* Bail out on files that are too large earlier if possible.
* Return 400 instead of 500 for empty files and files that are too large
(when we can bail out early).
This new backend currently isn't hooked up; new and existing installs
will continue to use the localfs backend.
* Rework torrent generation to be backend-dependent so we can use S3's
existing torrent API.
* Remove the torrent test cases, which broke with this torrent rework;
they will need to be added back later.
* Use `http.MaxBytesReader` for better max size handling.
* Allow backends to return errors in `ServeFile` if needed.
* Serve file directly for curl and wget user agents
Fix#127
* Add test for get with wget user agent
* Add -nodirectagents flag
to disable serving files directly for wget/curl user agents
* Fix TestPutAndGetCLI failing for Go 1.5
It failed because it doesn't include the Content-Type header for every
response.
Previously, we did not properly handle the case where the provided
expiry was zero and the max expiry was configured to be nonzero; add an
additional check to cover this case.
Fixes#111.
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes#74.
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.