From 0d6a7eb96838537597d7aaf7a04826549ac9c6ad Mon Sep 17 00:00:00 2001
From: Lambda <csgl@xiretza.xyz>
Date: Wed, 18 Sep 2024 19:59:51 +0000
Subject: [PATCH] Disable unauthenticated media access

---
 book/changelog.md |  3 +++
 src/config.rs     |  2 ++
 src/main.rs       | 31 +++++++++++++++++++++++++------
 3 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/book/changelog.md b/book/changelog.md
index ddd97572..684b1cf6 100644
--- a/book/changelog.md
+++ b/book/changelog.md
@@ -128,6 +128,9 @@ This will be the first release of Grapevine since it was forked from Conduit
 11. Try to generate thumbnails for remote media ourselves if the federation
     thumbnail request fails.
     ([!58](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/58))
+12. **BREAKING:** Disable unauthenticated access to media by default, set the
+    `serve_media_unauthenticated` config option to `true` to enable it.
+    ([!103](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/103))
 
 ### Fixed
 
diff --git a/src/config.rs b/src/config.rs
index e2c2b0ff..197be925 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -60,6 +60,8 @@ pub(crate) struct Config {
     pub(crate) allow_encryption: bool,
     #[serde(default = "true_fn")]
     pub(crate) allow_room_creation: bool,
+    #[serde(default = "false_fn")]
+    pub(crate) serve_media_unauthenticated: bool,
     #[serde(default = "default_default_room_version")]
     pub(crate) default_room_version: RoomVersionId,
     #[serde(default)]
diff --git a/src/main.rs b/src/main.rs
index 4a683b49..049fd10c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -408,12 +408,24 @@ fn routes(config: &Config) -> Router {
         .ruma_route(c2s::turn_server_route)
         .ruma_route(c2s::send_event_to_device_route);
 
-    // unauthenticated (legacy) media
-    let router = router
-        .ruma_route(c2s::get_media_config_legacy_route)
-        .ruma_route(c2s::get_content_legacy_route)
-        .ruma_route(c2s::get_content_as_filename_legacy_route)
-        .ruma_route(c2s::get_content_thumbnail_legacy_route);
+    // deprecated, but unproblematic
+    let router = router.ruma_route(c2s::get_media_config_legacy_route);
+    let router = if config.serve_media_unauthenticated {
+        router
+            .ruma_route(c2s::get_content_legacy_route)
+            .ruma_route(c2s::get_content_as_filename_legacy_route)
+            .ruma_route(c2s::get_content_thumbnail_legacy_route)
+    } else {
+        router
+            .route(
+                "/_matrix/media/v3/download/*path",
+                any(unauthenticated_media_disabled),
+            )
+            .route(
+                "/_matrix/media/v3/thumbnail/*path",
+                any(unauthenticated_media_disabled),
+            )
+    };
 
     // authenticated media
     let router = router
@@ -570,6 +582,13 @@ async fn federation_disabled(_: Uri) -> impl IntoResponse {
     Error::bad_config("Federation is disabled.")
 }
 
+async fn unauthenticated_media_disabled(_: Uri) -> impl IntoResponse {
+    Error::BadRequest(
+        ErrorKind::NotFound,
+        "Unauthenticated media access is disabled",
+    )
+}
+
 async fn not_found(method: Method, uri: Uri) -> impl IntoResponse {
     debug!(%method, %uri, "Unknown route");
     Error::BadRequest(ErrorKind::Unrecognized, "Unrecognized request")