Contains the Concourse pipeline definition for building a line-server container
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

357 lines
8.9 KiB

9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
  1. package main
  2. import (
  3. "bytes"
  4. "encoding/json"
  5. "errors"
  6. "fmt"
  7. "io"
  8. "net/http"
  9. "net/url"
  10. "os"
  11. "path"
  12. "path/filepath"
  13. "regexp"
  14. "strconv"
  15. "strings"
  16. "time"
  17. "bitbucket.org/taruti/mimemagic"
  18. "github.com/dchest/uniuri"
  19. "github.com/zenazn/goji/web"
  20. )
  21. var fileBlacklist = map[string]bool{
  22. "favicon.ico": true,
  23. "index.htm": true,
  24. "index.html": true,
  25. "index.php": true,
  26. "robots.txt": true,
  27. "crossdomain.xml": true,
  28. }
  29. // Describes metadata directly from the user request
  30. type UploadRequest struct {
  31. src io.Reader
  32. filename string
  33. expiry time.Duration // Seconds until expiry, 0 = never
  34. randomBarename bool
  35. deletionKey string // Empty string if not defined
  36. }
  37. // Metadata associated with a file as it would actually be stored
  38. type Upload struct {
  39. Filename string // Final filename on disk
  40. Metadata Metadata
  41. }
  42. func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) {
  43. if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize", "X-Requested-With"}, false) {
  44. badRequestHandler(c, w, r)
  45. return
  46. }
  47. upReq := UploadRequest{}
  48. uploadHeaderProcess(r, &upReq)
  49. contentType := r.Header.Get("Content-Type")
  50. if strings.HasPrefix(contentType, "multipart/form-data") {
  51. file, headers, err := r.FormFile("file")
  52. if err != nil {
  53. oopsHandler(c, w, r, RespHTML, "Could not upload file.")
  54. return
  55. }
  56. defer file.Close()
  57. r.ParseForm()
  58. if r.Form.Get("randomize") == "true" {
  59. upReq.randomBarename = true
  60. }
  61. upReq.expiry = parseExpiry(r.Form.Get("expires"))
  62. upReq.src = file
  63. upReq.filename = headers.Filename
  64. } else {
  65. if r.FormValue("content") == "" {
  66. oopsHandler(c, w, r, RespHTML, "Empty file")
  67. return
  68. }
  69. extension := r.FormValue("extension")
  70. if extension == "" {
  71. extension = "txt"
  72. }
  73. upReq.src = strings.NewReader(r.FormValue("content"))
  74. upReq.expiry = parseExpiry(r.FormValue("expires"))
  75. upReq.filename = r.FormValue("filename") + "." + extension
  76. }
  77. upload, err := processUpload(upReq)
  78. if strings.EqualFold("application/json", r.Header.Get("Accept")) {
  79. if err != nil {
  80. oopsHandler(c, w, r, RespJSON, "Could not upload file: "+err.Error())
  81. return
  82. }
  83. js := generateJSONresponse(upload)
  84. w.Header().Set("Content-Type", "application/json; charset=UTF-8")
  85. w.Write(js)
  86. } else {
  87. if err != nil {
  88. oopsHandler(c, w, r, RespHTML, "Could not upload file: "+err.Error())
  89. return
  90. }
  91. http.Redirect(w, r, "/"+upload.Filename, 303)
  92. }
  93. }
  94. func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
  95. upReq := UploadRequest{}
  96. uploadHeaderProcess(r, &upReq)
  97. defer r.Body.Close()
  98. upReq.filename = c.URLParams["name"]
  99. upReq.src = r.Body
  100. upload, err := processUpload(upReq)
  101. if strings.EqualFold("application/json", r.Header.Get("Accept")) {
  102. if err != nil {
