use strict;
use warnings;
-use Sesse::pr0n::Templates;
use Sesse::pr0n::Overload;
+use Sesse::pr0n::QscaleProxy;
+use Sesse::pr0n::Templates;
use Apache2::RequestRec (); # for $r->content_type
use Apache2::RequestIO (); # for $r->print
use DBD::Pg;
use Image::Magick;
use POSIX;
+use Digest::MD5;
use Digest::SHA1;
+use Digest::HMAC_SHA1;
use MIME::Base64;
use MIME::Types;
use LWP::Simple;
use Image::ExifTool;
use HTML::Entities;
use URI::Escape;
+use File::Basename;
BEGIN {
use Exporter ();
require Sesse::pr0n::Config_local;
};
- $VERSION = "v2.60";
+ $VERSION = "v2.70";
@ISA = qw(Exporter);
@EXPORT = qw(&error &dberror);
%EXPORT_TAGS = qw();
my ($r, $id, $width, $height, $infobox) = @_;
my $dir = POSIX::floor($id / 256);
- if ($infobox) {
+ if ($infobox eq 'both') {
return get_base($r) . "cache/$dir/$id-$width-$height.jpg";
- } else {
+ } elsif ($infobox eq 'nobox') {
return get_base($r) . "cache/$dir/$id-$width-$height-nobox.jpg";
+ } else {
+ return get_base($r) . "cache/$dir/$id-$width-$height-box.png";
}
}
sub check_access {
my $r = shift;
+
+ #return qw(sesse Sesse);
my $auth = $r->headers_in->{'authorization'};
- if (!defined($auth) || $auth !~ m#^Basic ([a-zA-Z0-9+/]+=*)$#) {
- $r->content_type('text/plain; charset=utf-8');
- $r->status(401);
- $r->headers_out->{'www-authenticate'} = 'Basic realm="pr0n.sesse.net"';
- $r->print("Need authorization\n");
+ if (!defined($auth)) {
+ output_401($r);
return undef;
+ }
+ $r->log->warn("Auth: $auth");
+ if ($auth =~ /^Basic ([a-zA-Z0-9+\/]+=*)$/) {
+ return check_basic_auth($r, $1);
+ }
+ if ($auth =~ /^Digest (.*)$/) {
+ return check_digest_auth($r, $1);
}
-
- #return qw(sesse Sesse);
+ output_401($r);
+ return undef;
+}
- my ($user, $pass) = split /:/, MIME::Base64::decode_base64($1);
- # WinXP is stupid :-)
- if ($user =~ /^.*\\(.*)$/) {
- $user = $1;
+sub output_401 {
+ my ($r, %options) = @_;
+ $r->content_type('text/plain; charset=utf-8');
+ $r->status(401);
+ $r->headers_out->{'www-authenticate'} = 'Basic realm="pr0n.sesse.net"';
+
+ if ($options{'DigestAuth'} // 1) {
+ # We make our nonce similar to the scheme of RFC2069 section 2.1.1,
+ # with some changes: We don't care about client IP (these have a nasty
+ # tendency to change from request to request when load-balancing
+ # proxies etc. are being used), and we use HMAC instead of simple
+ # hashing simply because that's a better signing method.
+ #
+ # NOTE: For some weird reason, Digest::HMAC_SHA1 doesn't like taking
+ # the output from time directly (it gives a different response), so we
+ # forcefully stringify the argument.
+ my $ts = time;
+ my $nonce = Digest::HMAC_SHA1->hmac_sha1_hex($ts . "", $Sesse::pr0n::Config::db_password);
+ my $stale_nonce_text = "";
+ $stale_nonce_text = ", stale=\"true\"" if ($options{'StaleNonce'} // 0);
+
+ $r->headers_out->{'www-authenticate'} =
+ "Digest realm=\"pr0n.sesse.net\", " .
+ "nonce=\"$nonce\", " .
+ "opaque=\"$ts\", " .
