2021-05-08 14:25:55 +02:00
|
|
|
/*
|
|
|
|
GoToSocial
|
2023-01-05 12:43:00 +01:00
|
|
|
Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
|
2021-05-08 14:25:55 +02:00
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU Affero General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU Affero General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package fileserver
|
|
|
|
|
|
|
|
import (
|
2022-12-21 11:17:43 +01:00
|
|
|
"bytes"
|
2022-06-08 20:38:03 +02:00
|
|
|
"fmt"
|
2022-12-21 11:17:43 +01:00
|
|
|
"io"
|
2021-05-08 14:25:55 +02:00
|
|
|
"net/http"
|
2022-07-30 14:42:47 +02:00
|
|
|
"strconv"
|
2021-05-08 14:25:55 +02:00
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
2023-01-02 13:10:50 +01:00
|
|
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
|
|
|
apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
|
2022-06-08 20:38:03 +02:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
2023-01-16 16:19:17 +01:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/iotools"
|
2022-07-19 10:47:55 +02:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
2021-05-08 14:25:55 +02:00
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ServeFile is for serving attachments, headers, and avatars to the requester from instance storage.
|
|
|
|
//
|
|
|
|
// Note: to mitigate scraping attempts, no information should be given out on a bad request except "404 page not found".
|
|
|
|
// Don't give away account ids or media ids or anything like that; callers shouldn't be able to infer anything.
|
2023-01-02 13:10:50 +01:00
|
|
|
func (m *Module) ServeFile(c *gin.Context) {
|
2021-05-08 14:25:55 +02:00
|
|
|
authed, err := oauth.Authed(c, false, false, false, false)
|
|
|
|
if err != nil {
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// We use request params to check what to pull out of the database/storage so check everything. A request URL should be formatted as follows:
|
|
|
|
// "https://example.org/fileserver/[ACCOUNT_ID]/[MEDIA_TYPE]/[MEDIA_SIZE]/[FILE_NAME]"
|
|
|
|
// "FILE_NAME" consists of two parts, the attachment's database id, a period, and the file extension.
|
|
|
|
accountID := c.Param(AccountIDKey)
|
|
|
|
if accountID == "" {
|
2022-06-08 20:38:03 +02:00
|
|
|
err := fmt.Errorf("missing %s from request", AccountIDKey)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
mediaType := c.Param(MediaTypeKey)
|
|
|
|
if mediaType == "" {
|
2022-06-08 20:38:03 +02:00
|
|
|
err := fmt.Errorf("missing %s from request", MediaTypeKey)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
mediaSize := c.Param(MediaSizeKey)
|
|
|
|
if mediaSize == "" {
|
2022-06-08 20:38:03 +02:00
|
|
|
err := fmt.Errorf("missing %s from request", MediaSizeKey)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
fileName := c.Param(FileNameKey)
|
|
|
|
if fileName == "" {
|
2022-06-08 20:38:03 +02:00
|
|
|
err := fmt.Errorf("missing %s from request", FileNameKey)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-02 13:10:50 +01:00
|
|
|
content, errWithCode := m.processor.FileGet(c.Request.Context(), authed, &apimodel.GetContentRequestForm{
|
2021-05-08 14:25:55 +02:00
|
|
|
AccountID: accountID,
|
|
|
|
MediaType: mediaType,
|
|
|
|
MediaSize: mediaSize,
|
|
|
|
FileName: fileName,
|
|
|
|
})
|
2022-03-07 11:08:26 +01:00
|
|
|
if errWithCode != nil {
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
|
2021-05-08 14:25:55 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-02-19 11:44:56 +01:00
|
|
|
defer func() {
|
2022-11-03 15:03:12 +01:00
|
|
|
// close content when we're done
|
2022-09-19 13:43:22 +02:00
|
|
|
if content.Content != nil {
|
2022-11-03 15:03:12 +01:00
|
|
|
if err := content.Content.Close(); err != nil {
|
|
|
|
log.Errorf("ServeFile: error closing readcloser: %s", err)
|
2022-02-19 11:44:56 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2022-09-19 13:43:22 +02:00
|
|
|
if content.URL != nil {
|
|
|
|
c.Redirect(http.StatusFound, content.URL.String())
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-12-11 17:50:00 +01:00
|
|
|
// TODO: if the requester only accepts text/html we should try to serve them *something*.
|
2021-05-10 16:29:05 +02:00
|
|
|
// This is mostly needed because when sharing a link to a gts-hosted file on something like mastodon, the masto servers will
|
|
|
|
// attempt to look up the content to provide a preview of the link, and they ask for text/html.
|
2023-01-02 13:10:50 +01:00
|
|
|
format, err := apiutil.NegotiateAccept(c, apiutil.MIME(content.ContentType))
|
2022-06-08 20:38:03 +02:00
|
|
|
if err != nil {
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
|
2021-05-10 16:29:05 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-02 13:10:50 +01:00
|
|
|
// if this is a head request, just return info + throw the reader away
|
2022-07-30 14:42:47 +02:00
|
|
|
if c.Request.Method == http.MethodHead {
|
|
|
|
c.Header("Content-Type", format)
|
|
|
|
c.Header("Content-Length", strconv.FormatInt(content.ContentLength, 10))
|
|
|
|
c.Status(http.StatusOK)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-11 12:13:13 +01:00
|
|
|
// create a "slurp" buffer ;)
|
|
|
|
b := make([]byte, 64)
|
|
|
|
|
|
|
|
// Try read the first 64 bytes into memory, to try return a more useful "not found" error.
|
|
|
|
if _, err := io.ReadFull(content.Content, b); err != nil &&
|
|
|
|
(err != io.ErrUnexpectedEOF && err != io.EOF) {
|
2022-12-21 11:17:43 +01:00
|
|
|
err = fmt.Errorf("ServeFile: error reading from content: %w", err)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err, err.Error()), m.processor.InstanceGetV1)
|
2022-12-21 11:17:43 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-16 16:19:17 +01:00
|
|
|
// reconstruct the original content reader
|
|
|
|
r := io.MultiReader(bytes.NewReader(b), content.Content)
|
|
|
|
|
|
|
|
// Check the Range header: if this is a simple query for the whole file, we can return it now.
|
|
|
|
if c.GetHeader("Range") == "" && c.GetHeader("If-Range") == "" {
|
|
|
|
c.DataFromReader(http.StatusOK, content.ContentLength, format, r, nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Range is set, so we need a ReadSeeker to pass to the ServeContent function.
|
|
|
|
tfs, err := iotools.TempFileSeeker(r)
|
|
|
|
if err != nil {
|
|
|
|
err = fmt.Errorf("ServeFile: error creating temp file seeker: %w", err)
|
2023-02-02 14:08:13 +01:00
|
|
|
apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1)
|
2023-01-16 16:19:17 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
if err := tfs.Close(); err != nil {
|
|
|
|
log.Errorf("ServeFile: error closing temp file seeker: %s", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// to avoid ServeContent wasting time seeking for the
|
|
|
|
// mime type, set this header already since we know it
|
|
|
|
c.Header("Content-Type", format)
|
|
|
|
|
|
|
|
// allow ServeContent to handle the rest of the request;
|
|
|
|
// it will handle Range as appropriate, and write correct
|
|
|
|
// response headers, http code, etc
|
|
|
|
http.ServeContent(c.Writer, c.Request, fileName, content.ContentUpdated, tfs)
|
2021-05-08 14:25:55 +02:00
|
|
|
}
|