Use camo for Markdown images

just a quick proof of concept
2014-10-19 17:45:30 +02:00 · 2014-10-19 17:45:30 +02:00 · 92cd4e6b78
commit 92cd4e6b78
parent 9024d1a9b7
5 changed files with 49 additions and 4 deletions
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@ -16,7 +16,7 @@ class PostPresenter
    {
        :id => @post.id,
        :guid => @post.guid,
-        :text => @post.raw_message,
+        :text => @post.message.plain_text_for_json,
        :public => @post.public,
        :created_at => @post.created_at,
        :interacted_at => @post.interacted_at,
--- a/config/defaults.yml
+++ b/config/defaults.yml
@ -54,7 +54,9 @@ defaults:
      post_counts: false
      comment_counts: false
    camo:
-      enable: false
+      proxy_markdown_images: false
+      proxy_opengraph_thumbnails: false
+      proxy_remote_pod_images: false
      root:
      key:
  settings:
--- a/config/diaspora.yml.example
+++ b/config/diaspora.yml.example
@ -216,8 +216,22 @@ configuration: ## Section
    ## your pod's frontend, but it will increase the traffic on your server.
    camo: ## Section

-      ## Enable Camo (default=false)
-      #enable: true
+      ## Proxy imaged embedded via markdown (default=false)
+      ## Embedded images are quite often from non-SSL sites and may cause a
+      ## partial content warning, so this is recommended.
+      #proxy_markdown_images: true
+
+      ## Proxy Open Graph thumbnails (default=false)
+      ## Open Graph thumbnails may or may not be encrypted and loaded from
+      ## servers outside the network. Recommended.
+      #proxy_opengraph_thumbnails: true
+
+      ## Proxy remote pod's images (default=false)
+      ## Profile pictures and photos from other pods usually are encrypted,
+      ## so enabling this is only useful if you want to avoid HTTP requests to
+      ## third-party servers. This will create a lot of traffic on your camo
+      ## instance. You have been warned.
+      #proxy_remote_pod_images: true

      ## Root of your Camo installation
      #root: "https://camo.example.com/"
--- a/lib/diaspora/camo_url.rb
+++ b/lib/diaspora/camo_url.rb
@ -0,0 +1,16 @@
+# implicitly requires OpenSSL
+
+module Diaspora
+  module CamoUrl
+    def self.image_url(url)
+      digest = OpenSSL::HMAC.hexdigest(
+        OpenSSL::Digest.new("sha1"),
+        AppConfig.privacy.camo.key,
+        url
+      )
+      encoded_url = url.to_enum(:each_byte).map {|byte| "%02x" % byte}.join
+
+      "#{AppConfig.privacy.camo.root}#{digest}/#{encoded_url}"
+    end
+  end
+end
--- a/lib/diaspora/message_renderer.rb
+++ b/lib/diaspora/message_renderer.rb
@ -87,6 +87,12 @@ module Diaspora
      def render_tags
        @message = Diaspora::Taggable.format_tags message, no_escape: !options[:escape_tags]
      end
+
+      def camo_urls
+        @message = @message.gsub(/!\[.*?\]\((.+?)\)/) do |link|
+          link.gsub($1, Diaspora::CamoUrl::image_url($1))
+        end
+      end
    end

    DEFAULTS = {mentioned_people: [],
@ -165,6 +171,13 @@ module Diaspora
      }
    end

+    # @param [Hash] opts Override global output options, see {#initialize}
+    def plain_text_for_json opts={}
+      process(opts) {
+        camo_urls if AppConfig.privacy.camo.proxy_markdown_images?
+      }
+    end
+
    # @param [Hash] opts Override global output options, see {#initialize}
    def html opts={}
      process(opts) {