diff options
-rw-r--r-- | MatrixMediaGate/MatrixMediaGate.csproj | 4 | ||||
-rw-r--r-- | MatrixMediaGate/Program.cs | 191 | ||||
-rw-r--r-- | MatrixMediaGate/deps.nix | 35 | ||||
-rw-r--r-- | flake.lock | 6 | ||||
-rwxr-xr-x | mkdeps | 3 |
5 files changed, 136 insertions, 103 deletions
diff --git a/MatrixMediaGate/MatrixMediaGate.csproj b/MatrixMediaGate/MatrixMediaGate.csproj index f847a82..bcbd018 100644 --- a/MatrixMediaGate/MatrixMediaGate.csproj +++ b/MatrixMediaGate/MatrixMediaGate.csproj @@ -7,4 +7,8 @@ <InvariantGlobalization>true</InvariantGlobalization> </PropertyGroup> + <ItemGroup> + <PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="8.0.0" /> + </ItemGroup> + </Project> diff --git a/MatrixMediaGate/Program.cs b/MatrixMediaGate/Program.cs index ee06b9a..ec4e755 100644 --- a/MatrixMediaGate/Program.cs +++ b/MatrixMediaGate/Program.cs @@ -1,96 +1,95 @@ -using System.Net; -using System.Net.Http.Headers; -using System.Text.Json; -using MatrixMediaGate; -using MatrixMediaGate.Services; - -var builder = WebApplication.CreateBuilder(args); - -builder.Services.AddSingleton<ProxyConfiguration>(); -builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); -builder.Services.AddSingleton<AuthValidator>(); -builder.Services.AddSingleton<HttpClient>(services => { - var cfg = services.GetRequiredService<ProxyConfiguration>(); - // var handler = new HttpClientHandler() { AutomaticDecompression = DecompressionMethods.None }; - return new HttpClient() { - BaseAddress = new Uri(cfg.Upstream), - MaxResponseContentBufferSize = 1 * 1024 * 1024 // 1MB - }; -}); - -var app = builder.Build(); - -async Task Proxy(HttpClient hc, ProxyConfiguration cfg, HttpContext ctx, ILogger<Program> logger) { - if (ctx is null) return; - var path = ctx.Request.Path.Value; - if (path is null) return; - if (path.StartsWith('/')) - path = path[1..]; - path += ctx.Request.QueryString.Value; - - var method = new HttpMethod(ctx.Request.Method); - using var req = new HttpRequestMessage(method, path); - foreach (var header in ctx.Request.Headers) { - if (header.Key != "Accept-Encoding" && header.Key != "Content-Type" && header.Key != "Content-Length") - req.Headers.Add(header.Key, header.Value.ToArray()); - } - req.Headers.Host = cfg.Host; - - if (ctx.Request.ContentLength > 0) { - req.Content = new StreamContent(ctx.Request.Body); - if (ctx.Request.ContentType != null) req.Content.Headers.ContentType = new MediaTypeHeaderValue(ctx.Request.ContentType); - if (ctx.Request.ContentLength != null) req.Content.Headers.ContentLength = ctx.Request.ContentLength; - } - - logger.LogInformation($"Proxying {method} {path} to {hc.BaseAddress}{path}"); - - using var response = await hc.SendAsync(req, HttpCompletionOption.ResponseHeadersRead); - ctx.Response.Headers.Clear(); - foreach (var header in response.Headers) { - if (header.Key != "Transfer-Encoding") - ctx.Response.Headers[header.Key] = header.Value.ToArray(); - } - - ctx.Response.StatusCode = (int)response.StatusCode; - ctx.Response.ContentType = response.Content.Headers.ContentType?.ToString() ?? "application/json"; - if (response.Content.Headers.ContentLength != null) ctx.Response.ContentLength = response.Content.Headers.ContentLength; - await ctx.Response.StartAsync(); - await using var content = await response.Content.ReadAsStreamAsync(); - await content.CopyToAsync(ctx.Response.Body); - await ctx.Response.Body.FlushAsync(); - await ctx.Response.CompleteAsync(); -} - -async Task ProxyMaybeAuth(HttpClient hc, ProxyConfiguration cfg, AuthValidator auth, HttpContext ctx, ILogger<Program> logger) { - await auth.UpdateAuth(ctx); - - await Proxy(hc, cfg, ctx, logger); -} - -async Task ProxyMedia(string serverName, ProxyConfiguration cfg, HttpClient