address review and add option

Author: 6543

custom/conf/app.example.ini

@@ -428,6 +428,8 @@ INTERNAL_TOKEN=
 ;CAMO_SERVER_URL =
 ;; HMAC to encode urls with
 ;CAMO_HMAC_KEY =
+;; Set to true to use camo for https too lese only non https urls are proxyed
+;CAMO_ALLWAYS = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -516,6 +516,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 - `CAMO_SERVER_URL`: **<empty>**: If you would like to use a camo proxy to proxy images from rendered content, set the camo server url here
 - `CAMO_HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding urls
+- `CAMO_ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed
 
 ## OpenID (`openid`)
 

modules/markup/camo.go

@@ -1,4 +1,4 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2022 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
@@ -16,7 +16,7 @@ import (
 
 // CamoEncode encodes a lnk to fit with the go-camo and camo proxy links
 func CamoEncode(link string) string {
-	if strings.HasPrefix(link, setting.CamoServerURL) || len(setting.CamoHMACKey) == 0 {
+	if strings.HasPrefix(link, setting.CamoServerURL) {
 		return link
 	}
 

modules/markup/html.go

@@ -387,9 +387,9 @@ func visitNode(ctx *RenderContext, procs, textProcs []processor, node *html.Node
 					attr.Val = util.URLJoin(prefix, attr.Val)
 				}
 				if setting.CamoServerURL != "" {
-					lnkURL, _ := url.Parse(attr.Val)
-					if lnkURL.IsAbs() && !strings.HasPrefix(attr.Val, setting.AppURL) {
-						// We should camo this url
+					lnkURL, err := url.Parse(attr.Val)
+					if err != nil && lnkURL.IsAbs() && !strings.HasPrefix(attr.Val, setting.AppURL) &&
+						(setting.CamoAllways || lnkURL.Scheme != "https") {
 						attr.Val = CamoEncode(attr.Val)
 					}
 				}

modules/setting/setting.go

@@ -198,6 +198,7 @@ var (
 	SuccessfulTokensCacheSize          int
 	CamoServerURL                      string
 	CamoHMACKey                        string
+	CamoAllways                        bool
 
 	// UI settings
 	UI = struct {
@@ -914,9 +915,15 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
 	PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2")
 	CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
 	PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
+	SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)
+
 	CamoServerURL = sec.Key("CAMO_SERVER_URL").MustString("")
 	CamoHMACKey = sec.Key("CAMO_HMAC_KEY").MustString("")
-	SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)
+	CamoAllways = sec.Key("CAMO_ALLWAYS").MustBool(false)
+	if CamoServerURL != "" && CamoHMACKey == "" {
+		log.Error("CAMO_SERVER_URL is set but CAMO_HMAC_KEY is empty, skip media proxy settings")
+		CamoServerURL = ""
+	}
 
 	InternalToken = loadInternalToken(sec)
 	if InstallLock && InternalToken == "" {