Fix bad idea

luk3yx · luk3yx · commit 75605dcc5917 · 2024-10-05T23:11:19.000+13:00
diff --git a/README.md b/README.md
@@ -74,8 +74,9 @@ To expose this to the public, you must use a reverse proxy, and should set up
 caching and some kind of rate limiting to prevent abuse. You can set the
 `media_proxy_url` keyword argument to the public proxy URL.
 
-A HMAC is created based on the API token and URL to prevent using the proxy to
-fetch arbitrary attachment URLs.
+A HMAC is created based on a random key and URL to prevent using the proxy to
+fetch arbitrary attachment URLs. To make this value consistent across restarts,
+pass a bytes value to the `media_proxy_key` keyword argument.
 
 ## Installation
 
diff --git a/miniirc_matrix.py b/miniirc_matrix.py
@@ -9,11 +9,11 @@
 from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
 from typing import Any, Optional, TypeVar, overload
 from urllib.parse import quote as _url_quote, urlparse as _urlparse
-import functools, hmac, html.parser, itertools, json, math, re, time, uuid
+import functools, hmac, html.parser, itertools, json, math, os, re, time, uuid
 import miniirc, requests, threading, traceback  # type: ignore
 
 
-ver = (0, 0, 12)
+ver = (0, 0, 13)
 __version__ = '.'.join(map(str, ver))
 
 
@@ -440,6 +440,7 @@ def __init__(
             token: Optional[str] = None,
             media_proxy_port: Optional[int] = None,
             media_proxy_url: Optional[str] = None,
+            media_proxy_key: Optional[bytes] = None,
             **kwargs
     ) -> None:
         # Cache _get_room_url
@@ -463,9 +464,11 @@ def __init__(
 
         self._media_proxy: Optional[ThreadingHTTPServer] = None
         self._media_proxy_port = media_proxy_port
-        if media_proxy_port and not media_proxy_port:
+        if media_proxy_port and not media_proxy_url:
             media_proxy_url = f'http://127.0.0.1:{media_proxy_port}'
         self._media_proxy_url = media_proxy_url and media_proxy_url.rstrip('/')
+        if media_proxy_port is not None:
+            self._media_proxy_key = media_proxy_key or os.urandom(32)
 
         # Stop miniirc from trying to access the (non-existent) socket
         kwargs['ping_interval'] = kwargs['ping_timeout'] = None
@@ -541,11 +544,8 @@ def _get_room_url_no_cache(self, room_id: str) -> str:
         return f'rooms/{_url_quote(room_id)}'
 
     def __make_url_digest(self, path: str) -> str:
-        return hmac.digest(
-            b'miniirc_matrix hmac v1 ' + self.token.encode('ascii'),
-            path.encode('ascii'),
-            'sha256'
-        ).hex()
+        return hmac.digest(self._media_proxy_key, path.encode('ascii'),
+                           'sha256').hex()
 
     def _download_media(self, url: str) -> requests.Response:
         url_base, _, key = url.partition('?key=')
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name='miniirc_matrix',
-    version='0.0.12',
+    version='0.0.13',
     py_modules=['miniirc_matrix'],
     author='luk3yx',
     description='A Matrix wrapper for miniirc.',
