Barebones matrix media proxy

src/db/orm-defs.d.ts

@@ -100,6 +100,10 @@ export type Models = {
 		emoji_id: string
 		guild_id: string
 	}
+
+	media_proxy: {
+		permitted_hash: number
+	}
 }
 
 export type Prepared<Row> = {

src/matrix/read-registration.js

@@ -28,9 +28,9 @@ function writeRegistration(reg) {
 /** @returns {import("../types").InitialAppServiceRegistrationConfig} reg */
 function getTemplateRegistration() {
 	return {
-		id: crypto.randomBytes(16).toString("hex"),
-		as_token: crypto.randomBytes(16).toString("hex"),
-		hs_token: crypto.randomBytes(16).toString("hex"),
+		id: "ooye",
+		as_token: crypto.randomBytes(32).toString("hex"),
+		hs_token: crypto.randomBytes(32).toString("hex"),
 		namespaces: {
 			users: [{
 				exclusive: true,
@@ -46,6 +46,7 @@ function getTemplateRegistration() {
 		],
 		sender_localpart: "_ooye_bot",
 		rate_limited: false,
+		socket: 6693,
 		ooye: {
 			namespace_prefix: "_ooye_",
 			max_file_size: 5000000,

src/types.d.ts

@@ -16,12 +16,14 @@ export type AppServiceRegistrationConfig = {
 	}
 	protocols: [string]
 	rate_limited: boolean
+	socket?: string | number,
 	ooye: {
 		namespace_prefix: string
 		max_file_size: number
 		server_name: string
 		server_origin: string
 		bridge_origin: string
+		discord_token: string
 		content_length_workaround: boolean
 		include_user_id_in_mxid: boolean
 		invite: string[]
@@ -49,6 +51,7 @@ export type InitialAppServiceRegistrationConfig = {
 	}
 	protocols: [string]
 	rate_limited: boolean
+	socket?: string | number,
 	ooye: {
 		namespace_prefix: string
 		max_file_size: number,

src/web/routes/download-matrix.js

@@ -0,0 +1,48 @@
+// @ts-check
+
+const {defineEventHandler, getValidatedRouterParams, setResponseStatus, setResponseHeader, sendStream, createError} = require("h3")
+const {z} = require("zod")
+const fetch = require("node-fetch")
+
+/** @type {import("xxhash-wasm").XXHashAPI} */ // @ts-ignore
+let hasher = null
+// @ts-ignore
+require("xxhash-wasm")().then(h => hasher = h)
+
+const {reg} = require("../../matrix/read-registration")
+const {as, select} = require("../../passthrough")
+
+const schema = {
+	params: z.object({
+		server_name: z.string(),
+		media_id: z.string()
+	})
+}
+
+as.router.get(`/download/matrix/:server_name/:media_id`, defineEventHandler(async event => {
+	const params = await getValidatedRouterParams(event, schema.params.parse)
+
+	const serverAndMediaID = `${params.server_name}/${params.media_id}`
+	const unsignedHash = hasher.h64(serverAndMediaID)
+	const signedHash = unsignedHash - 0x8000000000000000n // shifting down to signed 64-bit range
+
+	const row = select("media_proxy", "permitted_hash", {permitted_hash: signedHash}).get()
+	if (row == null) {
+		throw createError({
+			status: 403,
+			data: `The file you requested isn't permitted by this media proxy.`
+		})
+	}
+
+	const res = await fetch(`${reg.ooye.server_origin}/_matrix/client/v1/media/download/${params.server_name}/${params.media_id}`, {
+		headers: {
+			Authorization: `Bearer ${reg.as_token}`
+		}
+	})
+
+	setResponseStatus(event, res.status)
+	setResponseHeader(event, "Content-Type", res.headers.get("content-type"))
+	setResponseHeader(event, "Transfer-Encoding", "chunked")
+
+	return sendStream(event, res.body)
+}))

src/web/server.js

@@ -0,0 +1,5 @@
+// @ts-check
+
+const {sync, as} = require("../passthrough")
+
+sync.require("./routes/download-matrix")