Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate media proxy origin config on deploy

Browse Source
This commit is contained in:
Jage9
2026-03-08 21:26:07 -04:00
parent 6368187ee4
commit 47d4a61256
3 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
deploy/README.md
View File

@@ -110,11 +110,9 @@ ProxyPassReverse /listen/8000/ http://127.0.0.1:8000/
`deploy/php/media_proxy.php` is copied into your publish directory by `deploy_client.sh`. `deploy/php/media_proxy.php` is copied into your publish directory by `deploy_client.sh`.
The proxy also requires the same `CHGRID_HOST_ORIGIN` value in the PHP/Apache environment so only your own site origin can read from it. For Apache, one simple option is: When `server/.env` contains `CHGRID_HOST_ORIGIN`, `deploy_client.sh` also generates `media_proxy.config.php` in the publish directory so the proxy can enforce the same origin without extra Apache-specific config.
```apache If you deploy the PHP proxy some other way, you can still provide `CHGRID_HOST_ORIGIN` directly through your PHP/web-server environment.
SetEnv CHGRID_HOST_ORIGIN https://example.com
```
Use: Use:

20
deploy/php/media_proxy.php
View File

@@ -147,6 +147,24 @@ function normalize_origin($value)
return $scheme . '://' . $host . $port; return $scheme . '://' . $host . $port;
} }
function load_proxy_host_origin()
{
$fromEnv = normalize_origin(getenv('CHGRID_HOST_ORIGIN'));
if ($fromEnv !== '') {
return $fromEnv;
}
$configPath = __DIR__ . '/media_proxy.config.php';
if (!is_file($configPath)) {
return '';
}
$config = require $configPath;
if (!is_array($config) || !isset($config['host_origin'])) {
return '';
}
return normalize_origin($config['host_origin']);
}
function host_matches_suffix($host, $suffix) function host_matches_suffix($host, $suffix)
{ {
if ($suffix === '') { if ($suffix === '') {
@@ -412,7 +430,7 @@ function resolve_safe_redirect_chain($initialUrl, $allowlistSuffixes, $requestHe
// Optional allowlist env var: CHGRID_MEDIA_PROXY_ALLOWLIST=dropbox.com,example.com // Optional allowlist env var: CHGRID_MEDIA_PROXY_ALLOWLIST=dropbox.com,example.com
$allowlistEnv = getenv('CHGRID_MEDIA_PROXY_ALLOWLIST'); $allowlistEnv = getenv('CHGRID_MEDIA_PROXY_ALLOWLIST');
$allowlistSuffixes = parse_allowlist_suffixes($allowlistEnv); $allowlistSuffixes = parse_allowlist_suffixes($allowlistEnv);
$allowedOrigin = normalize_origin(getenv('CHGRID_HOST_ORIGIN')); $allowedOrigin = load_proxy_host_origin();
if ($allowedOrigin === '') { if ($allowedOrigin === '') {
send_text(500, 'CHGRID_HOST_ORIGIN is required'); send_text(500, 'CHGRID_HOST_ORIGIN is required');
} }

21
deploy/scripts/deploy_client.sh
View File

@@ -7,6 +7,7 @@ PUBLISH_DIR="${2:-$REPO_ROOT/deploy/publish/chgrid}"
BASE_PATH="${3:-/chgrid/}" BASE_PATH="${3:-/chgrid/}"
CLIENT_DIR="$REPO_ROOT/client" CLIENT_DIR="$REPO_ROOT/client"
PHP_PROXY_DIR="$REPO_ROOT/deploy/php" PHP_PROXY_DIR="$REPO_ROOT/deploy/php"
SERVER_ENV_FILE="$REPO_ROOT/server/.env"
PUBLIC_HTACCESS_SRC="$REPO_ROOT/deploy/apache/chgrid-public-htaccess" PUBLIC_HTACCESS_SRC="$REPO_ROOT/deploy/apache/chgrid-public-htaccess"
if [[ ! -d "$CLIENT_DIR" ]]; then if [[ ! -d "$CLIENT_DIR" ]]; then
@@ -30,6 +31,26 @@ if [[ -d "$PHP_PROXY_DIR" ]]; then
rsync -a "$PHP_PROXY_DIR/" "$PUBLISH_DIR/" rsync -a "$PHP_PROXY_DIR/" "$PUBLISH_DIR/"
fi fi
if [[ -f "$SERVER_ENV_FILE" ]]; then
set -a
# shellcheck disable=SC1090
source "$SERVER_ENV_FILE"
set +a
fi
if [[ -n "${CHGRID_HOST_ORIGIN:-}" ]]; then
escaped_host_origin=${CHGRID_HOST_ORIGIN//\\/\\\\}
escaped_host_origin=${escaped_host_origin//\'/\\\'}
cat > "$PUBLISH_DIR/media_proxy.config.php" <<EOF
<?php
return array(
'host_origin' => '$escaped_host_origin',
);
EOF
else
rm -f "$PUBLISH_DIR/media_proxy.config.php"
fi
if [[ -f "$PUBLIC_HTACCESS_SRC" ]]; then if [[ -f "$PUBLIC_HTACCESS_SRC" ]]; then
cp "$PUBLIC_HTACCESS_SRC" "$PUBLISH_DIR/.htaccess" cp "$PUBLIC_HTACCESS_SRC" "$PUBLISH_DIR/.htaccess"
fi fi