codey/codey.lol
1
0
Fork 0
Code Issues Pull Requests Activity
Files
564bfefa4ac4f9fc1bdf2ff541811cac5a15bb93
codey.lol/src/pages/api/image-proxy.js

270 lines
7.1 KiB
JavaScript
Raw Normal View History

feat(api): add endpoints for fetching reaction users and searching messages - Implemented GET endpoint to fetch users who reacted with a specific emoji on a message. - Added validation for messageId and emoji parameters. - Enhanced user data retrieval with display names and avatar URLs. - Created a search endpoint for Discord messages with support for content and embed searches. - Included pagination and rate limiting for search results. feat(api): introduce image proxy and link preview endpoints - Developed an image proxy API to securely fetch images from untrusted domains. - Implemented HMAC signing for image URLs to prevent abuse. - Created a link preview API to fetch Open Graph metadata from URLs. - Added support for trusted domains and safe image URL generation. style(pages): create Discord logs page with authentication - Added a new page for displaying archived Discord channel logs. - Integrated authentication check to ensure user access. refactor(utils): enhance API authentication and database connection - Improved API authentication helper to manage user sessions and token refresh. - Established a PostgreSQL database connection utility for Discord logs.
2025-12-03 13:27:37 -05:00
/**
* Server-side image proxy API endpoint
* Proxies images from untrusted domains to prevent user IP exposure
* Uses HMAC signatures to prevent abuse
*/
import {
checkRateLimit,
recordRequest,
getCookieId,
generateNonce,
createNonceCookie,
} from '../../utils/rateLimit.js';
feat(api): implement rate limiting and SSRF protection across endpoints - Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse. - Introduced SSRF protection in `image-proxy` to block requests to private IP ranges. - Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction. - Refactored authentication checks in various pages to utilize middleware for cleaner code. - Improved JWT key loading with error handling and security warnings for production. - Updated `authFetch` utility to handle token refresh more efficiently with deduplication. - Enhanced rate limiting utility to trust proxy headers from known sources. - Numerous layout / design changes
2025-12-05 14:21:52 -05:00
// Secret key for signing URLs - MUST be set in production
const SIGNING_SECRET = import.meta.env.IMAGE_PROXY_SECRET;
if (!SIGNING_SECRET) {
console.error('CRITICAL: IMAGE_PROXY_SECRET environment variable is not set!');
}
// Private IP ranges to block (SSRF protection)
const PRIVATE_IP_PATTERNS = [
/^127\./, // localhost
/^10\./, // Class A private
/^172\.(1[6-9]|2[0-9]|3[0-1])\./, // Class B private
/^192\.168\./, // Class C private
/^169\.254\./, // Link-local
/^0\./, // Current network
/^224\./, // Multicast
/^255\./, // Broadcast
/^localhost$/i,
/^\[?::1\]?$/, // IPv6 localhost
/^\[?fe80:/i, // IPv6 link-local
/^\[?fc00:/i, // IPv6 private
/^\[?fd00:/i, // IPv6 private
];
function isPrivateUrl(urlString) {
try {
const url = new URL(urlString);
const hostname = url.hostname;
return PRIVATE_IP_PATTERNS.some(pattern => pattern.test(hostname));
} catch {
return true; // Block invalid URLs
}
}
feat(api): add endpoints for fetching reaction users and searching messages - Implemented GET endpoint to fetch users who reacted with a specific emoji on a message. - Added validation for messageId and emoji parameters. - Enhanced user data retrieval with display names and avatar URLs. - Created a search endpoint for Discord messages with support for content and embed searches. - Included pagination and rate limiting for search results. feat(api): introduce image proxy and link preview endpoints - Developed an image proxy API to securely fetch images from untrusted domains. - Implemented HMAC signing for image URLs to prevent abuse. - Created a link preview API to fetch Open Graph metadata from URLs. - Added support for trusted domains and safe image URL generation. style(pages): create Discord logs page with authentication - Added a new page for displaying archived Discord channel logs. - Integrated authentication check to ensure user access. refactor(utils): enhance API authentication and database connection - Improved API authentication helper to manage user sessions and token refresh. - Established a PostgreSQL database connection utility for Discord logs.
