forked-synapse/synapse/rest/media/v1/download_resource.py

# -*- coding: utf-8 -*-
# Copyright 2014-2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging

from twisted.internet import defer
from twisted.web.resource import Resource
from twisted.web.server import NOT_DONE_YET

import synapse.http.servlet
from synapse.http.server import set_cors_headers, wrap_json_request_handler

from ._base import parse_media_id, respond_404

logger = logging.getLogger(__name__)


class DownloadResource(Resource):
    isLeaf = True

    def __init__(self, hs, media_repo):
        Resource.__init__(self)

        self.media_repo = media_repo
        self.server_name = hs.hostname

        # this is expected by @wrap_json_request_handler
        self.clock = hs.get_clock()

    def render_GET(self, request):
        self._async_render_GET(request)
        return NOT_DONE_YET

    @wrap_json_request_handler
    @defer.inlineCallbacks
    def _async_render_GET(self, request):
        set_cors_headers(request)
        request.setHeader(
            "Content-Security-Policy",
            "default-src 'none';"
            " script-src 'none';"
            " plugin-types application/pdf;"
            " style-src 'unsafe-inline';"
            " object-src 'self';"
        )
        server_name, media_id, name = parse_media_id(request)
        if server_name == self.server_name:
            yield self.media_repo.get_local_media(request, media_id, name)
        else:
            allow_remote = synapse.http.servlet.parse_boolean(
                request, "allow_remote", default=True)
            if not allow_remote:
                logger.info(
                    "Rejecting request for remote media %s/%s due to allow_remote",
                    server_name, media_id,
                )
                respond_404(request)
                return

            yield self.media_repo.get_remote_media(request, server_name, media_id, name)
Implement download support for media_repository 2014-12-04 09:22:31 -05:00			`# -- coding: utf-8 --`
copyrights 2016-01-06 23:26:29 -05:00			`# Copyright 2014-2016 OpenMarket Ltd`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
Remove redundant request_handler decorator This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. 2018-05-10 07:10:27 -04:00			`import logging`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00
Remove redundant request_handler decorator This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. 2018-05-10 07:10:27 -04:00			`from twisted.internet import defer`
Split out BaseMediaResource into MediaRepository This is so that a single MediaRepository can be shared across all resources, rather than having a "copy" per resource. In particular this allows us to guard against both the thumbnail and download resource triggering a download of remote content at the same time. 2016-04-19 06:24:59 -04:00			`from twisted.web.resource import Resource`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00			`from twisted.web.server import NOT_DONE_YET`

Remove redundant request_handler decorator This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. 2018-05-10 07:10:27 -04:00			`import synapse.http.servlet`
run isort 2018-07-09 02:09:20 -04:00			`from synapse.http.server import set_cors_headers, wrap_json_request_handler`

Remove redundant request_handler decorator This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. 2018-05-10 07:10:27 -04:00			`from ._base import parse_media_id, respond_404`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00
			`logger = logging.getLogger(__name__)`


Split out BaseMediaResource into MediaRepository This is so that a single MediaRepository can be shared across all resources, rather than having a "copy" per resource. In particular this allows us to guard against both the thumbnail and download resource triggering a download of remote content at the same time. 2016-04-19 06:24:59 -04:00			`class DownloadResource(Resource):`
			`isLeaf = True`

			`def __init__(self, hs, media_repo):`
			`Resource.__init__(self)`

			`self.media_repo = media_repo`
			`self.server_name = hs.hostname`
Add missing class var 2018-01-12 08:16:27 -05:00
Set Server header in SynapseRequest (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really. 2018-05-10 13:46:59 -04:00			`# this is expected by @wrap_json_request_handler`
Report per request metrics for all of the things using request_handler 2016-04-28 05:57:49 -04:00			`self.clock = hs.get_clock()`
Split out BaseMediaResource into MediaRepository This is so that a single MediaRepository can be shared across all resources, rather than having a "copy" per resource. In particular this allows us to guard against both the thumbnail and download resource triggering a download of remote content at the same time. 2016-04-19 06:24:59 -04:00
Implement download support for media_repository 2014-12-04 09:22:31 -05:00			`def render_GET(self, request):`
			`self._async_render_GET(request)`
			`return NOT_DONE_YET`

Remove redundant request_handler decorator This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. 2018-05-10 07:10:27 -04:00			`@wrap_json_request_handler`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00			`@defer.inlineCallbacks`
			`def _async_render_GET(self, request):`
Set CORs headers on responses from the media repo 2016-11-02 07:29:25 -04:00			`set_cors_headers(request)`
Allow PDF to be rendered from media repo 2016-09-05 11:43:30 -04:00			`request.setHeader(`
			`"Content-Security-Policy",`
Add quotes and be explicity about script-src 2016-09-05 12:35:01 -04:00			`"default-src 'none';"`
			`" script-src 'none';"`
Allow PDF to be rendered from media repo 2016-09-05 11:43:30 -04:00			`" plugin-types application/pdf;"`
			`" style-src 'unsafe-inline';"`
			`" object-src 'self';"`
			`)`
If user supplies filename in URL when downloading from media repo, use that name in Content Disposition 2015-07-03 06:24:55 -04:00			`server_name, media_id, name = parse_media_id(request)`
Thumbnail uploaded and cached images 2014-12-10 09:46:55 -05:00			`if server_name == self.server_name:`
Use MediaStorage for local files 2018-01-08 12:45:11 -05:00			`yield self.media_repo.get_local_media(request, media_id, name)`
Thumbnail uploaded and cached images 2014-12-10 09:46:55 -05:00			`else:`
Use MediaStorage for remote media 2018-01-08 12:52:06 -05:00			`allow_remote = synapse.http.servlet.parse_boolean(`
			`request, "allow_remote", default=True)`
			`if not allow_remote:`
			`logger.info(`
			`"Rejecting request for remote media %s/%s due to allow_remote",`
			`server_name, media_id,`
			`)`
			`respond_404(request)`
			`return`
Implement download support for media_repository 2014-12-04 09:22:31 -05:00
Use MediaStorage for remote media 2018-01-08 12:52:06 -05:00			`yield self.media_repo.get_remote_media(request, server_name, media_id, name)`