modules/media/thumbnail: Add mime type whitelist/blacklist; improve fallback conditions.

2025-01-13 16:33:53 +01:00 · 2019-07-05 18:20:39 -07:00 · 2019-07-05 18:20:39 -07:00 · 2ee958bd41
commit 2ee958bd41
parent 31aea230b1
1 changed files with 62 additions and 7 deletions
--- a/modules/media/thumbnail.cc
+++ b/modules/media/thumbnail.cc
@ -17,6 +17,8 @@ namespace ircd::m::media::thumbnail
 	extern conf::item<size_t> width_max;
 	extern conf::item<size_t> height_min;
 	extern conf::item<size_t> height_max;
+	extern conf::item<std::string> mime_whitelist;
+	extern conf::item<std::string> mime_blacklist;
 }

 using namespace ircd::m::media::thumbnail; //TODO: XXX
@ -56,6 +58,20 @@ ircd::m::media::thumbnail::height_max
 	{ "default",  1536L                               },
 };

+decltype(ircd::m::media::thumbnail::mime_whitelist)
+ircd::m::media::thumbnail::mime_whitelist
+{
+	{ "name",     "ircd.m.media.thumbnail.mime.whitelist" },
+	{ "default",  "image/jpeg image/png image/webp"       },
+};
+
+decltype(ircd::m::media::thumbnail::mime_blacklist)
+ircd::m::media::thumbnail::mime_blacklist
+{
+	{ "name",     "ircd.m.media.thumbnail.mime.blacklist" },
+	{ "default",  ""                                      },
+};
+
 resource
 thumbnail_resource__legacy
 {
@ -241,21 +257,60 @@ get__thumbnail_local(client &client,
 		mods::loaded("media_magick")
 	};

+	const auto mime_type
+	{
+		split(content_type, ';').first
+	};
+
+	const bool permitted
+	{
+		// If there's a blacklist, mime type must not in the blacklist.
+		(!mime_blacklist || !has(mime_blacklist, mime_type))
+
+		// If there's a whitelist, mime type must be in the whitelist.
+		&& (!mime_whitelist || has(mime_whitelist, mime_type))
+	};
+
+	const bool valid_args
+	{
+		// Both dimension parameters given in query string
+		(dimension.first && dimension.second)
+
+		// Known thumbnailing method in query string
+		&& (method == "scale" || method == "crop")
+	};
+
 	const bool fallback // Reasons to just send the original image
 	{
 		// Disabled by configuration
-		!enable ||
+		!enable

-		// Unknown thumbnailing method in query string
-		(method != "scale" && method != "crop") ||
-
-		// No dimension parameters given in query string
-		(!dimension.first || !dimension.second) ||
+		// Access denied for this operation
+		|| !permitted

 		// The thumbnailer is not loaded or available on this system.
-		!available
+		|| !available
+
+		//  Arguments invalid.
+		|| !valid_args
 	};

+	if(fallback && available && enable)
+		log::dwarning
+		{
+			"Not thumbnailing %s/%s [%s] '%s' bytes:%zu :%s",
+			hostname,
+			mediaid,
+			string_view{room.room_id},
+			content_type,
+			file_size,
+			!permitted?
+				"Not permitted":
+			!valid_args?
+				"Invalid arguments":
+				"Unknown reason",
+		};
+
 	if(fallback)
 		return resource::response
 		{