2017-05-26 08:57:09 +01:00
|
|
|
// Copyright 2017 Vector Creations Ltd
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package writers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
2017-05-26 13:42:51 +01:00
|
|
|
"fmt"
|
2017-05-31 12:46:21 +01:00
|
|
|
"io"
|
2017-05-26 08:57:09 +01:00
|
|
|
"net/http"
|
2017-05-31 12:46:21 +01:00
|
|
|
"os"
|
2017-05-26 13:42:51 +01:00
|
|
|
"regexp"
|
2017-05-31 12:46:21 +01:00
|
|
|
"strconv"
|
2017-05-26 08:57:09 +01:00
|
|
|
|
|
|
|
|
log "github.com/Sirupsen/logrus"
|
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
|
|
|
|
"github.com/matrix-org/dendrite/mediaapi/config"
|
2017-05-31 12:46:21 +01:00
|
|
|
"github.com/matrix-org/dendrite/mediaapi/fileutils"
|
|
|
|
|
"github.com/matrix-org/dendrite/mediaapi/storage"
|
2017-05-26 08:57:09 +01:00
|
|
|
"github.com/matrix-org/dendrite/mediaapi/types"
|
|
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
|
|
|
"github.com/matrix-org/util"
|
|
|
|
|
)
|
|
|
|
|
|
2017-05-26 13:42:51 +01:00
|
|
|
const mediaIDCharacters = "A-Za-z0-9_=-"
|
|
|
|
|
|
|
|
|
|
// Note: unfortunately regex.MustCompile() cannot be assigned to a const
|
|
|
|
|
var mediaIDRegex = regexp.MustCompile("[" + mediaIDCharacters + "]+")
|
|
|
|
|
|
2017-05-26 08:57:09 +01:00
|
|
|
// downloadRequest metadata included in or derivable from an download request
|
|
|
|
|
// https://matrix.org/docs/spec/client_server/r0.2.0.html#get-matrix-media-r0-download-servername-mediaid
|
|
|
|
|
type downloadRequest struct {
|
|
|
|
|
MediaMetadata *types.MediaMetadata
|
|
|
|
|
Logger *log.Entry
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Download implements /download
|
2017-05-31 12:46:21 +01:00
|
|
|
// Files from this server (i.e. origin == cfg.ServerName) are served directly
|
|
|
|
|
func Download(w http.ResponseWriter, req *http.Request, origin gomatrixserverlib.ServerName, mediaID types.MediaID, cfg *config.MediaAPI, db *storage.Database, activeRemoteRequests *types.ActiveRemoteRequests) {
|
2017-05-26 08:57:09 +01:00
|
|
|
r := &downloadRequest{
|
|
|
|
|
MediaMetadata: &types.MediaMetadata{
|
|
|
|
|
MediaID: mediaID,
|
|
|
|
|
Origin: origin,
|
|
|
|
|
},
|
2017-05-31 13:30:57 +01:00
|
|
|
Logger: util.GetLogger(req.Context()).WithFields(log.Fields{
|
|
|
|
|
"Origin": origin,
|
|
|
|
|
"MediaID": mediaID,
|
|
|
|
|
}),
|
2017-05-26 08:57:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// request validation
|
|
|
|
|
if req.Method != "GET" {
|
|
|
|
|
r.jsonErrorResponse(w, util.JSONResponse{
|
|
|
|
|
Code: 405,
|
|
|
|
|
JSON: jsonerror.Unknown("request method must be GET"),
|
|
|
|
|
})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if resErr := r.Validate(); resErr != nil {
|
|
|
|
|
r.jsonErrorResponse(w, *resErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-31 12:46:21 +01:00
|
|
|
if resErr := r.doDownload(w, cfg, db, activeRemoteRequests); resErr != nil {
|
|
|
|
|
r.jsonErrorResponse(w, *resErr)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-05-26 08:57:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *downloadRequest) jsonErrorResponse(w http.ResponseWriter, res util.JSONResponse) {
|
|
|
|
|
// Marshal JSON response into raw bytes to send as the HTTP body
|
|
|
|
|
resBytes, err := json.Marshal(res.JSON)
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.Logger.WithError(err).Error("Failed to marshal JSONResponse")
|
|
|
|
|
// this should never fail to be marshalled so drop err to the floor
|
|
|
|
|
res = util.MessageResponse(500, "Internal Server Error")
|
|
|
|
|
resBytes, _ = json.Marshal(res.JSON)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Set status code and write the body
|
|
|
|
|
w.WriteHeader(res.Code)
|
|
|
|
|
r.Logger.WithField("code", res.Code).Infof("Responding (%d bytes)", len(resBytes))
|
|
|
|
|
w.Write(resBytes)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate validates the downloadRequest fields
|
|
|
|
|
func (r *downloadRequest) Validate() *util.JSONResponse {
|
2017-05-26 13:42:51 +01:00
|
|
|
if mediaIDRegex.MatchString(string(r.MediaMetadata.MediaID)) == false {
|
2017-05-26 08:57:09 +01:00
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
2017-05-26 13:42:51 +01:00
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("mediaId must be a non-empty string using only characters in %v", mediaIDCharacters)),
|
2017-05-26 08:57:09 +01:00
|
|
|
}
|
|
|
|
|
}
|
2017-05-26 13:59:45 +01:00
|
|
|
// Note: the origin will be validated either by comparison to the configured server name of this homeserver
|
|
|
|
|
// or by a DNS SRV record lookup when creating a request for remote files
|
2017-05-26 08:57:09 +01:00
|
|
|
if r.MediaMetadata.Origin == "" {
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound("serverName must be a non-empty string"),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2017-05-31 12:46:21 +01:00
|
|
|
|
|
|
|
|
func (r *downloadRequest) doDownload(w http.ResponseWriter, cfg *config.MediaAPI, db *storage.Database, activeRemoteRequests *types.ActiveRemoteRequests) *util.JSONResponse {
|
|
|
|
|
// check if we have a record of the media in our database
|
2017-05-31 13:29:28 +01:00
|
|
|
mediaMetadata, err := db.GetMediaMetadata(r.MediaMetadata.MediaID, r.MediaMetadata.Origin)
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.Logger.WithError(err).Error("Error querying the database.")
