aboutsummaryrefslogblamecommitdiff
path: root/plugins/viewhtml/plugin.go
blob: 08ffc8c96603d13c033e925135c7bf44e2936167 (plain) (tree) 
b891a95

8299617


a8a3c82







b891a95


a8a3c82






8299617



b891a95

a8a3c82

b891a95


b3f98de









b891a95

a8a3c82

























fa10282





a8a3c82


a8a3c82




b891a95

8299617

1

2
3

4
5
6
7
8
9
10

11
12

13
14
15
16
17
18

19
20
21

22

23

24
25

26
27
28
29
30
31
32
33
34

35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

61
62
63
64
65

66
67

68
69
70
71

72

73

                    

        






                  

                                                        





                                               


             
                                            
 

                                                                                       








                                                                                                      
                                                       
























                                                                                                




                                                                                                          

                 



                                                                      
                                             
 
package alpsviewhtml

import (
	"io"
	"mime"
	"net/http"
	"net/url"
	"strconv"
	"strings"

	"git.sr.ht/~emersion/alps"
	alpsbase "git.sr.ht/~emersion/alps/plugins/base"
	"github.com/labstack/echo/v4"
)

var (
	proxyEnabled = true
	proxyMaxSize = 5 * 1024 * 1024 // 5 MiB
)

func init() {
	p := alps.GoPlugin{Name: "viewhtml"}

	p.Inject("message.html", func(ctx *alps.Context, _data alps.RenderData) error {
		data := _data.(*alpsbase.MessageRenderData)
		data.Extra["RemoteResourcesAllowed"] = ctx.QueryParam("allow-remote-resources") == "1"
		hasRemoteResources := false
		if v := ctx.Get("viewhtml.hasRemoteResources"); v != nil {
			hasRemoteResources = v.(bool)
		}
		data.Extra["HasRemoteResources"] = hasRemoteResources
		return nil
	})

	p.GET("/proxy", func(ctx *alps.Context) error {
		if !proxyEnabled {
			return echo.NewHTTPError(http.StatusForbidden, "proxy disabled")
		}

		u, err := url.Parse(ctx.QueryParam("src"))
		if err != nil {
			return echo.NewHTTPError(http.StatusBadRequest, "invalid URL")
		}

		if u.Scheme != "https" {
			return echo.NewHTTPError(http.StatusBadRequest, "invalid scheme")
		}

		resp, err := http.Get(u.String())
		if err != nil {
			return err
		}
		defer resp.Body.Close()

		mediaType, _, err := mime.ParseMediaType(resp.Header.Get("Content-Type"))
		if err != nil || !strings.HasPrefix(mediaType, "image/") {
			return echo.NewHTTPError(http.StatusBadRequest, "invalid resource type")
		}

		size, err := strconv.Atoi(resp.Header.Get("Content-Length"))
		if err == nil {
			if size > proxyMaxSize {
				return echo.NewHTTPError(http.StatusBadRequest, "invalid resource length")
			}
			ctx.Response().Header().Set("Content-Length", strconv.Itoa(size))
		}

		lr := io.LimitedReader{resp.Body, int64(proxyMaxSize)}
		return ctx.Stream(http.StatusOK, mediaType, &lr)
	})

	alps.RegisterPluginLoader(p.Loader())
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-18 19:30:19 +0000