imgproxy/imagedata/download.go

package imagedata

import (
	"compress/gzip"
	"context"
	"fmt"
	"io"
	"net/http"
	"net/http/cookiejar"
	"strings"
	"time"

	"github.com/imgproxy/imgproxy/v3/config"
	"github.com/imgproxy/imgproxy/v3/ierrors"
	"github.com/imgproxy/imgproxy/v3/security"

	defaultTransport "github.com/imgproxy/imgproxy/v3/transport"
	azureTransport "github.com/imgproxy/imgproxy/v3/transport/azure"
	fsTransport "github.com/imgproxy/imgproxy/v3/transport/fs"
	gcsTransport "github.com/imgproxy/imgproxy/v3/transport/gcs"
	s3Transport "github.com/imgproxy/imgproxy/v3/transport/s3"
	swiftTransport "github.com/imgproxy/imgproxy/v3/transport/swift"
)

var (
	downloadClient *http.Client

	enabledSchemes = map[string]struct{}{
		"http":  {},
		"https": {},
	}

	imageHeadersToStore = []string{
		"Cache-Control",
		"Expires",
		"ETag",
	}

	// For tests
	redirectAllRequestsTo string
)

const msgSourceImageIsUnreachable = "Source image is unreachable"

type DownloadOptions struct {
	Header    http.Header
	CookieJar *cookiejar.Jar
}

type ErrorNotModified struct {
	Message string
	Headers map[string]string
}

func (e *ErrorNotModified) Error() string {
	return e.Message
}

func initDownloading() error {
	transport, err := defaultTransport.New(true)
	if err != nil {
		return err
	}

	registerProtocol := func(scheme string, rt http.RoundTripper) {
		transport.RegisterProtocol(scheme, rt)
		enabledSchemes[scheme] = struct{}{}
	}

	if config.LocalFileSystemRoot != "" {
		registerProtocol("local", fsTransport.New())
	}

	if config.S3Enabled {
		if t, err := s3Transport.New(); err != nil {
			return err
		} else {
			registerProtocol("s3", t)
		}
	}

	if config.GCSEnabled {
		if t, err := gcsTransport.New(); err != nil {
			return err
		} else {
			registerProtocol("gs", t)
		}
	}

	if config.ABSEnabled {
		if t, err := azureTransport.New(); err != nil {
			return err
		} else {
			registerProtocol("abs", t)
		}
	}

	if config.SwiftEnabled {
		if t, err := swiftTransport.New(); err != nil {
			return err
		} else {
			registerProtocol("swift", t)
		}
	}

	downloadClient = &http.Client{
		Transport: transport,
		CheckRedirect: func(req *http.Request, via []*http.Request) error {
			redirects := len(via)
			if redirects >= config.MaxRedirects {
				return fmt.Errorf("stopped after %d redirects", redirects)
			}
			return nil
		},
	}

	return nil
}

func headersToStore(res *http.Response) map[string]string {
	m := make(map[string]string)

	for _, h := range imageHeadersToStore {
		if val := res.Header.Get(h); len(val) != 0 {
			m[h] = val
		}
	}

	return m
}

func BuildImageRequest(ctx context.Context, imageURL string, header http.Header, jar *cookiejar.Jar) (*http.Request, context.CancelFunc, error) {
	reqCtx, reqCancel := context.WithTimeout(ctx, time.Duration(config.DownloadTimeout)*time.Second)

	req, err := http.NewRequestWithContext(reqCtx, "GET", imageURL, nil)
	if err != nil {
		reqCancel()
		return nil, func() {}, ierrors.New(404, err.Error(), msgSourceImageIsUnreachable)
	}

	if _, ok := enabledSchemes[req.URL.Scheme]; !ok {
		reqCancel()
		return nil, func() {}, ierrors.New(
			404,
			fmt.Sprintf("Unknown scheme: %s", req.URL.Scheme),
			msgSourceImageIsUnreachable,
		)
	}

