Rewrite images to use local proxy

Cargo.toml

@@ -129,6 +129,7 @@ rustls = { version = "0.21.8", features = ["dangerous_configuration"] }
 futures-util = "0.3.28"
 tokio-postgres = "0.7.10"
 tokio-postgres-rustls = "0.10.0"
+urlencoding = "2.1.3"
 enum-map = "2.7"
 
 [dependencies]

config/defaults.hjson

@@ -44,7 +44,13 @@
     # Set a custom pictrs API key. ( Required for deleting images )
     api_key: "string"
     # Cache remote images
-    cache_remote_images: true
+    cache_remote_thumbnails: true
+    # If enabled, all images from remote domains are rewritten to pass through `/api/v3/image_proxy`.
+    # This improves privacy as users don't expose their IP to untrusted servers, and decreases load
+    # on other servers. However it causes more load for the local server.
+    # 
+    # Requires pict-rs 0.5
+    image_proxy: false
   }
   # Email sending configuration. All options except login/password are mandatory
   email: {

crates/api/src/local_user/save_settings.rs

@@ -2,7 +2,12 @@ use actix_web::web::{Data, Json};
 use lemmy_api_common::{
   context::LemmyContext,
   person::SaveUserSettings,
-  utils::send_verification_email,
+  utils::{
+    local_site_to_slur_regex,
+    process_markdown_opt,
+    proxy_image_link_opt_api,
+    send_verification_email,
+  },
   SuccessResponse,
 };
 use lemmy_db_schema::{
@@ -12,7 +17,7 @@ use lemmy_db_schema::{
     person::{Person, PersonUpdateForm},
   },
   traits::Crud,
-  utils::{diesel_option_overwrite, diesel_option_overwrite_to_url},
+  utils::diesel_option_overwrite,
 };
 use lemmy_db_views::structs::{LocalUserView, SiteView};
 use lemmy_utils::{
@@ -28,9 +33,12 @@ pub async fn save_user_settings(
 ) -> Result<Json<SuccessResponse>, LemmyError> {
   let site_view = SiteView::read_local(&mut context.pool()).await?;
 
-  let avatar = diesel_option_overwrite_to_url(&data.avatar)?;
-  let banner = diesel_option_overwrite_to_url(&data.banner)?;
-  let bio = diesel_option_overwrite(data.bio.clone());
+  let slur_regex = local_site_to_slur_regex(&site_view.local_site);
+  let bio = process_markdown_opt(&data.bio, &slur_regex, &context).await?;
+
+  let avatar = proxy_image_link_opt_api(&data.avatar, &context).await?;
+  let banner = proxy_image_link_opt_api(&data.banner, &context).await?;
+  let bio = diesel_option_overwrite(bio);
   let display_name = diesel_option_overwrite(data.display_name.clone());
   let matrix_user_id = diesel_option_overwrite(data.matrix_user_id.clone());
   let email_deref = data.email.as_deref().map(str::to_lowercase);

crates/api/src/site/purge/person.rs

@@ -8,7 +8,7 @@ use lemmy_api_common::{
 };
 use lemmy_db_schema::{
   source::{
-    image_upload::ImageUpload,
+    images::LocalImage,
     moderator::{AdminPurgePerson, AdminPurgePersonForm},
     person::Person,
   },
@@ -31,7 +31,7 @@ pub async fn purge_person(
 
   let local_user = LocalUserView::read_person(&mut context.pool(), person_id).await?;
   let pictrs_uploads =
-    ImageUpload::get_all_by_local_user_id(&mut context.pool(), &local_user.local_user.id).await?;
+    LocalImage::get_all_by_local_user_id(&mut context.pool(), &local_user.local_user.id).await?;
 
   for upload in pictrs_uploads {
     delete_image_from_pictrs(&upload.pictrs_alias, &upload.pictrs_delete_token, &context)

crates/api_common/Cargo.toml

@@ -53,10 +53,6 @@ reqwest-middleware = { workspace = true, optional = true }
 regex = { workspace = true }
 rosetta-i18n = { workspace = true, optional = true }
 percent-encoding = { workspace = true, optional = true }
-webpage = { version = "1.6", default-features = false, features = [
-  "serde",
-], optional = true }
-encoding = { version = "0.2.33", optional = true }
 anyhow = { workspace = true }
 futures = { workspace = true, optional = true }
 uuid = { workspace = true, optional = true }
@@ -65,10 +61,15 @@ reqwest = { workspace = true, optional = true }
 ts-rs = { workspace = true, optional = true }
 once_cell = { workspace = true, optional = true }
 actix-web = { workspace = true, optional = true }
+enum-map = { workspace = true }
+urlencoding = { workspace = true }
+webpage = { version = "1.6", default-features = false, features = [
+  "serde",
+], optional = true }
+encoding = { version = "0.2.33", optional = true }
 jsonwebtoken = { version = "8.3.0", optional = true }
 # necessary for wasmt compilation
 getrandom = { version = "0.2.10", features = ["js"] }
-enum-map = { workspace = true }
 
