Commit a4e94997 authored by Chris's avatar Chris Committed by Christopher Brown

Add /v4/image api (#8230)

* add image api

* i suppose i should add a test...

* only redirect to image proxy
parent 9bf23ece
......@@ -76,6 +76,8 @@ type Routes struct {
Compliance *mux.Router // 'api/v4/compliance'
Cluster *mux.Router // 'api/v4/cluster'
Image *mux.Router // 'api/v4/image'
LDAP *mux.Router // 'api/v4/ldap'
Elasticsearch *mux.Router // 'api/v4/elasticsearch'
......@@ -194,6 +196,8 @@ func Init(a *app.App, root *mux.Router, full bool) *API {
api.BaseRoutes.OpenGraph = api.BaseRoutes.ApiRoot.PathPrefix("/opengraph").Subrouter()
api.BaseRoutes.Image = api.BaseRoutes.ApiRoot.PathPrefix("/image").Subrouter()
api.InitUser()
api.InitTeam()
api.InitChannel()
......@@ -219,6 +223,7 @@ func Init(a *app.App, root *mux.Router, full bool) *API {
api.InitWebrtc()
api.InitOpenGraph()
api.InitPlugin()
api.InitImage()
root.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
......
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package api4
import (
"net/http"
)
func (api *API) InitImage() {
api.BaseRoutes.Image.Handle("", api.ApiSessionRequiredTrustRequester(getImage)).Methods("GET")
}
func getImage(c *Context, w http.ResponseWriter, r *http.Request) {
// Only redirect to our image proxy if one is enabled. Arbitrary redirects are not allowed for
// security reasons.
if transform := c.App.ImageProxyAdder(); transform != nil {
http.Redirect(w, r, transform(r.URL.Query().Get("url")), http.StatusFound)
} else {
http.NotFound(w, r)
}
}
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package api4
import (
"net/http"
"net/url"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/mattermost/mattermost-server/model"
)
func TestGetImage(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
th.Client.HttpClient.CheckRedirect = func(*http.Request, []*http.Request) error {
return http.ErrUseLastResponse
}
originURL := "http://foo.bar/baz.gif"
r, err := http.NewRequest("GET", th.Client.ApiUrl+"/image?url="+url.QueryEscape(originURL), nil)
require.NoError(t, err)
r.Header.Set(model.HEADER_AUTH, th.Client.AuthType+" "+th.Client.AuthToken)
th.App.UpdateConfig(func(cfg *model.Config) {
cfg.ServiceSettings.ImageProxyType = nil
})
resp, err := th.Client.HttpClient.Do(r)
require.NoError(t, err)
assert.Equal(t, http.StatusNotFound, resp.StatusCode)
th.App.UpdateConfig(func(cfg *model.Config) {
cfg.ServiceSettings.ImageProxyType = model.NewString("willnorris/imageproxy")
cfg.ServiceSettings.ImageProxyURL = model.NewString("https://proxy.foo.bar")
})
r, err = http.NewRequest("GET", th.Client.ApiUrl+"/image?url="+originURL, nil)
require.NoError(t, err)
r.Header.Set(model.HEADER_AUTH, th.Client.AuthType+" "+th.Client.AuthToken)
resp, err = th.Client.HttpClient.Do(r)
require.NoError(t, err)
assert.Equal(t, http.StatusFound, resp.StatusCode)
assert.Equal(t, "https://proxy.foo.bar//"+originURL, resp.Header.Get("Location"))
}
......@@ -456,6 +456,9 @@ func GenerateClientConfig(c *model.Config, diagnosticId string) map[string]strin
props["PluginsEnabled"] = strconv.FormatBool(*c.PluginSettings.Enable)
hasImageProxy := c.ServiceSettings.ImageProxyType != nil && *c.ServiceSettings.ImageProxyType != "" && c.ServiceSettings.ImageProxyURL != nil && *c.ServiceSettings.ImageProxyURL != ""
props["HasImageProxy"] = strconv.FormatBool(hasImageProxy)
if IsLicensed() {
License := License()
props["ExperimentalTownSquareIsReadOnly"] = strconv.FormatBool(*c.TeamSettings.ExperimentalTownSquareIsReadOnly)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment