abyss/handlers.go

package main

import (
	"crypto/md5"
	"crypto/sha256"
	"crypto/subtle"
	"encoding/hex"
	"fmt"
	"html/template"
	"io"
	"log/slog"
	"net/http"
	"os"
	"path/filepath"
)

type Application struct {
	auth struct {
		username string
		password string
	}
	url              string
	key              string
	filesDir         string
	port             string
	lastUploadedFile string
}

type FileInfo struct {
	Name          string
	Path          string
	Size          int64
	FormattedSize string
}

type TemplateData struct {
	Files []FileInfo
	URL   string
}

func (app *Application) fileListingHandler(w http.ResponseWriter, r *http.Request) {
	dir := app.filesDir + r.URL.Path

	files, err := os.ReadDir(dir)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	var fileInfos []FileInfo
	for _, file := range files {
		filePath := filepath.Join(dir, file.Name())
		info, err := os.Stat(filePath)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		fileInfos = append(fileInfos, FileInfo{
			Name:          file.Name(),
			Path:          filepath.Join(r.URL.Path, file.Name()),
			Size:          info.Size(),
			FormattedSize: FormatFileSize(info.Size()),
		})
	}

	tmpl := template.Must(template.ParseFiles("templates/dirlist.html"))
	templateData := TemplateData{
		Files: fileInfos,
		URL:   app.url,
	}
	if err := tmpl.Execute(w, templateData); err != nil {
		slog.Warn(error.Error(err))
	}
}

func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method == http.MethodPost {
		app.uploadCurlHandler(w, r)
		return
	}

	name := filepath.Clean(r.URL.Path)
	path := filepath.Join(app.filesDir, name)

	if !filepath.IsLocal(path) {
		http.Error(w, "Wrong url", http.StatusBadRequest)
		return
	}

	if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() {
		ext := filepath.Ext(path)

		textExtensions := map[string]bool{
			".sh": true, ".bash": true, ".zsh": true,
			".bat": true, ".cmd": true, ".ps1": true,
			".ini": true, ".cfg": true, ".conf": true,
			".toml": true, ".yml": true, ".yaml": true,
			".c": true, ".cpp": true, ".h": true,
			".go": true, ".py": true, ".js": true,
			".ts": true, ".html": true, ".htm": true,
			".xml": true, ".css": true, ".java": true,
			".rs": true, ".rb": true, ".php": true,
			".pl": true, ".sql": true, ".md": true,
			".log": true, ".txt": true, ".csv": true,
			".json": true, ".env": true, ".sum": true,
			".gitignore": true, ".dockerfile": true, ".Makefile": true,
			".rst": true,
		}

		videoExtensions := map[string]bool{
			".mkv": true,
		}

		if textExtensions[ext] {
			w.Header().Set("Content-Type", "text/plain; charset=utf-8")
		}

		if videoExtensions[ext] {
			w.Header().Set("Content-Type", "video/mp4")
		}

		http.ServeFile(w, r, path)
		return
	}

	http.StripPrefix("/", http.FileServer(http.Dir("./static"))).ServeHTTP(w, r)
}

func (app *Application) lastHandler(w http.ResponseWriter, r *http.Request) {
	if app.lastUploadedFile == "" {
		http.Error(w, "No new files uploaded yet", http.StatusNotFound)
		return
	}
	http.ServeFile(w, r, app.lastUploadedFile)
}

func (app *Application) uploadCurlHandler(w http.ResponseWriter, r *http.Request) {
	if r.URL.Path != "/" {
		http.Error(w, "Method not allowed", http.StatusUnauthorized)
		return
	}

	if !CheckAuth(r, app.key) {
		http.Error(w, "You're not authorized.", http.StatusBadRequest)
		return
	}

	app.uploadHandler(w, r)
}

func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
	file, handler, err := r.FormFile("file")
	if err != nil {
		http.Error(w, "Error retrieving the file", http.StatusBadRequest)
		return
	}
	defer file.Close()

	if _, err := os.Stat(app.filesDir); err != nil {
		if err := os.Mkdir(app.filesDir, 0750); err != nil {
			http.Error(w, "Error creating storage directory", http.StatusInternalServerError)
		}
	}

	hasher := md5.New()
	if _, err := io.Copy(hasher, file); err != nil {
		http.Error(w, "Error hashing file content", http.StatusInternalServerError)
		return
	}

	sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]

	filename := fmt.Sprintf("%s%s", sha1Hash, filepath.Ext(handler.Filename))

	filepath := filepath.Join(app.filesDir, filename)