 [dev-dependencies]
 serial_test = { workspace = true }

crates/api_common/src/request.rs

@@ -124,7 +124,7 @@ pub(crate) async fn fetch_pictrs(
   let pictrs_config = settings.pictrs_config()?;
   is_image_content_type(client, image_url).await?;
 
-  if pictrs_config.cache_remote_images {
+  if pictrs_config.cache_remote_thumbnails {
     // fetch remote non-pictrs images for persistent thumbnail link
     let fetch_url = format!(
       "{}image/download?url={}",

crates/api_common/src/utils.rs

@@ -14,6 +14,7 @@ use lemmy_db_schema::{
     comment::{Comment, CommentUpdateForm},
     community::{Community, CommunityModerator, CommunityUpdateForm},
     email_verification::{EmailVerification, EmailVerificationForm},
+    images::RemoteImage,
     instance::Instance,
     local_site::LocalSite,
     local_site_rate_limit::LocalSiteRateLimit,
@@ -23,7 +24,7 @@ use lemmy_db_schema::{
     post::{Post, PostRead},
   },
   traits::Crud,
-  utils::DbPool,
+  utils::{diesel_option_overwrite_to_url, DbPool},
 };
 use lemmy_db_views::{comment_view::CommentQuery, structs::LocalUserView};
 use lemmy_db_views_actor::structs::{
@@ -36,14 +37,18 @@ use lemmy_utils::{
   error::{LemmyError, LemmyErrorExt, LemmyErrorType, LemmyResult},
   location_info,
   rate_limit::{ActionType, BucketConfig},
-  settings::structs::Settings,
-  utils::slurs::build_slur_regex,
+  settings::{structs::Settings, SETTINGS},
+  utils::{
+    markdown::markdown_rewrite_image_links,
+    slurs::{build_slur_regex, remove_slurs},
+  },
 };
 use regex::Regex;
 use rosetta_i18n::{Language, LanguageId};
 use std::collections::HashSet;
 use tracing::warn;
 use url::{ParseError, Url};
+use urlencoding::encode;
 
 pub static AUTH_COOKIE_NAME: &str = "auth";
 
@@ -786,6 +791,67 @@ fn limit_expire_time(expires: DateTime<Utc>) -> LemmyResult<Option<DateTime<Utc>
   }
 }
 
+pub async fn process_markdown(
+  text: &str,
+  slur_regex: &Option<Regex>,
+  context: &LemmyContext,
+) -> LemmyResult<String> {
+  let text = remove_slurs(text, slur_regex);
+  let (text, links) = markdown_rewrite_image_links(text);
+  RemoteImage::create(&mut context.pool(), links).await?;
+  Ok(text)
+}
+
+pub async fn process_markdown_opt(
+  text: &Option<String>,
+  slur_regex: &Option<Regex>,
+  context: &LemmyContext,
+) -> LemmyResult<Option<String>> {
+  match text {
+    Some(t) => process_markdown(t, slur_regex, context).await.map(Some),
+    None => Ok(None),
+  }
+}
+
+pub async fn proxy_image_link(link: Url, context: &LemmyContext) -> LemmyResult<DbUrl> {
+  // Dont rewrite links pointing to local domain.
+  if link.domain() == Some(&SETTINGS.hostname) {
+    return Ok(link.into());
+  }
+
+  let proxied = format!(
+    "{}/api/v3/image_proxy?url={}",
+    SETTINGS.get_protocol_and_hostname(),
+    encode(link.as_str())
+  );
+  RemoteImage::create(&mut context.pool(), vec![link]).await?;
+  Ok(Url::parse(&proxied)?.into())
+}
+
+pub async fn proxy_image_link_opt_api(
+  link: &Option<String>,
+  context: &LemmyContext,
+) -> LemmyResult<Option<Option<DbUrl>>> {
+  let link = diesel_option_overwrite_to_url(link)?;
+  if let Some(l) = link {
+    proxy_image_link_opt_apub(l.map(Into::into), context)
+      .await
+      .map(Some)
+  } else {
+    Ok(link)
+  }
+}
+pub async fn proxy_image_link_opt_apub(
+  link: Option<Url>,
+  context: &LemmyContext,
+) -> LemmyResult<Option<DbUrl>> {
+  if let Some(l) = link {
+    proxy_image_link(l.clone(), context).await.map(Some)
+  } else {
+    Ok(None)
+  }
+}
+
 #[cfg(test)]
 mod tests {
   #![allow(clippy::unwrap_used)]

