File proxy.php

  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325:

<?php

/**
 * This is a lightweight proxy for serving images, generally meant to be used alongside SSL
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines https://www.simplemachines.org
 * @copyright 2020 Simple Machines and individual contributors
 * @license https://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 RC2
 */

if (!defined('SMF'))
    define('SMF', 'PROXY');

if (!defined('SMF_VERSION'))
    define('SMF_VERSION', '2.1 RC2');

if (!defined('SMF_FULL_VERSION'))
    define('SMF_FULL_VERSION', 'SMF ' . SMF_VERSION);

if (!defined('SMF_SOFTWARE_YEAR'))
    define('SMF_SOFTWARE_YEAR', '2020');

if (!defined('JQUERY_VERSION'))
    define('JQUERY_VERSION', '3.4.1');

if (!defined('POSTGRE_TITLE'))
    define('POSTGRE_TITLE', 'PostgreSQL');

if (!defined('MYSQL_TITLE'))
    define('MYSQL_TITLE', 'MySQL');

if (!defined('SMF_USER_AGENT'))
    define('SMF_USER_AGENT', 'Mozilla/5.0 (' . php_uname('s') . ' ' . php_uname('m') . ') AppleWebKit/605.1.15 (KHTML, like Gecko)  SMF/' . strtr(SMF_VERSION, ' ', '.'));

/**
 * Class ProxyServer
 */
class ProxyServer
{
    /** @var bool $enabled Whether or not this is enabled */
    protected $enabled;

    /** @var int $maxSize The maximum size for files to cache */
    protected $maxSize;

    /** @var string $secret A secret code used for hashing */
    protected $secret;

    /** @var string The cache directory */
    protected $cache;

    /** @var int $maxDays until entries get deleted */
    protected $maxDays;

    /** @var int $cachedtime time object cached */
    protected $cachedtime;

    /** @var string $cachedtype type of object cached */
    protected $cachedtype;

    /** @var int $cachedsize size of object cached */
    protected $cachedsize;

    /** @var string $cachedbody body of object cached */
    protected $cachedbody;

    /**
     * Constructor, loads up the Settings for the proxy
     *
     * @access public
     */
    public function __construct()
    {
        global $image_proxy_enabled, $image_proxy_maxsize, $image_proxy_secret, $cachedir, $sourcedir;

        require_once(dirname(__FILE__) . '/Settings.php');
        require_once($sourcedir . '/Subs.php');

        // Make absolutely sure the cache directory is defined and writable.
        if (empty($cachedir) || !is_dir($cachedir) || !is_writable($cachedir))
        {
            if (is_dir($boarddir . '/cache') && is_writable($boarddir . '/cache'))
                $cachedir = $boarddir . '/cache';
            else
            {
                $cachedir = sys_get_temp_dir() . '/smf_cache_' . md5($boarddir);
                @mkdir($cachedir, 0750);
            }
        }

        // Turn off all error reporting; any extra junk makes for an invalid image.
        error_reporting(0);

        $this->enabled = (bool) $image_proxy_enabled;
        $this->maxSize = (int) $image_proxy_maxsize;
        $this->secret = (string) $image_proxy_secret;
        $this->cache = $cachedir . '/images';
        $this->maxDays = 5;
    }

    /**
     * Checks whether the request is valid or not
     *
     * @access public
     * @return bool Whether the request is valid
     */
    public function checkRequest()
    {
        if (!$this->enabled)
            return false;

        // Try to create the image cache directory if it doesn't exist
        if (!file_exists($this->cache))
            if (!mkdir($this->cache) || !copy(dirname($this->cache) . '/index.php', $this->cache . '/index.php'))
                return false;

        // Basic sanity check
        $_GET['request'] = validate_iri($_GET['request']);

        // We aren't going anywhere without these
        if (empty($_GET['hash']) || empty($_GET['request']))
            return false;

        $hash = $_GET['hash'];
        $request = $_GET['request'];

        if (hash_hmac('sha1', $request, $this->secret) != $hash)
            return false;

        // Ensure any non-ASCII characters in the URL are encoded correctly
        $request = iri_to_url($request);

        // Attempt to cache the request if it doesn't exist
        if (!$this->isCached($request))
            return $this->cacheImage($request);

        return false;
    }

    /**
     * Serves the request
     *
     * @access public
     */
    public function serve()
    {
        $request = $_GET['request'];
        // Did we get an error when trying to fetch the image
        $response = $this->checkRequest();
        if (!$response)
        {
            // Throw a 404
            send_http_status(404);
            exit;
        }