	if jar != nil {
		for _, cookie := range jar.Cookies(req.URL) {
			req.AddCookie(cookie)
		}
	}

	req.Header.Set("User-Agent", config.UserAgent)

	for k, v := range header {
		if len(v) > 0 {
			req.Header.Set(k, v[0])
		}
	}

	return req, reqCancel, nil
}

func SendRequest(req *http.Request) (*http.Response, error) {
	for {
		res, err := downloadClient.Do(req)
		if err == nil {
			return res, nil
		}

		if res != nil && res.Body != nil {
			res.Body.Close()
		}

		if strings.Contains(err.Error(), "client connection lost") {
			select {
			case <-req.Context().Done():
				return nil, err
			case <-time.After(100 * time.Microsecond):
				continue
			}
		}

		return nil, wrapError(err)
	}
}

func requestImage(ctx context.Context, imageURL string, opts DownloadOptions) (*http.Response, context.CancelFunc, error) {
	req, reqCancel, err := BuildImageRequest(ctx, imageURL, opts.Header, opts.CookieJar)
	if err != nil {
		reqCancel()
		return nil, func() {}, err
	}

	res, err := SendRequest(req)
	if err != nil {
		reqCancel()
		return nil, func() {}, err
	}

	if res.StatusCode == http.StatusNotModified {
		res.Body.Close()
		reqCancel()
		return nil, func() {}, &ErrorNotModified{Message: "Not Modified", Headers: headersToStore(res)}
	}

	if res.StatusCode != 200 {
		body, _ := io.ReadAll(res.Body)
		res.Body.Close()
		reqCancel()

		status := 404
		if res.StatusCode >= 500 {
			status = 500
		}

		msg := fmt.Sprintf("Status: %d; %s", res.StatusCode, string(body))
		return nil, func() {}, ierrors.New(status, msg, msgSourceImageIsUnreachable)
	}

	return res, reqCancel, nil
}

func download(ctx context.Context, imageURL string, opts DownloadOptions, secopts security.Options) (*ImageData, error) {
	// We use this for testing
	if len(redirectAllRequestsTo) > 0 {
		imageURL = redirectAllRequestsTo
	}

	res, reqCancel, err := requestImage(ctx, imageURL, opts)
	defer reqCancel()

	if res != nil {
		defer res.Body.Close()
	}
	if err != nil {
		return nil, err
	}

	body := res.Body
	contentLength := int(res.ContentLength)

	if res.Header.Get("Content-Encoding") == "gzip" {
		gzipBody, errGzip := gzip.NewReader(res.Body)
		if gzipBody != nil {
			defer gzipBody.Close()
		}
		if errGzip != nil {
			return nil, err
		}
		body = gzipBody
		contentLength = 0
	}

	imgdata, err := readAndCheckImage(body, contentLength, secopts)
	if err != nil {
		return nil, ierrors.Wrap(err, 0)
	}

	imgdata.Headers = headersToStore(res)

	return imgdata, nil
}

func RedirectAllRequestsTo(u string) {
	redirectAllRequestsTo = u
}

func StopRedirectingRequests() {
	redirectAllRequestsTo = ""
}
Global refactoring 2021-04-26 13:52:50 +02:00			`package imagedata`

			`import (`
			`"compress/gzip"`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`"context"`
Global refactoring 2021-04-26 13:52:50 +02:00			`"fmt"`
Get rid of io/ioutil usage 2022-10-28 17:15:13 +02:00			`"io"`
Global refactoring 2021-04-26 13:52:50 +02:00			`"net/http"`
Add option to pass through incoming cookies in the image request. 2021-11-09 13:14:05 +02:00			`"net/http/cookiejar"`
Retry source image request if http connection was lost 2023-04-16 19:58:34 +02:00			`"strings"`
Global refactoring 2021-04-26 13:52:50 +02:00			`"time"`

