Passed
Pull Request — release-2.1 (#6860)
by Jon
06:16
created

ProxyServer::checkRequest()   B

Complexity

Conditions 9
Paths 10

Size

Total Lines 31
Code Lines 16

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 9
eloc 16
c 0
b 0
f 0
nop 0
dl 0
loc 31
rs 8.0555
nc 10
1
<?php
2
3
/**
4
 * This is a lightweight proxy for serving images, generally meant to be used alongside SSL
5
 *
6
 * Simple Machines Forum (SMF)
7
 *
8
 * @package SMF
9
 * @author Simple Machines https://www.simplemachines.org
10
 * @copyright 2021 Simple Machines and individual contributors
11
 * @license https://www.simplemachines.org/about/smf/license.php BSD
12
 *
13
 * @version 2.1 RC4
14
 */
15
16
if (!defined('SMF'))
17
	define('SMF', 'PROXY');
18
19
if (!defined('SMF_VERSION'))
20
	define('SMF_VERSION', '2.1 RC4');
21
22
if (!defined('SMF_FULL_VERSION'))
23
	define('SMF_FULL_VERSION', 'SMF ' . SMF_VERSION);
24
25
if (!defined('SMF_SOFTWARE_YEAR'))
26
	define('SMF_SOFTWARE_YEAR', '2021');
27
28
if (!defined('JQUERY_VERSION'))
29
	define('JQUERY_VERSION', '3.5.1');
30
31
if (!defined('POSTGRE_TITLE'))
32
	define('POSTGRE_TITLE', 'PostgreSQL');
33
34
if (!defined('MYSQL_TITLE'))
35
	define('MYSQL_TITLE', 'MySQL');
36
37
if (!defined('SMF_USER_AGENT'))
38
	define('SMF_USER_AGENT', 'Mozilla/5.0 (' . php_uname('s') . ' ' . php_uname('m') . ') AppleWebKit/605.1.15 (KHTML, like Gecko)  SMF/' . strtr(SMF_VERSION, ' ', '.'));
39
40
/**
41
 * Class ProxyServer
42
 */
43
class ProxyServer
44
{
45
	/** @var bool $enabled Whether or not this is enabled */
46
	protected $enabled;
47
48
	/** @var int $maxSize The maximum size for files to cache */
49
	protected $maxSize;
50
51
	/** @var string $secret A secret code used for hashing */
52
	protected $secret;
53
54
	/** @var string The cache directory */
55
	protected $cache;
56
57
	/** @var int $maxDays until entries get deleted */
58
	protected $maxDays;
59
60
	/** @var int $cachedtime time object cached */
61
	protected $cachedtime;
62
63
	/** @var string $cachedtype type of object cached */
64
	protected $cachedtype;
65
66
	/** @var int $cachedsize size of object cached */
67
	protected $cachedsize;
68
69
	/** @var string $cachedbody body of object cached */
70
	protected $cachedbody;
71
72
	/**
73
	 * Constructor, loads up the Settings for the proxy
74
	 *
75
	 * @access public
76
	 */
77
	public function __construct()
78
	{
79
		global $image_proxy_enabled, $image_proxy_maxsize, $image_proxy_secret, $cachedir, $sourcedir;
80
81
		require_once(dirname(__FILE__) . '/Settings.php');
82
		require_once($sourcedir . '/Subs.php');
83
84
		// Make absolutely sure the cache directory is defined and writable.
85
		if (empty($cachedir) || !is_dir($cachedir) || !is_writable($cachedir))
86
		{
87
			if (is_dir($boarddir . '/cache') && is_writable($boarddir . '/cache'))
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $boarddir seems to be never defined.
Loading history...
88
				$cachedir = $boarddir . '/cache';
89
			else
90
			{
91
				$cachedir = sys_get_temp_dir() . '/smf_cache_' . md5($boarddir);
92
				@mkdir($cachedir, 0750);
93
			}
94
		}
95
96
		// Turn off all error reporting; any extra junk makes for an invalid image.
97
		error_reporting(0);
98
99
		$this->enabled = (bool) $image_proxy_enabled;
100
		$this->maxSize = (int) $image_proxy_maxsize;
101
		$this->secret = (string) $image_proxy_secret;
102
		$this->cache = $cachedir . '/images';
103
		$this->maxDays = 5;
104
	}
105
106
	/**
107
	 * Checks whether the request is valid or not
108
	 *
109
	 * @access public
110
	 * @return bool Whether the request is valid
111
	 */
112
	public function checkRequest()
113
	{
114
		if (!$this->enabled)
115
			return false;
116
117
		// Try to create the image cache directory if it doesn't exist
118
		if (!file_exists($this->cache))
119
			if (!mkdir($this->cache) || !copy(dirname($this->cache) . '/index.php', $this->cache . '/index.php'))
120
				return false;
121
122
		// Basic sanity check
123
		$_GET['request'] = validate_iri($_GET['request']);
124
125
		// We aren't going anywhere without these
126
		if (empty($_GET['hash']) || empty($_GET['request']))
127
			return false;
128
129
		$hash = $_GET['hash'];
130
		$request = $_GET['request'];
131
132
		if (hash_hmac('sha1', $request, $this->secret) != $hash)
133
			return false;
134
135
		// Ensure any non-ASCII characters in the URL are encoded correctly
136
		$request = iri_to_url($request);
137
138
		// Attempt to cache the request if it doesn't exist
139
		if (!$this->isCached($request))
140
			return $this->cacheImage($request);
141
142
		return false;
143
	}
144
145
	/**
146
	 * Serves the request
147
	 *
148
	 * @access public
149
	 */
150
	public function serve()
151
	{
152
		$request = $_GET['request'];
153
		// Did we get an error when trying to fetch the image
154
		$response = $this->checkRequest();
155
		if (!$response)
156
		{
157
			// Throw a 404
158
			send_http_status(404);
159
			exit;
0 ignored issues
show
Best Practice introduced by
Using exit here is not recommended.