+ "qop=\"auth\"" . $stale_nonce_text; # FIXME: support auth-int
}
- my $takenby;
- if ($user =~ /^([a-zA-Z0-9^_-]+)\@([a-zA-Z0-9^_-]+)$/) {
- $user = $1;
- $takenby = $2;
- } else {
- ($takenby = $user) =~ s/^([a-zA-Z])/uc($1)/e;
- }
+ $r->print("Need authorization\n");
+}
+
+sub check_basic_auth {
+ my ($r, $auth) = @_;
+
+ my ($raw_user, $pass) = split /:/, MIME::Base64::decode_base64($auth);
+ my ($user, $takenby) = extract_takenby($raw_user);
my $oldpass = $pass;
$pass = Digest::SHA1::sha1_base64($pass);
undef, $user, $pass, $r->get_server_name);
if ($ref->{'auth'} != 1) {
$r->content_type('text/plain; charset=utf-8');
- warn "No user exists, only $auth";
- $r->status(401);
- $r->headers_out->{'www-authenticate'} = 'Basic realm="pr0n.sesse.net"';
- $r->print("Authorization failed");
$r->log->warn("Authentication failed for $user/$takenby");
+ output_401($r);
return undef;
}
return ($user, $takenby);
}
+
+sub check_digest_auth {
+ my ($r, $auth) = @_;
+
+ # We're a bit more liberal than RFC2069 in the parsing here, allowing
+ # quoted strings everywhere.
+ my %auth = ();
+ while ($auth =~ s/^ ([a-zA-Z]+) # key
+ =
+ (
+ [^",]* # either something that doesn't contain comma or quotes
+ |
+ " ( [^"\\] | \\ . ) * " # or a full quoted string
+ )
+ (?: (?: , \s* ) + | $ ) # delimiter(s), or end of string
+ //x) {
+ my ($key, $value) = ($1, $2);
+ if ($value =~ /^"(.*)"$/) {
+ $value = $1;
+ $value =~ s/\\(.)/$1/g;
+ }
+ $auth{$key} = $value;
+ }
+ unless (exists($auth{'username'}) &&
+ exists($auth{'uri'}) &&
+ exists($auth{'nonce'}) &&
+ exists($auth{'opaque'}) &&
+ exists($auth{'response'})) {
+ output_401($r);
+ return undef;
+ }
+ if ($r->uri ne $auth{'uri'}) {
+ output_401($r);
+ return undef;
+ }
+
+ # Verify that the opaque data does indeed look like a timestamp, and that the nonce
+ # is indeed a signed version of it.
+ if ($auth{'opaque'} !~ /^\d+$/) {
+ output_401($r);
+ return undef;
+ }
+ my $compare_nonce = Digest::HMAC_SHA1->hmac_sha1_hex($auth{'opaque'}, $Sesse::pr0n::Config::db_password);
+ if ($auth{'nonce'} ne $compare_nonce) {
+ output_401($r);
+ return undef;
+ }
+
+ # Now look up the user's HA1 from the database, and calculate HA2.
+ my ($user, $takenby) = extract_takenby($auth{'username'});
+ my $ref = $dbh->selectrow_hashref('SELECT digest_ha1_hex FROM users WHERE username=? AND vhost=?',
+ undef, $user, $r->get_server_name);
+ if (!defined($ref)) {
+ output_401($r);
+ return undef;
+ }
+ if (!defined($ref->{'digest_ha1_hex'}) || $ref->{'digest_ha1_hex'} !~ /^[0-9a-f]{32}$/) {
+ # A user that exists but has empty HA1 is a user that's not
+ # ready for digest auth, so we hack it and resend 401,
+ # only this time without digest auth.
