Skip to content

Commit

Permalink
Merge pull request #1126 from DEVTomatoCake/feat/local-image-proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
MaddyUnderStars authored Aug 19, 2024
2 parents 8587df6 + abf91d9 commit dbd93bd
Show file tree
Hide file tree
Showing 13 changed files with 2,777 additions and 1,044 deletions.
3 changes: 2 additions & 1 deletion .prettierignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ assets
dist
node_modules
.github
.vscode
.vscode
hashes.json
12 changes: 11 additions & 1 deletion flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,21 @@
inherit system;
};
hashesFile = builtins.fromJSON (builtins.readFile ./hashes.json);
lib = pkgs.lib;
in rec {
packages.default = pkgs.buildNpmPackage {
pname = "spacebar-server-ts";
src = ./.;
name = "spacebar-server-ts";

meta = with lib; {
description = "Spacebar server, a FOSS reimplementation of the Discord backend.";
homepage = "https://github.com/spacebarchat/server";
license = licenses.agpl3Plus;
platforms = platforms.all;
mainProgram = "start-bundle";
};

src = ./.;
nativeBuildInputs = with pkgs; [ python3 ];
npmDepsHash = hashesFile.npmDepsHash;
makeCacheWritable = true;
Expand Down
2 changes: 1 addition & 1 deletion hashes.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"npmDepsHash": "sha256-kdS1SwcBu6Dor92iO1ickLgz0T5UL16nyA49xXGajf4="
"npmDepsHash": "sha256-qcHlktC4qrhOJ6AwKbccPkr0cVrAtPhGK+xD/eV+scU="
}
6 changes: 3 additions & 3 deletions nix-update.sh
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
#!/usr/bin/env nix-shell
#!nix-shell -i "bash -x" -p bash prefetch-npm-deps jq git nix-output-monitor
nix flake update
nix flake update --extra-experimental-features 'nix-command flakes'
DEPS_HASH=`prefetch-npm-deps package-lock.json`
TMPFILE=$(mktemp)
jq '.npmDepsHash = "'$DEPS_HASH'"' hashes.json > $TMPFILE
mv -- "$TMPFILE" hashes.json

nom build .# || exit $?
git add hashes.json flake.lock flake.nix
nom build .# --extra-experimental-features 'nix-command flakes' || exit $?
git add hashes.json flake.lock flake.nix
3,574 changes: 2,543 additions & 1,031 deletions package-lock.json

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@
},
"optionalDependencies": {
"erlpack": "^0.1.4",
"jimp": "^0.22.12",
"mysql": "^2.18.1",
"nodemailer-mailgun-transport": "^2.1.5",
"nodemailer-mailjet-transport": "github:n0script22/nodemailer-mailjet-transport",
Expand Down
4 changes: 3 additions & 1 deletion src/api/Server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ import "missing-native-js-functions";
import morgan from "morgan";
import path from "path";
import { red } from "picocolors";
import { Authentication, CORS } from "./middlewares/";
import { Authentication, CORS, ImageProxy } from "./middlewares/";
import { BodyParser } from "./middlewares/BodyParser";
import { ErrorHandler } from "./middlewares/ErrorHandler";
import { initRateLimits } from "./middlewares/RateLimit";
Expand Down Expand Up @@ -137,6 +137,8 @@ export class SpacebarServer extends Server {
app.use("/api/v9", api);
app.use("/api", api); // allow unversioned requests

app.use("/imageproxy/:hash/:size/:url", ImageProxy);

app.get("/", (req, res) =>
res.sendFile(path.join(PUBLIC_ASSETS_FOLDER, "index.html")),
);
Expand Down
180 changes: 180 additions & 0 deletions src/api/middlewares/ImageProxy.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/

import { Config, JimpType } from "@spacebar/util";
import { Request, Response } from "express";
import { yellow } from "picocolors";
import crypto from "crypto";
import fetch from "node-fetch";

let sharp: undefined | false | { default: typeof import("sharp") } = undefined;

let Jimp: JimpType | undefined = undefined;
try {
Jimp = require("jimp") as JimpType;
} catch {
// empty
}

let sentImageProxyWarning = false;

const sharpSupported = new Set([
"image/jpeg",
"image/png",
"image/bmp",
"image/tiff",
"image/gif",
"image/webp",
"image/avif",
"image/svg+xml",
]);
const jimpSupported = new Set([
"image/jpeg",
"image/png",
"image/bmp",
"image/tiff",
"image/gif",
]);
const resizeSupported = new Set([...sharpSupported, ...jimpSupported]);

export async function ImageProxy(req: Request, res: Response) {
const path = req.originalUrl.split("/").slice(2);

