Commit 3ceca90e authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

fixed content-disposition inline

parent 231f7a54
...@@ -17,9 +17,22 @@ class ProxyController extends Controller ...@@ -17,9 +17,22 @@ class ProxyController extends Controller
const PROXY_CACHE = 5; # Cache duration in minutes const PROXY_CACHE = 5; # Cache duration in minutes
const PROXYLINKVALIDHOURS = 1; const PROXYLINKVALIDHOURS = 1;
public function urlgenerator(Request $request)
{
if (\App::environment() !== "production") {
$validatedData = $request->validate([
'url' => 'required|url|max:255',
]);
$url = $request->input('url', 'https://metager.de');
return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
} else {
abort(400);
}
}
public function proxyPage(Request $request) public function proxyPage(Request $request)
{ {
if(!$request->filled("url") || !$request->filled("password")){ if (!$request->filled("url") || !$request->filled("password")) {
if (\App::environment() !== "production") { if (\App::environment() !== "production") {
return view("development"); return view("development");
} else { } else {
...@@ -76,7 +89,7 @@ class ProxyController extends Controller ...@@ -76,7 +89,7 @@ class ProxyController extends Controller
} }
// Check Password // Check Password
if(!self::checkPassword($targetUrl, null, $password)){ if (!self::checkPassword($targetUrl, null, $password)) {
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
...@@ -84,7 +97,7 @@ class ProxyController extends Controller ...@@ -84,7 +97,7 @@ class ProxyController extends Controller
$host = parse_url($targetUrl, PHP_URL_HOST); $host = parse_url($targetUrl, PHP_URL_HOST);
$selfHost = $request->getHttpHost(); $selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL // The target URL couldn't be parsed. This is probably a malformed URL
if($host === false){ if ($host === false) {
abort(404, "Invalid Request"); abort(404, "Invalid Request");
} }
// The URL to load itself is a URL to our proxy // The URL to load itself is a URL to our proxy
...@@ -95,9 +108,9 @@ class ProxyController extends Controller ...@@ -95,9 +108,9 @@ class ProxyController extends Controller
\App\PrometheusExporter::registerProxyCall(); \App\PrometheusExporter::registerProxyCall();
$this->writeLog($targetUrl, $request->ip()); $this->writeLog($targetUrl, $request->ip());
$urlToProxy = self::generateProxyUrl($targetUrl); $urlToProxy = self::generateProxyUrl($targetUrl);
// Already Fetch the Contents of the website. // Already Fetch the Contents of the website.
// If it's a Download we can already deliver it // If it's a Download we can already deliver it
// Hash Value under which a possible cached file would've been stored // Hash Value under which a possible cached file would've been stored
...@@ -110,9 +123,9 @@ class ProxyController extends Controller ...@@ -110,9 +123,9 @@ class ProxyController extends Controller
$postData = \App\Http\Controllers\DownloadController::generateDownloadLinkParameters($targetUrl); $postData = \App\Http\Controllers\DownloadController::generateDownloadLinkParameters($targetUrl);
$downloadUrl = route('download', $postData); $downloadUrl = route('download', $postData);
return redirect($downloadUrl); return redirect($downloadUrl);
}else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){ } else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
return view('curl_errors.6', ["answer" => $answer]); return view('curl_errors.6', ["answer" => $answer]);
}else if($answer["error"] === 28){ } else if ($answer["error"] === 28) {
// "Operation too slow. Less than 50000 bytes/sec transferred the last 5 seconds" // "Operation too slow. Less than 50000 bytes/sec transferred the last 5 seconds"
abort(408, "The requested webpage did not respond or did respond too slow. Loading it was therefor aborted"); abort(408, "The requested webpage did not respond or did respond too slow. Loading it was therefor aborted");
} }
...@@ -129,7 +142,7 @@ class ProxyController extends Controller ...@@ -129,7 +142,7 @@ class ProxyController extends Controller
$redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink; $redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