2025-12-03 13:27:37 -05:00
// Max image size to proxy (25MB - needed for animated GIFs)
const MAX_IMAGE_SIZE = 25 * 1024 * 1024;
// Allowed content types
const ALLOWED_CONTENT_TYPES = [
'image/jpeg',
'image/png',
'image/gif',
'image/webp',
'image/svg+xml',
'image/bmp',
'image/x-icon',
'image/vnd.microsoft.icon',
'image/avif',
'image/apng',
];
// Image extensions for fallback content-type detection
const IMAGE_EXTENSIONS = {
'.jpg': 'image/jpeg',
'.jpeg': 'image/jpeg',
'.png': 'image/png',
'.gif': 'image/gif',
'.webp': 'image/webp',
'.svg': 'image/svg+xml',
'.bmp': 'image/bmp',
'.ico': 'image/x-icon',
'.avif': 'image/avif',
'.apng': 'image/apng',
};
/**
* Get content type from URL extension
*/
function getContentTypeFromUrl(url) {
try {
const pathname = new URL(url).pathname.toLowerCase();
for (const [ext, type] of Object.entries(IMAGE_EXTENSIONS)) {
if (pathname.endsWith(ext)) {
return type;
}
}
} catch {}
return null;
}
/**
* Generate HMAC signature for a URL
*/
export async function signImageUrl(imageUrl) {
const encoder = new TextEncoder();
const key = await crypto.subtle.importKey(
'raw',
encoder.encode(SIGNING_SECRET),
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign']
);
const signature = await crypto.subtle.sign('HMAC', key, encoder.encode(imageUrl));
const signatureHex = Array.from(new Uint8Array(signature))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
return signatureHex;
}
/**
* Verify HMAC signature for a URL
*/
async function verifySignature(imageUrl, signature) {
const expectedSignature = await signImageUrl(imageUrl);
return signature === expectedSignature;
}
/**
* Create a signed proxy URL for an image
*/
export async function createSignedProxyUrl(imageUrl) {
const signature = await signImageUrl(imageUrl);
return `/api/image-proxy?url=${encodeURIComponent(imageUrl)}&sig=${signature}`;
}
export async function GET({ request }) {
// Rate limit check
const rateCheck = checkRateLimit(request, {
limit: 20,
windowMs: 1000,
burstLimit: 100,
burstWindowMs: 10_000,
});
let cookieId = getCookieId(request);
const hadCookie = !!cookieId;
if (!cookieId) {
cookieId = generateNonce();
}
if (!rateCheck.allowed) {
const response = new Response('Rate limit exceeded', {
status: 429,
headers: { 'Retry-After': '1' },
});
if (!hadCookie) {
response.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return response;
}
recordRequest(request, 1000);
const url = new URL(request.url);
const imageUrl = url.searchParams.get('url');
const signature = url.searchParams.get('sig');
if (!imageUrl) {
return new Response('Missing url parameter', { status: 400 });
}
if (!signature) {
return new Response('Missing signature', { status: 403 });
}
feat(api): implement rate limiting and SSRF protection across endpoints - Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse. - Introduced SSRF protection in `image-proxy` to block requests to private IP ranges. - Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction. - Refactored authentication checks in various pages to utilize middleware for cleaner code. - Improved JWT key loading with error handling and security warnings for production. - Updated `authFetch` utility to handle token refresh more efficiently with deduplication. - Enhanced rate limiting utility to trust proxy headers from known sources. - Numerous layout / design changes
2025-12-05 14:21:52 -05:00
// Require signing secret to be configured
if (!SIGNING_SECRET) {
return new Response('Server misconfigured', { status: 500 });
}
feat(api): add endpoints for fetching reaction users and searching messages - Implemented GET endpoint to fetch users who reacted with a specific emoji on a message. - Added validation for messageId and emoji parameters. - Enhanced user data retrieval with display names and avatar URLs. - Created a search endpoint for Discord messages with support for content and embed searches. - Included pagination and rate limiting for search results. feat(api): introduce image proxy and link preview endpoints - Developed an image proxy API to securely fetch images from untrusted domains. - Implemented HMAC signing for image URLs to prevent abuse. - Created a link preview API to fetch Open Graph metadata from URLs. - Added support for trusted domains and safe image URL generation. style(pages): create Discord logs page with authentication - Added a new page for displaying archived Discord channel logs. - Integrated authentication check to ensure user access. refactor(utils): enhance API authentication and database connection - Improved API authentication helper to manage user sessions and token refresh. - Established a PostgreSQL database connection utility for Discord logs.
