v12: Add HMAC image processing protection

src/Umbraco.Cms.Imaging.ImageSharp/ConfigureImageSharpMiddlewareOptions.cs

@@ -10,7 +10,7 @@
 namespace Umbraco.Cms.Imaging.ImageSharp;
 
 /// <summary>
-///     Configures the ImageSharp middleware options.
+/// Configures the ImageSharp middleware options.
 /// </summary>
 /// <seealso cref="IConfigureOptions{ImageSharpMiddlewareOptions}" />
 public sealed class ConfigureImageSharpMiddlewareOptions : IConfigureOptions<ImageSharpMiddlewareOptions>
@@ -19,7 +19,7 @@ public sealed class ConfigureImageSharpMiddlewareOptions : IConfigureOptions<Ima
     private readonly ImagingSettings _imagingSettings;
 
     /// <summary>
-    ///     Initializes a new instance of the <see cref="ConfigureImageSharpMiddlewareOptions" /> class.
+    /// Initializes a new instance of the <see cref="ConfigureImageSharpMiddlewareOptions" /> class.
     /// </summary>
     /// <param name="configuration">The ImageSharp configuration.</param>
     /// <param name="imagingSettings">The Umbraco imaging settings.</param>
@@ -34,29 +34,27 @@ public void Configure(ImageSharpMiddlewareOptions options)
     {
         options.Configuration = _configuration;
 
+        options.HMACSecretKey = _imagingSettings.HMACSecretKey;
         options.BrowserMaxAge = _imagingSettings.Cache.BrowserMaxAge;
         options.CacheMaxAge = _imagingSettings.Cache.CacheMaxAge;
         options.CacheHashLength = _imagingSettings.Cache.CacheHashLength;
 
         // Use configurable maximum width and height
         options.OnParseCommandsAsync = context =>
         {
-            if (context.Commands.Count == 0)
+            if (context.Commands.Count == 0 || _imagingSettings.HMACSecretKey.Length > 0)
             {
+                // Nothing to parse or using HMAC authentication
                 return Task.CompletedTask;
             }
 
-            var width = context.Parser.ParseValue<int>(
-                context.Commands.GetValueOrDefault(ResizeWebProcessor.Width),
-                context.Culture);
+            int width = context.Parser.ParseValue<int>(context.Commands.GetValueOrDefault(ResizeWebProcessor.Width), context.Culture);
             if (width <= 0 || width > _imagingSettings.Resize.MaxWidth)
             {
                 context.Commands.Remove(ResizeWebProcessor.Width);
             }
 
-            var height = context.Parser.ParseValue<int>(
-                context.Commands.GetValueOrDefault(ResizeWebProcessor.Height),
-                context.Culture);
+            int height = context.Parser.ParseValue<int>(context.Commands.GetValueOrDefault(ResizeWebProcessor.Height), context.Culture);
             if (height <= 0 || height > _imagingSettings.Resize.MaxHeight)
             {
                 context.Commands.Remove(ResizeWebProcessor.Height);
@@ -72,11 +70,16 @@ public void Configure(ImageSharpMiddlewareOptions options)
             {
                 ResponseHeaders headers = context.Response.GetTypedHeaders();
 
-                CacheControlHeaderValue cacheControl =
-                    headers.CacheControl ?? new CacheControlHeaderValue { Public = true };
-                cacheControl.MustRevalidate = false; // ImageSharp enables this by default
+                CacheControlHeaderValue cacheControl = headers.CacheControl ?? new CacheControlHeaderValue()
+                {
+                    Public = true
+                };
+
+                // ImageSharp enables cache revalidation by default, so disable and add immutable directive
+                cacheControl.MustRevalidate = false;
                 cacheControl.Extensions.Add(new NameValueHeaderValue("immutable"));
 
+                // Set updated value
                 headers.CacheControl = cacheControl;
             }
 

src/Umbraco.Cms.Imaging.ImageSharp/Media/ImageSharpImageUrlGenerator.cs

@@ -1,7 +1,9 @@
 using System.Globalization;
 using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Primitives;
 using SixLabors.ImageSharp.Web.Processors;
+using Umbraco.Cms.Core.DependencyInjection;
 using Umbraco.Cms.Core.Media;
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Imaging.ImageSharp.ImageProcessors;
@@ -10,31 +12,47 @@
 namespace Umbraco.Cms.Imaging.ImageSharp.Media;
 
