versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 05:49:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(media): 🐛 Don't proxy media from trusted origins, use new ProxiedUrl class
Some checks failed
CodeQL Scan / Analyze (javascript-typescript) (push) Failing after 6s
Details
Build Docker Images / lint (push) Failing after 10s
Details
Build Docker Images / check (push) Failing after 11s
Details
Build Docker Images / tests (push) Failing after 27s
Details
Build Docker Images / build (server, Dockerfile, ${{ github.repository_owner }}/server) (push) Has been skipped
Details
Build Docker Images / build (worker, Worker.Dockerfile, ${{ github.repository_owner }}/worker) (push) Has been skipped
Details
Deploy Docs to GitHub Pages / build (push) Failing after 6s
Details
Mirror to Codeberg / Mirror (push) Failing after 0s
Details
Deploy Docs to GitHub Pages / Deploy (push) Has been skipped
Details
Nix Build / check (push) Failing after 5s
Details

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-03-30 23:44:50 +02:00
parent 411fcd8af5
commit dc1ddb758d
No known key found for this signature in database
14 changed files with 114 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

25
classes/media/url.ts Normal file
View file

@ -0,0 +1,25 @@
import { config } from "~/config.ts";
export class ProxiableUrl extends URL {
private isAllowedOrigin(): boolean {
const allowedOrigins: URL[] = [config.http.base_url].concat(
config.s3?.public_url ?? [],
);
return allowedOrigins.some((origin) =>
this.hostname.endsWith(origin.hostname),
);
}
public get proxied(): string {
// Don't proxy from CDN and self, since those sources are trusted
if (this.isAllowedOrigin()) {
return this.href;
}
const urlAsBase64Url = Buffer.from(this.href).toString("base64url");
return new URL(`/media/proxy/${urlAsBase64Url}`, config.http.base_url)
.href;
}
}