// src/api/util/utility/EmbedHandlers.ts getProxyUrl
const hash = crypto
.createHmac("sha1", Config.get().security.requestSignature)
.update(path.slice(1).join("/"))
.digest("base64")
.replace(/\+/g, "-")
.replace(/\//g, "_");

try {
if (!crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(path[0])))
throw new Error("Invalid signature");
} catch {
console.log("Invalid signature, expected " + hash + " got " + path[0]);
res.status(403).send("Invalid signature");
return;
}

const abort = new AbortController();
setTimeout(() => abort.abort(), 5000);

const request = await fetch(path.slice(2).join("/"), {
headers: {
"User-Agent": "SpacebarImageProxy/1.0.0 (https://spacebar.chat)",
},
signal: abort.signal,
}).catch((e) => {
if (e.name === "AbortError") res.status(504).send("Request timed out");
else res.status(500).send("Unable to proxy origin: " + e.message);
});
if (!request) return;

if (request.status !== 200) {
res.status(request.status).send(
"Origin failed to respond: " +
request.status +
" " +
request.statusText,
);
return;
}

if (
!request.headers.get("Content-Type") ||
!request.headers.get("Content-Length")
) {
res.status(500).send(
"Origin did not provide a Content-Type or Content-Length header",
);
return;
}

// @ts-expect-error TS doesn't believe that the header cannot be null (it's checked for falsiness above)
if (parseInt(request.headers.get("Content-Length")) > 1024 * 1024 * 10) {
res.status(500).send(
"Origin provided a Content-Length header that is too large",
);
return;
}

// @ts-expect-error TS doesn't believe that the header cannot be null (it's checked for falsiness above)
let contentType: string = request.headers.get("Content-Type");

const arrayBuffer = await request.arrayBuffer();
let resultBuffer = Buffer.from(arrayBuffer);

if (
!sentImageProxyWarning &&
resizeSupported.has(contentType) &&
/^\d+x\d+$/.test(path[1])
) {
if (sharp !== false) {
try {
sharp = await import("sharp");
} catch {
sharp = false;
}
}

if (sharp === false && !Jimp) {
try {
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore Typings don't fit
Jimp = await import("jimp");
} catch {
sentImageProxyWarning = true;
console.log(
`[ImageProxy] ${yellow(
'Neither "sharp" or "jimp" NPM packages are installed, image resizing will be disabled',
)}`,
);
}
}

const [width, height] = path[1].split("x").map((x) => parseInt(x));

const buffer = Buffer.from(arrayBuffer);
if (sharp && sharpSupported.has(contentType)) {
resultBuffer = await sharp
.default(buffer)
// Sharp doesn't support "scaleToFit"
.resize(width)
.toBuffer();
} else if (Jimp && jimpSupported.has(contentType)) {
resultBuffer = await Jimp.read(buffer).then((image) => {
contentType = image.getMIME();
return (
image
.scaleToFit(width, height)
// @ts-expect-error Jimp is defined at this point
.getBufferAsync(Jimp.AUTO)
);
});
}
}

res.header("Content-Type", contentType);
res.setHeader(
"Cache-Control",
"public, max-age=" + Config.get().cdn.proxyCacheHeaderSeconds,
);

res.send(resultBuffer);
}
1 change: 1 addition & 0 deletions src/api/middlewares/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,4 @@ export * from "./BodyParser";
export * from "./CORS";
export * from "./ErrorHandler";
export * from "./RateLimit";
export * from "./ImageProxy";
8 changes: 5 additions & 3 deletions src/util/config/types/CdnConfiguration.ts
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
Expand All @@ -25,4 +25,6 @@ export class CdnConfiguration extends EndpointConfiguration {

endpointPublic: string | null = null;
endpointPrivate: string | null = null;

proxyCacheHeaderSeconds: number = 60 * 60 * 24;
}
6 changes: 3 additions & 3 deletions src/util/entities/UserSettings.ts
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
Expand Down
23 changes: 23 additions & 0 deletions src/util/imports/Jimp.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/

/* eslint-disable @typescript-eslint/no-explicit-any */

export type JimpType = {
read: (data: Buffer) => Promise<any>;
};
1 change: 1 addition & 0 deletions src/util/imports/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@

export * from "./OrmUtils";
export * from "./Erlpack";
export * from "./Jimp";

0 comments on commit dbd93bd

Please sign in to comment.