        // We should have a cached image at this point
        $cached_file = $this->getCachedPath($request);

        // Read from cache if you need to...
        if ($this->cachedbody === null)
        {
            $cached = json_decode(file_get_contents($cached_file), true);
            $this->cachedtime = $cached['time'];
            $this->cachedtype = $cached['content_type'];
            $this->cachedsize = $cached['size'];
            $this->cachedbody = $cached['body'];
        }

        $time = time();

        // Is the cache expired? Delete and reload.
        if ($time - $this->cachedtime > ($this->maxDays * 86400))
        {
            @unlink($cached_file);
            if ($this->checkRequest())
                $this->serve();
            $this->redirectexit($request);
        }

        $eTag = '"' . substr(sha1($request) . $this->cachedtime, 0, 64) . '"';
        if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false)
        {
            send_http_status(304);
            exit;
        }

        // Make sure we're serving an image
        $contentParts = explode('/', !empty($this->cachedtype) ? $this->cachedtype : '');
        if ($contentParts[0] != 'image')
            exit;

        $max_age = $time - $this->cachedtime + (5 * 86400);
        header('content-type: ' . $this->cachedtype);
        header('content-length: ' . $this->cachedsize);
        header('cache-control: public, max-age=' . $max_age);
        header('last-modified: ' . gmdate('D, d M Y H:i:s', $this->cachedtime) . ' GMT');
        header('etag: ' . $eTag);
        echo base64_decode($this->cachedbody);
    }

    /**
     * Returns the request's hashed filepath
     *
     * @access public
     * @param string $request The request to get the path for
     * @return string The hashed filepath for the specified request
     */
    protected function getCachedPath($request)
    {
        return $this->cache . '/' . sha1($request . $this->secret);
    }

    /**
     * Check whether the image exists in local cache or not
     *
     * @access protected
     * @param string $request The image to check for in the cache
     * @return bool Whether or not the requested image is cached
     */
    protected function isCached($request)
    {
        return file_exists($this->getCachedPath($request));
    }

    /**
     * Attempts to cache the image while validating it
     *
     * Redirects to the origin if
     *    - the image couldn't be fetched
     *    - the MIME type doesn't indicate an image
     *    - the image is too large
     *
     * @access protected
     * @param string $request The image to cache/validate
     * @return bool Whether the specified image was cached
     */
    protected function cacheImage($request)
    {
        $dest = $this->getCachedPath($request);
        $ext = strtolower(pathinfo(parse_url($request, PHP_URL_PATH), PATHINFO_EXTENSION));

        $image = fetch_web_data($request);

        // Looks like nobody was home
        if (empty($image))
            $this->redirectexit($request);

        // What kind of file did they give us?
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $mime_type = finfo_buffer($finfo, $image);

        // SVG needs a little extra care
        if ($ext == 'svg' && in_array($mime_type, array('text/plain', 'text/xml')) && strpos($image, '<svg') !== false && strpos($image, '</svg>') !== false)
            $mime_type = 'image/svg+xml';

        // Make sure the url is returning an image
        if (strpos($mime_type, 'image/') !== 0)
            $this->redirectexit($request);

        // Validate the filesize
        $size = strlen($image);
        if ($size > ($this->maxSize * 1024))
            $this->redirectexit($request);

        // Populate object for current serve execution (so you don't have to read it again...)
        $this->cachedtime = time();
        $this->cachedtype = $mime_type;
        $this->cachedsize = $size;
        $this->cachedbody = base64_encode($image);

        // Cache it for later
        return file_put_contents($dest, json_encode(array(
            'content_type' => $this->cachedtype,
            'size' => $this->cachedsize,
            'time' => $this->cachedtime,
            'body' => $this->cachedbody,
        ))) !== false;
    }

    /**
     * A helper function to redirect a request
     *
     * @access private
     * @param string $request
     */
    private function redirectexit($request)
    {
        header('Location: ' . un_htmlspecialchars($request), false, 301);
        exit;
    }

    /**
     * Delete all old entries
     *
     * @access public
     */
    public function housekeeping()
    {
        $path = $this->cache . '/';
        if ($handle = opendir($path))
        {
            while (false !== ($file = readdir($handle)))
            {
                if (is_file($path . $file) && !in_array($file, array('index.php', '.htaccess')) && time() - filemtime($path . $file) > $this->maxDays * 86400)
                    unlink($path . $file);
            }

            closedir($handle);
        }
    }
}

if (SMF == 'PROXY')
{
    $proxy = new ProxyServer();
    $proxy->serve();
}

?>

Namespaces

Classes

Interfaces

Exceptions

Functions