	// reopen the file for copying, as the hash process consumed the file reader
	file, _, err = r.FormFile("file")
	if err != nil {
		http.Error(w, "Error retrieving the file", http.StatusBadRequest)
		return
	}
	defer file.Close()

	dst, err := os.Create(filepath)
	if err != nil {
		http.Error(w, "Error creating file\n", http.StatusInternalServerError)
	}
	defer dst.Close()

	if _, err := io.Copy(dst, file); err != nil {
		http.Error(w, "Error copying the file", http.StatusInternalServerError)
	}

	app.lastUploadedFile = filepath

	fmt.Fprintf(w, "http://%s/%s\n", app.url, filename)
}

func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		username, password, ok := r.BasicAuth()
		if ok {
			// hash password received
			usernameHash := sha256.Sum256([]byte(username))
			passwordHash := sha256.Sum256([]byte(password))

			// hash our password
			expectedUsernameHash := sha256.Sum256([]byte(app.auth.username))
			expectedPasswordHash := sha256.Sum256([]byte(app.auth.password))

			// compare hashes
			usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
			passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)

			if usernameMatch && passwordMatch {
				next.ServeHTTP(w, r)
				return
			}
		}

		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8`)
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
	})
}
feat: add basic working server 2024-08-19 12:48:30 -03:00			`package main`

			`import (`
feat: change filenames for md5 hashes 2024-09-18 13:48:04 -03:00			`"crypto/md5"`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`"crypto/sha256"`
			`"crypto/subtle"`
feat: change filenames for md5 hashes 2024-09-18 13:48:04 -03:00			`"encoding/hex"`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`"fmt"`
fix: change to html/template for more security 2024-09-19 15:38:43 -03:00			`"html/template"`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`"io"`
feat: add customizable file tree 2024-09-19 10:28:23 -03:00			`"log/slog"`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`"net/http"`
			`"os"`
feat: add file tree to /tree 2024-08-19 16:11:25 -03:00			`"path/filepath"`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`)`

refactor: split into multiple files 2024-08-25 23:15:11 -03:00			`type Application struct {`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`auth struct {`
			`username string`
			`password string`
			`}`
feat: add /last for checking last uploaded file 2024-09-18 10:03:53 -03:00			`url string`
			`key string`
			`filesDir string`
			`port string`
			`lastUploadedFile string`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`}`
feat: add docker installation/setup 2024-08-19 15:50:17 -03:00
feat: add customizable file tree 2024-09-19 10:28:23 -03:00			`type FileInfo struct {`
			`Name string`
			`Path string`
			`Size int64`
			`FormattedSize string`
			`}`

			`type TemplateData struct {`
			`Files []FileInfo`
			`URL string`
			`}`

			`func (app Application) fileListingHandler(w http.ResponseWriter, r http.Request) {`
			`dir := app.filesDir + r.URL.Path`

			`files, err := os.ReadDir(dir)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`var fileInfos []FileInfo`
			`for _, file := range files {`
			`filePath := filepath.Join(dir, file.Name())`
			`info, err := os.Stat(filePath)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`fileInfos = append(fileInfos, FileInfo{`
			`Name: file.Name(),`
			`Path: filepath.Join(r.URL.Path, file.Name()),`
			`Size: info.Size(),`
refactor: split helper functions 2024-10-03 21:19:14 -03:00			`FormattedSize: FormatFileSize(info.Size()),`
feat: add customizable file tree 2024-09-19 10:28:23 -03:00			`})`
			`}`

