Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: rewrite avatarproxy and CachedImage #1016

Merged
merged 7 commits into from
Oct 17, 2024
Merged

fix: rewrite avatarproxy and CachedImage #1016

merged 7 commits into from
Oct 17, 2024

Conversation

gauthier-th
Copy link
Collaborator

@gauthier-th gauthier-th commented Oct 16, 2024
edited by Fallenbagel
Loading

Description

Avatar proxy was allowing every request to be proxied, no matter the original ressource's origin or filetype. This PR fixes it be allowing only relevant resources to be cached, i.e. Jellyfin/Emby images and TMDB images.

Screenshot (if UI-related)

To-Dos

  • Successful build pnpm build
  • Translation keys pnpm i18n:extract
  • Database migration (if required)

Issues Fixed or Closed

@gauthier-th
fix: rewrite avatarproxy and CachedImage
27d7371 
Avatar proxy was allowing every request to be proxied, no matter the original ressource's origin or
filetype. This PR fixes it be allowing only relevant resources to be cached, i.e. Jellyfin/Emby
images and TMDB images.

fix #1012, #1013
M0NsTeRRR
M0NsTeRRR reviewed Oct 16, 2024
View reviewed changes
server/routes/avatarproxy.ts
try {
const jellyfinAvatar = req.url.match(
Copy link
Contributor

@M0NsTeRRR M0NsTeRRR Oct 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regex should be set on router part and not inside the route no ?

And if you want to keep it here the regex look like wrong as it's missing ^, would be catched : https://test.fake/Users/efefe/Images/Primary/?tag=efefe&quality=90 (even if it's useless)

Copy link
Collaborator Author

@gauthier-th gauthier-th Oct 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regex should be set on router part and not inside the route no ?

It could be set in the router path yes. But I did it this way to be consistent with what is made on front-end. Both ways seems fine to me.
And having it in the router path would require to reconstruct the URL with the URL param and the URL query

M0NsTeRRR
M0NsTeRRR reviewed Oct 16, 2024
View reviewed changes
src/components/Common/CachedImage/index.tsx Outdated
// tmdb stuff
imageUrl =
currentSettings.cacheImages && !src.startsWith('/')
? src.replace('https://image.tmdb.org', '/imageproxy')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

src.replace doesn't check if this string is present at the beginning so https://fake.test/https://image.tmdb.org?pic=mypic would be converted to https://fake.test/imageproxy?pic=mypic

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

Fallenbagel
Fallenbagel approved these changes Oct 17, 2024
View reviewed changes
Copy link
Owner

@Fallenbagel Fallenbagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@Fallenbagel
Copy link
Owner

Fallenbagel commented Oct 17, 2024
edited
Loading

Tested. Seems to be working as intended

@Fallenbagel Fallenbagel mentioned this pull request Oct 17, 2024
Closed
1 task
@Fallenbagel Fallenbagel merged commit 4e48fdf into develop Oct 17, 2024
7 of 8 checks passed
@Fallenbagel Fallenbagel deleted the fix-avatarproxy branch October 17, 2024 13:24
@Fallenbagel
Copy link
Owner

🎉 This PR is included in version 2.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

bonswouar pushed a commit to bonswouar/jellyseerr that referenced this pull request Nov 10, 2024
@gauthier-th @bonswouar
fix: rewrite avatarproxy and CachedImage (Fallenbagel#1016)
a3e5536 
* fix: rewrite avatarproxy and CachedImage

Avatar proxy was allowing every request to be proxied, no matter the original ressource's origin or
filetype. This PR fixes it be allowing only relevant resources to be cached, i.e. Jellyfin/Emby
images and TMDB images.

fix Fallenbagel#1012, Fallenbagel#1013

* fix: resolve CodeQL error

* fix: resolve CodeQL error

* fix: resolve review comments

* fix: resolve review comment

* fix: resolve CodeQL error

* fix: update imageproxy path
@TyxTang TyxTang mentioned this pull request Nov 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@M0NsTeRRR M0NsTeRRR M0NsTeRRR left review comments

@Fallenbagel Fallenbagel Fallenbagel approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
3 participants
@gauthier-th @Fallenbagel @M0NsTeRRR