99 lines
3.2 KiB
Ruby
99 lines
3.2 KiB
Ruby
require 'ssrf_filter'
|
|
|
|
module SafeFetch
|
|
DEFAULT_ALLOWED_CONTENT_TYPE_PREFIXES = %w[image/ video/].freeze
|
|
DEFAULT_OPEN_TIMEOUT = 2
|
|
DEFAULT_READ_TIMEOUT = 20
|
|
DEFAULT_MAX_BYTES_FALLBACK_MB = 40
|
|
|
|
Result = Data.define(:tempfile, :filename, :content_type)
|
|
|
|
class Error < StandardError; end
|
|
class InvalidUrlError < Error; end
|
|
class UnsafeUrlError < Error; end
|
|
class FetchError < Error; end
|
|
class HttpError < Error; end
|
|
class FileTooLargeError < Error; end
|
|
class UnsupportedContentTypeError < Error; end
|
|
|
|
def self.fetch(url,
|
|
max_bytes: nil,
|
|
allowed_content_type_prefixes: DEFAULT_ALLOWED_CONTENT_TYPE_PREFIXES)
|
|
raise ArgumentError, 'block required' unless block_given?
|
|
|
|
effective_max_bytes = max_bytes || default_max_bytes
|
|
uri = parse_and_validate_url!(url)
|
|
filename = filename_for(uri)
|
|
tempfile = Tempfile.new('chatwoot-safe-fetch', binmode: true)
|
|
|
|
response = stream_to_tempfile(url, tempfile, effective_max_bytes, allowed_content_type_prefixes)
|
|
raise HttpError, "#{response.code} #{response.message}" unless response.is_a?(Net::HTTPSuccess)
|
|
|
|
tempfile.rewind
|
|
yield Result.new(tempfile: tempfile, filename: filename, content_type: response['content-type'])
|
|
rescue SsrfFilter::InvalidUriScheme, URI::InvalidURIError => e
|
|
raise InvalidUrlError, e.message
|
|
rescue SsrfFilter::Error, Resolv::ResolvError => e
|
|
raise UnsafeUrlError, e.message
|
|
rescue Net::OpenTimeout, Net::ReadTimeout, SocketError, OpenSSL::SSL::SSLError => e
|
|
raise FetchError, e.message
|
|
ensure
|
|
tempfile&.close!
|
|
end
|
|
|
|
class << self
|
|
private
|
|
|
|
def stream_to_tempfile(url, tempfile, max_bytes, allowed_content_type_prefixes)
|
|
response = nil
|
|
bytes_written = 0
|
|
|
|
SsrfFilter.get(
|
|
url,
|
|
http_options: { open_timeout: DEFAULT_OPEN_TIMEOUT, read_timeout: DEFAULT_READ_TIMEOUT }
|
|
) do |res|
|
|
response = res
|
|
next unless res.is_a?(Net::HTTPSuccess)
|
|
|
|
unless allowed_content_type?(res['content-type'], allowed_content_type_prefixes)
|
|
raise UnsupportedContentTypeError, "content-type not allowed: #{res['content-type']}"
|
|
end
|
|
|
|
res.read_body do |chunk|
|
|
bytes_written += chunk.bytesize
|
|
raise FileTooLargeError, "exceeded #{max_bytes} bytes" if bytes_written > max_bytes
|
|
|
|
tempfile.write(chunk)
|
|
end
|
|
end
|
|
|
|
response
|
|
end
|
|
|
|
def filename_for(uri)
|
|
File.basename(uri.path).presence || "download-#{Time.current.to_i}-#{SecureRandom.hex(4)}"
|
|
end
|
|
|
|
def default_max_bytes
|
|
limit_mb = GlobalConfigService.load('MAXIMUM_FILE_UPLOAD_SIZE', DEFAULT_MAX_BYTES_FALLBACK_MB).to_i
|
|
limit_mb = DEFAULT_MAX_BYTES_FALLBACK_MB if limit_mb <= 0
|
|
limit_mb.megabytes
|
|
end
|
|
|
|
def parse_and_validate_url!(url)
|
|
uri = URI.parse(url)
|
|
raise InvalidUrlError, 'scheme must be http or https' unless uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
|
|
raise InvalidUrlError, 'missing host' if uri.host.blank?
|
|
|
|
uri
|
|
end
|
|
|
|
def allowed_content_type?(value, prefixes)
|
|
mime = value.to_s.split(';').first&.strip&.downcase
|
|
return false if mime.blank?
|
|
|
|
prefixes.any? { |prefix| mime.start_with?(prefix) }
|
|
end
|
|
end
|
|
end
|