2025-12-03 13:27:37 -05:00
// Verify the signature
const isValid = await verifySignature(imageUrl, signature);
if (!isValid) {
return new Response('Invalid signature', { status: 403 });
}
// Validate URL format
let parsedUrl;
try {
parsedUrl = new URL(imageUrl);
if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
throw new Error('Invalid protocol');
}
} catch {
return new Response('Invalid URL', { status: 400 });
}
feat(api): implement rate limiting and SSRF protection across endpoints - Added rate limiting to `reaction-users`, `search`, and `image-proxy` APIs to prevent abuse. - Introduced SSRF protection in `image-proxy` to block requests to private IP ranges. - Enhanced `link-preview` to use `linkedom` for HTML parsing and improved meta tag extraction. - Refactored authentication checks in various pages to utilize middleware for cleaner code. - Improved JWT key loading with error handling and security warnings for production. - Updated `authFetch` utility to handle token refresh more efficiently with deduplication. - Enhanced rate limiting utility to trust proxy headers from known sources. - Numerous layout / design changes
2025-12-05 14:21:52 -05:00
// SSRF protection: block private/internal IPs
if (isPrivateUrl(imageUrl)) {
return new Response('URL not allowed', { status: 403 });
}
feat(api): add endpoints for fetching reaction users and searching messages - Implemented GET endpoint to fetch users who reacted with a specific emoji on a message. - Added validation for messageId and emoji parameters. - Enhanced user data retrieval with display names and avatar URLs. - Created a search endpoint for Discord messages with support for content and embed searches. - Included pagination and rate limiting for search results. feat(api): introduce image proxy and link preview endpoints - Developed an image proxy API to securely fetch images from untrusted domains. - Implemented HMAC signing for image URLs to prevent abuse. - Created a link preview API to fetch Open Graph metadata from URLs. - Added support for trusted domains and safe image URL generation. style(pages): create Discord logs page with authentication - Added a new page for displaying archived Discord channel logs. - Integrated authentication check to ensure user access. refactor(utils): enhance API authentication and database connection - Improved API authentication helper to manage user sessions and token refresh. - Established a PostgreSQL database connection utility for Discord logs.
2025-12-03 13:27:37 -05:00
try {
const controller = new AbortController();
const timeout = setTimeout(() => controller.abort(), 10000);
const response = await fetch(imageUrl, {
method: 'GET',
headers: {
'User-Agent': 'Mozilla/5.0 (compatible; ImageProxy/1.0)',
'Accept': 'image/*',
},
signal: controller.signal,
redirect: 'follow',
});
clearTimeout(timeout);
if (!response.ok) {
return new Response('Failed to fetch image', { status: 502 });
}
let contentType = response.headers.get('content-type') || '';
const contentLength = parseInt(response.headers.get('content-length') || '0', 10);
// Validate content type - must be an image
let isAllowedType = ALLOWED_CONTENT_TYPES.some(type => contentType.startsWith(type));
// If server returned generic binary type, try to infer from URL extension
if (!isAllowedType && (contentType.includes('octet-stream') || contentType === '')) {
const inferredType = getContentTypeFromUrl(imageUrl);
if (inferredType) {
contentType = inferredType;
isAllowedType = true;
}
}
if (!isAllowedType) {
console.error(`[image-proxy] Invalid content type: ${contentType} for URL: ${imageUrl}`);
return new Response(`Invalid content type: ${contentType}`, { status: 400 });
}
// Check size limit
if (contentLength > MAX_IMAGE_SIZE) {
return new Response('Image too large', { status: 413 });
}
// Stream the image through
const imageData = await response.arrayBuffer();
// Double-check size after download
if (imageData.byteLength > MAX_IMAGE_SIZE) {
return new Response('Image too large', { status: 413 });
}
const proxyResponse = new Response(imageData, {
status: 200,
headers: {
'Content-Type': contentType,
'Content-Length': imageData.byteLength.toString(),
'Cache-Control': 'public, max-age=86400', // Cache for 1 day
'X-Content-Type-Options': 'nosniff',
},
});
if (!hadCookie) {
proxyResponse.headers.set('Set-Cookie', createNonceCookie(cookieId));
}
return proxyResponse;
} catch (err) {
console.error('[image-proxy] Error fetching image:', err.message);
return new Response('Failed to fetch image', { status: 500 });
}
}
Reference in New Issue Copy Permalink