} }
return redirect(self::generateProxyWrapperUrl($redLink)); return redirect(self::generateProxyWrapperUrl($redLink));
} elseif (strtolower($index) === "content-disposition") { } elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]); return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
} else { } else {
$headerArray[trim($index)] = trim($value); $headerArray[trim($index)] = trim($value);
...@@ -143,7 +156,7 @@ class ProxyController extends Controller ...@@ -143,7 +156,7 @@ class ProxyController extends Controller
public function proxy(Request $request) public function proxy(Request $request)
{ {
if(!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")){ if (!$request->filled("url") || !$request->filled("password") || !$request->filled("valid-until")) {
Log::info("Request with missing url, password or valid-until"); Log::info("Request with missing url, password or valid-until");
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
...@@ -153,7 +166,7 @@ class ProxyController extends Controller ...@@ -153,7 +166,7 @@ class ProxyController extends Controller
$validUntil = $request->input("valid-until", ""); $validUntil = $request->input("valid-until", "");
// Check Password // Check Password
if(!self::checkPassword($targetUrl, $validUntil, $password)){ if (!self::checkPassword($targetUrl, $validUntil, $password)) {
Log::info("Password incorrect"); Log::info("Password incorrect");
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
...@@ -174,7 +187,7 @@ class ProxyController extends Controller ...@@ -174,7 +187,7 @@ class ProxyController extends Controller
$selfHost = $request->getHttpHost(); $selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL // The target URL couldn't be parsed. This is probably a malformed URL
// The URL to load itself is a URL to our proxy // The URL to load itself is a URL to our proxy
if($host === false || $host === $selfHost){ if ($host === false || $host === $selfHost) {
Log::info("URL to myself"); Log::info("URL to myself");
abort(404, "Invalid Request"); abort(404, "Invalid Request");
} }
...@@ -193,7 +206,7 @@ class ProxyController extends Controller ...@@ -193,7 +206,7 @@ class ProxyController extends Controller
"validuntil" => $postData["valid-until"], "validuntil" => $postData["valid-until"],
"password" => $postData["password"] "password" => $postData["password"]
]), 413); ]), 413);
}else if($answer["error"] === CURLE_COULDNT_RESOLVE_HOST){ } else if ($answer["error"] === CURLE_COULDNT_RESOLVE_HOST) {
return view('curl_errors.6', ["answer" => $answer]); return view('curl_errors.6', ["answer" => $answer]);
} }
} }
...@@ -219,10 +232,10 @@ class ProxyController extends Controller ...@@ -219,10 +232,10 @@ class ProxyController extends Controller
$parse = parse_url($targetUrl); $parse = parse_url($targetUrl);
$redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink; $redLink = $parse["scheme"] . "://" . $parse["host"] . "/" . $redLink;
} }
$key = md5($request->ip() . microtime(true)); $key = md5($request->ip() . microtime(true));
$headerArray[trim($index)] = self::generateProxyUrl($redLink); $headerArray[trim($index)] = self::generateProxyUrl($redLink);
} elseif (strtolower($index) === "content-disposition") { } elseif (strtolower($index) === "content-disposition" && stripos($value, "inline") !== 0) {
$headerArray[strtolower(trim($index))] = strtolower(trim($value)); $headerArray[strtolower(trim($index))] = strtolower(trim($value));
} else { } else {
$headerArray[trim($index)] = trim($value); $headerArray[trim($index)] = trim($value);
...@@ -243,7 +256,7 @@ class ProxyController extends Controller ...@@ -243,7 +256,7 @@ class ProxyController extends Controller
$contentType = strpos($answer["headers"]["content-type"], ";") !== false ? trim(substr($answer["headers"]["content-type"], 0, strpos($answer["headers"]["content-type"], ";"))) : trim($answer["headers"]["content-type"]); $contentType = strpos($answer["headers"]["content-type"], ";") !== false ? trim(substr($answer["headers"]["content-type"], 0, strpos($answer["headers"]["content-type"], ";"))) : trim($answer["headers"]["content-type"]);
