feat: add support for fish scripts

docs: add features to readme
docs: add tutorial for jwt tokens
2024-10-17 13:08:29 -03:00 · 2024-10-17 13:07:49 -03:00 · 2024-10-17 13:06:12 -03:00 · 2024-10-17 10:52:33 -03:00
7 changed files with 109 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -1,11 +1,23 @@
 # abyss

-abyss is a basic (mostly) single user http server made for uploading files (logs, images) and then sharing them to the internet
+abyss is a basic and mostly single user http server written in go made for uploading files (logs, images) and then sharing them to the internet

-note: this is a project made for learning purposes, you should use other more mature projects if running in production. probably.
+<figure>
+ <img src="https://github.com/user-attachments/assets/eae42368-d8b5-4c42-ac8a-0e1486fcd0d4" alt="homepage"/>
+ <figcaption>this is abyss' default home page<figcaption/>
+</figure>
+
+## features
+
+- **file uploads**: supports uploading various file types, including images, videos, and documents.
+- **flexible media display**: automatically renders uploaded files on a webpage based on their type (images, pdfs, videos, or plain text).
+- **customizable interface**: allows for easy modification of color schemes and layout to suit specific design needs.
+- **syntax highlighting for code**: syntax highlighting available by default for code files, with support for multiple programming languages. (can be tweaked/changed and even removed)
+- **security considerations**: as it is single user, it's mostly secure but there are still some edges to sharpen

 ## table of contents

+- [features](#features)
 - [running abyss](#running)
  - [installing with docker](#docker)
  - [installing manually](#manual)
@ -13,6 +25,15 @@ note: this is a project made for learning purposes, you should use other more ma
 - [theming](#theming)
 - [docs](#docs)
 - [todo list](#todo)
+- [more pictures](#pictures)
+
+## features
+
+- **file uploads**: supports uploading various file types, including images, videos, and documents.
+- **flexible media display**: automatically renders uploaded files on a webpage based on their type (images, pdfs, videos, or plain text).
+- **easily customizable interface**: allows for easy modification of color schemes and layout to suit specific design needs.
+- **syntax highlighting for code**: syntax highlighting available by default for code files, with support for multiple programming languages. (can be tweaked/changed and even removed)
+- **security considerations**: as it is single user, it's mostly secure but there are still some edges to sharpen

 ## running:

@ -40,7 +61,11 @@ docker compose up -d # might be docker-compose depending on distro

 #### with curl

- to upload your files with curl:
+- you can upload both with the main key and with jwt tokens
+
+##### main key
+
+- to upload your files with main key:

 ```bash
 curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost:3235/
@ -64,7 +89,7 @@ pst() {
    return 1
  fi

-  curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235
+  curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/

  if [[ -p /dev/stdin ]]; then
    rm "$file"
@ -88,7 +113,7 @@ function pst
        set file "$argv[1]"
    end

-    curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235
+    curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/

    if command test -p /dev/stdin
        rm "$file"
@ -98,6 +123,22 @@ end

 </details>

+##### with jwt tokens
+
+- you first need to generate them:
+
+```bash
+curl -u admin http://localhost:3235/token # you can also access the url in the browser directly
+```
+
+- the user will be the value of `$AUTH_USERNAME` and password the value of `$AUTH_PASSWORD`
+
+- then you use the token in place of the main key:
+
+```bash
+curl -F"file=@/path/to/file.jpg" -H "X-Auth: your-token" http://localhost:3235/
+```
+
 #### through the browser

 - you can only upload text through the browser, to do so, simply write text in the form in the default webpage and click upload.
@ -132,3 +173,15 @@ end
 - [x] custom file displaying!!
 - [x] syntax highlighting
 - [ ] add rate limits
+
+## pictures
+
+<figure>
+  <img src="https://github.com/user-attachments/assets/32ce9b3a-8c0f-4bb5-bdcf-3a602e0c81e6"/>
+  <figcaption>this is abyss' default directory list<figcaption/>
+</figure>
+
+<figure>
+  <img src="https://github.com/user-attachments/assets/7072b227-9972-4c2a-a9f3-384d2efb4fe1"/>
+  <figcaption>this is abyss' default file presentation<figcaption/>
+</figure>
--- a/abyss.go
+++ b/abyss.go
@ -93,6 +93,8 @@ func setupHandlers(mux *http.ServeMux, app *Application) {

 	mux.HandleFunc("/last", app.lastUploadedHandler)

+	mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
+
 	mux.HandleFunc("/files/", app.fileHandler)

 	if app.authText == "yes" {
--- a/file_display.go
+++ b/file_display.go
@ -29,7 +29,7 @@ var extensions = map[string]string{
 	".log": "text", ".txt": "text", ".csv": "text",
 	".json": "text", ".env": "text", ".sum": "text",
 	".gitignore": "text", ".dockerfile": "text", ".Makefile": "text",
-	".rst": "text", ".el": "text",
+	".rst": "text", ".el": "text", ".fish": "text",
 }

 func DisplayFile(app *Application, file string, w http.ResponseWriter) {
--- a/go.mod
+++ b/go.mod
@ -3,3 +3,5 @@ module github.com/jabuxas/abyss
 go 1.22.6

 require github.com/joho/godotenv v1.5.1
+
+require github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -1,2 +1,4 @@
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
--- a/handlers.go
+++ b/handlers.go
@ -9,6 +9,9 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
 )

 type Application struct {
@ -198,3 +201,17 @@ func (app *Application) publicURL(file io.Reader, extension string) string {

 	return filename
 }
+
+func (app *Application) createTokenHandler(w http.ResponseWriter, r *http.Request) {
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"exp": time.Now().Add(time.Hour * 2).Unix(),
+	})
+
+	tokenString, err := token.SignedString([]byte(app.key))
+	if err != nil {
+		http.Error(w, "Error generating token", http.StatusInternalServerError)
+		return
+	}
+
+	fmt.Fprintf(w, "%s", tokenString)
+}
--- a/helpers.go
+++ b/helpers.go
@ -9,6 +9,8 @@ import (
 	"io"
 	"net/http"
 	"os"
+
+	"github.com/golang-jwt/jwt/v5"
 )

 type FileInfo struct {
@ -27,7 +29,31 @@ type TemplateData struct {
 }

 func CheckAuth(r *http.Request, key string) bool {
-	return r.Header.Get("X-Auth") == key
+	receivedKey := r.Header.Get("X-Auth")
+	if receivedKey == key {
+		return true
+	} else if err := validateToken(receivedKey, key); err == nil {
+		return true
+	}
+	return false
+}
+
+func validateToken(tokenString, key string) error {
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(key), nil
+	})
+	if err != nil {
+		return err
+	}
+
+	if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+		return nil
+	} else {
+		return fmt.Errorf("invalid token")
+	}
 }

 func FormatFileSize(size int64) string {
Author	SHA1	Message	Date
jabuxas	a36cec5cb1	feat: add support for fish scripts	2024-10-17 13:08:29 -03:00
jabuxas	35b1b183b2	docs: add features to readme	2024-10-17 13:07:49 -03:00
jabuxas	d6b7dcc74e	docs: add tutorial for jwt tokens	2024-10-17 13:06:12 -03:00
jabuxas	ed2c0e7ef9	feat: add tokens for authentication	2024-10-17 10:52:33 -03:00