  103. oopsHandler(c, w, r, RespJSON, "Could not upload file: "+err.Error())
  104. return
  105. }
  106. js := generateJSONresponse(upload)
  107. w.Header().Set("Content-Type", "application/json; charset=UTF-8")
  108. w.Write(js)
  109. } else {
  110. if err != nil {
  111. oopsHandler(c, w, r, RespPLAIN, "Could not upload file: "+err.Error())
  112. return
  113. }
  114. fmt.Fprintf(w, Config.siteURL+upload.Filename)
  115. }
  116. }
  117. func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
  118. if Config.remoteAuthFile != "" {
  119. result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
  120. if err != nil || !result {
  121. unauthorizedHandler(c, w, r)
  122. return
  123. }
  124. } else {
  125. // strict referrer checking is mandatory without remote auth keys
  126. if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize", "X-Requested-With"}, true) {
  127. badRequestHandler(c, w, r)
  128. return
  129. }
  130. }
  131. if r.FormValue("url") == "" {
  132. http.Redirect(w, r, "/", 303)
  133. return
  134. }
  135. upReq := UploadRequest{}
  136. grabUrl, _ := url.Parse(r.FormValue("url"))
  137. resp, err := http.Get(grabUrl.String())
  138. if err != nil {
  139. oopsHandler(c, w, r, RespAUTO, "Could not retrieve URL")
  140. return
  141. }
  142. upReq.filename = filepath.Base(grabUrl.Path)
  143. upReq.src = resp.Body
  144. upReq.deletionKey = r.FormValue("deletekey")
  145. upReq.expiry = parseExpiry(r.FormValue("expiry"))
  146. upload, err := processUpload(upReq)
  147. if strings.EqualFold("application/json", r.Header.Get("Accept")) {
  148. if err != nil {
  149. oopsHandler(c, w, r, RespJSON, "Could not upload file: "+err.Error())
  150. return
  151. }
  152. js := generateJSONresponse(upload)
  153. w.Header().Set("Content-Type", "application/json; charset=UTF-8")
  154. w.Write(js)
  155. } else {
  156. if err != nil {
  157. oopsHandler(c, w, r, RespHTML, "Could not upload file: "+err.Error())
  158. return
  159. }
  160. http.Redirect(w, r, "/"+upload.Filename, 303)
  161. }
  162. }
  163. func uploadHeaderProcess(r *http.Request, upReq *UploadRequest) {
  164. if r.Header.Get("Linx-Randomize") == "yes" {
  165. upReq.randomBarename = true
  166. }
  167. upReq.deletionKey = r.Header.Get("Linx-Delete-Key")
  168. // Get seconds until expiry. Non-integer responses never expire.
  169. expStr := r.Header.Get("Linx-Expiry")
  170. upReq.expiry = parseExpiry(expStr)
  171. }
  172. func processUpload(upReq UploadRequest) (upload Upload, err error) {
  173. // Determine the appropriate filename, then write to disk
  174. barename, extension := barePlusExt(upReq.filename)
  175. if upReq.randomBarename || len(barename) == 0 {
  176. barename = generateBarename()
  177. }
  178. var header []byte
  179. if len(extension) == 0 {
  180. // Pull the first 512 bytes off for use in MIME detection
  181. header = make([]byte, 512)
  182. n, _ := upReq.src.Read(header)
  183. if n == 0 {
  184. return upload, errors.New("Empty file")
  185. }
  186. header = header[:n]
  187. // Determine the type of file from header
  188. mimetype := mimemagic.Match("", header)
  189. // If the mime type is in our map, use that
  190. // otherwise just use "ext"
  191. if val, exists := mimeToExtension[mimetype]; exists {
  192. extension = val
  193. } else {
  194. extension = "ext"
  195. }
  196. }
  197. upload.Filename = strings.Join([]string{barename, extension}, ".")
