From 907306174b082cccd823894c855194a4fc1e8305 Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Thu, 14 Feb 2019 15:55:21 +0700 Subject: [PATCH] fix S3 links encoding in Mediaproxy --- lib/pleroma/web/media_proxy/media_proxy.ex | 13 +++++++++++++ test/media_proxy_test.exs | 9 +++++++++ 2 files changed, 22 insertions(+) diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 1e9da7283..39a725a69 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -19,11 +19,16 @@ defmodule Pleroma.Web.MediaProxy do else secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base] + # Must preserve `%2F` for compatibility with S3 (https://git.pleroma.social/pleroma/pleroma/issues/580) + replacement = get_replacement(url, ":2F:") + # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice. base64 = url + |> String.replace("%2F", replacement) |> URI.decode() |> URI.encode() + |> String.replace(replacement, "%2F") |> Base.url_encode64(@base64_opts) sig = :crypto.hmac(:sha, secret, base64) @@ -60,4 +65,12 @@ defmodule Pleroma.Web.MediaProxy do |> Enum.filter(fn value -> value end) |> Path.join() end + + defp get_replacement(url, replacement) do + if String.contains?(url, replacement) do + get_replacement(url, replacement <> replacement) + else + replacement + end + end end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs index 05d927422..ddbadfbf5 100644 --- a/test/media_proxy_test.exs +++ b/test/media_proxy_test.exs @@ -140,6 +140,15 @@ defmodule Pleroma.MediaProxyTest do assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) end + + # https://git.pleroma.social/pleroma/pleroma/issues/580 + test "encoding S3 links (must preserve `%2F`)" do + url = + "https://s3.amazonaws.com/example/test.png?X-Amz-Credential=your-access-key-id%2F20130721%2Fus-east-1%2Fs3%2Faws4_request" + + encoded = url(url) + assert decode_result(encoded) == url + end end describe "when disabled" do