 /// <summary>
-///     Exposes a method that generates an image URL based on the specified options that can be processed by ImageSharp.
+/// Exposes a method that generates an image URL based on the specified options that can be processed by ImageSharp.
 /// </summary>
 /// <seealso cref="IImageUrlGenerator" />
 public sealed class ImageSharpImageUrlGenerator : IImageUrlGenerator
 {
-    /// <inheritdoc />
-    public IEnumerable<string> SupportedImageFileTypes { get; }
+    private readonly RequestAuthorizationUtilities? _requestAuthorizationUtilities;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="ImageSharpImageUrlGenerator" /> class.
+    /// </summary>
+    /// <param name="configuration">The ImageSharp configuration.</param>
+    /// <param name="requestAuthorizationUtilities">Contains helpers that allow authorization of image requests.</param>
+    public ImageSharpImageUrlGenerator(Configuration configuration, RequestAuthorizationUtilities? requestAuthorizationUtilities)
+        : this(configuration.ImageFormats.SelectMany(f => f.FileExtensions).ToArray(), requestAuthorizationUtilities)
+    { }
 
     /// <summary>
-    ///     Initializes a new instance of the <see cref="ImageSharpImageUrlGenerator" /> class.
+    /// Initializes a new instance of the <see cref="ImageSharpImageUrlGenerator" /> class.
     /// </summary>
     /// <param name="configuration">The ImageSharp configuration.</param>
+    [Obsolete("Use ctor with all params - This will be removed in Umbraco 13.")]
     public ImageSharpImageUrlGenerator(Configuration configuration)
-        : this(configuration.ImageFormats.SelectMany(f => f.FileExtensions).ToArray())
+        : this(configuration, StaticServiceProvider.Instance.GetService<RequestAuthorizationUtilities>())
     { }
 
     /// <summary>
-    ///     Initializes a new instance of the <see cref="ImageSharpImageUrlGenerator" /> class.
+    /// Initializes a new instance of the <see cref="ImageSharpImageUrlGenerator" /> class.
     /// </summary>
     /// <param name="supportedImageFileTypes">The supported image file types/extensions.</param>
+    /// <param name="requestAuthorizationUtilities">Contains helpers that allow authorization of image requests.</param>
     /// <remarks>
-    ///     This constructor is only used for testing.
+    /// This constructor is only used for testing.
     /// </remarks>
-    internal ImageSharpImageUrlGenerator(IEnumerable<string> supportedImageFileTypes) =>
+    internal ImageSharpImageUrlGenerator(IEnumerable<string> supportedImageFileTypes, RequestAuthorizationUtilities? requestAuthorizationUtilities = null)
+    {
         SupportedImageFileTypes = supportedImageFileTypes;
+        _requestAuthorizationUtilities = requestAuthorizationUtilities;
+    }
+
+    /// <inheritdoc />
+    public IEnumerable<string> SupportedImageFileTypes { get; }
 
     /// <inheritdoc />
     public string? GetImageUrl(ImageUrlGenerationOptions? options)
@@ -47,57 +65,63 @@ internal ImageSharpImageUrlGenerator(IEnumerable<string> supportedImageFileTypes
         var queryString = new Dictionary<string, string?>();
         Dictionary<string, StringValues> furtherOptions = QueryHelpers.ParseQuery(options.FurtherOptions);
 
-        if (options.Crop is not null)
+        if (options.Crop is CropCoordinates crop)
         {
-            CropCoordinates? crop = options.Crop;
-            queryString.Add(
-                CropWebProcessor.Coordinates,
-                FormattableString.Invariant($"{crop.Left},{crop.Top},{crop.Right},{crop.Bottom}"));
+            queryString.Add(CropWebProcessor.Coordinates, FormattableString.Invariant($"{crop.Left},{crop.Top},{crop.Right},{crop.Bottom}"));
         }
 
-        if (options.FocalPoint is not null)
+        if (options.FocalPoint is FocalPointPosition focalPoint)
         {
-            queryString.Add(ResizeWebProcessor.Xy, FormattableString.Invariant($"{options.FocalPoint.Left},{options.FocalPoint.Top}"));
+            queryString.Add(ResizeWebProcessor.Xy, FormattableString.Invariant($"{focalPoint.Left},{focalPoint.Top}"));
         }
 
-        if (options.ImageCropMode is not null)
+        if (options.ImageCropMode is ImageCropMode imageCropMode)
         {
-            queryString.Add(ResizeWebProcessor.Mode, options.ImageCropMode.ToString()?.ToLowerInvariant());
+            queryString.Add(ResizeWebProcessor.Mode, imageCropMode.ToString().ToLowerInvariant());
         }
 
-        if (options.ImageCropAnchor is not null)
+        if (options.ImageCropAnchor is ImageCropAnchor imageCropAnchor)
         {
-            queryString.Add(ResizeWebProcessor.Anchor, options.ImageCropAnchor.ToString()?.ToLowerInvariant());
+            queryString.Add(ResizeWebProcessor.Anchor, imageCropAnchor.ToString().ToLowerInvariant());
         }
 
-        if (options.Width is not null)
+        if (options.Width is int width)
         {
-            queryString.Add(ResizeWebProcessor.Width, options.Width?.ToString(CultureInfo.InvariantCulture));
+            queryString.Add(ResizeWebProcessor.Width, width.ToString(CultureInfo.InvariantCulture));
         }
 
-        if (options.Height is not null)
+        if (options.Height is int height)
         {
-            queryString.Add(ResizeWebProcessor.Height, options.Height?.ToString(CultureInfo.InvariantCulture));
+            queryString.Add(ResizeWebProcessor.Height, height.ToString(CultureInfo.InvariantCulture));
         }
 
         if (furtherOptions.Remove(FormatWebProcessor.Format, out StringValues format))
         {
-            queryString.Add(FormatWebProcessor.Format, format[0]);
+            queryString.Add(FormatWebProcessor.Format, format.ToString());
         }
 
-        if (options.Quality is not null)
+        if (options.Quality is int quality)
         {
-            queryString.Add(QualityWebProcessor.Quality, options.Quality?.ToString(CultureInfo.InvariantCulture));
+            queryString.Add(QualityWebProcessor.Quality, quality.ToString(CultureInfo.InvariantCulture));
         }
 
         foreach (KeyValuePair<string, StringValues> kvp in furtherOptions)
         {
             queryString.Add(kvp.Key, kvp.Value);
         }
 
-        if (options.CacheBusterValue is not null && !string.IsNullOrWhiteSpace(options.CacheBusterValue))
+        if (options.CacheBusterValue is string cacheBusterValue && !string.IsNullOrEmpty(cacheBusterValue))
+        {
+            queryString.Add("v", cacheBusterValue);
+        }
+
+        if (_requestAuthorizationUtilities is not null)
         {
-            queryString.Add("rnd", options.CacheBusterValue);
+            var uri = QueryHelpers.AddQueryString(options.ImageUrl, queryString);
+            if (_requestAuthorizationUtilities.ComputeHMAC(uri, CommandHandling.Sanitize) is string token && !string.IsNullOrEmpty(token))
+            {
+                queryString.Add(RequestAuthorizationUtilities.TokenCommand, token);
+            }
         }
 
         return QueryHelpers.AddQueryString(options.ImageUrl, queryString);

src/Umbraco.Core/Configuration/Models/ImagingResizeSettings.cs

@@ -6,21 +6,21 @@
 namespace Umbraco.Cms.Core.Configuration.Models;
 
 /// <summary>
-///     Typed configuration options for image resize settings.
+/// Typed configuration options for image resize settings.
 /// </summary>
 public class ImagingResizeSettings
 {
     internal const int StaticMaxWidth = 5000;
     internal const int StaticMaxHeight = 5000;
 
     /// <summary>
-    ///     Gets or sets a value for the maximim resize width.
+    /// Gets or sets a value for the maximum resize width.
     /// </summary>
     [DefaultValue(StaticMaxWidth)]
     public int MaxWidth { get; set; } = StaticMaxWidth;
 
     /// <summary>
-    ///     Gets or sets a value for the maximim resize height.
+    /// Gets or sets a value for the maximum resize height.
     /// </summary>
     [DefaultValue(StaticMaxHeight)]
     public int MaxHeight { get; set; } = StaticMaxHeight;

src/Umbraco.Core/Configuration/Models/ImagingSettings.cs

@@ -4,18 +4,27 @@
 namespace Umbraco.Cms.Core.Configuration.Models;
 
 /// <summary>
-///     Typed configuration options for imaging settings.
+/// Typed configuration options for imaging settings.
 /// </summary>
 [UmbracoOptions(Constants.Configuration.ConfigImaging)]
 public class ImagingSettings
 {
     /// <summary>
-    ///     Gets or sets a value for imaging cache settings.
+    /// Gets or sets a value for the Hash-based Message Authentication Code (HMAC) secret key for request authentication.
+    /// </summary>
+    /// <remarks>
+    /// Setting or updating this value will cause all existing generated URLs to become invalid and return a 400 Bad Request response code.
+    /// When set, the maximum resize settings are not used/validated anymore, because you can only request URLs with a valid HMAC token anyway.
+    /// </remarks>
+    public byte[] HMACSecretKey { get; set; } = Array.Empty<byte>();
+
+    /// <summary>
+    /// Gets or sets a value for imaging cache settings.
     /// </summary>
     public ImagingCacheSettings Cache { get; set; } = new();
 
     /// <summary>
-    ///     Gets or sets a value for imaging resize settings.
+    /// Gets or sets a value for imaging resize settings.
     /// </summary>
     public ImagingResizeSettings Resize { get; set; } = new();
 }