Bump version 2021-09-30 16:23:30 +02:00			`"github.com/imgproxy/imgproxy/v3/config"`
			`"github.com/imgproxy/imgproxy/v3/ierrors"`
Security processing options 2023-02-23 20:11:44 +02:00			`"github.com/imgproxy/imgproxy/v3/security"`
Global refactoring 2021-04-26 13:52:50 +02:00
Fix detection of dead HTTP/2 connections 2023-04-13 22:05:25 +02:00			`defaultTransport "github.com/imgproxy/imgproxy/v3/transport"`
Bump version 2021-09-30 16:23:30 +02:00			`azureTransport "github.com/imgproxy/imgproxy/v3/transport/azure"`
			`fsTransport "github.com/imgproxy/imgproxy/v3/transport/fs"`
			`gcsTransport "github.com/imgproxy/imgproxy/v3/transport/gcs"`
			`s3Transport "github.com/imgproxy/imgproxy/v3/transport/s3"`
Support OpenStack Swift Object Storage (#837) * Add OpenStack Swift support * Fix linting errors * Update CHANGELOG * Update swift documentation * Fix linting error * Swift transport: pass req.Context down, fix parseObjectURL() implementation * Make swift transport test a test suite * Use swift://{container}/{object_path} as the source image URL format * Cleanup * Swift transport: only close object when returning 304 2022-04-06 13:00:19 +02:00			`swiftTransport "github.com/imgproxy/imgproxy/v3/transport/swift"`
Global refactoring 2021-04-26 13:52:50 +02:00			`)`

			`var (`
			`downloadClient *http.Client`

Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`enabledSchemes = map[string]struct{}{`
			`"http": {},`
			`"https": {},`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`imageHeadersToStore = []string{`
			`"Cache-Control",`
			`"Expires",`
Etag passthough 2021-09-29 12:23:54 +02:00			`"ETag",`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`
Merge branch 'master' into version/3 2021-09-07 15:04:33 +02:00
			`// For tests`
			`redirectAllRequestsTo string`
Global refactoring 2021-04-26 13:52:50 +02:00			`)`

			`const msgSourceImageIsUnreachable = "Source image is unreachable"`

Move download options to imagedata.DownloadOptions 2023-02-23 20:39:52 +02:00			`type DownloadOptions struct {`
			`Header http.Header`
			`CookieJar *cookiejar.Jar`
			`}`

Add cache control headers to 304 response 2021-10-13 13:59:46 +02:00			`type ErrorNotModified struct {`
			`Message string`
			`Headers map[string]string`
			`}`

			`func (e *ErrorNotModified) Error() string {`
			`return e.Message`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`func initDownloading() error {`
Fix detection of dead HTTP/2 connections 2023-04-13 22:05:25 +02:00			`transport, err := defaultTransport.New(true)`
			`if err != nil {`
			`return err`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`registerProtocol := func(scheme string, rt http.RoundTripper) {`
			`transport.RegisterProtocol(scheme, rt)`
			`enabledSchemes[scheme] = struct{}{}`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`if config.LocalFileSystemRoot != "" {`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`registerProtocol("local", fsTransport.New())`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

			`if config.S3Enabled {`
			`if t, err := s3Transport.New(); err != nil {`
			`return err`
			`} else {`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`registerProtocol("s3", t)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`
			`}`

			`if config.GCSEnabled {`
			`if t, err := gcsTransport.New(); err != nil {`
			`return err`
			`} else {`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`registerProtocol("gs", t)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`
			`}`

			`if config.ABSEnabled {`
			`if t, err := azureTransport.New(); err != nil {`
			`return err`
			`} else {`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`registerProtocol("abs", t)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`
			`}`

Support OpenStack Swift Object Storage (#837) * Add OpenStack Swift support * Fix linting errors * Update CHANGELOG * Update swift documentation * Fix linting error * Swift transport: pass req.Context down, fix parseObjectURL() implementation * Make swift transport test a test suite * Use swift://{container}/{object_path} as the source image URL format * Cleanup * Swift transport: only close object when returning 304 2022-04-06 13:00:19 +02:00			`if config.SwiftEnabled {`
			`if t, err := swiftTransport.New(); err != nil {`
			`return err`
			`} else {`
			`registerProtocol("swift", t)`
			`}`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`downloadClient = &http.Client{`
			`Transport: transport,`
IMGPROXY_MAX_REDIRECTS config (#797) * IMGPROXY_MAX_REDIRECTS config * Apply suggestions from code review Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com> Co-authored-by: Travis-Turner <32389151+Travis-Turner@users.noreply.github.com> 2022-02-16 11:42:09 +02:00			`CheckRedirect: func(req http.Request, via []http.Request) error {`
			`redirects := len(via)`
			`if redirects >= config.MaxRedirects {`
			`return fmt.Errorf("stopped after %d redirects", redirects)`
			`}`
			`return nil`
			`},`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

			`return nil`
			`}`

Add cache control headers to 304 response 2021-10-13 13:59:46 +02:00			`func headersToStore(res *http.Response) map[string]string {`
			`m := make(map[string]string)`

			`for _, h := range imageHeadersToStore {`
			`if val := res.Header.Get(h); len(val) != 0 {`
			`m[h] = val`
			`}`
			`}`

			`return m`
			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`func BuildImageRequest(ctx context.Context, imageURL string, header http.Header, jar cookiejar.Jar) (http.Request, context.CancelFunc, error) {`
			`reqCtx, reqCancel := context.WithTimeout(ctx, time.Duration(config.DownloadTimeout)*time.Second)`

			`req, err := http.NewRequestWithContext(reqCtx, "GET", imageURL, nil)`
Global refactoring 2021-04-26 13:52:50 +02:00			`if err != nil {`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
			`return nil, func() {}, ierrors.New(404, err.Error(), msgSourceImageIsUnreachable)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`if _, ok := enabledSchemes[req.URL.Scheme]; !ok {`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
			`return nil, func() {}, ierrors.New(`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`404,`
Fix typo in an error message 2023-01-23 17:50:13 +02:00			`fmt.Sprintf("Unknown scheme: %s", req.URL.Scheme),`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`msgSourceImageIsUnreachable,`
Better downloading error reporting cause 2021-11-01 14:29:26 +02:00			`)`
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`}`

Add option to pass through incoming cookies in the image request. 2021-11-09 13:14:05 +02:00			`if jar != nil {`
			`for _, cookie := range jar.Cookies(req.URL) {`
			`req.AddCookie(cookie)`
			`}`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`req.Header.Set("User-Agent", config.UserAgent)`

Etag passthough 2021-09-29 12:23:54 +02:00			`for k, v := range header {`
			`if len(v) > 0 {`
			`req.Header.Set(k, v[0])`
			`}`
			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`return req, reqCancel, nil`
`raw` processing option 2022-09-07 12:50:21 +02:00			`}`

			`func SendRequest(req http.Request) (http.Response, error) {`
Retry source image request if http connection was lost 2023-04-16 19:58:34 +02:00			`for {`
			`res, err := downloadClient.Do(req)`
			`if err == nil {`
			`return res, nil`
			`}`

			`if res != nil && res.Body != nil {`
			`res.Body.Close()`
			`}`

			`if strings.Contains(err.Error(), "client connection lost") {`
			`select {`
			`case <-req.Context().Done():`
			`return nil, err`
			`case <-time.After(100 * time.Microsecond):`
			`continue`
			`}`
			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`return nil, wrapError(err)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`
`raw` processing option 2022-09-07 12:50:21 +02:00			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`func requestImage(ctx context.Context, imageURL string, opts DownloadOptions) (*http.Response, context.CancelFunc, error) {`
			`req, reqCancel, err := BuildImageRequest(ctx, imageURL, opts.Header, opts.CookieJar)`
`raw` processing option 2022-09-07 12:50:21 +02:00			`if err != nil {`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
			`return nil, func() {}, err`
`raw` processing option 2022-09-07 12:50:21 +02:00			`}`