hc, AuthValidator auth, HttpContext ctx, ILogger<Program> logger) { - // Some clients may send Authorization header, so we handle this last... - if (cfg.TrustedServers.Contains(serverName) || auth.ValidateAuth(ctx) || await auth.UpdateAuth(ctx)) { - await Proxy(hc, cfg, ctx, logger); - } - else { - ctx.Response.StatusCode = 403; - ctx.Response.ContentType = "application/json"; - await ctx.Response.StartAsync(); - var json = JsonSerializer.Serialize(new { errcode = "M_FORBIDDEN", error = "Unauthenticated access to remote media has been disabled on this server." }); - await ctx.Response.WriteAsync(json); - await ctx.Response.Body.FlushAsync(); - await ctx.Response.CompleteAsync(); - } -} - -app.Map("{*_}", ProxyMaybeAuth); -app.Map("/_matrix/federation/{*_}", Proxy); - -foreach (var route in (string[]) [ - "/_matrix/media/{version}/download/{serverName}/{mediaId}", - "/_matrix/media/{version}/download/{serverName}/{mediaId}/{fileName}", - "/_matrix/media/{version}/thumbnail/{serverName}/{mediaId}", - ]) - app.Map(route, ProxyMedia); - -app.Run(); \ No newline at end of file +using System.Net; +using System.Net.Http.Headers; +using System.Text.Json; +using MatrixMediaGate; +using MatrixMediaGate.Services; + +var builder = WebApplication.CreateBuilder(args); +builder.Host.UseSystemd(); +builder.Services.AddSingleton<ProxyConfiguration>(); +builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); +builder.Services.AddSingleton<AuthValidator>(); +builder.Services.AddSingleton<HttpClient>(services => { + var cfg = services.GetRequiredService<ProxyConfiguration>(); + return new HttpClient() { + BaseAddress = new Uri(cfg.Upstream), + MaxResponseContentBufferSize = 1 * 1024 * 1024 // 1MB + }; +}); + +var app = builder.Build(); + +async Task Proxy(HttpClient hc, ProxyConfiguration cfg, HttpContext ctx, ILogger<Program> logger) { + var path = ctx.Request.Path.Value; + if (path is null) return; + if (path.StartsWith('/')) + path = path[1..]; + path += ctx.Request.QueryString.Value; + + var method = new HttpMethod(ctx.Request.Method); + using var req = new HttpRequestMessage(method, path); + foreach (var header in ctx.Request.Headers) { + if (header.Key != "Accept-Encoding" && header.Key != "Content-Type" && header.Key != "Content-Length") + req.Headers.Add(header.Key, header.Value.ToArray()); + } + + req.Headers.Host = cfg.Host; + + if (ctx.Request.ContentLength > 0) { + req.Content = new StreamContent(ctx.Request.Body); + if (ctx.Request.ContentType != null) req.Content.Headers.ContentType = new MediaTypeHeaderValue(ctx.Request.ContentType); + if (ctx.Request.ContentLength != null) req.Content.Headers.ContentLength = ctx.Request.ContentLength; + } + + logger.LogInformation($"Proxying {method} {path} to {hc.BaseAddress}{path}"); + + using var response = await hc.SendAsync(req, HttpCompletionOption.ResponseHeadersRead); + ctx.Response.Headers.Clear(); + foreach (var header in response.Headers) { + if (header.Key != "Transfer-Encoding") + ctx.Response.Headers[header.Key] = header.Value.ToArray(); + } + + ctx.Response.StatusCode = (int)response.StatusCode; + ctx.Response.ContentType = response.Content.Headers.ContentType?.ToString() ?? "application/json"; + if (response.Content.Headers.ContentLength != null) ctx.Response.ContentLength = response.Content.Headers.ContentLength; + await ctx.Response.StartAsync(); + await using var content = await response.Content.ReadAsStreamAsync(); + await content.CopyToAsync(ctx.Response.Body); + await ctx.Response.Body.FlushAsync(); + await ctx.Response.CompleteAsync(); +} + +async Task ProxyMaybeAuth(HttpClient hc, ProxyConfiguration cfg, AuthValidator auth, HttpContext ctx, ILogger<Program> logger) { + await auth.UpdateAuth(ctx); + + await