Docker
/
linx-server
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

add support remote auth keys 

These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
pull/56/head
mutantmonkey 9 years ago
parent
3dc4753b7a
commit
dd4ac3a7ed
2 changed files with 21 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      server.go
  2. 13
      upload.go

8
server.go
View File

@ -36,6 +36,7 @@ var Config struct {
fastcgi bool
remoteUploads bool
authFile string
remoteAuthFile string
}
var Templates = make(map[string]*pongo2.Template)
@ -43,6 +44,7 @@ var TemplateSet *pongo2.TemplateSet
var staticBox *rice.Box
var timeStarted time.Time
var timeStartedStr string
var remoteAuthKeys []string
func setup() *web.Mux {
mux := web.New()
@ -126,6 +128,10 @@ func setup() *web.Mux {
if Config.remoteUploads {
mux.Get("/upload", uploadRemote)
mux.Get("/upload/", uploadRemote)
if Config.remoteAuthFile != "" {
remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
}
}
mux.Post("/upload", uploadPostHandler)
@ -175,6 +181,8 @@ func main() {
"enable remote uploads")
flag.StringVar(&Config.authFile, "authfile", "",
"path to a file containing newline-separated scrypted auth keys")
flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
"path to a file containing newline-separated scrypted auth keys for remote uploads")
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
"value of default Content-Security-Policy header")

13
upload.go
View File

@ -138,6 +138,19 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
}
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
if Config.remoteAuthFile != "" {
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
if err != nil || !result {
unauthorizedHandler(c, w, r)
}
} else {
// strict referrer checking is mandatory without remote auth keys
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize"}) {
badRequestHandler(c, w, r)
return
}
}
if r.FormValue("url") == "" {
http.Redirect(w, r, "/", 303)
return

Write Preview
Loading…
Cancel
Save