151 lines
4.9 KiB
TypeScript
151 lines
4.9 KiB
TypeScript
import bcrypt from "bcrypt";
|
|
|
|
import { createId } from "@homarr/common";
|
|
import { decryptSecret, encryptSecret } from "@homarr/common/server";
|
|
import { fetchWithTrustedCertificatesAsync } from "@homarr/core/infrastructure/http";
|
|
import { createLogger } from "@homarr/core/infrastructure/logs";
|
|
import { ErrorWithMetadata } from "@homarr/core/infrastructure/logs/error";
|
|
import { createGetSetChannel } from "@homarr/redis";
|
|
|
|
const logger = createLogger({ module: "imageProxy" });
|
|
|
|
const createHashChannel = (hash: `${string}.${string}`) => createGetSetChannel<string>(`image-proxy:hash:${hash}`);
|
|
const createUrlByIdChannel = (id: string) =>
|
|
createGetSetChannel<{
|
|
url: `${string}.${string}`;
|
|
headers: `${string}.${string}`;
|
|
}>(`image-proxy:url:${id}`);
|
|
const saltChannel = createGetSetChannel<string>("image-proxy:salt");
|
|
|
|
export class ImageProxy {
|
|
private static salt: string | null = null;
|
|
private async getOrCreateSaltAsync(): Promise<string> {
|
|
if (ImageProxy.salt) return ImageProxy.salt;
|
|
const existingSalt = await saltChannel.getAsync();
|
|
if (existingSalt) {
|
|
ImageProxy.salt = existingSalt;
|
|
return existingSalt;
|
|
}
|
|
|
|
const salt = await bcrypt.genSalt(10);
|
|
logger.debug("Generated new salt for image proxy", { salt });
|
|
ImageProxy.salt = salt;
|
|
await saltChannel.setAsync(salt);
|
|
return salt;
|
|
}
|
|
|
|
public async createImageAsync(url: string, headers?: Record<string, string>): Promise<string> {
|
|
const existingId = await this.getExistingIdAsync(url, headers);
|
|
if (existingId) {
|
|
logger.debug("Image already exists in the proxy", {
|
|
id: existingId,
|
|
url: this.redactUrl(url),
|
|
headers: this.redactHeaders(headers ?? null),
|
|
});
|
|
return this.createImageUrl(existingId);
|
|
}
|
|
|
|
const id = createId();
|
|
await this.storeImageAsync(id, url, headers);
|
|
|
|
return this.createImageUrl(id);
|
|
}
|
|
|
|
public async forwardImageAsync(id: string): Promise<Blob | null> {
|
|
const urlAndHeaders = await this.getImageUrlAndHeadersAsync(id);
|
|
if (!urlAndHeaders) {
|
|
return null;
|
|
}
|
|
|
|
const response = await fetchWithTrustedCertificatesAsync(urlAndHeaders.url, {
|
|
headers: urlAndHeaders.headers ?? {},
|
|
});
|
|
|
|
const proxyUrl = this.createImageUrl(id);
|
|
if (!response.ok) {
|
|
logger.error(
|
|
new ErrorWithMetadata("Failed to fetch image", {
|
|
id,
|
|
url: this.redactUrl(urlAndHeaders.url),
|
|
headers: this.redactHeaders(urlAndHeaders.headers),
|
|
proxyUrl,
|
|
statusCode: response.status,
|
|
}),
|
|
);
|
|
return null;
|
|
}
|
|
|
|
const blob = (await response.blob()) as Blob;
|
|
logger.debug("Forwarding image succeeded", {
|
|
id,
|
|
url: this.redactUrl(urlAndHeaders.url),
|
|
headers: this.redactHeaders(urlAndHeaders.headers),
|
|
proxyUrl,
|
|
size: `${(blob.size / 1024).toFixed(1)}KB`,
|
|
});
|
|
|
|
return blob;
|
|
}
|
|
|
|
private createImageUrl(id: string): string {
|
|
return `/api/image-proxy/${id}`;
|
|
}
|
|
|
|
private async getImageUrlAndHeadersAsync(id: string) {
|
|
const urlHeaderChannel = createUrlByIdChannel(id);
|
|
const urlHeader = await urlHeaderChannel.getAsync();
|
|
if (!urlHeader) {
|
|
logger.warn("Image not found in the proxy", { id });
|
|
return null;
|
|
}
|
|
|
|
return {
|
|
url: decryptSecret(urlHeader.url),
|
|
headers: JSON.parse(decryptSecret(urlHeader.headers)) as Record<string, string> | null,
|
|
};
|
|
}
|
|
|
|
private async getExistingIdAsync(url: string, headers: Record<string, string> | undefined): Promise<string | null> {
|
|
const salt = await this.getOrCreateSaltAsync();
|
|
const urlHash = await bcrypt.hash(url, salt);
|
|
const headerHash = await bcrypt.hash(JSON.stringify(headers ?? null), salt);
|
|
|
|
const channel = createHashChannel(`${urlHash}.${headerHash}`);
|
|
return await channel.getAsync();
|
|
}
|
|
|
|
private async storeImageAsync(id: string, url: string, headers: Record<string, string> | undefined): Promise<void> {
|
|
const salt = await this.getOrCreateSaltAsync();
|
|
const urlHash = await bcrypt.hash(url, salt);
|
|
const headerHash = await bcrypt.hash(JSON.stringify(headers ?? null), salt);
|
|
|
|
const hashChannel = createHashChannel(`${urlHash}.${headerHash}`);
|
|
const urlHeaderChannel = createUrlByIdChannel(id);
|
|
await urlHeaderChannel.setAsync({
|
|
url: encryptSecret(url),
|
|
headers: encryptSecret(JSON.stringify(headers ?? null)),
|
|
});
|
|
await hashChannel.setAsync(id);
|
|
|
|
logger.debug("Stored image in the proxy", {
|
|
id,
|
|
url: this.redactUrl(url),
|
|
headers: this.redactHeaders(headers ?? null),
|
|
});
|
|
}
|
|
|
|
private redactUrl(url: string): string {
|
|
const urlObject = new URL(url);
|
|
|
|
const redactedSearch = [...urlObject.searchParams.keys()].map((key) => `${key}=REDACTED`).join("&");
|
|
|
|
return `${urlObject.origin}${urlObject.pathname}${redactedSearch ? `?${redactedSearch}` : ""}`;
|
|
}
|
|
|
|
private redactHeaders(headers: Record<string, string> | null): string | null {
|
|
if (!headers) return null;
|
|
|
|
return Object.keys(headers).join(", ");
|
|
}
|
|
}
|