  198. _, err = os.Stat(path.Join(Config.filesDir, upload.Filename))
  199. fileexists := err == nil
  200. // Check if the delete key matches, in which case overwrite
  201. if fileexists {
  202. metad, merr := metadataRead(upload.Filename)
  203. if merr == nil {
  204. if upReq.deletionKey == metad.DeleteKey {
  205. fileexists = false
  206. }
  207. }
  208. }
  209. for fileexists {
  210. counter, err := strconv.Atoi(string(barename[len(barename)-1]))
  211. if err != nil {
  212. barename = barename + "1"
  213. } else {
  214. barename = barename[:len(barename)-1] + strconv.Itoa(counter+1)
  215. }
  216. upload.Filename = strings.Join([]string{barename, extension}, ".")
  217. _, err = os.Stat(path.Join(Config.filesDir, upload.Filename))
  218. fileexists = err == nil
  219. }
  220. if fileBlacklist[strings.ToLower(upload.Filename)] {
  221. return upload, errors.New("Prohibited filename")
  222. }
  223. dst, err := os.Create(path.Join(Config.filesDir, upload.Filename))
  224. if err != nil {
  225. return
  226. }
  227. defer dst.Close()
  228. // Get the rest of the metadata needed for storage
  229. var expiry time.Time
  230. if upReq.expiry == 0 {
  231. expiry = neverExpire
  232. } else {
  233. expiry = time.Now().Add(upReq.expiry)
  234. }
  235. bytes, err := io.Copy(dst, io.MultiReader(bytes.NewReader(header), upReq.src))
  236. if bytes == 0 {
  237. os.Remove(path.Join(Config.filesDir, upload.Filename))
  238. return upload, errors.New("Empty file")
  239. } else if err != nil {
  240. os.Remove(path.Join(Config.filesDir, upload.Filename))
  241. return
  242. } else if bytes > Config.maxSize {
  243. os.Remove(path.Join(Config.filesDir, upload.Filename))
  244. return upload, errors.New("File too large")
  245. }
  246. upload.Metadata, err = generateMetadata(upload.Filename, expiry, upReq.deletionKey)
  247. if err != nil {
  248. os.Remove(path.Join(Config.filesDir, upload.Filename))
  249. os.Remove(path.Join(Config.metaDir, upload.Filename))
  250. return
  251. }
  252. err = metadataWrite(upload.Filename, &upload.Metadata)
  253. if err != nil {
  254. os.Remove(path.Join(Config.filesDir, upload.Filename))
  255. os.Remove(path.Join(Config.metaDir, upload.Filename))
  256. return
  257. }
  258. return
  259. }
  260. func generateBarename() string {
  261. return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
  262. }
  263. func generateJSONresponse(upload Upload) []byte {
  264. js, _ := json.Marshal(map[string]string{
  265. "url": Config.siteURL + upload.Filename,
  266. "filename": upload.Filename,
  267. "delete_key": upload.Metadata.DeleteKey,
  268. "expiry": strconv.FormatInt(upload.Metadata.Expiry.Unix(), 10),
  269. "size": strconv.FormatInt(upload.Metadata.Size, 10),
  270. "mimetype": upload.Metadata.Mimetype,
  271. "sha256sum": upload.Metadata.Sha256sum,
  272. })
  273. return js
  274. }
  275. var barePlusRe = regexp.MustCompile(`[^A-Za-z0-9\-]`)
  276. func barePlusExt(filename string) (barename, extension string) {
  277. filename = strings.TrimSpace(filename)
  278. filename = strings.ToLower(filename)
  279. extension = path.Ext(filename)
  280. barename = filename[:len(filename)-len(extension)]
  281. extension = barePlusRe.ReplaceAllString(extension, "")
  282. barename = barePlusRe.ReplaceAllString(barename, "")
  283. return
  284. }
  285. func parseExpiry(expStr string) time.Duration {
  286. if expStr == "" {
  287. return 0
  288. } else {
  289. expiry, err := strconv.ParseInt(expStr, 10, 64)
  290. if err != nil {
  291. return 0
  292. } else {
  293. return time.Duration(expiry) * time.Second
  294. }
  295. }
  296. }