+ output_401($r, DigestAuth => 0);
+ return undef;
+ }
+ my $ha1 = $ref->{'digest_ha1_hex'};
+ my $ha2 = Digest::MD5::md5_hex($r->method . ':' . $auth{'uri'});
+ my $response;
+ if (exists($auth{'qop'}) && $auth{'qop'} eq 'auth') {
+ unless (exists($auth{'nc'}) && exists($auth{'cnonce'})) {
+ output_401($r);
+ return undef;
+ }
+
+ $response = $ha1;
+ $response .= ':' . $auth{'nonce'};
+ $response .= ':' . $auth{'nc'};
+ $response .= ':' . $auth{'cnonce'};
+ $response .= ':' . $auth{'qop'};
+ $response .= ':' . $ha2;
+ } else {
+ $response = $ha1;
+ $response .= ':' . $auth{'nonce'};
+ $response .= ':' . $ha2;
+ }
+ if ($auth{'response'} ne Digest::MD5::md5_hex($response)) {
+ output_401($r);
+ return undef;
+ }
+
+ # OK, everything is good, and there's only one thing we need to check: That the nonce
+ # isn't too old. If it is, but everything else is ok, we tell the browser that and it
+ # will re-encrypt with the new nonce.
+ my $timediff = time - $auth{'opaque'};
+ if ($timediff < 0 || $timediff > 300) {
+ output_401($r, StaleNonce => 1);
+ return undef;
+ }
+
+ return ($user, $takenby);
+}
+
+sub extract_takenby {
+ my ($user) = shift;
+
+ # WinXP is stupid :-)
+ if ($user =~ /^.*\\(.*)$/) {
+ $user = $1;
+ }
+
+ my $takenby;
+ if ($user =~ /^([a-zA-Z0-9^_-]+)\@([a-zA-Z0-9^_-]+)$/) {
+ $user = $1;
+ $takenby = $2;
+ } else {
+ ($takenby = $user) =~ s/^([a-zA-Z])/uc($1)/e;
+ }
+
+ return ($user, $takenby);
+}
sub stat_image {
my ($r, $event, $filename) = (@_);
# Takes in an image ID and a set of resolutions, and returns (generates if needed)
# the smallest mipmap larger than the largest of them.
sub make_mipmap {
- my ($r, $filename, $id, $dbwidth, $dbheight, @res) = @_;
+ my ($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale, @res) = @_;
my ($img, $mmimg, $width, $height);
+
+ my $physical_fname = get_disk_location($r, $id);
# If we don't know the size, we'll need to read it in anyway
if (!defined($dbwidth) || !defined($dbheight)) {
- $img = read_original_image($r, $id, $dbwidth, $dbheight);
+ $img = read_original_image($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale);
$width = $img->Get('columns');
$height = $img->Get('rows');
} else {
my $large_enough = 1;
for my $i (0..($#res/2)) {
my ($xres, $yres) = ($res[$i*2], $res[$i*2+1]);
- if ($xres > $new_mmwidth || $yres > $new_mmheight) {
+ if ($xres == -1 || $xres > $new_mmwidth || $yres > $new_mmheight) {
$large_enough = 0;
last;
}
push @mmlist, [ $mmwidth, $mmheight ];
}
-
+
# Ensure that all of them are OK
my $last_good_mmlocation;
for my $i (0..$#mmlist) {
my $mmres = $mmlist[$i];
my $mmlocation = get_mipmap_location($r, $id, $mmres->[0], $mmres->[1]);
- if (! -r $mmlocation or (-M $mmlocation > -M $filename)) {
+ if (! -r $mmlocation or (-M $mmlocation > -M $physical_fname)) {
if (!defined($img)) {
if (defined($last_good_mmlocation)) {
- $img = Image::Magick->new;
+ if ($can_use_qscale) {
+ $img = Sesse::pr0n::QscaleProxy->new;
+ } else {
+ $img = Image::Magick->new;
+ }
$img->Read($last_good_mmlocation);
} else {
- $img = read_original_image($r, $id, $dbwidth, $dbheight);
+ $img = read_original_image($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale);
}
}
my $cimg;
$cimg = $img->Clone();
}
$r->log->info("Making mipmap for $id: " . $mmres->[0] . " x " . $mmres->[1]);
- $cimg->Resize(width=>$mmres->[0], height=>$mmres->[1], filter=>'Lanczos');
+ $cimg->Resize(width=>$mmres->[0], height=>$mmres->[1], filter=>'Lanczos', 'sampling-factor'=>'1x1');
$cimg->Strip();
my $err = $cimg->write(
filename => $mmlocation,
}
if ($last && !defined($img)) {
# OK, read in the smallest one
- $img = Image::Magick->new;
+ if ($can_use_qscale) {
+ $img = Sesse::pr0n::QscaleProxy->new;
+ } else {
+ $img = Image::Magick->new;
+ }
my $err = $img->Read($mmlocation);
}
}
+ if (!defined($img)) {
+ $img = read_original_image($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale);
+ }
return $img;
}
sub read_original_image {
- my ($r, $id, $dbwidth, $dbheight) = @_;
+ my ($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale) = @_;
- my $fname = get_disk_location($r, $id);
+ my $physical_fname = get_disk_location($r, $id);
# Read in the original image
- my $magick = new Image::Magick;
+ my $magick;
+ if ($can_use_qscale && ($filename =~ /\.jpeg$/i || $filename =~ /\.jpg$/i)) {
+ $magick = Sesse::pr0n::QscaleProxy->new;
+ } else {
+ $magick = Image::Magick->new;
+ }
my $err;
