Compare commits

..

4 Commits

Author SHA1 Message Date
a36cec5cb1 feat: add support for fish scripts 2024-10-17 13:08:29 -03:00
35b1b183b2 docs: add features to readme 2024-10-17 13:07:49 -03:00
d6b7dcc74e docs: add tutorial for jwt tokens 2024-10-17 13:06:12 -03:00
ed2c0e7ef9 feat: add tokens for authentication 2024-10-17 10:52:33 -03:00
6 changed files with 81 additions and 4 deletions

View File

@ -7,6 +7,14 @@ abyss is a basic and mostly single user http server written in go made for uploa
<figcaption>this is abyss' default home page<figcaption/> <figcaption>this is abyss' default home page<figcaption/>
</figure> </figure>
## features
- **file uploads**: supports uploading various file types, including images, videos, and documents.
- **flexible media display**: automatically renders uploaded files on a webpage based on their type (images, pdfs, videos, or plain text).
- **customizable interface**: allows for easy modification of color schemes and layout to suit specific design needs.
- **syntax highlighting for code**: syntax highlighting available by default for code files, with support for multiple programming languages. (can be tweaked/changed and even removed)
- **security considerations**: as it is single user, it's mostly secure but there are still some edges to sharpen
## table of contents ## table of contents
- [features](#features) - [features](#features)
@ -53,7 +61,11 @@ docker compose up -d # might be docker-compose depending on distro
#### with curl #### with curl
- to upload your files with curl: - you can upload both with the main key and with jwt tokens
##### main key
- to upload your files with main key:
```bash ```bash
curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost:3235/ curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost:3235/
@ -77,7 +89,7 @@ pst() {
return 1 return 1
fi fi
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235 curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/
if [[ -p /dev/stdin ]]; then if [[ -p /dev/stdin ]]; then
rm "$file" rm "$file"
@ -101,7 +113,7 @@ function pst
set file "$argv[1]" set file "$argv[1]"
end end
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235 curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/
if command test -p /dev/stdin if command test -p /dev/stdin
rm "$file" rm "$file"
@ -111,6 +123,22 @@ end
</details> </details>
##### with jwt tokens
- you first need to generate them:
```bash
curl -u admin http://localhost:3235/token # you can also access the url in the browser directly
```
- the user will be the value of `$AUTH_USERNAME` and password the value of `$AUTH_PASSWORD`
- then you use the token in place of the main key:
```bash
curl -F"file=@/path/to/file.jpg" -H "X-Auth: your-token" http://localhost:3235/
```
#### through the browser #### through the browser
- you can only upload text through the browser, to do so, simply write text in the form in the default webpage and click upload. - you can only upload text through the browser, to do so, simply write text in the form in the default webpage and click upload.

View File

@ -93,6 +93,8 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
mux.HandleFunc("/last", app.lastUploadedHandler) mux.HandleFunc("/last", app.lastUploadedHandler)
mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
mux.HandleFunc("/files/", app.fileHandler) mux.HandleFunc("/files/", app.fileHandler)
if app.authText == "yes" { if app.authText == "yes" {

2
go.mod
View File

@ -3,3 +3,5 @@ module github.com/jabuxas/abyss
go 1.22.6 go 1.22.6
require github.com/joho/godotenv v1.5.1 require github.com/joho/godotenv v1.5.1
require github.com/golang-jwt/jwt/v5 v5.2.1 // indirect

2
go.sum
View File

@ -1,2 +1,4 @@
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=

View File

@ -9,6 +9,9 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
"github.com/golang-jwt/jwt/v5"
) )
type Application struct { type Application struct {
@ -198,3 +201,17 @@ func (app *Application) publicURL(file io.Reader, extension string) string {
return filename return filename
} }
func (app *Application) createTokenHandler(w http.ResponseWriter, r *http.Request) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"exp": time.Now().Add(time.Hour * 2).Unix(),
})
tokenString, err := token.SignedString([]byte(app.key))
if err != nil {
http.Error(w, "Error generating token", http.StatusInternalServerError)
return
}
fmt.Fprintf(w, "%s", tokenString)
}

View File

@ -9,6 +9,8 @@ import (
"io" "io"
"net/http" "net/http"
"os" "os"
"github.com/golang-jwt/jwt/v5"
) )
type FileInfo struct { type FileInfo struct {
@ -27,7 +29,31 @@ type TemplateData struct {
} }
func CheckAuth(r *http.Request, key string) bool { func CheckAuth(r *http.Request, key string) bool {
return r.Header.Get("X-Auth") == key receivedKey := r.Header.Get("X-Auth")
if receivedKey == key {
return true
} else if err := validateToken(receivedKey, key); err == nil {
return true
}
return false
}
func validateToken(tokenString, key string) error {
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return []byte(key), nil
})
if err != nil {
return err
}
if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return nil
} else {
return fmt.Errorf("invalid token")
}
} }
func FormatFileSize(size int64) string { func FormatFileSize(size int64) string {