nex/drop-in-url-previews
1
0
Fork 0
Code Issues Pull requests Packages Activity Actions

Properly implement authentication

Browse source
This commit is contained in:
Nexus 2024-02-28 18:09:17 +00:00
parent 69de1606d1
commit 47acecc252
Signed by: nex
GPG key ID: 0FA334385D0B689F
2 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -84,3 +84,15 @@ volumes:
| `FORWARDED_ALLOW_IPS` | The list of reverse proxy IPs to trust. See [Uvicorn docs](https://www.uvicorn.org/settings/#http) | * | `127.0.0.1` | | `FORWARDED_ALLOW_IPS` | The list of reverse proxy IPs to trust. See [Uvicorn docs](https://www.uvicorn.org/settings/#http) | * | `127.0.0.1` |
| `LOG_LEVEL` | The log level to use. One of `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`. | `INFO` | `INFO` | | `LOG_LEVEL` | The log level to use. One of `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`. | `INFO` | `INFO` |
| `LOG_DEBUG_TIDY` | When `LOG_LEVEL` is `DEBUG`, silences some really noisy loggers (like HTTP request loggers) to help you debug this program, not a dependency). | `true` | `false` | | `LOG_DEBUG_TIDY` | When `LOG_LEVEL` is `DEBUG`, silences some really noisy loggers (like HTTP request loggers) to help you debug this program, not a dependency). | `true` | `false` |
## How does it work?
Given that this server is meant to be a drop-in solution, there's a few differences to how you would expect
something this deeply integrated with a homeserver to work.
Here is a basic flow for how a preview request goes:
1. The user's client sends a request for a preview
2. The server will take the provided access token, and checks that it is valid with the homeserver.
3. If the token is invalid, M_INVALID_TOKEN is returned.
4. The server then checks if it has a cached entry

10
src/server.py
View file

@ -260,6 +260,8 @@ def preview_url(
description="Access token to use for the request." description="Access token to use for the request."
), ),
): ):
domain = os.environ.get("PREVIEW_HOMESERVER", "https://" + req.url.hostname)
if ts: if ts:
ts = round(ts / 1000) ts = round(ts / 1000)
if access_token_qs is not None: if access_token_qs is not None:
@ -269,6 +271,13 @@ def preview_url(
else: else:
return MISSING_TOKEN return MISSING_TOKEN
response = httpx.get(
domain + "/_matrix/client/r0/account/whoami",
headers={"Authorization": f"Bearer {access_token}"}
)
if response.status_code != 200:
return INVALID_TOKEN
results = db.CachedURLs.select().where(db.CachedURLs.url == url) results = db.CachedURLs.select().where(db.CachedURLs.url == url)
if results: if results:
for result in results: for result in results:
@ -296,7 +305,6 @@ def preview_url(
logging.debug("Full cache miss for %r", url) logging.debug("Full cache miss for %r", url)
res.headers["X-Cache"] = "full-miss" res.headers["X-Cache"] = "full-miss"
domain = os.environ.get("PREVIEW_HOMESERVER", "https://" + req.url.hostname)
with lock: with lock:
with httpx.Client( with httpx.Client(
headers={ headers={