# ImageMagick can handle NEF files, but it does it by calling dcraw as a delegate.
# The delegate support is rather broken and causes very odd stuff to happen when
# more than one thread does this at the same time. Thus, we simply do it ourselves.
- if ($fname =~ /\.nef$/i) {
+ if ($filename =~ /\.(nef|cr2)$/i) {
# this would suffice if ImageMagick gets to fix their handling
- # $fname = "NEF:$fname";
+ # $physical_fname = "NEF:$physical_fname";
- open DCRAW, "-|", "dcraw", "-w", "-c", $fname
+ open DCRAW, "-|", "dcraw", "-w", "-c", $physical_fname
or error("dcraw: $!");
$err = $magick->Read(file => \*DCRAW);
close(DCRAW);
#if (!$infobox) {
# $magick->Set(colorspace=>'YCbCr');
#}
- $err = $magick->Read($fname);
+ $err = $magick->Read($physical_fname);
}
if ($err) {
- $r->log->warn("$fname: $err");
+ $r->log->warn("$physical_fname: $err");
$err =~ /(\d+)/;
if ($1 >= 400) {
undef $magick;
- error($r, "$fname: $err");
+ error($r, "$physical_fname: $err");
}
}
# If we use ->[0] unconditionally, text rendering (!) seems to crash
- my $img = (scalar @$magick > 1) ? $magick->[0] : $magick;
+ my $img;
+ if (ref($magick)) {
+ $img = $magick;
+ } else {
+ $img = (scalar @$magick > 1) ? $magick->[0] : $magick;
+ }
my $width = $img->Get('columns');
my $height = $img->Get('rows');
my ($r, $filename, $id, $dbwidth, $dbheight, $infobox, $xres, $yres, @otherres) = @_;
my $fname = get_disk_location($r, $id);
- unless (defined($xres) && (!defined($dbwidth) || !defined($dbheight) || $xres < $dbheight || $yres < $dbwidth || $xres == -1)) {
- return ($fname, 0);
+ if ($infobox ne 'box') {
+ unless (defined($xres) && (!defined($dbwidth) || !defined($dbheight) || $xres < $dbheight || $yres < $dbwidth || $xres == -1)) {
+ return ($fname, undef);
+ }
}
my $cachename = get_cache_location($r, $id, $xres, $yres, $infobox);
$r->log->warn("In overload mode, not scaling $id to $xres x $yres");
error($r, 'System is in overload mode, not doing any scaling');
}
-
- my $img = make_mipmap($r, $fname, $id, $dbwidth, $dbheight, $xres, $yres, @otherres);
+
+ # If we're being asked for just the box, make a new image with just the box.
+ # We don't care about @otherres since each of these images are
+ # already pretty cheap to generate, but we need the exact width so we can make
+ # one in the right size.
+ if ($infobox eq 'box') {
+ my ($img, $width, $height);
+
+ # This is slow, but should fortunately almost never happen, so don't bother
+ # special-casing it.
