Travis Ralston 6 years ago
parent dda7afa845
commit 1f86e8e31b

@ -1,4 +1,5 @@
# Copyright 2016 OpenMarket Ltd # Copyright 2016 OpenMarket Ltd
# Copyright 2019 The Matrix.org Foundation C.I.C.
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -58,66 +59,41 @@ paths:
format: byte format: byte
responses: responses:
200: 200:
description: The MXC URI for the uploaded content. description: The `MXC URI`_ for the uploaded content.
schema: schema:
type: object type: object
required: ["content_uri"] required: ["content_uri"]
properties: properties:
content_uri: content_uri:
type: string type: string
description: "The MXC URI to the uploaded content." description: "The `MXC URI`_ to the uploaded content."
examples: examples:
application/json: { application/json: {
"content_uri": "mxc://example.com/AQwafuaFswefuhsfAFAgsw" "content_uri": "mxc://example.com/AQwafuaFswefuhsfAFAgsw"
} }
429: 403:
description: This request was rate-limited. description: |-
The user does not have permission to upload the content. Some reasons for this error include:
- The server does not permit the file type.
- The user has reached a quota for uploaded content.
examples:
application/json: {
"errcode": "M_FORBIDDEN",
"error": "Cannot upload this content"
}
schema: schema:
"$ref": "definitions/errors/rate_limited.yaml" "$ref": "definitions/errors/error.yaml"
tags: 413:
- Media description: |-
"/download/{serverName}/{mediaId}": The uploaded content is too large for the server.
get: examples:
summary: "Download content from the content repository." application/json: {
operationId: getContent "errcode": "M_TOO_LARGE",
produces: ["*/*"] "error": "Cannot upload files larger than 100mb"
parameters: }
- in: path
type: string
name: serverName
x-example: matrix.org
required: true
description: |
The server name from the ``mxc://`` URI (the authoritory component)
- in: path
type: string
name: mediaId
x-example: ascERGshawAWawugaAcauga
required: true
description: |
The media ID from the ``mxc://`` URI (the path component)
- in: query
type: boolean
name: allow_remote
x-example: false
required: false
default: true
description: |
Indicates to the server that it should not attempt to fetch the media if it is deemed
remote. This is to prevent routing loops where the server contacts itself. Defaults to
true if not provided.
responses:
200:
description: "The content that was previously uploaded."
headers:
Content-Type:
description: "The content type of the file that was previously uploaded."
type: "string"
Content-Disposition:
description: "The name of the file that was previously uploaded, if set."
type: "string"
schema: schema:
type: file "$ref": "definitions/errors/error.yaml"
429: 429:
description: This request was rate-limited. description: This request was rate-limited.
schema: schema:
@ -126,8 +102,8 @@ paths:
- Media - Media
"/download/{serverName}/{mediaId}/{fileName}": "/download/{serverName}/{mediaId}/{fileName}":
get: get:
summary: "Download content from the content repository as a given filename." summary: "Download content from the content repository."
operationId: getContentOverrideName operationId: getContent
produces: ["*/*"] produces: ["*/*"]
parameters: parameters:
- in: path - in: path
@ -148,9 +124,7 @@ paths:
type: string type: string
name: fileName name: fileName
x-example: filename.jpg x-example: filename.jpg
required: true description: An optional filename to give in the ``Content-Disposition`` header.
description: |
The filename to give in the Content-Disposition
- in: query - in: query
type: boolean type: boolean
name: allow_remote name: allow_remote
@ -169,10 +143,24 @@ paths:
description: "The content type of the file that was previously uploaded." description: "The content type of the file that was previously uploaded."
type: "string" type: "string"
Content-Disposition: Content-Disposition:
description: "The name of file given in the request" description: |-
The ``fileName`` requested or the name of the file that was previously
uploaded, if set.
type: "string" type: "string"
schema: schema:
type: file type: file
# This is a workaround for us not being able to say the response is required.
description: "**Required.** The bytes for the uploaded file."
