Compare commits
4 Commits
4d2930780f
...
a36cec5cb1
| Author | SHA1 | Date | |
|---|---|---|---|
| a36cec5cb1 | |||
| 35b1b183b2 | |||
| d6b7dcc74e | |||
| ed2c0e7ef9 |
34
README.md
34
README.md
@ -7,6 +7,14 @@ abyss is a basic and mostly single user http server written in go made for uploa
|
||||
<figcaption>this is abyss' default home page<figcaption/>
|
||||
</figure>
|
||||
|
||||
## features
|
||||
|
||||
- **file uploads**: supports uploading various file types, including images, videos, and documents.
|
||||
- **flexible media display**: automatically renders uploaded files on a webpage based on their type (images, pdfs, videos, or plain text).
|
||||
- **customizable interface**: allows for easy modification of color schemes and layout to suit specific design needs.
|
||||
- **syntax highlighting for code**: syntax highlighting available by default for code files, with support for multiple programming languages. (can be tweaked/changed and even removed)
|
||||
- **security considerations**: as it is single user, it's mostly secure but there are still some edges to sharpen
|
||||
|
||||
## table of contents
|
||||
|
||||
- [features](#features)
|
||||
@ -53,7 +61,11 @@ docker compose up -d # might be docker-compose depending on distro
|
||||
|
||||
#### with curl
|
||||
|
||||
- to upload your files with curl:
|
||||
- you can upload both with the main key and with jwt tokens
|
||||
|
||||
##### main key
|
||||
|
||||
- to upload your files with main key:
|
||||
|
||||
```bash
|
||||
curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost:3235/
|
||||
@ -77,7 +89,7 @@ pst() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235
|
||||
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/
|
||||
|
||||
if [[ -p /dev/stdin ]]; then
|
||||
rm "$file"
|
||||
@ -101,7 +113,7 @@ function pst
|
||||
set file "$argv[1]"
|
||||
end
|
||||
|
||||
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235
|
||||
curl -F "file=@$file" -H "X-Auth: $(cat ~/.key)" http://localhost:3235/
|
||||
|
||||
if command test -p /dev/stdin
|
||||
rm "$file"
|
||||
@ -111,6 +123,22 @@ end
|
||||
|
||||
</details>
|
||||
|
||||
##### with jwt tokens
|
||||
|
||||
- you first need to generate them:
|
||||
|
||||
```bash
|
||||
curl -u admin http://localhost:3235/token # you can also access the url in the browser directly
|
||||
```
|
||||
|
||||
- the user will be the value of `$AUTH_USERNAME` and password the value of `$AUTH_PASSWORD`
|
||||
|
||||
- then you use the token in place of the main key:
|
||||
|
||||
```bash
|
||||
curl -F"file=@/path/to/file.jpg" -H "X-Auth: your-token" http://localhost:3235/
|
||||
```
|
||||
|
||||
#### through the browser
|
||||
|
||||
- you can only upload text through the browser, to do so, simply write text in the form in the default webpage and click upload.
|
||||
|
||||
2
abyss.go
2
abyss.go
@ -93,6 +93,8 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
|
||||
|
||||
mux.HandleFunc("/last", app.lastUploadedHandler)
|
||||
|
||||
mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
|
||||
|
||||
mux.HandleFunc("/files/", app.fileHandler)
|
||||
|
||||
if app.authText == "yes" {
|
||||
|
||||
2
go.mod
2
go.mod
@ -3,3 +3,5 @@ module github.com/jabuxas/abyss
|
||||
go 1.22.6
|
||||
|
||||
require github.com/joho/godotenv v1.5.1
|
||||
|
||||
require github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
|
||||
|
||||
2
go.sum
2
go.sum
@ -1,2 +1,4 @@
|
||||
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
|
||||
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
||||
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
|
||||
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
|
||||
|
||||
17
handlers.go
17
handlers.go
@ -9,6 +9,9 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type Application struct {
|
||||
@ -198,3 +201,17 @@ func (app *Application) publicURL(file io.Reader, extension string) string {
|
||||
|
||||
return filename
|
||||
}
|
||||
|
||||
func (app *Application) createTokenHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||||
"exp": time.Now().Add(time.Hour * 2).Unix(),
|
||||
})
|
||||
|
||||
tokenString, err := token.SignedString([]byte(app.key))
|
||||
if err != nil {
|
||||
http.Error(w, "Error generating token", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
fmt.Fprintf(w, "%s", tokenString)
|
||||
}
|
||||
|
||||
28
helpers.go
28
helpers.go
@ -9,6 +9,8 @@ import (
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type FileInfo struct {
|
||||
@ -27,7 +29,31 @@ type TemplateData struct {
|
||||
}
|
||||
|
||||
func CheckAuth(r *http.Request, key string) bool {
|
||||
return r.Header.Get("X-Auth") == key
|
||||
receivedKey := r.Header.Get("X-Auth")
|
||||
if receivedKey == key {
|
||||
return true
|
||||
} else if err := validateToken(receivedKey, key); err == nil {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func validateToken(tokenString, key string) error {
|
||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||
}
|
||||
return []byte(key), nil
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||||
return nil
|
||||
} else {
|
||||
return fmt.Errorf("invalid token")
|
||||
}
|
||||
}
|
||||
|
||||
func FormatFileSize(size int64) string {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user