Proxy(hc, cfg, ctx, logger); +} + +async Task ProxyMedia(string serverName, ProxyConfiguration cfg, HttpClient hc, AuthValidator auth, HttpContext ctx, ILogger<Program> logger) { + // Some clients may send Authorization header, so we handle this last... + if (cfg.TrustedServers.Contains(serverName) || auth.ValidateAuth(ctx) || await auth.UpdateAuth(ctx)) { + await Proxy(hc, cfg, ctx, logger); + } + else { + ctx.Response.StatusCode = 403; + ctx.Response.ContentType = "application/json"; + await ctx.Response.StartAsync(); + var json = JsonSerializer.Serialize(new { errcode = "M_FORBIDDEN", error = "Unauthenticated access to remote media has been disabled on this server." }); + await ctx.Response.WriteAsync(json); + await ctx.Response.Body.FlushAsync(); + await ctx.Response.CompleteAsync(); + } +} + +app.Map("{*_}", ProxyMaybeAuth); +app.Map("/_matrix/federation/{*_}", Proxy); // Don't bother with auth for federation + +foreach (var route in (string[]) [ // Require recent auth for these routes + "/_matrix/media/{version}/download/{serverName}/{mediaId}", + "/_matrix/media/{version}/download/{serverName}/{mediaId}/{fileName}", + "/_matrix/media/{version}/thumbnail/{serverName}/{mediaId}", + ]) + app.Map(route, ProxyMedia); + +app.Run(); diff --git a/MatrixMediaGate/deps.nix b/MatrixMediaGate/deps.nix index 3d0b76b..12c8aef 100644 --- a/MatrixMediaGate/deps.nix +++ b/MatrixMediaGate/deps.nix @@ -1,5 +1,34 @@ { fetchNuGet }: [ - (fetchNuGet { pname = "Microsoft.DotNet.ILCompiler"; version = "8.0.1"; sha256 = "1pmh2wdw7n0906x7qc2mlgjhyndap78dm60zrz76bbmzhwc4r0mv"; }) - (fetchNuGet { pname = "Microsoft.NET.ILLink.Tasks"; version = "8.0.1"; sha256 = "1drbgqdcvbpisjn8mqfgba1pwb6yri80qc4mfvyczqwrcsj5k2ja"; }) - (fetchNuGet { pname = "runtime.linux-x64.Microsoft.DotNet.ILCompiler"; version = "8.0.1"; sha256 = "0mky32k6kv2iy14c89xbznyrr33ni616s85z40ny43j5w9scxh04"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration"; version = "8.0.0"; sha256 = "080kab87qgq2kh0ijry5kfdiq9afyzb8s0k3jqi5zbbi540yq4zl"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.Abstractions"; version = "8.0.0"; sha256 = "1jlpa4ggl1gr5fs7fdcw04li3y3iy05w3klr9lrrlc7v8w76kq71"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.Binder"; version = "8.0.0"; sha256 = "1m0gawiz8f5hc3li9vd5psddlygwgkiw13d7div87kmkf4idza8r"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.CommandLine"; version = "8.0.0"; sha256 = "026f7f2iv6ph2dc5rnslll0bly8qcx5clmh2nn9hgyqjizzc4qvy"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.EnvironmentVariables"; version = "8.0.0"; sha256 = "13qb8wz3k59ihq0mjcqz1kwrpyzxn5da4dhk2pvcgc42z9kcbf7r"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.FileExtensions"; version = "8.0.0"; sha256 = "1jrmlfzy4h32nzf1nm5q8bhkpx958b0ww9qx1k1zm4pyaf6mqb04"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.Json"; version = "8.0.0"; sha256 = "1n3ss26v1lq6b69fxk1vz3kqv9ppxq8ypgdqpd7415xrq66y4bqn"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Configuration.UserSecrets"; version = "8.0.0"; sha256 = "1br01zhzhnxjzqx63bxd25x48y9xs69hcs71pjni8y9kl50zja7z"; }) + (fetchNuGet { pname = "Microsoft.Extensions.DependencyInjection"; version = "8.0.0"; sha256 = "0i7qziz0iqmbk8zzln7kx9vd0lbx1x3va0yi3j1bgkjir13h78ps"; }) + (fetchNuGet { pname = "Microsoft.Extensions.DependencyInjection.Abstractions"; version = "8.0.0"; sha256 = "1zw0bpp5742jzx03wvqc8csnvsbgdqi0ls9jfc5i2vd3cl8b74pg"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Diagnostics"; version = "8.0.0"; sha256 = "0ghwkld91k20hcbmzg2137w81mzzdh8hfaapdwckhza0vipya4kw"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Diagnostics.Abstractions"; version = "8.0.0"; sha256 = "15m4j6w9n8h0mj7hlfzb83hd3wn7aq1s7fxbicm16slsjfwzj82i"; }) + (fetchNuGet { pname = "Microsoft.Extensions.FileProviders.Abstractions"; version = "8.0.0"; sha256 = "1idq65fxwcn882c06yci7nscy9i0rgw6mqjrl7362prvvsd9f15r"; }) + (fetchNuGet { pname = "Microsoft.Extensions.FileProviders.Physical"; version = "8.0.0"; sha256 = "05wxjvjbx79ir7vfkri6b28k8zl8fa6bbr0i7gahqrim2ijvkp6v"; }) + (fetchNuGet { pname = "Microsoft.Extensions.FileSystemGlobbing"; version = "8.0.0"; sha256 = "1igf2bqism22fxv7km5yv028r4rg12a4lki2jh4xg3brjkagiv7q"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Hosting"; version = "8.0.0"; sha256 = "1f2af5m1yny8b43251gsj75hjd9ixni1clcldy8cg91z1vxxm8dh"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Hosting.Abstractions"; version = "8.0.0"; sha256 = "00d5dwmzw76iy8z40ly01hy9gly49a7rpf7k7m99vrid1kxp346h"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Hosting.Systemd"; version = "8.0.0"; sha256 = "1jhxx8wyk18vspvfp30j5dymv8m85jg9s1iahdkfyin5v5j8g0xq"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging"; version = "8.0.0"; sha256 = "0nppj34nmq25gnrg0wh1q22y4wdqbih4ax493f226azv8mkp9s1i"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.Abstractions"; version = "8.0.0"; sha256 = "1klcqhg3hk55hb6vmjiq2wgqidsl81aldw0li2z98lrwx26msrr6"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.Configuration"; version = "8.0.0"; sha256 = "1d9b734vnll935661wqkgl7ry60rlh5p876l2bsa930mvfsaqfcv"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.Console"; version = "8.0.0"; sha256 = "1mvp3ipw7k33v2qw2yrvc4vl5yzgpk3yxa94gg0gz7wmcmhzvmkd"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.Debug"; version = "8.0.0"; sha256 = "1h7mg97lj0ss47kq7zwnihh9c6xcrkwrr8ffhc16qcsrh36sg6q0"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.EventLog"; version = "8.0.0"; sha256 = "05vfrxw7mlwlwhsl6r4yrhxk3sd8dv5sl0hdlcpgw62n53incw5x"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Logging.EventSource"; version = "8.0.0"; sha256 = "0gbjll6p03rmw0cf8fp0p8cxzn9awmzv8hvnyqbczrkax5h7p94i"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Options"; version = "8.0.0"; sha256 = "0p50qn6zhinzyhq9sy5svnmqqwhw2jajs2pbjh9sah504wjvhscz"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Options.ConfigurationExtensions"; version = "8.0.0"; sha256 = "04nm8v5a3zp0ill7hjnwnja3s2676b4wffdri8hdk2341p7mp403"; }) + (fetchNuGet { pname = "Microsoft.Extensions.Primitives"; version = "8.0.0"; sha256 = "0aldaz5aapngchgdr7dax9jw5wy7k7hmjgjpfgfv1wfif27jlkqm"; }) + (fetchNuGet { pname = "System.Diagnostics.DiagnosticSource"; version = "8.0.0"; sha256 = "0nzra1i0mljvmnj1qqqg37xs7bl71fnpl68nwmdajchh65l878zr"; }) + (fetchNuGet { pname = "System.Diagnostics.EventLog"; version = "8.0.0"; sha256 = "1xnvcidh2qf6k7w8ij1rvj0viqkq84cq47biw0c98xhxg5rk3pxf"; }) + (fetchNuGet { pname = "System.Text.Encodings.Web"; version = "8.0.0"; sha256 = "1wbypkx0m8dgpsaqgyywz4z760xblnwalb241d5qv9kx8m128i11"; }) + (fetchNuGet { pname = "System.Text.Json"; version = "8.0.0"; sha256 = "134savxw0sq7s448jnzw17bxcijsi1v38mirpbb6zfxmqlf04msw"; }) ] diff --git a/flake.lock b/flake.lock index 6a9aa53..d168430 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708655239, - "narHash": "sha256-ZrP/yACUvDB+zbqYJsln4iwotbH6CTZiTkANJ0AgDv4=", + "lastModified": 1708807242, + "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cbc4211f0afffe6dfd2478a62615dd5175a13f9a", + "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", "type": "github" }, "original": { diff --git a/mkdeps b/mkdeps index 96930a6..8a89831 100755 --- a/mkdeps +++ b/mkdeps @@ -1,5 +1,6 @@ #!/usr/bin/env nix-shell -#!nix-shell -i "bash -x" -p bash nuget-to-nix git dotnet-sdk_8 nix curl jq yq +#!nix-shell -i "bash -x" -p bash nuget-to-nix git dotnet-sdk_8 nix curl jq yq -vvvvv +set +x projects=( MatrixMediaGate ) |