npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

matrix-mxc-proxy

v1.0.5

Published

Convert Matrix MXC URIs to external URLs to allow access to files

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

austinhuangaustinhuang

Keywords

matrix

Readme

Matrix MXC proxy

To bridge another platform to Matrix, you must deal with attachments uploaded in that platform. The usual approach is to request the file and pipe the response to your Matrix homeserver's upload endpoint. Now, if you have quite some resources for your homeserver, then that's not really a problem. But what if:

  • You don't want to have the files in your homeserver.
    • Note that a homeserver will only request a remote file if a user explicitly asks for it, when eg. a client needs to render the attachment, etc.
  • You don't want to record the bindings between remote attachments and local MXC URIs.
  • You want to reduce exposure to the files.
    • In most situations (although not mandated by the spec), a remote homeserver will allow you to redirect the media request to somewhere else.
  • You want to have some sort of data forgetfulness.
    • Matrix does not delete media attached to a deleted message (at least for now, if MSC3911 will ever be implemented), but many other platforms do. Given that large homeservers likely purge remote media cache regularly, a deleted media will likely be forgotten for large parts of Matrix gradually.

This library creates a media proxy that converts MXC URIs to URLs, so that the homeservers can obtain the file directly from the URL.

WARNING

I need not to explain how an unsecured arbitrary proxy is a bad idea, so the scope of the proxy should be sufficiently restrictive!!!

Usage

import mxcProxy from 'matrix-mxc-proxy';

const port = 8080; // port to listen on
const domain = 'myproxy.example.com'; // name of the "homeserver"
const getUrl = (id: string) => {
    // eg. if a MXC URI is "mxc://myproxy.example.com/abcdefg"
    // then the id is "abcdefg"
    return `https://cdn.example.org/${id}`; // where the file is
    // return null if an URL cannot be determined
};

mxcProxy(port, domain, getUrl);

A reverse proxy for the domain with TLS should forward to the port.

API

There are two endpoints:

GET /.well-known/matrix/server

Returns the domain, plus :443. See Matrix spec.

GET /_matrix/media/v3/download/{serverName}/{mediaId}

See Matrix spec. Regarding this implementation:

  • The serverName MUST be the same domain as where the proxy is reachable at. Otherwise, error code ME.AUSTINHUANG.MXC_PROXY.NOT_SUPPORTED will be thrown with status code 403.
  • Given the specified getUrl function, if getUrl(mediaId) returns null, error code ME.AUSTINHUANG.MXC_PROXY.CANNOT_CONVERT will be thrown with status code 400.
  • The allow_redirect query parameter is respected. If true, a 308 redirect to the output of getUrl(mediaId) will be given. Otherwise, the file will be proxied which, if failed, will throw error code ME.AUSTINHUANG.MXC_PROXY.PROXY_ERROR with status code 504.
  • The allow_remote query parameter is ignored; the server acts as if it is always false, given its purpose, as well as expected homeserver behaviour.
  • The timeout_ms query parameter is respected as specified.