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 500,
|
|
|
|
|
JSON: jsonerror.InternalServerError(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if mediaMetadata == nil {
|
2017-05-31 12:46:21 +01:00
|
|
|
if r.MediaMetadata.Origin == cfg.ServerName {
|
|
|
|
|
// If we do not have a record and the origin is local, the file is not found
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("File with media ID %q does not exist", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// TODO: If we do not have a record and the origin is remote, we need to fetch it and respond with that file
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("File with media ID %q does not exist", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-31 13:29:28 +01:00
|
|
|
// If we have a record, we can respond from the local file
|
|
|
|
|
r.MediaMetadata = mediaMetadata
|
|
|
|
|
return r.respondFromLocalFile(w, cfg.AbsBasePath)
|
2017-05-31 12:46:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// respondFromLocalFile reads a file from local storage and writes it to the http.ResponseWriter
|
|
|
|
|
// Returns a util.JSONResponse error in case of error
|
|
|
|
|
func (r *downloadRequest) respondFromLocalFile(w http.ResponseWriter, absBasePath types.Path) *util.JSONResponse {
|
|
|
|
|
filePath, err := fileutils.GetPathFromBase64Hash(r.MediaMetadata.Base64Hash, absBasePath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// FIXME: Remove erroneous file from database?
|
|
|
|
|
r.Logger.WithError(err).Warn("Failed to get file path from metadata")
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("File with media ID %q does not exist", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
file, err := os.Open(filePath)
|
|
|
|
|
defer file.Close()
|
|
|
|
|
if err != nil {
|
|
|
|
|
// FIXME: Remove erroneous file from database?
|
|
|
|
|
r.Logger.WithError(err).Warn("Failed to open file")
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("File with media ID %q does not exist", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
stat, err := file.Stat()
|
|
|
|
|
if err != nil {
|
|
|
|
|
// FIXME: Remove erroneous file from database?
|
|
|
|
|
r.Logger.WithError(err).Warn("Failed to stat file")
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 404,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("File with media ID %q does not exist", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if r.MediaMetadata.FileSizeBytes > 0 && int64(r.MediaMetadata.FileSizeBytes) != stat.Size() {
|
|
|
|
|
r.Logger.WithFields(log.Fields{
|
|
|
|
|
"fileSizeDatabase": r.MediaMetadata.FileSizeBytes,
|
|
|
|
|
"fileSizeDisk": stat.Size(),
|
|
|
|
|
}).Warn("File size in database and on-disk differ.")
|
|
|
|
|
// FIXME: Remove erroneous file from database?
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r.Logger.WithFields(log.Fields{
|
|
|
|
|
"UploadName": r.MediaMetadata.UploadName,
|
|
|
|
|
"Base64Hash": r.MediaMetadata.Base64Hash,
|
|
|
|
|
"FileSizeBytes": r.MediaMetadata.FileSizeBytes,
|
|
|
|
|
"Content-Type": r.MediaMetadata.ContentType,
|
|
|
|
|
}).Info("Responding with file")
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", string(r.MediaMetadata.ContentType))
|
|
|
|
|
w.Header().Set("Content-Length", strconv.FormatInt(int64(r.MediaMetadata.FileSizeBytes), 10))
|
|
|
|
|
contentSecurityPolicy := "default-src 'none';" +
|
|
|
|
|
" script-src 'none';" +
|
|
|
|
|
" plugin-types application/pdf;" +
|
|
|
|
|
" style-src 'unsafe-inline';" +
|
|
|
|
|
" object-src 'self';"
|
|
|
|
|
w.Header().Set("Content-Security-Policy", contentSecurityPolicy)
|
|
|
|
|
|
|
|
|
|
if bytesResponded, err := io.Copy(w, file); err != nil {
|
|
|
|
|
r.Logger.WithError(err).Warn("Failed to copy from cache")
|
|
|
|
|
if bytesResponded == 0 {
|
|
|
|
|
return &util.JSONResponse{
|
|
|
|
|
Code: 500,
|
|
|
|
|
JSON: jsonerror.NotFound(fmt.Sprintf("Failed to respond with file with media ID %q", r.MediaMetadata.MediaID)),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// If we have written any data then we have already responded with 200 OK and all we can do is close the connection
|
|
|
|
|
// FIXME: close the connection here or just return?
|
|
|
|
|
r.closeConnection(w)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *downloadRequest) closeConnection(w http.ResponseWriter) {
|
2017-05-31 13:30:57 +01:00
|
|
|
r.Logger.Info("Attempting to close the connection.")
|
2017-05-31 12:46:21 +01:00
|
|
|
hijacker, ok := w.(http.Hijacker)
|
|
|
|
|
if ok {
|
|
|
|
|
connection, _, hijackErr := hijacker.Hijack()
|
|
|
|
|
if hijackErr == nil {
|
2017-05-31 13:30:57 +01:00
|
|
|
r.Logger.Info("Closing")
|
2017-05-31 12:46:21 +01:00
|
|
|
connection.Close()
|
|
|
|
|
} else {
|
2017-05-31 13:30:57 +01:00
|
|
|
r.Logger.WithError(hijackErr).Warn("Error trying to hijack and close connection")
|
2017-05-31 12:46:21 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
