Fix sodium and bad cache mimetype stuff

This commit is contained in:
carbotaniuman 2020-07-29 13:37:11 -05:00
parent 6b23564f75
commit eab29ba2a3
2 changed files with 18 additions and 8 deletions

View file

@ -6,15 +6,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Added ### Added
- [2020-07-13] Added reloading client setting without stopping client by [@radonbark] - [2020-07-13] Added reloading client setting without stopping client by [@radonbark].
### Changed ### Changed
- [2020-07-29] Disallow unsafe ports [@m3ch_mania].
### Deprecated ### Deprecated
### Removed ### Removed
### Fixed ### Fixed
- [2020-07-29] Fixed stupid libsodium bugs [@carbotaniuman].
- [2020-07-29] Fixed issues from the Great Cache Propagation [@carbotaniuman].
### Security ### Security

View file

@ -76,8 +76,6 @@ class ImageServer(
private val executor = Executors.newCachedThreadPool() private val executor = Executors.newCachedThreadPool()
fun handler(dataSaver: Boolean, tokenized: Boolean = false): HttpHandler { fun handler(dataSaver: Boolean, tokenized: Boolean = false): HttpHandler {
val sodium = LazySodiumJava(SodiumJava())
return baseHandler().then { request -> return baseHandler().then { request ->
val chapterHash = Path.of("chapterHash")(request) val chapterHash = Path.of("chapterHash")(request)
val fileName = Path.of("fileName")(request) val fileName = Path.of("fileName")(request)
@ -102,7 +100,7 @@ class ImageServer(
val token = try { val token = try {
JACKSON.readValue<Token>( JACKSON.readValue<Token>(
try { try {
sodium.cryptoBoxOpenEasyAfterNm( SODIUM.cryptoBoxOpenEasyAfterNm(
tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.tokenKey tokenArr.sliceArray(24 until tokenArr.size), tokenArr.sliceArray(0 until 24), serverSettings.tokenKey
) )
} catch (_: SodiumException) { } catch (_: SodiumException) {
@ -144,12 +142,12 @@ class ImageServer(
} }
} }
if (snapshot != null && imageDatum != null) { if (snapshot != null && imageDatum != null && imageDatum.contentType.isImageMimetype()) {
request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum) request.handleCacheHit(sanitizedUri, getRc4(rc4Bytes), snapshot, imageDatum)
} else { } else {
if (snapshot != null) { if (snapshot != null) {
snapshot.close() snapshot.close()
LOGGER.warn { "Removing cache file for $sanitizedUri without corresponding DB entry" } LOGGER.warn { "Removing broken cache file for $sanitizedUri" }
cache.removeUnsafe(imageId.toCacheId()) cache.removeUnsafe(imageId.toCacheId())
} }
@ -218,12 +216,18 @@ class ImageServer(
return Response(mdResponse.status) return Response(mdResponse.status)
} }
LOGGER.trace { "Upstream query for $sanitizedUri succeeded" }
val contentType = mdResponse.header("Content-Type")!! val contentType = mdResponse.header("Content-Type")!!
val contentLength = mdResponse.header("Content-Length") val contentLength = mdResponse.header("Content-Length")
val lastModified = mdResponse.header("Last-Modified") val lastModified = mdResponse.header("Last-Modified")
if (!contentType.isImageMimetype()) {
LOGGER.trace { "Upstream query for $sanitizedUri returned bad mimetype $contentType" }
mdResponse.close()
return Response(Status.INTERNAL_SERVER_ERROR)
}
LOGGER.trace { "Upstream query for $sanitizedUri succeeded" }
val editor = cache.editUnsafe(imageId.toCacheId()) val editor = cache.editUnsafe(imageId.toCacheId())
// A null editor means that this file is being written to // A null editor means that this file is being written to
@ -291,6 +295,7 @@ class ImageServer(
.header("X-Cache", if (cached) "HIT" else "MISS") .header("X-Cache", if (cached) "HIT" else "MISS")
companion object { companion object {
private val SODIUM = LazySodiumJava(SodiumJava())
private val LOGGER = LoggerFactory.getLogger(ImageServer::class.java) private val LOGGER = LoggerFactory.getLogger(ImageServer::class.java)
private val JACKSON: ObjectMapper = jacksonObjectMapper() private val JACKSON: ObjectMapper = jacksonObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
@ -329,3 +334,5 @@ private fun printHexString(bytes: ByteArray): String {
} }
return sb.toString() return sb.toString()
} }
private fun String.isImageMimetype() = this.toLowerCase().startsWith("image/")