From 75605dcc59179e0f8495669cc515885f2953e404 Mon Sep 17 00:00:00 2001 From: luk3yx Date: Sat, 5 Oct 2024 23:11:19 +1300 Subject: [PATCH] Fix bad idea --- README.md | 5 +++-- miniirc_matrix.py | 16 ++++++++-------- setup.py | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 5b6b40f..a535b23 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,9 @@ To expose this to the public, you must use a reverse proxy, and should set up caching and some kind of rate limiting to prevent abuse. You can set the `media_proxy_url` keyword argument to the public proxy URL. -A HMAC is created based on the API token and URL to prevent using the proxy to -fetch arbitrary attachment URLs. +A HMAC is created based on a random key and URL to prevent using the proxy to +fetch arbitrary attachment URLs. To make this value consistent across restarts, +pass a bytes value to the `media_proxy_key` keyword argument. ## Installation diff --git a/miniirc_matrix.py b/miniirc_matrix.py index d100ae3..f8720e5 100644 --- a/miniirc_matrix.py +++ b/miniirc_matrix.py @@ -9,11 +9,11 @@ from collections.abc import Callable from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer from typing import Any, Optional, TypeVar, overload from urllib.parse import quote as _url_quote, urlparse as _urlparse -import functools, hmac, html.parser, itertools, json, math, re, time, uuid +import functools, hmac, html.parser, itertools, json, math, os, re, time, uuid import miniirc, requests, threading, traceback # type: ignore -ver = (0, 0, 12) +ver = (0, 0, 13) __version__ = '.'.join(map(str, ver)) @@ -440,6 +440,7 @@ class Matrix(miniirc.IRC): token: Optional[str] = None, media_proxy_port: Optional[int] = None, media_proxy_url: Optional[str] = None, + media_proxy_key: Optional[bytes] = None, **kwargs ) -> None: # Cache _get_room_url @@ -463,9 +464,11 @@ class Matrix(miniirc.IRC): self._media_proxy: Optional[ThreadingHTTPServer] = None self._media_proxy_port = media_proxy_port - if media_proxy_port and not media_proxy_port: + if media_proxy_port and not media_proxy_url: media_proxy_url = f'http://127.0.0.1:{media_proxy_port}' self._media_proxy_url = media_proxy_url and media_proxy_url.rstrip('/') + if media_proxy_port is not None: + self._media_proxy_key = media_proxy_key or os.urandom(32) # Stop miniirc from trying to access the (non-existent) socket kwargs['ping_interval'] = kwargs['ping_timeout'] = None @@ -541,11 +544,8 @@ class Matrix(miniirc.IRC): return f'rooms/{_url_quote(room_id)}' def __make_url_digest(self, path: str) -> str: - return hmac.digest( - b'miniirc_matrix hmac v1 ' + self.token.encode('ascii'), - path.encode('ascii'), - 'sha256' - ).hex() + return hmac.digest(self._media_proxy_key, path.encode('ascii'), + 'sha256').hex() def _download_media(self, url: str) -> requests.Response: url_base, _, key = url.partition('?key=') diff --git a/setup.py b/setup.py index da1d112..41c164e 100755 --- a/setup.py +++ b/setup.py @@ -5,7 +5,7 @@ from setuptools import setup setup( name='miniirc_matrix', - version='0.0.12', + version='0.0.13', py_modules=['miniirc_matrix'], author='luk3yx', description='A Matrix wrapper for miniirc.',