In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.

Loading history...
160
		}
161
162
		// We should have a cached image at this point
163
		$cached_file = $this->getCachedPath($request);
164
165
		// Read from cache if you need to...
166
		if ($this->cachedbody === null)
167
		{
168
			$cached = json_decode(file_get_contents($cached_file), true);
169
			$this->cachedtime = $cached['time'];
170
			$this->cachedtype = $cached['content_type'];
171
			$this->cachedsize = $cached['size'];
172
			$this->cachedbody = $cached['body'];
173
		}
174
175
		$time = time();
176
177
		// Is the cache expired? Delete and reload.
178
		if ($time - $this->cachedtime > ($this->maxDays * 86400))
179
		{
180
			@unlink($cached_file);
181
			if ($this->checkRequest())
182
				$this->serve();
183
			$this->redirectexit($request);
184
		}
185
186
		$eTag = '"' . substr(sha1($request) . $this->cachedtime, 0, 64) . '"';
187
		if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false)
188
		{
189
			send_http_status(304);
190
			exit;
0 ignored issues
show
Best Practice introduced by
Using exit here is not recommended.

In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.

Loading history...
191
		}
192
193
		// Make sure we're serving an image
194
		$contentParts = explode('/', !empty($this->cachedtype) ? $this->cachedtype : '');
195
		if ($contentParts[0] != 'image')
196
			exit;
0 ignored issues
show
Best Practice introduced by
Using exit here is not recommended.

In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.

Loading history...
197
198
		$max_age = $time - $this->cachedtime + (5 * 86400);
199
		header('content-type: ' . $this->cachedtype);
200
		header('content-length: ' . $this->cachedsize);
201
		header('cache-control: public, max-age=' . $max_age);
202
		header('last-modified: ' . gmdate('D, d M Y H:i:s', $this->cachedtime) . ' GMT');
203
		header('etag: ' . $eTag);
204
		echo base64_decode($this->cachedbody);
205
	}
206
207
	/**
208
	 * Returns the request's hashed filepath
209
	 *
210
	 * @access public
211
	 * @param string $request The request to get the path for
212
	 * @return string The hashed filepath for the specified request
213
	 */
214
	protected function getCachedPath($request)
215
	{
216
		return $this->cache . '/' . sha1($request . $this->secret);
217
	}
218
219
	/**
220
	 * Check whether the image exists in local cache or not
221
	 *
222
	 * @access protected
223
	 * @param string $request The image to check for in the cache
224
	 * @return bool Whether or not the requested image is cached
225
	 */
226
	protected function isCached($request)
227
	{
228
		return file_exists($this->getCachedPath($request));
229
	}
230
231
	/**
232
	 * Attempts to cache the image while validating it
233
	 *
234
	 * Redirects to the origin if
235
	 *    - the image couldn't be fetched
236
	 *    - the MIME type doesn't indicate an image
237
	 *    - the image is too large
238
	 *
239
	 * @access protected
240
	 * @param string $request The image to cache/validate
241
	 * @return bool Whether the specified image was cached
242
	 */
243
	protected function cacheImage($request)
244
	{
245
		$dest = $this->getCachedPath($request);
246
		$ext = strtolower(pathinfo(parse_url($request, PHP_URL_PATH), PATHINFO_EXTENSION));
0 ignored issues
show
Bug introduced by
It seems like pathinfo(parse_url($requ...H), PATHINFO_EXTENSION) can also be of type array; however, parameter $string of strtolower() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

246
		$ext = strtolower(/** @scrutinizer ignore-type */ pathinfo(parse_url($request, PHP_URL_PATH), PATHINFO_EXTENSION));
Loading history...
247
248
		$image = fetch_web_data($request);
249
250
		// Looks like nobody was home
251
		if (empty($image))
252
			$this->redirectexit($request);
253
254
		// What kind of file did they give us?
255
		$finfo = finfo_open(FILEINFO_MIME_TYPE);
256
		$mime_type = finfo_buffer($finfo, $image);
257
258
		// SVG needs a little extra care
259
		if ($ext == 'svg' && in_array($mime_type, array('text/plain', 'text/xml')) && strpos($image, '<svg') !== false && strpos($image, '</svg>') !== false)
260
			$mime_type = 'image/svg+xml';
261
262
		// Make sure the url is returning an image
263
		if (strpos($mime_type, 'image/') !== 0)
264
			$this->redirectexit($request);
265
266
		// Validate the filesize
267
		$size = strlen($image);
268
		if ($size > ($this->maxSize * 1024))
269
			$this->redirectexit($request);
270
271
		// Populate object for current serve execution (so you don't have to read it again...)
272
		$this->cachedtime = time();
273
		$this->cachedtype = $mime_type;
274
		$this->cachedsize = $size;
275
		$this->cachedbody = base64_encode($image);
276
277
		// Cache it for later
278
		return file_put_contents($dest, json_encode(array(
279
			'content_type' => $this->cachedtype,
280
			'size' => $this->cachedsize,
281
			'time' => $this->cachedtime,
282
			'body' => $this->cachedbody,
283
		))) !== false;
284
	}
285
286
	/**
287
	 * A helper function to redirect a request
288
	 *
289
	 * @access private
290
	 * @param string $request
291
	 */
292
	private function redirectexit($request)
293
	{
294
		header('Location: ' . un_htmlspecialchars($request), false, 301);
295
		exit;
296
	}
297
298
	/**
299
	 * Delete all old entries
300
	 *
301
	 * @access public
302
	 */
303
	public function housekeeping()
304
	{
305
		$path = $this->cache . '/';
306
		if ($handle = opendir($path))
307
		{
308
			while (false !== ($file = readdir($handle)))
309
			{
310
				if (is_file($path . $file) && !in_array($file, array('index.php', '.htaccess')) && time() - filemtime($path . $file) > $this->maxDays * 86400)
311
					unlink($path . $file);
312
			}
313
314
			closedir($handle);
315
		}
316
	}
317
}
318
319
if (SMF == 'PROXY')
0 ignored issues
show
introduced by
The condition SMF == 'PROXY' is always false.
Loading history...
320
{
321
	$proxy = new ProxyServer();
322
	$proxy->serve();
323
}
324
325
?>