+ if (!defined($dbwidth) || !defined($dbheight)) {
+ $img = read_original_image($r, $filename, $id, $dbwidth, $dbheight, 0);
+ $width = $img->Get('columns');
+ $height = $img->Get('rows');
+ @$img = ();
+ } else {
+ $img = Image::Magick->new;
+ $width = $dbwidth;
+ $height = $dbheight;
+ }
+
+ if (defined($xres) && defined($yres)) {
+ ($width, $height) = scale_aspect($width, $height, $xres, $yres);
+ }
+ $height = 24;
+ $img->Set(size=>($width . "x" . $height));
+ $img->Read('xc:white');
+
+ my $info = Image::ExifTool::ImageInfo($fname);
+ if (make_infobox($img, $info, $r)) {
+ $img->Quantize(colors=>16, dither=>'False');
+
+ # Since the image is grayscale, ImageMagick overrides us and writes this
+ # as grayscale anyway, but at least we get rid of the alpha channel this
+ # way.
+ $img->Set(type=>'Palette');
+ } else {
+ # Not enough room for the text, make a tiny dummy transparent infobox
+ @$img = ();
+ $img->Set(size=>"1x1");
+ $img->Read('null:');
+
+ $width = 1;
+ $height = 1;
+ }
+
+ $err = $img->write(filename => $cachename, quality => 90, depth => 8);
+ $r->log->info("New infobox cache: $width x $height for $id.jpg");
+
+ return ($cachename, 'image/png');
+ }
+
+ my $can_use_qscale = 0;
+ if ($infobox eq 'nobox') {
+ $can_use_qscale = 1;
+ }
+
+ my $img = make_mipmap($r, $filename, $id, $dbwidth, $dbheight, $can_use_qscale, $xres, $yres, @otherres);
while (defined($xres) && defined($yres)) {
my ($nxres, $nyres) = (shift @otherres, shift @otherres);
}
if ($xres != -1) {
- $cimg->Resize(width=>$nwidth, height=>$nheight, filter=>$filter);
+ $cimg->Resize(width=>$nwidth, height=>$nheight, filter=>$filter, 'sampling-factor'=>$sf);
}
- if (($nwidth >= 800 || $nheight >= 600 || $xres == -1) && $infobox == 1) {
+ if (($nwidth >= 800 || $nheight >= 600 || $xres == -1) && $infobox ne 'nobox') {
my $info = Image::ExifTool::ImageInfo($fname);
make_infobox($cimg, $info, $r);
}
}
}
}
- return ($cachename, 1);
+ return ($cachename, 'image/jpeg');
}
sub get_mimetype_from_filename {
$info->{'ExposureProgram'} =~ /aperture\b.*\bpriority/i);
my @classic_fields = ();
- if (defined($info->{'FocalLength'}) && $info->{'FocalLength'} =~ /^(\d+)(?:\.\d+)?(?:mm)?$/) {
+ if (defined($info->{'FocalLength'}) && $info->{'FocalLength'} =~ /^(\d+)(?:\.\d+)?\s*(?:mm)?$/) {
push @classic_fields, [ $1 . "mm", 0 ];
} elsif (defined($info->{'FocalLength'}) && $info->{'FocalLength'} =~ /^(\d+)\/(\d+)$/) {
push @classic_fields, [ (sprintf "%.1fmm", ($1/$2)), 0 ];
my ($a, $b) = ($1, $2);
my $gcd = gcd($a, $b);
push @classic_fields, [ $a/$gcd . "/" . $b/$gcd . "s", $shutter_priority ];
- } elsif (defined($info->{'ExposureTime'}) && $info->{'ExposureTime'} =~ /^(\d+)$/) {
+ } elsif (defined($info->{'ExposureTime'}) && $info->{'ExposureTime'} =~ /^(\d+(?:\.\d+))$/) {
push @classic_fields, [ $1 . "s", $shutter_priority ];
}
}
}
- return if (scalar @parts == 0);
+ return 0 if (scalar @parts == 0);
# Find the required width
my $th = 0;
$th = $h if ($h > $th);