			`res, err := SendRequest(req)`
			`if err != nil {`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
			`return nil, func() {}, err`
`raw` processing option 2022-09-07 12:50:21 +02:00			`}`

Etag passthough 2021-09-29 12:23:54 +02:00			`if res.StatusCode == http.StatusNotModified {`
`raw` processing option 2022-09-07 12:50:21 +02:00			`res.Body.Close()`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
			`return nil, func() {}, &ErrorNotModified{Message: "Not Modified", Headers: headersToStore(res)}`
Etag passthough 2021-09-29 12:23:54 +02:00			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`if res.StatusCode != 200 {`
Get rid of io/ioutil usage 2022-10-28 17:15:13 +02:00			`body, _ := io.ReadAll(res.Body)`
Global refactoring 2021-04-26 13:52:50 +02:00			`res.Body.Close()`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`reqCancel()`
Global refactoring 2021-04-26 13:52:50 +02:00
Respond with 500 for "temporary" downloading errors 2021-11-01 14:13:33 +02:00			`status := 404`
			`if res.StatusCode >= 500 {`
			`status = 500`
			`}`

Etag passthough 2021-09-29 12:23:54 +02:00			`msg := fmt.Sprintf("Status: %d; %s", res.StatusCode, string(body))`
use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`return nil, func() {}, ierrors.New(status, msg, msgSourceImageIsUnreachable)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`return res, reqCancel, nil`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`func download(ctx context.Context, imageURL string, opts DownloadOptions, secopts security.Options) (*ImageData, error) {`
Merge branch 'master' into version/3 2021-09-07 15:04:33 +02:00			`// We use this for testing`
			`if len(redirectAllRequestsTo) > 0 {`
			`imageURL = redirectAllRequestsTo`
			`}`

use "clean" HTTP transport; Use context for downloading timeout control 2023-03-21 19:58:16 +02:00			`res, reqCancel, err := requestImage(ctx, imageURL, opts)`
			`defer reqCancel()`

Global refactoring 2021-04-26 13:52:50 +02:00			`if res != nil {`
			`defer res.Body.Close()`
			`}`
			`if err != nil {`
			`return nil, err`
			`}`

			`body := res.Body`
			`contentLength := int(res.ContentLength)`

			`if res.Header.Get("Content-Encoding") == "gzip" {`
			`gzipBody, errGzip := gzip.NewReader(res.Body)`
			`if gzipBody != nil {`
			`defer gzipBody.Close()`
			`}`
			`if errGzip != nil {`
			`return nil, err`
			`}`
			`body = gzipBody`
			`contentLength = 0`
			`}`

Security processing options 2023-02-23 20:11:44 +02:00			`imgdata, err := readAndCheckImage(body, contentLength, secopts)`
Global refactoring 2021-04-26 13:52:50 +02:00			`if err != nil {`
Better downloading error reporting cause 2021-11-01 14:29:26 +02:00			`return nil, ierrors.Wrap(err, 0)`
Global refactoring 2021-04-26 13:52:50 +02:00			`}`

Add cache control headers to 304 response 2021-10-13 13:59:46 +02:00			`imgdata.Headers = headersToStore(res)`
Global refactoring 2021-04-26 13:52:50 +02:00
			`return imgdata, nil`
			`}`
Merge branch 'master' into version/3 2021-09-07 15:04:33 +02:00
			`func RedirectAllRequestsTo(u string) {`
			`redirectAllRequestsTo = u`
			`}`

			`func StopRedirectingRequests() {`
			`redirectAllRequestsTo = ""`
			`}`