Use signed requests for fetching private images

This commit is contained in:
Michael 2021-06-28 10:08:51 +00:00
parent 7e200174d6
commit 6f350c1e59
3 changed files with 21 additions and 15 deletions

View file

@ -268,19 +268,20 @@ class Photo
* Construct a photo array for an external resource image
*
* @param string $url Image URL
* @param int $uid User ID of the requesting person
* @param string $mimetype Image mime type. Defaults to "image/jpeg"
*
* @return array
* @throws \Exception
*/
public static function createPhotoForExternalResource($url, $mimetype = "image/jpeg")
public static function createPhotoForExternalResource($url, $uid, $mimetype = "image/jpeg")
{
$fields = self::getFields();
$values = array_fill(0, count($fields), "");
$photo = array_combine($fields, $values);
$photo['backend-class'] = ExternalResource::NAME;
$photo['backend-ref'] = $url;
$photo['backend-ref'] = json_encode(['url' => $url, 'uid' => $uid]);
$photo['type'] = $mimetype;
$photo['cacheable'] = false;

View file

@ -22,7 +22,7 @@
namespace Friendica\Model\Storage;
use BadMethodCallException;
use Friendica\DI;
use Friendica\Util\HTTPSignature;
/**
* External resource storage class
@ -37,16 +37,21 @@ class ExternalResource implements IStorage
/**
* @inheritDoc
*/
public function get(string $filename)
public function get(string $reference)
{
$parts = parse_url($filename);
$data = json_decode($reference);
if (empty($data->url)) {
return "";
}
$parts = parse_url($data->url);
if (empty($parts['scheme']) || empty($parts['host'])) {
return "";
}
$curlResult = DI::httpRequest()->get($filename);
if ($curlResult->isSuccess()) {
return $curlResult->getBody();
$fetchResult = HTTPSignature::fetchRaw($data->url, $data->uid);
if ($fetchResult->isSuccess()) {
return $fetchResult->getBody();
} else {
return "";
}
@ -55,12 +60,12 @@ class ExternalResource implements IStorage
/**
* @inheritDoc
*/
public function put(string $data, string $filename = '')
public function put(string $data, string $reference = '')
{
throw new BadMethodCallException();
}
public function delete(string $filename)
public function delete(string $reference)
{
throw new BadMethodCallException();
}

View file

@ -171,7 +171,7 @@ class Photo extends BaseModule
$author = Contact::selectFirst([], ["`id` IN (SELECT `author-id` FROM `post` WHERE `uri-id` = ?)", $media['uri-id']]);
$url = Contact::magicLinkByContact($author, $url);
return MPhoto::createPhotoForExternalResource($url);
return MPhoto::createPhotoForExternalResource($url, local_user());
case "media":
$media = DBA::selectFirst('post-media', ['url', 'uri-id'], ['id' => $uid, 'type' => Post\Media::IMAGE]);
if (empty($media)) {
@ -181,7 +181,7 @@ class Photo extends BaseModule
$author = Contact::selectFirst([], ["`id` IN (SELECT `author-id` FROM `post` WHERE `uri-id` = ?)", $media['uri-id']]);
$url = Contact::magicLinkByContact($author, $media['url']);
return MPhoto::createPhotoForExternalResource($url);
return MPhoto::createPhotoForExternalResource($url, local_user());
case "contact":
$contact = Contact::getById($uid, ['uid', 'url', 'avatar', 'photo', 'xmpp', 'addr']);
if (empty($contact)) {
@ -201,7 +201,7 @@ class Photo extends BaseModule
} else {
$url = Contact::getDefaultAvatar($contact, Proxy::SIZE_SMALL);
}
return MPhoto::createPhotoForExternalResource($url);
return MPhoto::createPhotoForExternalResource($url, local_user());
case "header":
$contact = Contact::getById($uid, ['uid', 'url', 'header']);
if (empty($contact)) {
@ -215,7 +215,7 @@ class Photo extends BaseModule
} else {
$url = DI::baseUrl() . '/images/blank.png';
}
return MPhoto::createPhotoForExternalResource($url);
return MPhoto::createPhotoForExternalResource($url, local_user());
case "profile":
case "custom":
$scale = 4;
@ -247,7 +247,7 @@ class Photo extends BaseModule
$parts = parse_url($default);
if (!empty($parts['scheme']) || !empty($parts['host'])) {
$photo = MPhoto::createPhotoForExternalResource($default);
$photo = MPhoto::createPhotoForExternalResource($default, local_user());
} else {
$photo = MPhoto::createPhotoForSystemResource($default);
}