			`tmpl := template.Must(template.ParseFiles("templates/dirlist.html"))`
			`templateData := TemplateData{`
			`Files: fileInfos,`
			`URL: app.url,`
			`}`
			`if err := tmpl.Execute(w, templateData); err != nil {`
			`slog.Warn(error.Error(err))`
			`}`
			`}`

feat: add static webpage 2024-09-18 09:55:26 -03:00			`func (app Application) indexHandler(w http.ResponseWriter, r http.Request) {`
refactor: split into multiple files 2024-08-25 23:15:11 -03:00			`if r.Method == http.MethodPost {`
refactor: split helper functions 2024-10-03 21:19:14 -03:00			`app.uploadCurlHandler(w, r)`
refactor: split into multiple files 2024-08-25 23:15:11 -03:00			`return`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`}`

feat(): sanitize '/' path properly 2024-08-19 20:00:07 -03:00			`name := filepath.Clean(r.URL.Path)`
feat: add customizable port and file directories 2024-09-06 16:34:20 -03:00			`path := filepath.Join(app.filesDir, name)`
feat(): sanitize '/' path properly 2024-08-19 20:00:07 -03:00
			`if !filepath.IsLocal(path) {`
			`http.Error(w, "Wrong url", http.StatusBadRequest)`
			`return`
			`}`
feat: add file tree to /tree 2024-08-19 16:11:25 -03:00
			`if fileInfo, err := os.Stat(path); err == nil && !fileInfo.IsDir() {`
fix: set text mimetypes for common extensions 2024-09-18 13:58:05 -03:00			`ext := filepath.Ext(path)`

			`textExtensions := map[string]bool{`
			`".sh": true, ".bash": true, ".zsh": true,`
			`".bat": true, ".cmd": true, ".ps1": true,`
			`".ini": true, ".cfg": true, ".conf": true,`
			`".toml": true, ".yml": true, ".yaml": true,`
			`".c": true, ".cpp": true, ".h": true,`
			`".go": true, ".py": true, ".js": true,`
			`".ts": true, ".html": true, ".htm": true,`
			`".xml": true, ".css": true, ".java": true,`
			`".rs": true, ".rb": true, ".php": true,`
			`".pl": true, ".sql": true, ".md": true,`
			`".log": true, ".txt": true, ".csv": true,`
			`".json": true, ".env": true, ".sum": true,`
			`".gitignore": true, ".dockerfile": true, ".Makefile": true,`
			`".rst": true,`
			`}`

fix: mkv videos not playing on browser 2024-09-19 15:47:24 -03:00			`videoExtensions := map[string]bool{`
			`".mkv": true,`
			`}`

fix: set text mimetypes for common extensions 2024-09-18 13:58:05 -03:00			`if textExtensions[ext] {`
			`w.Header().Set("Content-Type", "text/plain; charset=utf-8")`
			`}`

fix: mkv videos not playing on browser 2024-09-19 15:47:24 -03:00			`if videoExtensions[ext] {`
			`w.Header().Set("Content-Type", "video/mp4")`
			`}`

feat: add file tree to /tree 2024-08-19 16:11:25 -03:00			`http.ServeFile(w, r, path)`
fix: set text mimetypes for common extensions 2024-09-18 13:58:05 -03:00			`return`
feat: add file tree to /tree 2024-08-19 16:11:25 -03:00			`}`
fix: set text mimetypes for common extensions 2024-09-18 13:58:05 -03:00
			`http.StripPrefix("/", http.FileServer(http.Dir("./static"))).ServeHTTP(w, r)`
feat: add file tree to /tree 2024-08-19 16:11:25 -03:00			`}`

feat: add /last for checking last uploaded file 2024-09-18 10:03:53 -03:00			`func (app Application) lastHandler(w http.ResponseWriter, r http.Request) {`
			`if app.lastUploadedFile == "" {`
			`http.Error(w, "No new files uploaded yet", http.StatusNotFound)`
			`return`
			`}`
			`http.ServeFile(w, r, app.lastUploadedFile)`
			`}`

refactor: split helper functions 2024-10-03 21:19:14 -03:00			`func (app Application) uploadCurlHandler(w http.ResponseWriter, r http.Request) {`
refactor: split into multiple files 2024-08-25 23:15:11 -03:00			`if r.URL.Path != "/" {`
			`http.Error(w, "Method not allowed", http.StatusUnauthorized)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`return`
			`}`

refactor: split helper functions 2024-10-03 21:19:14 -03:00			`if !CheckAuth(r, app.key) {`
feat(): add basic authentication 2024-08-19 19:47:32 -03:00			`http.Error(w, "You're not authorized.", http.StatusBadRequest)`
			`return`
			`}`

refactor: split helper functions 2024-10-03 21:19:14 -03:00			`app.uploadHandler(w, r)`
			`}`