502:
description: |-
The content is too large for the server to serve.
examples:
application/json: {
"errcode": "M_TOO_LARGE",
"error": "Content is too large to serve"
}
schema:
"$ref": "definitions/errors/error.yaml"
429: 429:
description: This request was rate-limited. description: This request was rate-limited.
schema: schema:
@ -181,7 +169,9 @@ paths:
- Media - Media
"/thumbnail/{serverName}/{mediaId}": "/thumbnail/{serverName}/{mediaId}":
get: get:
summary: "Download a thumbnail of the content from the content repository." summary: |-
Download a thumbnail of content from the content repository. See the `thumbnailing <#thumbnails>`_
section for more information.
operationId: getContentThumbnail operationId: getContentThumbnail
produces: ["image/jpeg", "image/png"] produces: ["image/jpeg", "image/png"]
parameters: parameters:
@ -189,7 +179,7 @@ paths:
type: string type: string
name: serverName name: serverName
required: true required: true
x-example: matrix.org x-example: example.org
description: | description: |
The server name from the ``mxc://`` URI (the authoritory component) The server name from the ``mxc://`` URI (the authoritory component)
- in: path - in: path
@ -205,22 +195,24 @@ paths:
name: width name: width
required: true required: true
description: |- description: |-
The *desired* width of the thumbnail. The actual thumbnail may not The *desired* width of the thumbnail. The actual thumbnail may be
match the size specified. larger than the size specified.
- in: query - in: query
type: integer type: integer
x-example: 64 x-example: 64
name: height name: height
required: true required: true
description: |- description: |-
The *desired* height of the thumbnail. The actual thumbnail may not The *desired* height of the thumbnail. The actual thumbnail may be
match the size specified. larger than the size specified.
- in: query - in: query
type: string type: string
enum: ["crop", "scale"] enum: ["crop", "scale"]
name: method name: method
x-example: "scale" x-example: "scale"
description: The desired resizing method. description: |-
The desired resizing method. See the `thumbnailing <#thumbnails>`_
section for more information.
- in: query - in: query
type: boolean type: boolean
name: allow_remote name: allow_remote
@ -241,6 +233,40 @@ paths:
enum: ["image/jpeg", "image/png"] enum: ["image/jpeg", "image/png"]
schema: schema:
type: file type: file
# This is a workaround for us not being able to say the response is required.
description: "**Required.** The bytes for the thumbnail."
400:
description: |-
The request does not make sense to the server, or the server cannot thumbnail
the content. For example, the client requested non-integer dimensions or asked
for negatively-sized images.
examples:
application/json: {
"errcode": "M_UNKNOWN",
"error": "Cannot generate thumbnails for the requested content"
}
schema:
"$ref": "definitions/errors/error.yaml"
413:
description: |-
The local content is too large for the server to thumbnail.
examples:
application/json: {
"errcode": "M_TOO_LARGE",
"error": "Content is too large to thumbnail"
}
schema:
"$ref": "definitions/errors/error.yaml"
502:
description: |-
The remote content is too large for the server to thumbnail.
examples:
application/json: {
"errcode": "M_TOO_LARGE",
"error": "Content is too large to thumbnail"
}
schema:
"$ref": "definitions/errors/error.yaml"
429: 429:
description: This request was rate-limited. description: This request was rate-limited.
schema: schema:
@ -259,7 +285,7 @@ paths:
type: string type: string
x-example: "https://matrix.org" x-example: "https://matrix.org"
name: url name: url
description: "The URL to get a preview of" description: "The URL to get a preview of."
required: true required: true
- in: query - in: query
type: integer type: integer
@ -287,7 +313,7 @@ paths:
"og:image": "og:image":
type: string type: string
description: |- description: |-
An MXC URI to the image. Omitted if there is no image. An `MXC URI`_ to the image. Omitted if there is no image.
examples: examples:
application/json: { application/json: {
"og:title": "Matrix Blog Post", "og:title": "Matrix Blog Post",