$contentEncoding = stripos($contentTypeHeader, "charset=") !== false ? trim(substr($contentTypeHeader, stripos($contentTypeHeader, "charset=") + 8)) : null; $contentEncoding = stripos($contentTypeHeader, "charset=") !== false ? trim(substr($contentTypeHeader, stripos($contentTypeHeader, "charset=") + 8)) : null;
$contentEncoding = rtrim($contentEncoding, ";"); $contentEncoding = rtrim($contentEncoding, ";");
if (isset($answer["headers"]["content-disposition"]) && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) { if (isset($answer["headers"]["content-disposition"]) && stripos($answer["headers"]["content-disposition"], "inline") !== 0 && stripos(trim($answer["headers"]["content-type"]), "image/") !== 0) {
return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]); return response(base64_decode($answer["body"]), $answer["http-code"], $answer["headers"]);
} }
$body = base64_decode($answer["body"]); $body = base64_decode($answer["body"]);
...@@ -319,7 +332,8 @@ class ProxyController extends Controller ...@@ -319,7 +332,8 @@ class ProxyController extends Controller
->withHeaders($answer["headers"]); ->withHeaders($answer["headers"]);
} }
private function fetchUrl($targetUrl){ private function fetchUrl($targetUrl)
{
$hash = md5($targetUrl); $hash = md5($targetUrl);
if (!Cache::has($hash) || config("proxy.cache.enabled") === false) { if (!Cache::has($hash) || config("proxy.cache.enabled") === false) {
...@@ -357,13 +371,14 @@ class ProxyController extends Controller ...@@ -357,13 +371,14 @@ class ProxyController extends Controller
* It should take the submitted parameters and add them to the url * It should take the submitted parameters and add them to the url
* After that it should redirect to the correct page with the correct parameters * After that it should redirect to the correct page with the correct parameters
*/ */
public function formget(Request $request, $password, $validUntil, $url){ public function formget(Request $request, $password, $validUntil, $url)
if(empty($password) || empty($validUntil) || empty($url)){ {
if (empty($password) || empty($validUntil) || empty($url)) {
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
// Check Password // Check Password
if(!self::checkPassword($url, $validUntil, $password)){ if (!self::checkPassword($url, $validUntil, $password)) {
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
...@@ -382,7 +397,7 @@ class ProxyController extends Controller ...@@ -382,7 +397,7 @@ class ProxyController extends Controller
$selfHost = $request->getHttpHost(); $selfHost = $request->getHttpHost();
// The target URL couldn't be parsed. This is probably a malformed URL // The target URL couldn't be parsed. This is probably a malformed URL
// The URL to load itself is a URL to our proxy // The URL to load itself is a URL to our proxy
if($host === false || $host === $selfHost){ if ($host === false || $host === $selfHost) {
abort(404, "Invalid Request"); abort(404, "Invalid Request");
} }
...@@ -392,12 +407,12 @@ class ProxyController extends Controller ...@@ -392,12 +407,12 @@ class ProxyController extends Controller
// The URL itself might contain query parameters // The URL itself might contain query parameters
$containedParameters = array(); $containedParameters = array();
$parts = parse_url($url); $parts = parse_url($url);
if(!empty($parts["query"])){ if (!empty($parts["query"])) {
parse_str($parts["query"], $containedParameters); parse_str($parts["query"], $containedParameters);
} }
$urlParameters = array_merge($submittedParameters, $containedParameters); $urlParameters = array_merge($submittedParameters, $containedParameters);
if(empty($parts["scheme"]) || empty($parts["host"])){ if (empty($parts["scheme"]) || empty($parts["host"])) {
abort(400, "Invalid Request"); abort(400, "Invalid Request");
} }
...@@ -417,7 +432,8 @@ class ProxyController extends Controller ...@@ -417,7 +432,8 @@ class ProxyController extends Controller
* This function generates a URL to a proxied page * This function generates a URL to a proxied page
* including the proxy header. * including the proxy header.