			`func (app Application) uploadHandler(w http.ResponseWriter, r http.Request) {`
feat(): add extensions to file names 2024-08-20 09:00:44 -03:00			`file, handler, err := r.FormFile("file")`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`if err != nil {`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`http.Error(w, "Error retrieving the file", http.StatusBadRequest)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`return`
			`}`
			`defer file.Close()`

feat: add customizable port and file directories 2024-09-06 16:34:20 -03:00			`if _, err := os.Stat(app.filesDir); err != nil {`
			`if err := os.Mkdir(app.filesDir, 0750); err != nil {`
feat: add file uploading functionality 2024-08-19 13:54:33 -03:00			`http.Error(w, "Error creating storage directory", http.StatusInternalServerError)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`}`
			`}`

feat: change filenames for md5 hashes 2024-09-18 13:48:04 -03:00			`hasher := md5.New()`
			`if _, err := io.Copy(hasher, file); err != nil {`
			`http.Error(w, "Error hashing file content", http.StatusInternalServerError)`
			`return`
			`}`

			`sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]`
feat: add file uploading functionality 2024-08-19 13:54:33 -03:00
feat: change filenames for md5 hashes 2024-09-18 13:48:04 -03:00			`filename := fmt.Sprintf("%s%s", sha1Hash, filepath.Ext(handler.Filename))`
feat: add basic working server 2024-08-19 12:48:30 -03:00
feat: change filenames for md5 hashes 2024-09-18 13:48:04 -03:00			`filepath := filepath.Join(app.filesDir, filename)`

			`// reopen the file for copying, as the hash process consumed the file reader`
			`file, _, err = r.FormFile("file")`
			`if err != nil {`
			`http.Error(w, "Error retrieving the file", http.StatusBadRequest)`
			`return`
			`}`
			`defer file.Close()`
feat(): add extensions to file names 2024-08-20 09:00:44 -03:00
			`dst, err := os.Create(filepath)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`if err != nil {`
feat: add file uploading functionality 2024-08-19 13:54:33 -03:00			`http.Error(w, "Error creating file\n", http.StatusInternalServerError)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`}`
			`defer dst.Close()`

			`if _, err := io.Copy(dst, file); err != nil {`
			`http.Error(w, "Error copying the file", http.StatusInternalServerError)`
			`}`

feat: add /last for checking last uploaded file 2024-09-18 10:03:53 -03:00			`app.lastUploadedFile = filepath`

feat: add customizable file tree 2024-09-19 10:28:23 -03:00			`fmt.Fprintf(w, "http://%s/%s\n", app.url, filename)`
feat: add basic working server 2024-08-19 12:48:30 -03:00			`}`
feat(): add basic authentication 2024-08-19 19:47:32 -03:00
refactor: split into multiple files 2024-08-25 23:15:11 -03:00			`func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {`
feat(auth): add basic authentication when accessing /tree/ 2024-08-20 08:38:56 -03:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`username, password, ok := r.BasicAuth()`
			`if ok {`
			`// hash password received`
			`usernameHash := sha256.Sum256([]byte(username))`
			`passwordHash := sha256.Sum256([]byte(password))`

			`// hash our password`
			`expectedUsernameHash := sha256.Sum256([]byte(app.auth.username))`
			`expectedPasswordHash := sha256.Sum256([]byte(app.auth.password))`

			`// compare hashes`
			`usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)`
			`passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)`

			`if usernameMatch && passwordMatch {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`
			`}`

			w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8`)
			`http.Error(w, "Unauthorized", http.StatusUnauthorized)`
			`})`
			`}`