@ -70,7 +70,7 @@ paths:
type: object type: object
example: { example: {
"membership": "join", "membership": "join",
"avatar_url": "mxc://localhost/SEsfnsuifSDFSSEF#auto", "avatar_url": "mxc://localhost/SEsfnsuifSDFSSEF",
"displayname": "Alice Margatroid" "displayname": "Alice Margatroid"
} }
responses: responses:

@ -0,0 +1 @@
Clarify how the content repository works, and what it is used for.

@ -4,7 +4,7 @@
"type": "m.room.member", "type": "m.room.member",
"content": { "content": {
"membership": "join", "membership": "join",
"avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF#auto", "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
"displayname": "Alice Margatroid" "displayname": "Alice Margatroid"
} }
} }

@ -2,7 +2,7 @@
"$ref": "m.room.member", "$ref": "m.room.member",
"content": { "content": {
"membership": "invite", "membership": "invite",
"avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF#auto", "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
"displayname": "Alice Margatroid" "displayname": "Alice Margatroid"
}, },
"unsigned": { "unsigned": {

@ -2,7 +2,7 @@
"$ref": "m.room.member", "$ref": "m.room.member",
"content": { "content": {
"membership": "invite", "membership": "invite",
"avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF#auto", "avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
"displayname": "Alice Margatroid", "displayname": "Alice Margatroid",
"third_party_invite": { "third_party_invite": {
"display_name": "alice", "display_name": "alice",

@ -19,7 +19,7 @@ properties:
type: integer type: integer
thumbnail_url: thumbnail_url:
description: |- description: |-
The URL to a thumbnail of the image. Only present if the The `MXC URI`_ to a thumbnail of the image. Only present if the
thumbnail is unencrypted. thumbnail is unencrypted.
type: string type: string
thumbnail_file: thumbnail_file:

@ -27,7 +27,7 @@ properties:
- m.audio - m.audio
type: string type: string
url: url:
description: Required if the file is not encrypted. The URL to the audio clip. description: Required if the file is not encrypted. The `MXC URI`_ to the audio clip.
type: string type: string
file: file:
description: |- description: |-

@ -42,7 +42,7 @@ properties:
- m.file - m.file
type: string type: string
url: url:
description: Required if the file is unencrypted. The URL to the file. description: Required if the file is unencrypted. The `MXC URI`_ to the file.
type: string type: string
file: file:
description: |- description: |-

@ -17,7 +17,7 @@ properties:
- m.image - m.image
type: string type: string
url: url:
description: Required if the file is unencrypted. The URL to the image. description: Required if the file is unencrypted. The `MXC URI`_ to the image.
type: string type: string
file: file:
description: |- description: |-

@ -28,7 +28,7 @@ properties:
type: integer type: integer
thumbnail_url: thumbnail_url:
description: |- description: |-
The URL to an image thumbnail of the video clip. Only present if the The `MXC URI`_ to an image thumbnail of the video clip. Only present if the
thumbnail is unencrypted. thumbnail is unencrypted.
type: string type: string
thumbnail_file: thumbnail_file:
@ -48,7 +48,7 @@ properties:
- m.video - m.video
type: string type: string
url: url:
description: Required if the file is unencrypted. The URL to the video clip. description: Required if the file is unencrypted. The `MXC URI`_ to the video clip.
type: string type: string
file: file:
description: |- description: |-

