('curl_errors.6', ["answer" => $answer]);
}else if($answer["error"] === 28){
} else if ($answer["error"] === 28) {
// "Operation too slow. Less than 50000 bytes/sec transferred the last 5 seconds"
abort(408, "The requested webpage did not respond or did respond too slow. Loading it was therefor aborted");
}
......@@ -129,7 +142,7 @@ class ProxyController extends Controller
$redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
}
return redirect(self::generateProxyWrapperUrl($redLink));
} elseif (strtolower($index) === "content-disposition") {
} elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
} else {
$headerArray[trim($index)] = trim($value);
......@@ -143,7 +156,7 @@ class ProxyController extends Controller
public function proxy(Request $request)
{
if(!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")){
if (!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")) {
Log::info("Request with missing url, password or valid-until");
abort(400, "Invalid Request");
}
......@@ -153,7 +166,7 @@ class ProxyController extends Controller
$validUntil = $request->input("valid-until", "");
// Check Password
if(!self::checkPassword($targetUrl, $validUntil, $password)){
if (!self::checkPassword($targetUrl, $validUntil, $password)) {
Log::info("Password incorrect");
abort(400, "Invalid Request");
}
......@@ -174,7 +187,7 @@ class ProxyController extends Controller
$selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL
// The URL to load itself is a URL to our proxy
if($host === false || $host === $selfHost){
if ($host === false || $host === $selfHost) {
Log::info("URL to myself");
abort(404, "Invalid Request");
}
......@@ -193,7 +206,7 @@ class ProxyController extends Controller
"validuntil" => $postData["valid-until"],
"password" => $postData["password"]
]), 413);
}else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){
} else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
return view('curl_errors.6', ["answer" => $answer]);
}
}
......@@ -219,10 +232,10 @@ class ProxyController extends Controller
$parse = parse_url($targetUrl);
$redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
}
$key = md5($request->ip() . microtime(true));
$headerArray[trim($index)] = self::generateProxyUrl($redLink);
} elseif (strtolower($index) === "content-disposition") {
} elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
$headerArray[strtolower(trim($index))] = strtolower(trim($value));
} else {
$headerArray[trim($index)] = trim($value);
......@@ -243,7 +256,7 @@ class ProxyController extends Controller
$contentType = strpos($answer["headers"]["content-type"], ";") !== false ? trim(substr($answer["headers"]["content-type"], 0, strpos($answer["headers"]["content-type"], ";"))) : trim($answer["headers"]["content-type"]);
$contentEncoding = stripos($contentTypeHeader, "charset=") !== false ? trim(substr($contentTypeHeader, stripos($contentTypeHeader, "charset=") + 8)) : null;
$contentEncoding = rtrim($contentEncoding, ";");
if (isset($answer["headers"]["content-disposition"]) && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) {
if (isset($answer["headers"]["content-disposition"]) && stripos($answer["headers"]["content-disposition"], "inline") !== 0 && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) {
return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
}
$body = base64_decode($answer["body"]);
......@@ -319,7 +332,8 @@ class ProxyController extends Controller
->withHeaders($answer["headers"]);
}
private function fetchUrl($targetUrl){
private function fetchUrl($targetUrl)
{
$hash = md5($targetUrl);
if (!Cache::has($hash) || config("proxy.cache.enabled") === false) {
......@@ -357,13 +371,14 @@ class ProxyController extends Controller
* It should take the submitted parameters and add them to the url
* After that it should redirect to the correct page with the correct parameters
*/
public function formget(Request $request, $password, $validUntil, $url){
if(empty($password) || empty($validUntil) || empty($url)){
public function formget(Request $request, $password, $validUntil, $url)
{
if (empty($password) || empty($validUntil) || empty($url)) {
abort(400, "Invalid Request");
}
// Check Password
if(!self::checkPassword($url, $validUntil, $password)){
if (!self::checkPassword($url, $validUntil, $password)) {
abort(400, "Invalid Request");
}
......@@ -382,7 +397,7 @@ class ProxyController extends Controller
$selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL
// The URL to load itself is a URL to our proxy
if($host === false || $host === $selfHost){
if ($host === false || $host === $selfHost) {
abort(404, "Invalid Request");
}
......@@ -392,12 +407,12 @@ class ProxyController extends Controller
// The URL itself might contain query parameters
$containedParameters = array();
$parts = parse_url($url);
if(!empty($parts["query"])){
if (!empty($parts["query"])) {
parse_str($parts["query"], $containedParameters);
}
$urlParameters = array_merge($submittedParameters, $containedParameters);
if(empty($parts["scheme"]) || empty($parts["host"])){
if (empty($parts["scheme"]) || empty($parts["host"])) {
abort(400, "Invalid Request");
}
......@@ -417,7 +432,8 @@ class ProxyController extends Controller
* This function generates a URL to a proxied page
* including the proxy header.