*/ */
public static function generateProxyWrapperUrl($url){ public static function generateProxyWrapperUrl($url)
{
$password = self::generatePassword($url, null); $password = self::generatePassword($url, null);
$sanitizedUrl = self::sanitizeUrl($url); $sanitizedUrl = self::sanitizeUrl($url);
...@@ -425,10 +441,10 @@ class ProxyController extends Controller ...@@ -425,10 +441,10 @@ class ProxyController extends Controller
$host = null; $host = null;
$path = null; $path = null;
if(!empty($sanitizedParts["host"])){ if (!empty($sanitizedParts["host"])) {
$host = $sanitizedParts["host"]; $host = $sanitizedParts["host"];
} }
if(!empty($sanitizedParts["path"])){ if (!empty($sanitizedParts["path"])) {
$path = trim($sanitizedParts["path"], "/"); $path = trim($sanitizedParts["path"], "/");
} }
...@@ -448,7 +464,8 @@ class ProxyController extends Controller ...@@ -448,7 +464,8 @@ class ProxyController extends Controller
* This function generates a URL to a proxied page * This function generates a URL to a proxied page
* excluding the proxy header. * excluding the proxy header.
*/ */
public static function generateProxyUrl($url){ public static function generateProxyUrl($url)
{
$validUntil = self::generateValidUntilDate(); $validUntil = self::generateValidUntilDate();
$password = self::generatePassword($url, $validUntil); $password = self::generatePassword($url, $validUntil);
...@@ -458,10 +475,10 @@ class ProxyController extends Controller ...@@ -458,10 +475,10 @@ class ProxyController extends Controller
$host = null; $host = null;
$path = null; $path = null;
if(!empty($sanitizedParts["host"])){ if (!empty($sanitizedParts["host"])) {
$host = $sanitizedParts["host"]; $host = $sanitizedParts["host"];
} }
if(!empty($sanitizedParts["path"])){ if (!empty($sanitizedParts["path"])) {
$path = trim($sanitizedParts["path"], "/"); $path = trim($sanitizedParts["path"], "/");
} }
...@@ -473,9 +490,9 @@ class ProxyController extends Controller ...@@ -473,9 +490,9 @@ class ProxyController extends Controller
"password" => $password, "password" => $password,
]; ];
try{ try {
return route('proxy', $parameters); return route('proxy', $parameters);
}catch (\Exception $e){ } catch (\Exception $e) {
$test = "test"; $test = "test";
} }
} }
...@@ -484,7 +501,8 @@ class ProxyController extends Controller ...@@ -484,7 +501,8 @@ class ProxyController extends Controller
* This function generates a URL to a page that takes submitted form data * This function generates a URL to a page that takes submitted form data
* excluding the proxy header. * excluding the proxy header.
*/ */
public static function generateFormgetUrl($url){ public static function generateFormgetUrl($url)
{
$validUntil = self::generateValidUntilDate(); $validUntil = self::generateValidUntilDate();
$password = self::generatePassword($url, $validUntil); $password = self::generatePassword($url, $validUntil);
...@@ -521,7 +539,7 @@ class ProxyController extends Controller ...@@ -521,7 +539,7 @@ class ProxyController extends Controller
{ {
$data = rtrim($url, "/"); $data = rtrim($url, "/");
if(!empty($validUntil)){ if (!empty($validUntil)) {
$data .= $validUntil; $data .= $validUntil;
} }
...@@ -535,7 +553,7 @@ class ProxyController extends Controller ...@@ -535,7 +553,7 @@ class ProxyController extends Controller
{ {
$data = rtrim($url, "/"); $data = rtrim($url, "/");
if(!empty($validUntil)){ if (!empty($validUntil)) {
$data .= $validUntil; $data .= $validUntil;
} }
...@@ -558,19 +576,20 @@ class ProxyController extends Controller ...@@ -558,19 +576,20 @@ class ProxyController extends Controller
} }
} }
private static function sanitizeUrl($url){ private static function sanitizeUrl($url)
{
$parts = parse_url($url); $parts = parse_url($url);
// Optional but we only sanitize URLs with scheme and host defined // Optional but we only sanitize URLs with scheme and host defined
if($parts === false || empty($parts["scheme"]) || empty($parts["host"])){ if ($parts === false || empty($parts["scheme"]) || empty($parts["host"])) {
return $url; return $url;
} }
$sanitizedPath = null; $sanitizedPath = null;
if(!empty($parts["path"])){ if (!empty($parts["path"])) {
$pathParts = explode("/", $parts["path"]); $pathParts = explode("/", $parts["path"]);
foreach($pathParts as $index => $pathPart){ foreach ($pathParts as $index => $pathPart) {
if($index === 0) continue; if ($index === 0) continue;
// The Path part might already be urlencoded // The Path part might already be urlencoded
$sanitizedPath .= "/" . rawurlencode(rawurldecode($pathPart)); $sanitizedPath .= "/" . rawurlencode(rawurldecode($pathPart));
} }
......