@ -1,4 +1,5 @@
.. Copyright 2016 OpenMarket Ltd .. Copyright 2016 OpenMarket Ltd
.. Copyright 2019 The Matrix.org Foundation C.I.C.
.. ..
.. Licensed under the Apache License, Version 2.0 (the "License"); .. Licensed under the Apache License, Version 2.0 (the "License");
.. you may not use this file except in compliance with the License. .. you may not use this file except in compliance with the License.
@ -17,27 +18,38 @@ Content repository
.. _module:content: .. _module:content:
This module allows users to upload content to their homeserver which is The content repository (or "media repository") allows users to upload
retrievable from other homeservers. Its' purpose is to allow users to share files to their homeserver for later user. For example, files which the
attachments in a room. Content locations are represented as Matrix Content (MXC) user wants to send to a room would be uploaded here, as would an avatar
URIs. They look like:: the user wants to use.
mxc://<server-name>/<media-id> Uploads are POSTed to a resource on the user's local homeserver which
returns a MXC URI which can later be used to GET the download. Content
<server-name> : The name of the homeserver where this content originated, e.g. matrix.org is downloaded from the recipient's local homeserver, which must first
<media-id> : An opaque ID which identifies the content. transfer the content from the origin homeserver using the same API
(unless the origin and destination homeservers are the same).
Uploads are POSTed to a resource on the user's local homeserver which returns a
token which is used to GET the download. Content is downloaded from the
recipient's local homeserver, which must first transfer the content from the
origin homeserver using the same API (unless the origin and destination
homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy`` When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``sandbox; default-src 'none'; script-src header. The recommended policy is ``sandbox; default-src 'none'; script-src
'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
'self';``. 'self';``.
Content in the repository should be treated as bytes as it may be encrypted.
Matrix Content (MXC) URIs
-------------------------
.. _`MXC URI`:
Content locations are represented as Matrix Content (MXC) URIs. They look
like::
mxc://<server-name>/<media-id>
<server-name> : The name of the homeserver where this content originated, e.g. matrix.org
<media-id> : An opaque ID which identifies the content.
Client behaviour Client behaviour
---------------- ----------------
@ -47,6 +59,11 @@ Clients can upload and download content using the following HTTP APIs.
Thumbnails Thumbnails
~~~~~~~~~~ ~~~~~~~~~~
The homeserver SHOULD be able to supply thumbnails for uploaded images and
videos. The exact file types which can be thumbnailed are not currently
specified - see `Issue #1938 <https://github.com/matrix-org/matrix-doc/issues/1938>`_
for more information.
The thumbnail methods are "crop" and "scale". "scale" tries to return an The thumbnail methods are "crop" and "scale". "scale" tries to return an
image where either the width or the height is smaller than the requested image where either the width or the height is smaller than the requested
size. The client should then scale and letterbox the image if it needs to size. The client should then scale and letterbox the image if it needs to
@ -55,18 +72,32 @@ width and height are close to the requested size and the aspect matches
the requested size. The client should scale the image if it needs to fit the requested size. The client should scale the image if it needs to fit
within a given rectangle. within a given rectangle.
The dimensions given to the thumbnail API are the minimum size the client
would prefer. Servers must never return thumbnails smaller than the client's
requested dimensions, unless the content being thumbnailed is smaller than
the dimensions. When the content is smaller than the requested dimensions,
servers should return the original content rather than thumbnail it.
Servers SHOULD pre-calculate or have a list of set dimensions for which they
will thumbnail content at. For example, the server may choose that it will
only create thumbnails sized 96x96 or 512x512. When the client requests a
thumbnail, the server will pick the size which is larger than the requested
dimensions. Servers SHOULD pre-calculate the following thumbnails for uploaded
content, and limit thumbnails to the same sizes:
* 32x32, crop
* 96x96, crop
* 320x240, scale
* 640x480, scale
* 800x600, scale
In summary: In summary:
* "scale" maintains the original aspect ratio of the image * "scale" maintains the original aspect ratio of the image
* "crop" provides an image in the aspect ratio of the sizes given in the request * "crop" provides an image in the aspect ratio of the sizes given in the request
* The server will return an image larger than or equal to the dimensions requested
where possible.
Server behaviour Servers MUST NOT upscale thumbnails under any circumstance.
----------------
Homeservers may generate thumbnails for content uploaded to remote
homeservers themselves or may rely on the remote homeserver to thumbnail
the content. Homeservers may return thumbnails of a different size to that
requested. However homeservers should provide exact matches where reasonable.
Homeservers must never upscale images.
Security considerations Security considerations
----------------------- -----------------------
@ -88,16 +119,20 @@ UTF-8 encoded traversals, etc).
Homeservers have additional content-specific concerns: Homeservers have additional content-specific concerns:
- Clients may try to upload very large files. Homeservers should not store files - Clients may try to upload very large files. Homeservers should not store files
that are too large and should not serve them to clients. that are too large and should not serve them to clients, returning a HTTP 413
error with the ``M_TOO_LARGE`` code.
- Clients may try to upload very large images. Homeservers should not attempt to - Clients may try to upload very large images. Homeservers should not attempt to
generate thumbnails for images that are too large. generate thumbnails for images that are too large, returning a HTTP 413 error
with the ``M_TOO_LARGE`` code.
- Remote homeservers may host very large files or images. Homeservers should not - Remote homeservers may host very large files or images. Homeservers should not
proxy or thumbnail large files or images from remote homeservers. proxy or thumbnail large files or images from remote homeservers, returning a
HTTP 502 error with the ``M_TOO_LARGE`` code.
- Clients may try to upload a large number of files. Homeservers should limit the - Clients may try to upload a large number of files. Homeservers should limit the
number and total size of media that can be uploaded by clients. number and total size of media that can be uploaded by clients, returning a
HTTP 403 error with the ``M_FORBIDDEN`` code.
- Clients may try to access a large number of remote files through a homeserver. - Clients may try to access a large number of remote files through a homeserver.
Homeservers should restrict the number and size of remote files that it caches. Homeservers should restrict the number and size of remote files that it caches.

Loading…
Cancel
Save