*/
public static function generateProxyWrapperUrl($url){
public static function generateProxyWrapperUrl($url)
{
$password = self::generatePassword($url, null);
$sanitizedUrl = self::sanitizeUrl($url);
......@@ -425,10 +441,10 @@ class ProxyController extends Controller
$host = null;
$path = null;
if(!empty($sanitizedParts["host"])){
if (!empty($sanitizedParts["host"])) {
$host = $sanitizedParts["host"];
}
if(!empty($sanitizedParts["path"])){
if (!empty($sanitizedParts["path"])) {
$path = trim($sanitizedParts["path"], "/");
}
......@@ -448,7 +464,8 @@ class ProxyController extends Controller
* This function generates a URL to a proxied page
* excluding the proxy header.
*/
public static function generateProxyUrl($url){
public static function generateProxyUrl($url)
{
$validUntil = self::generateValidUntilDate();
$password = self::generatePassword($url, $validUntil);
......@@ -458,10 +475,10 @@ class ProxyController extends Controller
$host = null;
$path = null;
if(!empty($sanitizedParts["host"])){
if (!empty($sanitizedParts["host"])) {
$host = $sanitizedParts["host"];
}
if(!empty($sanitizedParts["path"])){
if (!empty($sanitizedParts["path"])) {
$path = trim($sanitizedParts["path"], "/");
}
......@@ -473,9 +490,9 @@ class ProxyController extends Controller
"password" => $password,
];
try{
try {
return route('proxy', $parameters);
}catch (\Exception $e){
} catch (\Exception $e) {
$test = "test";
}
}
......@@ -484,7 +501,8 @@ class ProxyController extends Controller
* This function generates a URL to a page that takes submitted form data
* excluding the proxy header.
*/
public static function generateFormgetUrl($url){
public static function generateFormgetUrl($url)
{
$validUntil = self::generateValidUntilDate();
$password = self::generatePassword($url, $validUntil);
......@@ -521,7 +539,7 @@ class ProxyController extends Controller
{
$data = rtrim($url, "/");
if(!empty($validUntil)){
if (!empty($validUntil)) {
$data .= $validUntil;
}
......@@ -535,7 +553,7 @@ class ProxyController extends Controller
{
$data = rtrim($url, "/");
if(!empty($validUntil)){
if (!empty($validUntil)) {
$data .= $validUntil;
}
......@@ -558,19 +576,20 @@ class ProxyController extends Controller
}
}
private static function sanitizeUrl($url){
private static function sanitizeUrl($url)
{
$parts = parse_url($url);
// Optional but we only sanitize URLs with scheme and host defined
if($parts === false || empty($parts["scheme"]) || empty($parts["host"])){
if ($parts === false || empty($parts["scheme"]) || empty($parts["host"])) {
return $url;
}
$sanitizedPath = null;
if(!empty($parts["path"])){
if (!empty($parts["path"])) {
$pathParts = explode("/", $parts["path"]);
foreach($pathParts as $index => $pathPart){
if($index === 0) continue;
foreach ($pathParts as $index => $pathPart) {
if ($index === 0) continue;
// The Path part might already be urlencoded
$sanitizedPath .= "/" . rawurlencode(rawurldecode($pathPart));
}
......
......@@ -35,17 +35,7 @@ Route::get('p/{host?}/{path?}', [ProxyController::class, 'proxy'])->name('proxy'
// Route with Proxy Header
Route::get('{host?}/{path?}', [ProxyController::class, 'proxyPage'])->name('proxy-wrapper-page')->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
Route::post('{host?}/{path?}', function (Request $request) {
if (App::environment() !== "production") {
$validatedData = $request->validate([
'url' => 'required|url|max:255',
]);
$url = $request->input('url', 'https://metager.de');
return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
}else{
abort(400);
}
})->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
Route::post('{host?}/{path?}', [ProxyController::class, 'urlgenerator'])->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
/**
* This is our old Proxy route
......@@ -53,7 +43,7 @@ Route::post('{host?}/{path?}', function (Request $request) {
* migrate to the new ones and redirect to the new one.
* 15.01.2021
*/
Route::get('{password}/{url}', function(Request $request, $password, $url){
Route::get('{password}/{url}', function (Request $request, $password, $url) {
$targetUrl = str_replace("<<SLASH>>", "/", $url);
$targetUrl = str_rot13(base64_decode($targetUrl));
if (strpos($targetUrl, URL::to('/')) === 0) {
......@@ -82,16 +72,16 @@ Route::get('metrics', function (Request $request) {
];
$allowed = false;
foreach($allowedNetworks as $part){
if(stripos($ip, $part) === 0){
foreach ($allowedNetworks as $part) {
if (stripos($ip, $part) === 0) {
$allowed = true;
}
}
if(!$allowed){
if (!$allowed) {
abort(401);
}
$registry = \Prometheus\CollectorRegistry::getDefault();
$renderer = new \Prometheus\RenderTextFormat();
......@@ -100,4 +90,3 @@ Route::get('metrics', function (Request $request) {
return response($result, 200)
->header('Content-Type', \Prometheus\RenderTextFormat::MIME_TYPE);
});
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment