zulip/zerver/views/thumbnail.py

from typing import Optional, Union

from django.contrib.auth.models import AnonymousUser
from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
from django.shortcuts import redirect
from django.utils.translation import gettext as _

from zerver.context_processors import get_valid_realm_from_request
from zerver.lib.attachments import validate_attachment_request
from zerver.lib.thumbnail import generate_thumbnail_url
from zerver.lib.typed_endpoint import typed_endpoint
from zerver.models import Realm, UserProfile


def validate_thumbnail_request(
    realm: Realm,
    maybe_user_profile: Union[UserProfile, AnonymousUser],
    path: str,
) -> Optional[bool]:
    # path here does not have a leading / as it is parsed from request hitting the
    # thumbnail endpoint (defined in urls.py) that way.
    if path.startswith("user_uploads/"):
        path_id = path[len("user_uploads/") :]
        return validate_attachment_request(maybe_user_profile, path_id, realm)

    # This is an external link and we don't enforce restricted view policy here.
    return True


@typed_endpoint
def backend_serve_thumbnail(
    request: HttpRequest,
    maybe_user_profile: Union[UserProfile, AnonymousUser],
    *,
    url: str,
    size: str,
) -> HttpResponse:
    if not maybe_user_profile.is_authenticated:
        realm = get_valid_realm_from_request(request)
    else:
        assert isinstance(maybe_user_profile, UserProfile)
        realm = maybe_user_profile.realm

    if not validate_thumbnail_request(realm, maybe_user_profile, url):
        return HttpResponseForbidden(_("<p>You are not authorized to view this file.</p>"))

    thumbnail_url = generate_thumbnail_url(url)
    return redirect(thumbnail_url)
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`from typing import Optional, Union`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`from django.contrib.auth.models import AnonymousUser`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`from django.http import HttpRequest, HttpResponse, HttpResponseForbidden`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00			`from django.shortcuts import redirect`
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-04-16 00:57:30 +02:00			`from django.utils.translation import gettext as _`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`from zerver.context_processors import get_valid_realm_from_request`
models: Move some functions to zerver.lib.attachments. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-12-15 20:03:19 +01:00			`from zerver.lib.attachments import validate_attachment_request`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00			`from zerver.lib.thumbnail import generate_thumbnail_url`
zerver: Migrate several small files to typed_endpoint. Migrate "submessage.py", "thumbnail.py", "tutorial.py", "zephyr.py" and "dev_login.py" to `typed_endpoint`. 2024-06-28 21:14:00 +02:00			`from zerver.lib.typed_endpoint import typed_endpoint`
models: Move some functions to zerver.lib.attachments. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-12-15 20:03:19 +01:00			`from zerver.models import Realm, UserProfile`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`def validate_thumbnail_request(`
			`realm: Realm,`
			`maybe_user_profile: Union[UserProfile, AnonymousUser],`
			`path: str,`
			`) -> Optional[bool]:`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00			`# path here does not have a leading / as it is parsed from request hitting the`
			`# thumbnail endpoint (defined in urls.py) that way.`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if path.startswith("user_uploads/"):`
			`path_id = path[len("user_uploads/") :]`
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`return validate_attachment_request(maybe_user_profile, path_id, realm)`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00
			`# This is an external link and we don't enforce restricted view policy here.`
			`return True`

python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
zerver: Migrate several small files to typed_endpoint. Migrate "submessage.py", "thumbnail.py", "tutorial.py", "zephyr.py" and "dev_login.py" to `typed_endpoint`. 2024-06-28 21:14:00 +02:00			`@typed_endpoint`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def backend_serve_thumbnail(`
			`request: HttpRequest,`
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`maybe_user_profile: Union[UserProfile, AnonymousUser],`
zerver: Migrate several small files to typed_endpoint. Migrate "submessage.py", "thumbnail.py", "tutorial.py", "zephyr.py" and "dev_login.py" to `typed_endpoint`. 2024-06-28 21:14:00 +02:00			`*,`
			`url: str,`
			`size: str,`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`) -> HttpResponse:`
upload: Allow rate limited access to spectators for uploaded files. We allow spectators access to uploaded files in web public streams but rate limit the daily requests to 1000 per file by default. 2021-11-02 15:42:58 +01:00			`if not maybe_user_profile.is_authenticated:`
			`realm = get_valid_realm_from_request(request)`
			`else:`
			`assert isinstance(maybe_user_profile, UserProfile)`
			`realm = maybe_user_profile.realm`

			`if not validate_thumbnail_request(realm, maybe_user_profile, url):`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00			`return HttpResponseForbidden(_("<p>You are not authorized to view this file.</p>"))`

requirements: Remove Thumbor. Thumbor and tc-aws have been dragging their feet on Python 3 support for years, and even the alphas and unofficial forks we’ve been running don’t seem to be maintained anymore. Depending on these projects is no longer viable for us. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-05-07 00:38:24 +02:00			`thumbnail_url = generate_thumbnail_url(url)`
thumbor: Complete implementation of thumbnailing. Various pieces of our thumbor-based thumbnailing system were already merged; this adds the remaining pieces required for it to work: * a THUMBOR_URL Django setting that controls whether thumbor is enabled on the Zulip server (and if so, where thumbor is hosted). * Replaces the overly complicated prototype cryptography logic * Adds a /thumbnail endpoint (supported both on web and mobile) for accessing thumbnails in messages, designed to support hosting both external URLs as well as uploaded files (and applying Zulip's security model for access to thumbnails of uploaded files). * Modifies bugdown to, when THUMBOR_URL is set, render images with the `src` attribute pointing /thumbnail (to provide a small thumbnail for the image), along with adding a "data-original" attribute that can be used to access the "original/full" size version of the image. There are a few things that don't work quite yet: * The S3 backend support is incomplete and doesn't work yet. * The error pages for unauthorized access are ugly. * We might want to rename data-original and /thumbnail?size=original to use some other name, like "full", that better reflects the fact that we're potentially not serving the original image URL. 2018-03-08 09:37:09 +01:00			`return redirect(thumbnail_url)`