...@@ -35,17 +35,7 @@ Route::get('p/{host?}/{path?}', [ProxyController::class, 'proxy'])->name('proxy' ...@@ -35,17 +35,7 @@ Route::get('p/{host?}/{path?}', [ProxyController::class, 'proxy'])->name('proxy'
// Route with Proxy Header // Route with Proxy Header
Route::get('{host?}/{path?}', [ProxyController::class, 'proxyPage'])->name('proxy-wrapper-page')->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)'); Route::get('{host?}/{path?}', [ProxyController::class, 'proxyPage'])->name('proxy-wrapper-page')->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
Route::post('{host?}/{path?}', function (Request $request) { Route::post('{host?}/{path?}', [ProxyController::class, 'urlgenerator'])->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
if (App::environment() !== "production") {
$validatedData = $request->validate([
'url' => 'required|url|max:255',
]);
$url = $request->input('url', 'https://metager.de');
return redirect(\App\Http\Controllers\ProxyController::generateProxyWrapperUrl($url));
}else{
abort(400);
}
})->where('host', '[^\.]+(\.[^\.]+)+')->where('path', '(.*)');
/** /**
* This is our old Proxy route * This is our old Proxy route
...@@ -53,7 +43,7 @@ Route::post('{host?}/{path?}', function (Request $request) { ...@@ -53,7 +43,7 @@ Route::post('{host?}/{path?}', function (Request $request) {
* migrate to the new ones and redirect to the new one. * migrate to the new ones and redirect to the new one.
* 15.01.2021 * 15.01.2021
*/ */
Route::get('{password}/{url}', function(Request $request, $password, $url){ Route::get('{password}/{url}', function (Request $request, $password, $url) {
$targetUrl = str_replace("<<SLASH>>", "/", $url); $targetUrl = str_replace("<<SLASH>>", "/", $url);
$targetUrl = str_rot13(base64_decode($targetUrl)); $targetUrl = str_rot13(base64_decode($targetUrl));
if (strpos($targetUrl, URL::to('/')) === 0) { if (strpos($targetUrl, URL::to('/')) === 0) {
...@@ -82,16 +72,16 @@ Route::get('metrics', function (Request $request) { ...@@ -82,16 +72,16 @@ Route::get('metrics', function (Request $request) {
]; ];
$allowed = false; $allowed = false;
foreach($allowedNetworks as $part){ foreach ($allowedNetworks as $part) {
if(stripos($ip, $part) === 0){ if (stripos($ip, $part) === 0) {
$allowed = true; $allowed = true;
} }
} }
if(!$allowed){ if (!$allowed) {
abort(401); abort(401);
} }
$registry = \Prometheus\CollectorRegistry::getDefault(); $registry = \Prometheus\CollectorRegistry::getDefault();
$renderer = new \Prometheus\RenderTextFormat(); $renderer = new \Prometheus\RenderTextFormat();
...@@ -100,4 +90,3 @@ Route::get('metrics', function (Request $request) { ...@@ -100,4 +90,3 @@ Route::get('metrics', function (Request $request) {
return response($result, 200) return response($result, 200)
->header('Content-Type', \Prometheus\RenderTextFormat::MIME_TYPE); ->header('Content-Type', \Prometheus\RenderTextFormat::MIME_TYPE);
}); });
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment