diff --git a/.github/workflows/buildx.yaml b/.github/workflows/buildx.yaml new file mode 100644 index 0000000..1938731 --- /dev/null +++ b/.github/workflows/buildx.yaml @@ -0,0 +1,60 @@ +name: buildx + +on: + push: + tags: + - 'v*' + +jobs: + buildx: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Prepare + id: prepare + run: | + DOCKER_IMAGE=andreimarcu/linx-server + DOCKER_PLATFORMS=linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/386 + VERSION=version-${GITHUB_REF#refs/tags/v} + TAGS="--tag ${DOCKER_IMAGE}:${VERSION} --tag ${DOCKER_IMAGE}:latest" + + echo ::set-output name=docker_image::${DOCKER_IMAGE} + echo ::set-output name=version::${VERSION} + echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \ + --build-arg VERSION=${VERSION} \ + --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ + --build-arg VCS_REF=${GITHUB_SHA::8} \ + ${TAGS} --file Dockerfile . + - + name: Set up Docker Buildx + uses: crazy-max/ghaction-docker-buildx@v3 + - + name: Docker Buildx (build) + run: | + docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }} + - + name: Docker Login + if: success() + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + run: | + echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin + - + name: Docker Buildx (push) + if: success() + run: | + docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }} + - + name: Docker Check Manifest + if: always() + run: | + docker run --rm mplatform/mquery ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} + - + name: Clear + if: always() + run: | + rm -f ${HOME}/.docker/config.json diff --git a/.gitignore b/.gitignore index ec613f1..df2bae9 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ _testmain.go linx-server linx-cleanup/linx-cleanup linx-genkey/linx-genkey +linx-server.conf files/ meta/ binaries/ diff --git a/Dockerfile b/Dockerfile index b5a73bf..e9d61f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,11 +18,11 @@ ENV SSL_CERT_FILE /etc/ssl/cert.pem COPY static /go/src/github.com/andreimarcu/linx-server/static/ COPY templates /go/src/github.com/andreimarcu/linx-server/templates/ -RUN mkdir -p /data/files && mkdir -p /data/meta && chown -R 65534:65534 /data +RUN mkdir -p /data/files && mkdir -p /data/meta && mkdir -p /data/locks && chown -R 65534:65534 /data -VOLUME ["/data/files", "/data/meta"] +VOLUME ["/data/files", "/data/meta", "/data/locks"] EXPOSE 8080 USER nobody -ENTRYPOINT ["/usr/local/bin/linx-server", "-bind=0.0.0.0:8080", "-filespath=/data/files/", "-metapath=/data/meta/"] +ENTRYPOINT ["/usr/local/bin/linx-server", "-bind=0.0.0.0:8080", "-filespath=/data/files/", "-metapath=/data/meta/", "-lockspath=/data/locks/"] CMD ["-sitename=linx", "-allowhotlink"] diff --git a/README.md b/README.md index 567d646..6f3b615 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,30 @@ - linx-server ====== -[![Build Status](https://travis-ci.org/andreimarcu/linx-server.svg?branch=master)](https://travis-ci.org/andreimarcu/linx-server) Self-hosted file/media sharing website. +### Is this still active? + +Yes, though the repo may be old, it's still active and I'll try and fix any major issues that occur with my limited time. + ### Demo -You can see what it looks like using the demo: [https://demo.linx-server.net/](https://demo.linx-server.net/) +You can see what it looks like using the demo: [https://put.icu/](https://put.icu/) + + +### Clients +**Official** +- CLI: **linx-client** - [Source](https://github.com/andreimarcu/linx-client) + +**Unofficial** +- Android: **LinxShare** - [Source](https://github.com/iksteen/LinxShare/) | [Google Play](https://play.google.com/store/apps/details?id=org.thegraveyard.linxshare) +- CLI: **golinx** - [Source](https://github.com/mutantmonkey/golinx) ### Features - Display common filetypes (image, video, audio, markdown, pdf) - Display syntax-highlighted code with in-place editing -- Documented API with keys if need to restrict uploads (can use [linx-client](https://github.com/andreimarcu/linx-client) for uploading through command-line) +- Documented API with keys for restricting uploads - Torrent download of files using web seeding - File expiry, deletion key, file access key, and random filename options @@ -28,9 +39,14 @@ Getting started ------------------- #### Using Docker +1. Create directories ```files``` and ```meta``` and run ```chown -R 65534:65534 meta && chown -R 65534:65534 files``` +2. Create a config file (example provided in repo), we'll refer to it as __linx-server.conf__ in the following examples + + + Example running ``` -docker run -p 8080:8080 -v /path/to/meta:/data/meta -v /path/to/files:/data/files andreimarcu/linx-server +docker run -p 8080:8080 -v /path/to/linx-server.conf:/data/linx-server.conf -v /path/to/meta:/data/meta -v /path/to/files:/data/files andreimarcu/linx-server -config /data/linx-server.conf ``` Example with docker-compose @@ -40,11 +56,11 @@ services: linx-server: container_name: linx-server image: andreimarcu/linx-server - entrypoint: /usr/local/bin/linx-server -bind=0.0.0.0:8080 -filespath=/data/files/ -metapath=/data/meta/ - command: -sitename=Linx -siteurl=https://linx.example.com + command: -config /data/linx-server.conf volumes: - /path/to/files:/data/files - /path/to/meta:/data/meta + - /path/to/linx-server.conf:/data/linx-server.conf network_mode: bridge ports: - "8080:8080" @@ -54,43 +70,49 @@ Ideally, you would use a reverse proxy such as nginx or caddy to handle TLS cert #### Using a binary release -1. Grab the latest binary from the [releases](https://github.com/andreimarcu/linx-server/releases) -2. Run ```./linx-server``` - +1. Grab the latest binary from the [releases](https://github.com/andreimarcu/linx-server/releases), then run ```go install``` +2. Run ```linx-server -config path/to/linx-server.conf``` Usage ----- #### Configuration -All configuration options are accepted either as arguments or can be placed in an ini-style file as such: +All configuration options are accepted either as arguments or can be placed in a file as such (see example file linx-server.conf.example in repo): ```ini +bind = 127.0.0.1:8080 +sitename = myLinx maxsize = 4294967296 -allowhotlink = true -# etc -``` -...and then invoke ```linx-server -config path/to/config.ini``` +maxexpiry = 86400 +# ... etc +``` +...and then run ```linx-server -config path/to/linx-server.conf``` #### Options |Option|Description |------|----------- -| ```-bind 127.0.0.1:8080``` | what to bind to (default is 127.0.0.1:8080) -| ```-sitename myLinx``` | the site name displayed on top (default is inferred from Host header) -| ```-siteurl "https://mylinx.example.org/"``` | the site url (default is inferred from execution context) -| ```-selifpath "selif"``` | path relative to site base url (the "selif" in mylinx.example.org/selif/image.jpg) where files are accessed directly (default: selif) -| ```-maxsize 4294967296``` | maximum upload file size in bytes (default 4GB) -| ```-maxexpiry 86400``` | maximum expiration time in seconds (default is 0, which is no expiry) -| ```-allowhotlink``` | Allow file hotlinking -| ```-contentsecuritypolicy "..."``` | Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';") -| ```-filecontentsecuritypolicy "..."``` | Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';") -| ```-refererpolicy "..."``` | Referrer-Policy header for pages (default is "same-origin") -| ```-filereferrerpolicy "..."``` | Referrer-Policy header for files (default is "same-origin") -| ```-xframeoptions "..." ``` | X-Frame-Options header (default is "SAMEORIGIN") -| ```-remoteuploads``` | (optionally) enable remote uploads (/upload?url=https://...) -| ```-nologs``` | (optionally) disable request logs in stdout -| ```-force-random-filename``` | (optionally) force the use of random filenames -| ```-custompagespath "custom_pages"``` | (optionally) specify path to directory containing markdown pages (must end in .md) that will be added to the site navigation (this can be useful for providing contact/support information and so on). For example, custom_pages/My_Page.md will become My Page in the site navigation +| ```bind = 127.0.0.1:8080``` | what to bind to (default is 127.0.0.1:8080) +| ```sitename = myLinx``` | the site name displayed on top (default is inferred from Host header) +| ```siteurl = https://mylinx.example.org/``` | the site url (default is inferred from execution context) +| ```selifpath = selif``` | path relative to site base url (the "selif" in mylinx.example.org/selif/image.jpg) where files are accessed directly (default: selif) +| ```maxsize = 4294967296``` | maximum upload file size in bytes (default 4GB) +| ```maxexpiry = 86400``` | maximum expiration time in seconds (default is 0, which is no expiry) +| ```allowhotlink = true``` | Allow file hotlinking +| ```contentsecuritypolicy = "..."``` | Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';") +| ```filecontentsecuritypolicy = "..."``` | Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';") +| ```refererpolicy = "..."``` | Referrer-Policy header for pages (default is "same-origin") +| ```filereferrerpolicy = "..."``` | Referrer-Policy header for files (default is "same-origin") +| ```xframeoptions = "..." ``` | X-Frame-Options header (default is "SAMEORIGIN") +| ```remoteuploads = true``` | (optionally) enable remote uploads (/upload?url=https://...) +| ```nologs = true``` | (optionally) disable request logs in stdout +| ```force-random-filename = true``` | (optionally) force the use of random filenames +| ```custompagespath = custom_pages/``` | (optionally) specify path to directory containing markdown pages (must end in .md) that will be added to the site navigation (this can be useful for providing contact/support information and so on). For example, custom_pages/My_Page.md will become My Page in the site navigation +| ```extra-footer-text = "..."``` | (optionally) Extra text above the footer for notices. +| ```max-duration-time = 0``` | Time till expiry for files over max-duration-size. (Default is 0 for no-expiry.) +| ```max-duration-size = 4294967296``` | Size of file before max-duration-time is used to determine expiry max time. (Default is 4GB) +| ```disable-access-key = true``` | Disables access key usage. (Default is false.) +| ```default-random-filename = true``` | Makes it so the random filename is not default if set false. (Default is true.) #### Cleaning up expired files @@ -100,16 +122,16 @@ will persist on disk until someone attempts to access them. You can set the foll |Option|Description |------|----------- -| ```-cleanup-every-minutes 5``` | How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed) +| ```cleanup-every-minutes = 5``` | How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed) #### Require API Keys for uploads |Option|Description |------|----------- -| ```-authfile path/to/authfile``` | (optionally) require authorization for upload/delete by providing a newline-separated file of scrypted auth keys -| ```-remoteauthfile path/to/remoteauthfile``` | (optionally) require authorization for remote uploads by providing a newline-separated file of scrypted auth keys -| ```-basicauth``` | (optionally) allow basic authorization to upload or paste files from browser when `-authfile` is enabled. When uploading, you will be prompted to enter a user and password - leave the user blank and use your auth key as the password +| ```authfile = path/to/authfile``` | (optionally) require authorization for upload/delete by providing a newline-separated file of scrypted auth keys +| ```remoteauthfile = path/to/remoteauthfile``` | (optionally) require authorization for remote uploads by providing a newline-separated file of scrypted auth keys +| ```basicauth = true``` | (optionally) allow basic authorization to upload or paste files from browser when `-authfile` is enabled. When uploading, you will be prompted to enter a user and password - leave the user blank and use your auth key as the password A helper utility ```linx-genkey``` is provided which hashes keys to the format required in the auth files. @@ -118,25 +140,25 @@ The following storage backends are available: |Name|Notes|Options |----|-----|------- -|LocalFS|Enabled by default, this backend uses the filesystem|```-filespath files/``` -- Path to store uploads (default is files/)
```-metapath meta/``` -- Path to store information about uploads (default is meta/)| -|S3|Use with any S3-compatible provider.
This implementation will stream files through the linx instance (every download will request and stream the file from the S3 bucket).

For high-traffic environments, one might consider using an external caching layer such as described [in this article](https://blog.sentry.io/2017/03/01/dodging-s3-downtime-with-nginx-and-haproxy.html).|```-s3-endpoint https://...``` -- S3 endpoint
```-s3-region us-east-1``` -- S3 region
```-s3-bucket mybucket``` -- S3 bucket to use for files and metadata
```-s3-force-path-style``` (optional) -- force path-style addresing (e.g. https://s3.amazonaws.com/linx/example.txt)

Environment variables to provide:
```AWS_ACCESS_KEY_ID``` -- the S3 access key
```AWS_SECRET_ACCESS_KEY ``` -- the S3 secret key
```AWS_SESSION_TOKEN``` (optional) -- the S3 session token| +|LocalFS|Enabled by default, this backend uses the filesystem|```filespath = files/``` -- Path to store uploads (default is files/)
```metapath = meta/``` -- Path to store information about uploads (default is meta/)| +|S3|Use with any S3-compatible provider.
This implementation will stream files through the linx instance (every download will request and stream the file from the S3 bucket). File metadata will be stored as tags on the object in the bucket.

For high-traffic environments, one might consider using an external caching layer such as described [in this article](https://blog.sentry.io/2017/03/01/dodging-s3-downtime-with-nginx-and-haproxy.html).|```s3-endpoint = https://...``` -- S3 endpoint
```s3-region = us-east-1``` -- S3 region
```s3-bucket = mybucket``` -- S3 bucket to use for files and metadata
```s3-force-path-style = true``` (optional) -- force path-style addresing (e.g. https://s3.amazonaws.com/linx/example.txt)

Environment variables to provide:
```AWS_ACCESS_KEY_ID``` -- the S3 access key
```AWS_SECRET_ACCESS_KEY ``` -- the S3 secret key
```AWS_SESSION_TOKEN``` (optional) -- the S3 session token| #### SSL with built-in server |Option|Description |------|----------- -| ```-certfile path/to/your.crt``` | Path to the ssl certificate (required if you want to use the https server) -| ```-keyfile path/to/your.key``` | Path to the ssl key (required if you want to use the https server) +| ```certfile = path/to/your.crt``` | Path to the ssl certificate (required if you want to use the https server) +| ```keyfile = path/to/your.key``` | Path to the ssl key (required if you want to use the https server) #### Use with http proxy |Option|Description |------|----------- -| ```-realip``` | let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers. +| ```realip = true``` | let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers. #### Use with fastcgi |Option|Description |------|----------- -| ```-fastcgi``` | serve through fastcgi +| ```fastcgi = true``` | serve through fastcgi Deployment ---------- @@ -161,10 +183,10 @@ server { } } ``` -And run linx-server with the ```-fastcgi``` option. +And run linx-server with the ```fastcgi = true``` option. #### 2. Using the built-in https server -Run linx-server with the ```-certfile path/to/cert.file``` and ```-keyfile path/to/key.file``` options. +Run linx-server with the ```certfile = path/to/cert.file``` and ```keyfile = path/to/key.file``` options. #### 3. Using the built-in http server Run linx-server normally. diff --git a/auth.go b/auth/apikeys/apikeys.go similarity index 53% rename from auth.go rename to auth/apikeys/apikeys.go index 3dc5ba6..d2a592d 100644 --- a/auth.go +++ b/auth/apikeys/apikeys.go @@ -1,4 +1,4 @@ -package main +package apikeys import ( "bufio" @@ -24,16 +24,18 @@ const ( type AuthOptions struct { AuthFile string UnauthMethods []string + BasicAuth bool + SiteName string + SitePath string } -type auth struct { +type ApiKeysMiddleware struct { successHandler http.Handler - failureHandler http.Handler authKeys []string o AuthOptions } -func readAuthKeys(authFile string) []string { +func ReadAuthKeys(authFile string) []string { var authKeys []string f, err := os.Open(authFile) @@ -55,7 +57,7 @@ func readAuthKeys(authFile string) []string { return authKeys } -func checkAuth(authKeys []string, key string) (result bool, err error) { +func CheckAuth(authKeys []string, key string) (result bool, err error) { checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) if err != nil { return @@ -73,53 +75,74 @@ func checkAuth(authKeys []string, key string) (result bool, err error) { return } -func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if sliceContains(a.o.UnauthMethods, r.Method) { +func (a ApiKeysMiddleware) getSitePrefix() string { + prefix := a.o.SitePath + if len(prefix) <= 0 || prefix[0] != '/' { + prefix = "/" + prefix + } + return prefix +} + +func (a ApiKeysMiddleware) goodAuthorizationHandler(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Location", a.getSitePrefix()) + w.WriteHeader(http.StatusFound) +} + +func (a ApiKeysMiddleware) badAuthorizationHandler(w http.ResponseWriter, r *http.Request) { + if a.o.BasicAuth { + rs := "" + if a.o.SiteName != "" { + rs = fmt.Sprintf(` realm="%s"`, a.o.SiteName) + } + w.Header().Set("WWW-Authenticate", `Basic`+rs) + } + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +} + +func (a ApiKeysMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) { + var successHandler http.Handler + prefix := a.getSitePrefix() + + if r.URL.Path == prefix+"auth" { + successHandler = http.HandlerFunc(a.goodAuthorizationHandler) + } else { + successHandler = a.successHandler + } + + if sliceContains(a.o.UnauthMethods, r.Method) && r.URL.Path != prefix+"auth" { // allow unauthenticated methods - a.successHandler.ServeHTTP(w, r) + successHandler.ServeHTTP(w, r) return } key := r.Header.Get("Linx-Api-Key") - if key == "" && Config.basicAuth { + if key == "" && a.o.BasicAuth { _, password, ok := r.BasicAuth() if ok { key = password } } - result, err := checkAuth(a.authKeys, key) + result, err := CheckAuth(a.authKeys, key) if err != nil || !result { - a.failureHandler.ServeHTTP(w, r) + http.HandlerFunc(a.badAuthorizationHandler).ServeHTTP(w, r) return } - a.successHandler.ServeHTTP(w, r) + successHandler.ServeHTTP(w, r) } -func UploadAuth(o AuthOptions) func(*web.C, http.Handler) http.Handler { +func NewApiKeysMiddleware(o AuthOptions) func(*web.C, http.Handler) http.Handler { fn := func(c *web.C, h http.Handler) http.Handler { - return auth{ + return ApiKeysMiddleware{ successHandler: h, - failureHandler: http.HandlerFunc(badAuthorizationHandler), - authKeys: readAuthKeys(o.AuthFile), + authKeys: ReadAuthKeys(o.AuthFile), o: o, } } return fn } -func badAuthorizationHandler(w http.ResponseWriter, r *http.Request) { - if Config.basicAuth { - rs := "" - if Config.siteName != "" { - rs = fmt.Sprintf(` realm="%s"`, Config.siteName) - } - w.Header().Set("WWW-Authenticate", `Basic`+rs) - } - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) -} - func sliceContains(slice []string, s string) bool { for _, v := range slice { if s == v { diff --git a/auth_test.go b/auth/apikeys/apikeys_test.go similarity index 64% rename from auth_test.go rename to auth/apikeys/apikeys_test.go index ded98b0..3c2b8e6 100644 --- a/auth_test.go +++ b/auth/apikeys/apikeys_test.go @@ -1,4 +1,4 @@ -package main +package apikeys import ( "testing" @@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) { "vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=", } - if r, err := checkAuth(authKeys, ""); err != nil && r { + if r, err := CheckAuth(authKeys, ""); err != nil && r { t.Fatal("Authorization passed for empty key") } - if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r { + if r, err := CheckAuth(authKeys, "thisisnotvalid"); err != nil && r { t.Fatal("Authorization passed for invalid key") } - if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r { + if r, err := CheckAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r { t.Fatal("Authorization failed for valid key") } } diff --git a/backends/localfs/localfs.go b/backends/localfs/localfs.go index aaf487f..9a72891 100644 --- a/backends/localfs/localfs.go +++ b/backends/localfs/localfs.go @@ -2,6 +2,7 @@ package localfs import ( "encoding/json" + "errors" "io" "io/ioutil" "net/http" @@ -16,6 +17,7 @@ import ( type LocalfsBackend struct { metaPath string filesPath string + locksPath string } type MetadataJSON struct { @@ -25,6 +27,7 @@ type MetadataJSON struct { Mimetype string `json:"mimetype"` Size int64 `json:"size"` Expiry int64 `json:"expiry"` + SrcIp string `json:"srcip,omitempty"` ArchiveFiles []string `json:"archive_files,omitempty"` } @@ -106,6 +109,8 @@ func (b LocalfsBackend) writeMetadata(key string, metadata backends.Metadata) er Sha256sum: metadata.Sha256sum, Expiry: metadata.Expiry.Unix(), Size: metadata.Size, + SrcIp: metadata.SrcIp, + } dst, err := os.Create(metaPath) @@ -124,7 +129,42 @@ func (b LocalfsBackend) writeMetadata(key string, metadata backends.Metadata) er return nil } -func (b LocalfsBackend) Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string) (m backends.Metadata, err error) { +func (b LocalfsBackend) Lock(filename string) (err error) { + lockPath := path.Join(b.locksPath, filename) + + lock, err := os.Create(lockPath) + if err != nil { + return err + } + + lock.Close() + return +} + +func (b LocalfsBackend) Unlock(filename string) (err error) { + lockPath := path.Join(b.locksPath, filename) + + err = os.Remove(lockPath) + if err != nil { + return err + } + + return +} + +func (b LocalfsBackend) CheckLock(filename string) (locked bool, err error) { + lockPath := path.Join(b.locksPath, filename) + + if _, err := os.Stat(lockPath); errors.Is(err, os.ErrNotExist) { + return false, nil + } else { + return true, nil + } + + return false, err +} + +func (b LocalfsBackend) Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string, srcIp string) (m backends.Metadata, err error) { filePath := path.Join(b.filesPath, key) dst, err := os.Create(filePath) @@ -153,6 +193,7 @@ func (b LocalfsBackend) Put(key string, r io.Reader, expiry time.Time, deleteKey m.Expiry = expiry m.DeleteKey = deleteKey m.AccessKey = accessKey + m.SrcIp = srcIp m.ArchiveFiles, _ = helpers.ListArchiveFiles(m.Mimetype, m.Size, dst) err = b.writeMetadata(key, m) @@ -197,9 +238,10 @@ func (b LocalfsBackend) List() ([]string, error) { return output, nil } -func NewLocalfsBackend(metaPath string, filesPath string) LocalfsBackend { +func NewLocalfsBackend(metaPath string, filesPath string, locksPath string) LocalfsBackend { return LocalfsBackend{ metaPath: metaPath, filesPath: filesPath, + locksPath: locksPath, } } diff --git a/backends/meta.go b/backends/meta.go index b22276e..1c5868a 100644 --- a/backends/meta.go +++ b/backends/meta.go @@ -12,6 +12,7 @@ type Metadata struct { Mimetype string Size int64 Expiry time.Time + SrcIp string ArchiveFiles []string } diff --git a/backends/s3/s3.go b/backends/s3/s3.go index a558779..17f6725 100644 --- a/backends/s3/s3.go +++ b/backends/s3/s3.go @@ -3,6 +3,7 @@ package s3 import ( "io" "io/ioutil" + "log" "net/http" "os" "strconv" @@ -125,6 +126,7 @@ func mapMetadata(m backends.Metadata) map[string]*string { "Mimetype": aws.String(m.Mimetype), "Sha256sum": aws.String(m.Sha256sum), "AccessKey": aws.String(m.AccessKey), + "SrcIp": aws.String(m.SrcIp), } } @@ -155,7 +157,22 @@ func unmapMetadata(input map[string]*string) (m backends.Metadata, err error) { return } -func (b S3Backend) Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string) (m backends.Metadata, err error) { +func (b S3Backend) Lock(filename string) (err error) { + log.Printf("Locking is not supported on S3") + return +} + +func (b S3Backend) Unlock(filename string) (err error) { + log.Printf("Locking is not supported on S3") + return +} + +func (b S3Backend) CheckLock(filename string) (locked bool, err error) { + log.Printf("Locking is not supported on S3") + return +} + +func (b S3Backend) Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string, srcIp string) (m backends.Metadata, err error) { tmpDst, err := ioutil.TempFile("", "linx-server-upload") if err != nil { return m, err diff --git a/backends/storage.go b/backends/storage.go index 864d0a1..02e2a57 100644 --- a/backends/storage.go +++ b/backends/storage.go @@ -12,7 +12,10 @@ type StorageBackend interface { Exists(key string) (bool, error) Head(key string) (Metadata, error) Get(key string) (Metadata, io.ReadCloser, error) - Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string) (Metadata, error) + Lock(filename string) (error) + Unlock(filename string) (error) + CheckLock(filename string) (bool, error) + Put(key string, r io.Reader, expiry time.Time, deleteKey, accessKey string, srcIp string) (Metadata, error) PutMetadata(key string, m Metadata) error ServeFile(key string, w http.ResponseWriter, r *http.Request) error Size(key string) (int64, error) diff --git a/cleanup/cleanup.go b/cleanup/cleanup.go index 5920c22..97789d5 100644 --- a/cleanup/cleanup.go +++ b/cleanup/cleanup.go @@ -8,8 +8,8 @@ import ( "github.com/andreimarcu/linx-server/expiry" ) -func Cleanup(filesDir string, metaDir string, noLogs bool) { - fileBackend := localfs.NewLocalfsBackend(metaDir, filesDir) +func Cleanup(filesDir string, metaDir string, locksDir string, noLogs bool) { + fileBackend := localfs.NewLocalfsBackend(metaDir, filesDir, locksDir) files, err := fileBackend.List() if err != nil { @@ -17,6 +17,15 @@ func Cleanup(filesDir string, metaDir string, noLogs bool) { } for _, filename := range files { + locked, err := fileBackend.CheckLock(filename) + if err != nil { + log.Printf("Error checking if %s is locked: %s", filename, err) + } + if locked { + log.Printf("%s is locked, it will be ignored", filename) + continue + } + metadata, err := fileBackend.Head(filename) if err != nil { if !noLogs { @@ -33,10 +42,12 @@ func Cleanup(filesDir string, metaDir string, noLogs bool) { } } -func PeriodicCleanup(minutes time.Duration, filesDir string, metaDir string, noLogs bool) { +func PeriodicCleanup(minutes time.Duration, filesDir string, metaDir string, locksDir string, noLogs bool) { c := time.Tick(minutes) for range c { - Cleanup(filesDir, metaDir, noLogs) + log.Printf("Running periodic cleanup") + Cleanup(filesDir, metaDir, locksDir, noLogs) + log.Printf("Finished periodic cleanup") } } diff --git a/csp_test.go b/csp_test.go index e3dbbdd..b996594 100644 --- a/csp_test.go +++ b/csp_test.go @@ -20,6 +20,7 @@ func TestContentSecurityPolicy(t *testing.T) { Config.siteURL = "http://linx.example.org/" Config.filesDir = path.Join(os.TempDir(), generateBarename()) Config.metaDir = Config.filesDir + "_meta" + Config.locksDir = Config.filesDir + "_locks" Config.maxSize = 1024 * 1024 * 1024 Config.noLogs = true Config.siteName = "linx" diff --git a/delete.go b/delete.go index 38e36e3..3f8e429 100644 --- a/delete.go +++ b/delete.go @@ -10,9 +10,13 @@ import ( func deleteHandler(c web.C, w http.ResponseWriter, r *http.Request) { requestKey := r.Header.Get("Linx-Delete-Key") - + + if len(r.URL.Query().Get("linx-delete-key")) > 0 { + requestKey = r.URL.Query().Get("linx-delete-key") + } + filename := c.URLParams["name"] - + // Ensure that file exists and delete key is correct metadata, err := storageBackend.Head(filename) if err == backends.NotFoundErr { diff --git a/display.go b/display.go index 6ac87d6..6228216 100644 --- a/display.go +++ b/display.go @@ -122,6 +122,7 @@ func fileDisplayHandler(c web.C, w http.ResponseWriter, r *http.Request, fileNam "forcerandom": Config.forceRandomFilename, "lines": lines, "files": metadata.ArchiveFiles, + "siteurl": strings.TrimSuffix(getSiteURL(r), "/"), }, r, w) if err != nil { diff --git a/expiry.go b/expiry.go index 63b7757..f17f7cd 100644 --- a/expiry.go +++ b/expiry.go @@ -11,6 +11,10 @@ var defaultExpiryList = []uint64{ 60, 300, 3600, + 7200, + 14400, + 28800, + 43200, 86400, 604800, 2419200, diff --git a/go.mod b/go.mod index 50a48ab..434e9c6 100644 --- a/go.mod +++ b/go.mod @@ -1,19 +1,33 @@ module github.com/andreimarcu/linx-server -go 1.14 +go 1.21 + +toolchain go1.22.4 require ( - github.com/GeertJohan/go.rice v1.0.0 - github.com/aws/aws-sdk-go v1.29.19 - github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 - github.com/dustin/go-humanize v1.0.0 - github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4 - github.com/microcosm-cc/bluemonday v1.0.2 - github.com/minio/sha256-simd v0.1.1 - github.com/russross/blackfriday v1.5.1 + github.com/GeertJohan/go.rice v1.0.3 + github.com/aws/aws-sdk-go v1.54.9 + github.com/dchest/uniuri v1.2.0 + github.com/dustin/go-humanize v1.0.1 + github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3 + github.com/gabriel-vasile/mimetype v1.4.4 + github.com/microcosm-cc/bluemonday v1.0.26 + github.com/minio/sha256-simd v1.0.1 + github.com/russross/blackfriday v1.6.0 github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de github.com/zeebo/bencode v1.0.0 - github.com/zenazn/goji v0.9.0 - golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 - gopkg.in/h2non/filetype.v1 v1.0.5 + github.com/zenazn/goji v1.0.1 + golang.org/x/crypto v0.24.0 +) + +require ( + github.com/aymerick/douceur v0.2.0 // indirect + github.com/daaku/go.zipexe v1.0.2 // indirect + github.com/gorilla/css v1.0.1 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/klauspost/cpuid/v2 v2.2.8 // indirect + github.com/kr/text v0.2.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect ) diff --git a/go.sum b/go.sum index 15a736c..d82e16a 100644 --- a/go.sum +++ b/go.sum @@ -1,76 +1,69 @@ github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= -github.com/GeertJohan/go.rice v1.0.0 h1:KkI6O9uMaQU3VEKaj01ulavtF7o1fWT7+pk/4voiMLQ= -github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= +github.com/GeertJohan/go.rice v1.0.3 h1:k5viR+xGtIhF61125vCE1cmJ5957RQGXG6dmbaWZSmI= +github.com/GeertJohan/go.rice v1.0.3/go.mod h1:XVdrU4pW00M4ikZed5q56tPf1v2KwnIKeIdc9CBYNt4= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= -github.com/aws/aws-sdk-go v1.29.19 h1:+jifYixffn6kzWygtGWFWQMv0tDGyISZHNwugF9V2sE= -github.com/aws/aws-sdk-go v1.29.19/go.mod h1:1KvfttTE3SPKMpo8g2c6jL3ZKfXtFvKscTgahTma5Xg= -github.com/daaku/go.zipexe v1.0.0 h1:VSOgZtH418pH9L16hC/JrgSNJbbAL26pj7lmD1+CGdY= -github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E= +github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= +github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= +github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/daaku/go.zipexe v1.0.2 h1:Zg55YLYTr7M9wjKn8SY/WcpuuEi+kR2u4E8RhvpyXmk= +github.com/daaku/go.zipexe v1.0.2/go.mod h1:5xWogtqlYnfBXkSB1o9xysukNP9GTvaNkqzUZbt3Bw8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 h1:RAV05c0xOkJ3dZGS0JFybxFKZ2WMLabgx3uXnd7rpGs= -github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4 h1:GY1+t5Dr9OKADM64SYnQjw/w99HMYvQ0A8/JoUkxVmc= -github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4/go.mod h1:T9YF2M40nIgbVgp3rreNmTged+9HrbNTIQf1PsaIiTA= -github.com/go-check/check v0.0.0-20180628173108-788fd7840127 h1:0gkP6mzaMqkmpcJYCFOLkIBwI7xFExG03bbkOkCvUPI= -github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/dchest/uniuri v1.2.0 h1:koIcOUdrTIivZgSLhHQvKgqdWZq5d7KdMEWF1Ud6+5g= +github.com/dchest/uniuri v1.2.0/go.mod h1:fSzm4SLHzNZvWLvWJew423PhAzkpNQYq+uNLq4kxhkY= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3 h1:fmFk0Wt3bBxxwZnu48jqMdaOR/IZ4vdtJFuaFV8MpIE= +github.com/flosch/pongo2 v0.0.0-20200913210552-0d938eb266f3/go.mod h1:bJWSKrZyQvfTnb2OudyUjurSG4/edverV7n82+K3JiM= +github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I= +github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s= +github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= +github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5 h1:rhqTjzJlm7EbkELJDKMTU7udov+Se0xZkWmugr6zGok= -github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q= -github.com/juju/loggo v0.0.0-20180524022052-584905176618 h1:MK144iBQF9hTSwBW/9eJm034bVoG30IshVm688T2hi8= -github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U= -github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073 h1:WQM1NildKThwdP7qWrNAFGzp4ijNLw8RlgENkaI4MJs= -github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM= +github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= -github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s= -github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= -github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU= -github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= -github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= +github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= +github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= +github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nkovacs/streamquote v1.0.0/go.mod h1:BN+NaZ2CmdKqUuTUXUEm9j95B2TRbpOWpxbJYzzgUsc= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/russross/blackfriday v1.5.1 h1:B8ZN6pD4PVofmlDCDUdELeYrbsVIDM/bpjW3v3zgcRc= -github.com/russross/blackfriday v1.5.1/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= +github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de h1:fkw+7JkxF3U1GzQoX9h69Wvtvxajo5Rbzy6+YMMzPIg= github.com/vharitonsky/iniflags v0.0.0-20180513140207-a33cd0b5f3de/go.mod h1:irMhzlTz8+fVFj6CH2AN2i+WI5S6wWFtK3MBCIxIpyI= github.com/zeebo/bencode v1.0.0 h1:zgop0Wu1nu4IexAZeCZ5qbsjU4O1vMrfCrVgUjbHVuA= github.com/zeebo/bencode v1.0.0/go.mod h1:Ct7CkrWIQuLWAy9M3atFHYq4kG9Ao/SsY5cdtCXmp9Y= -github.com/zenazn/goji v0.9.0 h1:RSQQAbXGArQ0dIDEq+PI6WqN6if+5KHu6x2Cx/GXLTQ= -github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8= +github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/h2non/filetype.v1 v1.0.5 h1:CC1jjJjoEhNVbMhXYalmGBhOBK2V70Q1N850wt/98/Y= -gopkg.in/h2non/filetype.v1 v1.0.5/go.mod h1:M0yem4rwSX5lLVrkEuRRp2/NinFMD5vgJ4DlAhZcfNo= -gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY+ILlfndk4bRioVHaU= -gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/helpers/helpers.go b/helpers/helpers.go index f51d998..f13e302 100644 --- a/helpers/helpers.go +++ b/helpers/helpers.go @@ -7,8 +7,8 @@ import ( "unicode" "github.com/andreimarcu/linx-server/backends" + "github.com/gabriel-vasile/mimetype" "github.com/minio/sha256-simd" - "gopkg.in/h2non/filetype.v1" ) func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) { @@ -21,7 +21,7 @@ func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) { // Get first 512 bytes for mimetype detection header := make([]byte, 512) - _, err = teeReader.Read(header) + headerlen, err := teeReader.Read(header) if err != nil { return } @@ -47,17 +47,8 @@ func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) { // Use the bytes we extracted earlier and attempt to determine the file // type - kind, err := filetype.Match(header) - if err != nil { - m.Mimetype = "application/octet-stream" - return m, err - } else if kind.MIME.Value != "" { - m.Mimetype = kind.MIME.Value - } else if printable(header) { - m.Mimetype = "text/plain" - } else { - m.Mimetype = "application/octet-stream" - } + kind := mimetype.Detect(header[:headerlen]) + m.Mimetype = kind.String() return } diff --git a/helpers/helpers_test.go b/helpers/helpers_test.go index 800d0d2..d891173 100644 --- a/helpers/helpers_test.go +++ b/helpers/helpers_test.go @@ -1,8 +1,10 @@ package helpers import ( + "bytes" "strings" "testing" + "unicode/utf16" ) func TestGenerateMetadata(t *testing.T) { @@ -17,7 +19,7 @@ func TestGenerateMetadata(t *testing.T) { t.Fatalf("Sha256sum was %q instead of expected value of %q", m.Sha256sum, expectedSha256sum) } - expectedMimetype := "text/plain" + expectedMimetype := "text/plain; charset=utf-8" if m.Mimetype != expectedMimetype { t.Fatalf("Mimetype was %q instead of expected value of %q", m.Mimetype, expectedMimetype) } @@ -27,3 +29,45 @@ func TestGenerateMetadata(t *testing.T) { t.Fatalf("Size was %d instead of expected value of %d", m.Size, expectedSize) } } + +func TestTextCharsets(t *testing.T) { + // verify that different text encodings are detected and passed through + orig := "This is a text string" + utf16 := utf16.Encode([]rune(orig)) + utf16LE := make([]byte, len(utf16)*2+2) + utf16BE := make([]byte, len(utf16)*2+2) + utf8 := []byte(orig) + utf16LE[0] = 0xff + utf16LE[1] = 0xfe + utf16BE[0] = 0xfe + utf16BE[1] = 0xff + for i := 0; i < len(utf16); i++ { + lsb := utf16[i] & 0xff + msb := utf16[i] >> 8 + utf16LE[i*2+2] = byte(lsb) + utf16LE[i*2+3] = byte(msb) + utf16BE[i*2+2] = byte(msb) + utf16BE[i*2+3] = byte(lsb) + } + + testcases := []struct { + data []byte + extension string + mimetype string + }{ + {mimetype: "text/plain; charset=utf-8", data: utf8}, + {mimetype: "text/plain; charset=utf-16le", data: utf16LE}, + {mimetype: "text/plain; charset=utf-16be", data: utf16BE}, + } + + for i, testcase := range testcases { + r := bytes.NewReader(testcase.data) + m, err := GenerateMetadata(r) + if err != nil { + t.Fatalf("[%d] unexpected error return %v\n", i, err) + } + if m.Mimetype != testcase.mimetype { + t.Errorf("[%d] Expected mimetype '%s', got mimetype '%s'\n", i, testcase.mimetype, m.Mimetype) + } + } +} diff --git a/linx-cleanup/linx-cleanup.go b/linx-cleanup/linx-cleanup.go index 13b3ef1..08d8363 100644 --- a/linx-cleanup/linx-cleanup.go +++ b/linx-cleanup/linx-cleanup.go @@ -9,15 +9,18 @@ import ( func main() { var filesDir string var metaDir string + var locksDir string var noLogs bool flag.StringVar(&filesDir, "filespath", "files/", "path to files directory") flag.StringVar(&metaDir, "metapath", "meta/", "path to metadata directory") + flag.StringVar(&locksDir, "lockspath", "locks/", + "path to locks directory") flag.BoolVar(&noLogs, "nologs", false, "don't log deleted files") flag.Parse() - cleanup.Cleanup(filesDir, metaDir, noLogs) + cleanup.Cleanup(filesDir, metaDir, locksDir, noLogs) } diff --git a/linx-server.conf.example b/linx-server.conf.example new file mode 100644 index 0000000..eb2e1f8 --- /dev/null +++ b/linx-server.conf.example @@ -0,0 +1,12 @@ + +bind = 127.0.0.1:8080 +sitename = myLinx +siteurl = https://mylinx.example.org/ +selifpath = s +maxsize = 4294967296 +maxexpiry = 86400 +allowhotlink = true +remoteuploads = true +nologs = true +force-random-filename = false +cleanup-every-minutes = 5 \ No newline at end of file diff --git a/metalog.sh b/metalog.sh new file mode 100755 index 0000000..9c05b88 --- /dev/null +++ b/metalog.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# For setting up cron with a logging function for metadata only. +# Add to crontab with "crontab -e" +# Paste "*/1 * * * * /path/to/metalog.sh /path/to/meta/source/ /path/to/meta-log" +# Change it to source and log directory paths. +# The slash after source/ is important. It means everyhitng *inside* the source directory. +rsync -a ${1} ${2} \ No newline at end of file diff --git a/pages.go b/pages.go index ae8de42..6492651 100644 --- a/pages.go +++ b/pages.go @@ -21,9 +21,10 @@ const ( func indexHandler(c web.C, w http.ResponseWriter, r *http.Request) { err := renderTemplate(Templates["index.html"], pongo2.Context{ - "maxsize": Config.maxSize, - "expirylist": listExpirationTimes(), - "forcerandom": Config.forceRandomFilename, + "maxsize": Config.maxSize, + "expirylist": listExpirationTimes(), + "expirydefault": Config.defaultExpiry, + "forcerandom": Config.forceRandomFilename, }, r, w) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) @@ -32,8 +33,9 @@ func indexHandler(c web.C, w http.ResponseWriter, r *http.Request) { func pasteHandler(c web.C, w http.ResponseWriter, r *http.Request) { err := renderTemplate(Templates["paste.html"], pongo2.Context{ - "expirylist": listExpirationTimes(), - "forcerandom": Config.forceRandomFilename, + "expirylist": listExpirationTimes(), + "expirydefault": Config.defaultExpiry, + "forcerandom": Config.forceRandomFilename, }, r, w) if err != nil { oopsHandler(c, w, r, RespHTML, "") diff --git a/put.icu.sxcu b/put.icu.sxcu new file mode 100644 index 0000000..79bd301 --- /dev/null +++ b/put.icu.sxcu @@ -0,0 +1,14 @@ +{ + "Version": "13.1.0", + "DestinationType": "ImageUploader, TextUploader, FileUploader", + "RequestMethod": "PUT", + "RequestURL": "https://put.icu/upload/", + "Headers": { + "Accept": "application/json", + "Linx-Delete-Key": null, + "Linx-Access-Key": null + }, + "Body": "Binary", + "URL": "$json:url$", + "DeletionURL": "https://put.icu/delete/$json:filename$?linx-delete-key=$json:delete_key$" +} \ No newline at end of file diff --git a/server.go b/server.go index dae3491..ec66f75 100644 --- a/server.go +++ b/server.go @@ -16,6 +16,7 @@ import ( "time" rice "github.com/GeertJohan/go.rice" + "github.com/andreimarcu/linx-server/auth/apikeys" "github.com/andreimarcu/linx-server/backends" "github.com/andreimarcu/linx-server/backends/localfs" "github.com/andreimarcu/linx-server/backends/s3" @@ -42,6 +43,7 @@ var Config struct { bind string filesDir string metaDir string + locksDir string siteName string siteURL string sitePath string @@ -55,6 +57,7 @@ var Config struct { xFrameOptions string maxSize int64 maxExpiry uint64 + defaultExpiry uint64 realIp bool noLogs bool allowHotlink bool @@ -73,6 +76,11 @@ var Config struct { accessKeyCookieExpiry uint64 customPagesDir string cleanupEveryMinutes uint64 + extraFooterText string + maxDurationTime uint64 + maxDurationSize int64 + disableAccessKey bool + defaultRandomFilename bool } var Templates = make(map[string]*pongo2.Template) @@ -110,9 +118,12 @@ func setup() *web.Mux { mux.Use(AddHeaders(Config.addHeaders)) if Config.authFile != "" { - mux.Use(UploadAuth(AuthOptions{ + mux.Use(apikeys.NewApiKeysMiddleware(apikeys.AuthOptions{ AuthFile: Config.authFile, UnauthMethods: []string{"GET", "HEAD", "OPTIONS", "TRACE"}, + BasicAuth: Config.basicAuth, + SiteName: Config.siteName, + SitePath: Config.sitePath, })) } @@ -127,6 +138,11 @@ func setup() *web.Mux { log.Fatal("Could not create metadata directory:", err) } + err = os.MkdirAll(Config.locksDir, 0755) + if err != nil { + log.Fatal("Could not create locks directory:", err) + } + if Config.siteURL != "" { // ensure siteURL ends wth '/' if lastChar := Config.siteURL[len(Config.siteURL)-1:]; lastChar != "/" { @@ -151,9 +167,9 @@ func setup() *web.Mux { if Config.s3Bucket != "" { storageBackend = s3.NewS3Backend(Config.s3Bucket, Config.s3Region, Config.s3Endpoint, Config.s3ForcePathStyle) } else { - storageBackend = localfs.NewLocalfsBackend(Config.metaDir, Config.filesDir) + storageBackend = localfs.NewLocalfsBackend(Config.metaDir, Config.filesDir, Config.locksDir) if Config.cleanupEveryMinutes > 0 { - go cleanup.PeriodicCleanup(time.Duration(Config.cleanupEveryMinutes)*time.Minute, Config.filesDir, Config.metaDir, Config.noLogs) + go cleanup.PeriodicCleanup(time.Duration(Config.cleanupEveryMinutes)*time.Minute, Config.filesDir, Config.metaDir, Config.locksDir, Config.noLogs) } } @@ -196,29 +212,10 @@ func setup() *web.Mux { mux.Get(Config.sitePath+"upload/", uploadRemote) if Config.remoteAuthFile != "" { - remoteAuthKeys = readAuthKeys(Config.remoteAuthFile) + remoteAuthKeys = apikeys.ReadAuthKeys(Config.remoteAuthFile) } } - if Config.basicAuth { - options := AuthOptions{ - AuthFile: Config.authFile, - UnauthMethods: []string{}, - } - okFunc := func(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Location", Config.sitePath) - w.WriteHeader(http.StatusFound) - } - authHandler := auth{ - successHandler: http.HandlerFunc(okFunc), - failureHandler: http.HandlerFunc(badAuthorizationHandler), - authKeys: readAuthKeys(Config.authFile), - o: options, - } - mux.Head(Config.sitePath+"auth", authHandler) - mux.Get(Config.sitePath+"auth", authHandler) - } - mux.Post(Config.sitePath+"upload", uploadPostHandler) mux.Post(Config.sitePath+"upload/", uploadPostHandler) mux.Put(Config.sitePath+"upload", uploadPutHandler) @@ -226,7 +223,9 @@ func setup() *web.Mux { mux.Put(Config.sitePath+"upload/:name", uploadPutHandler) mux.Delete(Config.sitePath+":name", deleteHandler) - + // Adding new delete path method to make linx-server usable with ShareX. + mux.Get(Config.sitePath+"delete/:name", deleteHandler) + mux.Get(Config.sitePath+"static/*", staticHandler) mux.Get(Config.sitePath+"favicon.ico", staticHandler) mux.Get(Config.sitePath+"robots.txt", staticHandler) @@ -256,6 +255,8 @@ func main() { "path to files directory") flag.StringVar(&Config.metaDir, "metapath", "meta/", "path to metadata directory") + flag.StringVar(&Config.locksDir, "lockspath", "locks/", + "path to locks directory") flag.BoolVar(&Config.basicAuth, "basicauth", false, "allow logging by basic auth password") flag.BoolVar(&Config.noLogs, "nologs", false, @@ -272,6 +273,8 @@ func main() { "maximum upload file size in bytes (default 4GB)") flag.Uint64Var(&Config.maxExpiry, "maxexpiry", 0, "maximum expiration time in seconds (default is 0, which is no expiry)") + flag.Uint64Var(&Config.defaultExpiry, "default-expiry", 86400, + "default expiration time in seconds (default is 86400, which is 1 day)") flag.StringVar(&Config.certFile, "certfile", "", "path to ssl certificate (for https)") flag.StringVar(&Config.keyFile, "keyfile", "", @@ -298,7 +301,7 @@ func main() { flag.StringVar(&Config.fileReferrerPolicy, "filereferrerpolicy", "same-origin", "value of Referrer-Policy header for file access") - flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN", + flag.StringVar(&Config.xFrameOptions, "xframeoptions", "", "value of X-Frame-Options header") flag.Var(&Config.addHeaders, "addheader", "Add an arbitrary header to the response. This option can be used multiple times.") @@ -319,7 +322,12 @@ func main() { "path to directory containing .md files to render as custom pages") flag.Uint64Var(&Config.cleanupEveryMinutes, "cleanup-every-minutes", 0, "How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed)") - + flag.StringVar(&Config.extraFooterText, "extra-footer-text", "", + "Extra text above the footer for notices.") + flag.Uint64Var(&Config.maxDurationTime, "max-duration-time", 0, "Time till expiry for files over max-duration-size. (Default is 0 for no-expiry.)") + flag.Int64Var(&Config.maxDurationSize, "max-duration-size", 4*1024*1024*1024, "Size of file before max-duration-time is used to determine expiry max time. (Default is 4GB)") + flag.BoolVar(&Config.disableAccessKey, "disable-access-key", false, "Disables access key usage. (Default is false.)") + flag.BoolVar(&Config.defaultRandomFilename, "default-random-filename", true, "Makes it so the random filename is not default if set false. (Default is true.)") iniflags.Parse() mux := setup() diff --git a/server_test.go b/server_test.go index fc225ce..5b5fb76 100644 --- a/server_test.go +++ b/server_test.go @@ -33,6 +33,7 @@ func TestSetup(t *testing.T) { Config.siteURL = "http://linx.example.org/" Config.filesDir = path.Join(os.TempDir(), generateBarename()) Config.metaDir = Config.filesDir + "_meta" + Config.locksDir = Config.filesDir + "_locks" Config.maxSize = 1024 * 1024 * 1024 Config.noLogs = true Config.siteName = "linx" @@ -446,63 +447,6 @@ func TestPostJSONUpload(t *testing.T) { } } -func TestPostJSONUploadMaxExpiry(t *testing.T) { - mux := setup() - Config.maxExpiry = 300 - - // include 0 to test edge case - // https://github.com/andreimarcu/linx-server/issues/111 - testExpiries := []string{"86400", "-150", "0"} - for _, expiry := range testExpiries { - w := httptest.NewRecorder() - - filename := generateBarename() + ".txt" - - var b bytes.Buffer - mw := multipart.NewWriter(&b) - fw, err := mw.CreateFormFile("file", filename) - if err != nil { - t.Fatal(err) - } - - fw.Write([]byte("File content")) - mw.Close() - - req, err := http.NewRequest("POST", "/upload/", &b) - req.Header.Set("Content-Type", mw.FormDataContentType()) - req.Header.Set("Accept", "application/json") - req.Header.Set("Linx-Expiry", expiry) - if err != nil { - t.Fatal(err) - } - - mux.ServeHTTP(w, req) - - if w.Code != 200 { - t.Log(w.Body.String()) - t.Fatalf("Status code is not 200, but %d", w.Code) - } - - var myjson RespOkJSON - err = json.Unmarshal([]byte(w.Body.String()), &myjson) - if err != nil { - t.Fatal(err) - } - - myExp, err := strconv.ParseInt(myjson.Expiry, 10, 64) - if err != nil { - t.Fatal(err) - } - - expected := time.Now().Add(time.Duration(Config.maxExpiry) * time.Second).Unix() - if myExp != expected { - t.Fatalf("File expiry is not %d but %s", expected, myjson.Expiry) - } - } - - Config.maxExpiry = 0 -} - func TestPostExpiresJSONUpload(t *testing.T) { mux := setup() w := httptest.NewRecorder() @@ -1255,6 +1199,7 @@ func TestInferSiteURLHTTPSFastCGI(t *testing.T) { func TestShutdown(t *testing.T) { os.RemoveAll(Config.filesDir) os.RemoveAll(Config.metaDir) + os.RemoveAll(Config.locksDir) } func TestPutAndGetCLI(t *testing.T) { diff --git a/static/mdpages/Sample.md b/static/mdpages/Sample.md new file mode 100644 index 0000000..9b3956a --- /dev/null +++ b/static/mdpages/Sample.md @@ -0,0 +1,3 @@ +A sample custom page for use with the custom pages plugin. + +`custompagespath = /path/to/linx-server/static/mdpages` diff --git a/static/robots.txt b/static/robots.txt index 44ec3ed..ec4a551 100644 --- a/static/robots.txt +++ b/static/robots.txt @@ -1,3 +1,3 @@ User-agent: * Allow: /$ -Disallow: * + diff --git a/templates.go b/templates.go index 7d38b51..458af90 100644 --- a/templates.go +++ b/templates.go @@ -87,6 +87,11 @@ func renderTemplate(tpl *pongo2.Template, context pongo2.Context, r *http.Reques context["sitepath"] = Config.sitePath context["selifpath"] = Config.selifPath context["custom_pages_names"] = customPagesNames + // Add the context for Config.extraFooterText + context["extra_footer_text"] = Config.extraFooterText + // Add the context for Config.disableAccessKey + context["disable_access_key"] = Config.disableAccessKey + context["default_randomize"] = Config.defaultRandomFilename var a string if Config.authFile == "" { diff --git a/templates/base.html b/templates/base.html index 7e4f82d..54fd368 100644 --- a/templates/base.html +++ b/templates/base.html @@ -29,9 +29,8 @@ {% block content %}{% endblock %} - diff --git a/templates/display/audio.html b/templates/display/audio.html index b5ae1e3..68d461e 100644 --- a/templates/display/audio.html +++ b/templates/display/audio.html @@ -1,9 +1,13 @@ {% extends "base.html" %} +{% block head %} + + +{% endblock %} + {% block main %} -{% endblock %} - +{% endblock %} \ No newline at end of file diff --git a/templates/display/image.html b/templates/display/image.html index 807b7ad..8dcd844 100644 --- a/templates/display/image.html +++ b/templates/display/image.html @@ -1,5 +1,10 @@ {% extends "base.html" %} +{% block head %} + + +{% endblock %} + {% block main %} diff --git a/templates/display/video.html b/templates/display/video.html index 317664b..3cf6a81 100644 --- a/templates/display/video.html +++ b/templates/display/video.html @@ -1,8 +1,13 @@ {% extends "base.html" %} +{% block head %} + + +{% endblock %} + {% block main %} Download it instead -{% endblock %} +{% endblock %} \ No newline at end of file diff --git a/templates/index.html b/templates/index.html index 34e5d86..3958788 100644 --- a/templates/index.html +++ b/templates/index.html @@ -21,19 +21,20 @@ + {% if (default_randomize && !( forcerandom)) || forcerandom %} checked {% endif %} /> Randomize filename
+ {% if disable_access_key != true %}
@@ -44,6 +45,7 @@
+ {% endif %}
diff --git a/templates/paste.html b/templates/paste.html index 84335d1..b22ca96 100644 --- a/templates/paste.html +++ b/templates/paste.html @@ -14,14 +14,15 @@ id="extension" class="codebox" name='extension' type='text' value="" placeholder="txt" />
+ {% if disable_access_key != true %} - + {% endif %} diff --git a/upload.go b/upload.go index 8526260..0485c22 100644 --- a/upload.go +++ b/upload.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "log" "net/http" "net/url" "path" @@ -15,13 +16,13 @@ import ( "strings" "time" + "github.com/andreimarcu/linx-server/auth/apikeys" "github.com/andreimarcu/linx-server/backends" "github.com/andreimarcu/linx-server/expiry" "github.com/dchest/uniuri" + "github.com/gabriel-vasile/mimetype" "github.com/zenazn/goji/web" - "gopkg.in/h2non/filetype.v1" ) - var FileTooLargeError = errors.New("File too large.") var fileBlacklist = map[string]bool{ "favicon.ico": true, @@ -41,6 +42,7 @@ type UploadRequest struct { deleteKey string // Empty string if not defined randomBarename bool accessKey string // Empty string if not defined + srcIp string // Empty string if not defined } // Metadata associated with a file as it would actually be stored @@ -59,7 +61,6 @@ func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) { uploadHeaderProcess(r, &upReq) contentType := r.Header.Get("Content-Type") - if strings.HasPrefix(contentType, "multipart/form-data") { file, headers, err := r.FormFile("file") if err != nil { @@ -90,11 +91,10 @@ func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) { upReq.expiry = parseExpiry(r.PostFormValue("expires")) upReq.accessKey = r.PostFormValue(accessKeyParamName) - if r.PostFormValue("randomize") == "true" { upReq.randomBarename = true } - + upReq.srcIp = r.Header.Get("X-Forwarded-For") upload, err := processUpload(upReq) if strings.EqualFold("application/json", r.Header.Get("Accept")) { @@ -125,11 +125,11 @@ func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) { func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) { upReq := UploadRequest{} uploadHeaderProcess(r, &upReq) - + defer r.Body.Close() upReq.filename = c.URLParams["name"] upReq.src = http.MaxBytesReader(w, r.Body, Config.maxSize) - + upReq.srcIp = r.Header.Get("X-Forwarded-For") upload, err := processUpload(upReq) if strings.EqualFold("application/json", r.Header.Get("Accept")) { @@ -166,13 +166,16 @@ func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { key = password } } - result, err := checkAuth(remoteAuthKeys, key) + result, err := apikeys.CheckAuth(remoteAuthKeys, key) if err != nil || !result { if Config.basicAuth { - badAuthorizationHandler(w, r) - } else { - unauthorizedHandler(c, w, r) + rs := "" + if Config.siteName != "" { + rs = fmt.Sprintf(` realm="%s"`, Config.siteName) + } + w.Header().Set("WWW-Authenticate", `Basic`+rs) } + unauthorizedHandler(c, w, r) return } } @@ -191,14 +194,14 @@ func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { oopsHandler(c, w, r, RespAUTO, "Could not retrieve URL") return } - + upReq.filename = filepath.Base(grabUrl.Path) upReq.src = http.MaxBytesReader(w, resp.Body, Config.maxSize) upReq.deleteKey = r.FormValue("deletekey") upReq.accessKey = r.FormValue(accessKeyParamName) upReq.randomBarename = r.FormValue("randomize") == "yes" upReq.expiry = parseExpiry(r.FormValue("expiry")) - + upReq.srcIp = r.Header.Get("X-Forwarded-For") upload, err := processUpload(upReq) if strings.EqualFold("application/json", r.Header.Get("Accept")) { @@ -227,11 +230,11 @@ func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { func uploadHeaderProcess(r *http.Request, upReq *UploadRequest) { if r.Header.Get("Linx-Randomize") == "yes" { upReq.randomBarename = true + } else { + upReq.randomBarename = false } - upReq.deleteKey = r.Header.Get("Linx-Delete-Key") upReq.accessKey = r.Header.Get(accessKeyHeaderName) - // Get seconds until expiry. Non-integer responses never expire. expStr := r.Header.Get("Linx-Expiry") upReq.expiry = parseExpiry(expStr) @@ -263,11 +266,11 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) { header = header[:n] // Determine the type of file from header - kind, err := filetype.Match(header) - if err != nil || kind.Extension == "unknown" { + kind := mimetype.Detect(header) + if len(kind.Extension()) < 2 { extension = "file" } else { - extension = kind.Extension + extension = kind.Extension()[1:] // remove leading "." } } @@ -318,19 +321,45 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) { return upload, errors.New("Prohibited filename") } + // Lock the upload + log.Printf("Lock %s", upload.Filename) + err = storageBackend.Lock(upload.Filename) + if err != nil { + return upload, err + } + // Get the rest of the metadata needed for storage var fileExpiry time.Time + maxDurationTime := time.Duration(Config.maxDurationTime) * time.Second if upReq.expiry == 0 { - fileExpiry = expiry.NeverExpire + if upReq.size > Config.maxDurationSize && maxDurationTime > 0 { + fileExpiry = time.Now().Add(maxDurationTime) + } else { + fileExpiry = expiry.NeverExpire + } } else { - fileExpiry = time.Now().Add(upReq.expiry) + if upReq.size > Config.maxDurationSize && upReq.expiry > maxDurationTime { + fileExpiry = time.Now().Add(maxDurationTime) + } else { + fileExpiry = time.Now().Add(upReq.expiry) + } } if upReq.deleteKey == "" { upReq.deleteKey = uniuri.NewLen(30) } + if Config.disableAccessKey == true { + upReq.accessKey = "" + } + log.Printf("Write %s", upload.Filename) + upload.Metadata, err = storageBackend.Put(upload.Filename, io.MultiReader(bytes.NewReader(header), upReq.src), fileExpiry, upReq.deleteKey, upReq.accessKey, upReq.srcIp) + if err != nil { + return upload, err + } - upload.Metadata, err = storageBackend.Put(upload.Filename, io.MultiReader(bytes.NewReader(header), upReq.src), fileExpiry, upReq.deleteKey, upReq.accessKey) + // Unlock the upload + log.Printf("Unlock %s", upload.Filename) + err = storageBackend.Unlock(upload.Filename) if err != nil { return upload, err } @@ -394,11 +423,11 @@ func barePlusExt(filename string) (barename, extension string) { func parseExpiry(expStr string) time.Duration { if expStr == "" { - return time.Duration(Config.maxExpiry) * time.Second + return time.Duration(Config.defaultExpiry) * time.Second } else { fileExpiry, err := strconv.ParseUint(expStr, 10, 64) if err != nil { - return time.Duration(Config.maxExpiry) * time.Second + return time.Duration(Config.defaultExpiry) * time.Second } else { if Config.maxExpiry > 0 && (fileExpiry > Config.maxExpiry || fileExpiry == 0) { fileExpiry = Config.maxExpiry