pistolero@p@fsebugoutzone.org: @Wiz @tadano @mischievoustomato @relaystalker Medi…

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @tadano@mt.watamelon.win
Wiz@Wiz@tsundere.love (2026-05-21 03:15:21)
@tadano @relaystalker @mischievoustomato I think the commonality is us all being on Pleroma, but, federation is sometimes just gay.
---Reply---
pistolero@p@fsebugoutzone.org (2026-05-21 03:18:17)
@Wiz @tadano @mischievoustomato @relaystalker Media proxies are a real motherfucker.  How does Mitra do them?


---Replies---

Tadano@tadano@mt.watamelon.win (2026-05-21 03:37:57)
@p @relaystalker @Wiz @mischievoustomato Not a Rust programmer so I just used Claude to get the following:

When Mitra receives a federated post containing remote media (images, videos, etc.), it doesn't serve those remote URLs directly to clients. Instead, it rewrites them to local proxy URLs that go through its own /api/media_proxy/ endpoint. This keeps client IP addresses private and allows Mitra to enforce content-type and size policies.

Configuration

>mitra_config/src/config.rs exposes a media_proxy_enabled flag (default: true). The server checks this at startup in mitra_api/src/server.rs line 55 and only registers the proxy routes when it's enabled.

URL Rewriting (at serialization time)

The rewriting happens inside ClientMediaServer in mitra_api/src/mastodon_api/media_server.rs. Its url_for() method is called whenever an attachment is serialized into an API response.

For local files it returns a direct filesystem-backed URL. For remote links it generates a signed proxy URL:

>The remote URL is hex-encoded.
>An Ed25519 signature is created over the URL bytes using the instance's secret key.
>The signature is hex-encoded.
>The final URL is: {instance_base}/api/media_proxy/{hex_encoded_url}?signature={hex_signature}
>This rewriting is transparent to API consumers. The attachment serialization in mitra_api/src/mastodon_api/media/types.rs line 71 calls media_server.url_for() for every attachment, and status responses in mitra_api/src/mastodon_api/statuses/types.rs line 188 use this path.

The Proxy Endpoint

>Route: GET /api/media_proxy/{url_encoded}?signature={signature}
>Handler: mitra_api/src/mastodon_api/media_proxy/views.rs line 26

When a client fetches a proxy URL, the handler:

>Verifies the Ed25519 signature against the encoded URL bytes using the same instance key. If the signature is invalid, it rejects the request. This prevents clients from crafting arbitrary proxy URLs to fetch anything.
>Calls stream_media() from apx_sdk (apx_sdk/src/fetch.rs li