}
- return if ($tw > $img->Get('columns'));
+ return 0 if ($tw > $img->Get('columns'));
my $x = 0;
my $y = $img->Get('rows') - 24;
$img->Annotate(text=>$part->[0], font=>$font, pointsize=>12, x=>int($x), y=>int($y));
$x += ($img->QueryFontMetrics(text=>$part->[0], font=>$font, pointsize=>12))[4];
}
+
+ return 1;
}
sub gcd {
}
sub add_new_event {
- my ($dbh, $id, $date, $desc, $vhost) = @_;
+ my ($r, $dbh, $id, $date, $desc) = @_;
my @errors = ();
if (!defined($id) || $id =~ /^\s*$/ || $id !~ /^([a-zA-Z0-9-]+)$/) {
return @errors;
}
+ my $vhost = $r->get_server_name;
$dbh->do("INSERT INTO events (event,date,name,vhost) VALUES (?,?,?,?)",
undef, $id, $date, $desc, $vhost)
or return ("Kunne ikke sette inn ny hendelse" . $dbh->errstr);
$dbh->do("INSERT INTO last_picture_cache (vhost,event,last_picture) VALUES (?,?,NULL)",
undef, $vhost, $id)
or return ("Kunne ikke sette inn ny cache-rad" . $dbh->errstr);
+ purge_cache($r, "/");
return ();
}
return $decoded;
}
+# Depending on your front-end cache, you might want to get creative somehow here.
+# This example assumes you have a front-end cache and it can translate an X-Pr0n-Purge
+# regex tacked onto a request into something useful. The elements given in
+# should not be regexes, though, as e.g. Squid will not be able to handle that.
+sub purge_cache {
+ my ($r, @elements) = @_;
+ return if (scalar @elements == 0);
+
+ my @pe = ();
+ for my $elem (@elements) {
+ $r->log->info("Purging $elem");
+ (my $e = $elem) =~ s/[.+*|()]/\\$&/g;
+ push @pe, $e;
+ }
+
+ my $regex = "^";
+ if (scalar @pe == 1) {
+ $regex .= $pe[0];
+ } else {
+ $regex .= "(" . join('|', @pe) . ")";
+ }
+ $regex .= "(\\?.*)?\$";
+ $r->headers_out->{'X-Pr0n-Purge'} = $regex;
+
+ $r->log->info($r->headers_out->{'X-Pr0n-Purge'});
+}
+
+# Find a list of all cache URLs for a given image, given what we have on disk.
+sub get_all_cache_urls {
+ my ($r, $dbh, $id) = @_;
+ my $dir = POSIX::floor($id / 256);
+ my @ret = ();
+
+ my $q = $dbh->prepare('SELECT event, filename FROM images WHERE id=?')
+ or die "Couldn't prepare: " . $dbh->errstr;
+ $q->execute($id)
+ or die "Couldn't find event and filename: " . $dbh->errstr;
+ my $ref = $q->fetchrow_hashref;
+ my $event = $ref->{'event'};
+ my $filename = $ref->{'filename'};
+ $q->finish;
+
+ my $base = get_base($r) . "cache/$dir";
+ for my $file (<$base/$id-*>) {
+ my $fname = File::Basename::basename($file);
+ if ($fname =~ /^$id-mipmap-.*\.jpg$/) {
+ # Mipmaps don't have an URL, ignore
+ } elsif ($fname =~ /^$id--1--1\.jpg$/) {
+ push @ret, "/$event/$filename";
+ } elsif ($fname =~ /^$id-(\d+)-(\d+)\.jpg$/) {
+ push @ret, "/$event/$1x$2/$filename";
+ } elsif ($fname =~ /^$id-(\d+)-(\d+)-nobox\.jpg$/) {
+ push @ret, "/$event/$1x$2/nobox/$filename";
+ } elsif ($fname =~ /^$id-(\d+)-(\d+)-box\.png$/) {
+ push @ret, "/$event/$1x$2/box/$filename";
+ } else {
+ $r->log->warning("Couldn't find a purging URL for $fname");
+ }
+ }
+
+ return @ret;
+}
+
1;
projects / pr0n / blobdiff