From 9be072181c03643f2c6ff6f7c667f14b665ab020 Mon Sep 17 00:00:00 2001 From: strawberry Date: Sun, 7 Apr 2024 12:45:39 -0400 Subject: [PATCH] remove unneeded url preview function Signed-off-by: strawberry --- src/api/client_server/media.rs | 66 +--------------------------------- 1 file changed, 1 insertion(+), 65 deletions(-) diff --git a/src/api/client_server/media.rs b/src/api/client_server/media.rs index 2d1b9d3f..52c6c4b2 100644 --- a/src/api/client_server/media.rs +++ b/src/api/client_server/media.rs @@ -1,4 +1,4 @@ -use std::{io::Cursor, net::IpAddr, sync::Arc, time::Duration}; +use std::{io::Cursor, sync::Arc, time::Duration}; use image::io::Reader as ImgReader; use ipaddress::IPAddress; @@ -690,60 +690,6 @@ async fn download_html(client: &reqwest::Client, url: &str) -> Result bool { - // TODO: make this check ip_range_denylist - - // could be implemented with reqwest when it supports IP filtering: - // https://github.com/seanmonstar/reqwest/issues/1515 - - // These checks have been taken from the Rust core/net/ipaddr.rs crate, - // IpAddr::V4.is_global() and IpAddr::V6.is_global(), as .is_global is not - // yet stabilized. TODO: Once this is stable, this match can be simplified. - match addr { - IpAddr::V4(ip4) => { - !(ip4.octets()[0] == 0 // "This network" - || ip4.is_private() - || (ip4.octets()[0] == 100 && (ip4.octets()[1] & 0b1100_0000 == 0b0100_0000)) // is_shared() - || ip4.is_loopback() - || ip4.is_link_local() - // addresses reserved for future protocols (`192.0.0.0/24`) - || (ip4.octets()[0] == 192 && ip4.octets()[1] == 0 && ip4.octets()[2] == 0) - || ip4.is_documentation() - || (ip4.octets()[0] == 198 && (ip4.octets()[1] & 0xfe) == 18) // is_benchmarking() - || (ip4.octets()[0] & 240 == 240 && !ip4.is_broadcast()) // is_reserved() - || ip4.is_broadcast()) - }, - IpAddr::V6(ip6) => { - !(ip6.is_unspecified() - || ip6.is_loopback() - // IPv4-mapped Address (`::ffff:0:0/96`) - || matches!(ip6.segments(), [0, 0, 0, 0, 0, 0xffff, _, _]) - // IPv4-IPv6 Translat. (`64:ff9b:1::/48`) - || matches!(ip6.segments(), [0x64, 0xff9b, 1, _, _, _, _, _]) - // Discard-Only Address Block (`100::/64`) - || matches!(ip6.segments(), [0x100, 0, 0, 0, _, _, _, _]) - // IETF Protocol Assignments (`2001::/23`) - || (matches!(ip6.segments(), [0x2001, b, _, _, _, _, _, _] if b < 0x200) - && !( - // Port Control Protocol Anycast (`2001:1::1`) - u128::from_be_bytes(ip6.octets()) == 0x2001_0001_0000_0000_0000_0000_0000_0001 - // Traversal Using Relays around NAT Anycast (`2001:1::2`) - || u128::from_be_bytes(ip6.octets()) == 0x2001_0001_0000_0000_0000_0000_0000_0002 - // AMT (`2001:3::/32`) - || matches!(ip6.segments(), [0x2001, 3, _, _, _, _, _, _]) - // AS112-v6 (`2001:4:112::/48`) - || matches!(ip6.segments(), [0x2001, 4, 0x112, _, _, _, _, _]) - // ORCHIDv2 (`2001:20::/28`) - || matches!(ip6.segments(), [0x2001, b, _, _, _, _, _, _] if (0x20..=0x2F).contains(&b)) - )) - || ((ip6.segments()[0] == 0x2001) && (ip6.segments()[1] == 0xdb8)) // is_documentation() - || ((ip6.segments()[0] & 0xfe00) == 0xfc00) // is_unique_local() - || ((ip6.segments()[0] & 0xffc0) == 0xfe80)) // is_unicast_link_local - }, - } -} - async fn request_url_preview(url: &str) -> Result { if let Ok(ip) = IPAddress::parse(url) { let cidr_ranges_s = services().globals.ip_range_denylist().to_vec(); @@ -786,16 +732,6 @@ async fn request_url_preview(url: &str) -> Result { } } - if !response - .remote_addr() - .map_or(false, |a| url_request_allowed(&a.ip())) - { - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Requesting from this address is forbidden", - )); - } - let Some(content_type) = response .headers() .get(reqwest::header::CONTENT_TYPE)