Remove size from public image ID JWT

2023-01-11 18:14:34 -05:00
parent 8f0d002922
commit 69e0a266f4
11 changed files with 150 additions and 87 deletions
@@ -7,6 +7,7 @@ import (
 	"io"
 	"time"

+	"github.com/lestrrat-go/jwx/v2/jwt"
 	"github.com/navidrome/navidrome/core/auth"
 	"github.com/navidrome/navidrome/core/ffmpeg"
 	"github.com/navidrome/navidrome/log"
@@ -109,10 +110,30 @@ func (a *artwork) getArtworkReader(ctx context.Context, artID model.ArtworkID, s
 	return artReader, err
 }

-func PublicLink(artID model.ArtworkID, size int) string {
-	token, _ := auth.CreatePublicToken(map[string]any{
-		"id":   artID.String(),
-		"size": size,
-	})
+func EncodeArtworkID(artID model.ArtworkID) string {
+	token, _ := auth.CreatePublicToken(map[string]any{"id": artID.String()})
 	return token
 }
+
+func DecodeArtworkID(tokenString string) (model.ArtworkID, error) {
+	token, err := auth.TokenAuth.Decode(tokenString)
+	if err != nil {
+		return model.ArtworkID{}, err
+	}
+	if token == nil {
+		return model.ArtworkID{}, errors.New("unauthorized")
+	}
+	err = jwt.Validate(token, jwt.WithRequiredClaim("id"))
+	if err != nil {
+		return model.ArtworkID{}, err
+	}
+	claims, err := token.AsMap(context.Background())
+	if err != nil {
+		return model.ArtworkID{}, err
+	}
+	id, ok := claims["id"].(string)
+	if !ok {
+		return model.ArtworkID{}, errors.New("invalid id type")
+	}
+	return model.ParseArtworkID(id)
+}
@@ -178,7 +178,7 @@ var _ = Describe("Artwork", func() {
 		})
 		It("returns a PNG if original image is a PNG", func() {
 			conf.Server.CoverArtPriority = "front.png"
-			r, _, err := aw.Get(context.Background(), alMultipleCovers.CoverArtID().String(), 300)
+			r, _, err := aw.Get(context.Background(), alMultipleCovers.CoverArtID().String(), 15)
 			Expect(err).ToNot(HaveOccurred())

 			br, format, err := asImageReader(r)
@@ -187,8 +187,8 @@ var _ = Describe("Artwork", func() {

 			img, _, err := image.Decode(br)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(img.Bounds().Size().X).To(Equal(300))
-			Expect(img.Bounds().Size().Y).To(Equal(300))
+			Expect(img.Bounds().Size().X).To(Equal(15))
+			Expect(img.Bounds().Size().Y).To(Equal(15))
 		})
 		It("returns a JPEG if original image is not a PNG", func() {
 			conf.Server.CoverArtPriority = "cover.jpg"
@@ -4,10 +4,12 @@ import (
 	"context"
 	"io"

+	"github.com/go-chi/jwtauth/v5"
 	"github.com/navidrome/navidrome/conf"
 	"github.com/navidrome/navidrome/conf/configtest"
 	"github.com/navidrome/navidrome/consts"
 	"github.com/navidrome/navidrome/core/artwork"
+	"github.com/navidrome/navidrome/core/auth"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/resources"
 	"github.com/navidrome/navidrome/tests"
@@ -44,4 +46,31 @@ var _ = Describe("Artwork", func() {
 			Expect(result).To(Equal(phBytes))
 		})
 	})
+
+	Context("Public ID Encoding", func() {
+		BeforeEach(func() {
+			auth.TokenAuth = jwtauth.New("HS256", []byte("super secret"), nil)
+		})
+		It("returns a reversible string representation", func() {
+			id := model.NewArtworkID(model.KindArtistArtwork, "1234")
+			encoded := artwork.EncodeArtworkID(id)
+			decoded, err := artwork.DecodeArtworkID(encoded)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(decoded).To(Equal(id))
+		})
+		It("fails to decode an invalid token", func() {
+			_, err := artwork.DecodeArtworkID("xx-123")
+			Expect(err).To(MatchError("invalid JWT"))
+		})
+		It("fails to decode an invalid id", func() {
+			encoded := artwork.EncodeArtworkID(model.ArtworkID{})
+			_, err := artwork.DecodeArtworkID(encoded)
+			Expect(err).To(MatchError("invalid artwork id"))
+		})
+		It("fails to decode a token without an id", func() {
+			token, _ := auth.CreatePublicToken(map[string]any{})
+			_, err := artwork.DecodeArtworkID(token)
+			Expect(err).To(HaveOccurred())
+		})
+	})
 })
@@ -55,12 +55,18 @@ func (a *resizedArtworkReader) Reader(ctx context.Context) (io.ReadCloser, strin
 	defer orig.Close()

 	resized, origSize, err := resizeImage(r, a.size)
-	log.Trace(ctx, "Resizing artwork", "artID", a.artID, "original", origSize, "resized", a.size)
+	if resized == nil {
+		log.Trace(ctx, "Image smaller than requested size", "artID", a.artID, "original", origSize, "resized", a.size)
+	} else {
+		log.Trace(ctx, "Resizing artwork", "artID", a.artID, "original", origSize, "resized", a.size)
+	}
 	if err != nil {
 		log.Warn(ctx, "Could not resize image. Will return image as is", "artID", a.artID, "size", a.size, err)
+	}
+	if err != nil || resized == nil {
 		// Force finish reading any remaining data
 		_, _ = io.Copy(io.Discard, r)
-		return io.NopCloser(buf), "", nil
+		return io.NopCloser(buf), "", nil //nolint:nilerr
 	}
 	return io.NopCloser(resized), fmt.Sprintf("%s@%d", a.artID, a.size), nil
 }
@@ -68,6 +74,13 @@ func (a *resizedArtworkReader) Reader(ctx context.Context) (io.ReadCloser, strin
 func asImageReader(r io.Reader) (io.Reader, string, error) {
 	br := bufio.NewReader(r)
 	buf, err := br.Peek(512)
+	if err == io.EOF && len(buf) > 0 {
+		// Check if there are enough bytes to detect type
+		typ := http.DetectContentType(buf)
+		if typ != "" {
+			return br, typ, nil
+		}
+	}
 	if err != nil {
 		return nil, "", err
 	}
@@ -85,9 +98,15 @@ func resizeImage(reader io.Reader, size int) (io.Reader, int, error) {
 		return nil, 0, err
 	}

-	// Preserve the aspect ratio of the image.
-	var m *image.NRGBA
+	// Don't upscale the image
 	bounds := img.Bounds()
+	originalSize := number.Max(bounds.Max.X, bounds.Max.Y)
+	if originalSize <= size {
+		return nil, originalSize, nil
+	}
+
+	var m *image.NRGBA
+	// Preserve the aspect ratio of the image.
 	if bounds.Max.X > bounds.Max.Y {
 		m = imaging.Resize(img, size, 0, imaging.Lanczos)
 	} else {
@@ -101,5 +120,5 @@ func resizeImage(reader io.Reader, size int) (io.Reader, int, error) {
 	} else {
 		err = jpeg.Encode(buf, m, &jpeg.Options{Quality: conf.Server.CoverJpegQuality})
 	}
-	return buf, number.Max(bounds.Max.X, bounds.Max.Y), err
+	return buf, originalSize, err
 }