crates/api_crud/src/comment/create.rs

@@ -11,6 +11,7 @@ use lemmy_api_common::{
     generate_local_apub_endpoint,
     get_post,
     local_site_to_slur_regex,
+    process_markdown,
     EndpointType,
   },
 };
@@ -28,11 +29,7 @@ use lemmy_db_schema::{
 use lemmy_db_views::structs::LocalUserView;
 use lemmy_utils::{
   error::{LemmyError, LemmyErrorExt, LemmyErrorType},
-  utils::{
-    mention::scrape_text_for_mentions,
-    slurs::remove_slurs,
-    validation::is_valid_body_field,
-  },
+  utils::{mention::scrape_text_for_mentions, validation::is_valid_body_field},
 };
 
 const MAX_COMMENT_DEPTH_LIMIT: usize = 100;
@@ -45,10 +42,8 @@ pub async fn create_comment(
 ) -> Result<Json<CommentResponse>, LemmyError> {
   let local_site = LocalSite::read(&mut context.pool()).await?;
 
-  let content = remove_slurs(
-    &data.content.clone(),
-    &local_site_to_slur_regex(&local_site),
-  );
+  let slur_regex = local_site_to_slur_regex(&local_site);
+  let content = process_markdown(&data.content, &slur_regex, &context).await?;
   is_valid_body_field(&Some(content.clone()), false)?;
 
   // Check for a community ban

crates/api_crud/src/comment/update.rs

@@ -5,7 +5,7 @@ use lemmy_api_common::{
   comment::{CommentResponse, EditComment},
   context::LemmyContext,
   send_activity::{ActivityChannel, SendActivityData},
-  utils::{check_community_user_action, local_site_to_slur_regex},
+  utils::{check_community_user_action, local_site_to_slur_regex, process_markdown_opt},
 };
 use lemmy_db_schema::{
   source::{
@@ -19,11 +19,7 @@ use lemmy_db_schema::{
 use lemmy_db_views::structs::{CommentView, LocalUserView};
 use lemmy_utils::{
   error::{LemmyError, LemmyErrorExt, LemmyErrorType},
-  utils::{
-    mention::scrape_text_for_mentions,
-    slurs::remove_slurs,
-    validation::is_valid_body_field,
-  },
+  utils::{mention::scrape_text_for_mentions, validation::is_valid_body_field},
 };
 
 #[tracing::instrument(skip(context))]
@@ -57,11 +53,8 @@ pub async fn update_comment(
   )
   .await?;
 
-  // Update the Content
-  let content = data
-    .content
-    .as_ref()
-    .map(|c| remove_slurs(c, &local_site_to_slur_regex(&local_site)));
+  let slur_regex = local_site_to_slur_regex(&local_site);
+  let content = process_markdown_opt(&data.content, &slur_regex, &context).await?;
   is_valid_body_field(&content, false)?;
 
   let comment_id = data.comment_id;

crates/api_crud/src/community/create.rs

@@ -11,6 +11,8 @@ use lemmy_api_common::{
     generate_shared_inbox_url,
     is_admin,
     local_site_to_slur_regex,
+    process_markdown_opt,
+    proxy_image_link_opt_api,
     EndpointType,
   },
 };
@@ -27,13 +29,12 @@ use lemmy_db_schema::{
     },
   },
   traits::{ApubActor, Crud, Followable, Joinable},
-  utils::diesel_option_overwrite_to_url_create,
 };
 use lemmy_db_views::structs::{LocalUserView, SiteView};
 use lemmy_utils::{
   error::{LemmyError, LemmyErrorExt, LemmyErrorType},
   utils::{
-    slurs::{check_slurs, check_slurs_opt},
+    slurs::check_slurs,
     validation::{is_valid_actor_name, is_valid_body_field},
   },
 };
@@ -51,14 +52,16 @@ pub async fn create_community(
     Err(LemmyErrorType::OnlyAdminsCanCreateCommunities)?
   }
 
-  // Check to make sure the icon and banners are urls
-  let icon = diesel_option_overwrite_to_url_create(&data.icon)?;
-  let banner = diesel_option_overwrite_to_url_create(&data.banner)?;
-
   let slur_regex = local_site_to_slur_regex(&local_site);
   check_slurs(&data.name, &slur_regex)?;
   check_slurs(&data.title, &slur_regex)?;
-  check_slurs_opt(&data.description, &slur_regex)?;
+  let description = process_markdown_opt(&data.description, &slur_regex, &context).await?;
+  let icon = proxy_image_link_opt_api(&data.icon, &context)
+    .await?
+    .unwrap();
+  let banner = proxy_image_link_opt_api(&data.banner, &context)
+    .await?
+    .unwrap();
 
   is_valid_actor_name(&data.name, local_site.actor_name_max_length as usize)?;
   is_valid_body_field(&data.description, false)?;
@@ -81,7 +84,7 @@ pub async fn create_community(
   let community_form = CommunityInsertForm::builder()
     .name(data.name.clone())
     .title(data.title.clone())
-    .description(data.description.clone())
+    .description(description)
     .icon(icon)
     .banner(banner)
     .nsfw(data.nsfw)