From 30f744e116721a917f9e4e241ccc32cf23fa5153 Mon Sep 17 00:00:00 2001 From: DarthSim Date: Thu, 15 Sep 2022 22:11:27 +0600 Subject: [PATCH] Try to fix path if signature is invalid --- CHANGELOG.md | 3 +++ fix_path.go | 22 ++++++++++++++++++++++ processing_handler.go | 8 +++++++- 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 fix_path.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ff79d7f..12d5648a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ - Add [raw](https://docs.imgproxy.net/latest/generating_the_url?id=raw) processing option. - (pro) Add encrypted source URL support. +### Changed +- Fix some invalid signature cases that happen because of URL normalization. + ## [3.7.2] - 2022-08-22 ### Changed - (docker) Faster images quantization. diff --git a/fix_path.go b/fix_path.go new file mode 100644 index 00000000..ee04183f --- /dev/null +++ b/fix_path.go @@ -0,0 +1,22 @@ +package main + +import ( + "fmt" + "regexp" + "strings" +) + +var fixPathRe = regexp.MustCompile(`/plain/(\S+)\:/([^/])`) + +func fixPath(path string) string { + for _, match := range fixPathRe.FindAllStringSubmatch(path, -1) { + repl := fmt.Sprintf("/plain/%s://", match[1]) + if match[1] == "local" { + repl += "/" + } + repl += match[2] + path = strings.Replace(path, match[0], repl, 1) + } + + return path +} diff --git a/processing_handler.go b/processing_handler.go index 267ac391..a3cdf8c4 100644 --- a/processing_handler.go +++ b/processing_handler.go @@ -218,7 +218,13 @@ func handleProcessing(reqID string, rw http.ResponseWriter, r *http.Request) { } if err := security.VerifySignature(signature, path); err != nil { - sendErrAndPanic(ctx, "security", ierrors.New(403, err.Error(), "Forbidden")) + // Some proxy servers may normalize URL and make signature invalid. + // Try to fix the path and repeat the check + path = fixPath(path) + + if err = security.VerifySignature(signature, path); err != nil { + sendErrAndPanic(ctx, "security", ierrors.New(403, err.Error(), "Forbidden")) + } } po, imageURL, err := options.ParsePath(path, r.Header)