jabuxas/abyss
jabuxas/abyss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

Compare commits

base: jabuxas:f5cb4462642c9b1d80e1c7685a7f2e81aa478fe8
Branches Tags
jabuxas:main
jabuxas:v1.3.0
jabuxas:v1.2.0
jabuxas:v1.1.0
jabuxas:v1.0.0
...
compare: jabuxas:ba7ebb6210e5ddfca447dee188c7e090eedfa07c
Branches Tags
jabuxas:main
jabuxas:v1.3.0
jabuxas:v1.2.0
jabuxas:v1.1.0
jabuxas:v1.0.0

9 Commits
f5cb446264 ... ba7ebb6210

Author SHA1 Message Date
jabuxas
ba7ebb6210 docs: update docs on /upload 2024-10-15 15:39:54 -03:00
jabuxas
bdab72dcac feat: move upload page to home page 2024-10-15 15:35:45 -03:00
jabuxas
8bf4d7e5c4 feat: update default webpage with new buttons 2024-10-15 15:26:55 -03:00
jabuxas
b10bdf21b5 feat: add check on whether to restrict text uploading 2024-10-15 15:21:05 -03:00
jabuxas
030196cf51 fix: drop over-reliance on app.lastUploadedFile 
It won't be good for future code maintainance if filepath for the actual
file is dependant on a variable that gets updated when something is
hashed
 2024-10-15 15:14:22 -03:00
jabuxas
1bd55061bf feat: add form for uploading 2024-10-15 15:08:27 -03:00
jabuxas
6ef22dd93f refactor: further curl refactoring 2024-10-15 14:38:01 -03:00
jabuxas
0d6c6d02b1 refactor: refactor curl handler 2024-10-15 14:18:55 -03:00
jabuxas
e87382bc77 wip: add upload box 2024-10-15 13:33:18 -03:00
7 changed files with 183 additions and 61 deletions
Show Stats Expand all files Collapse all files

3
README.md
View File

@ -1,6 +1,6 @@
# abyss # abyss
abyss is a basic single user http server made for uploading files (logs, images) and then sharing them to the internet abyss is a basic (mostly) single user http server made for uploading files (logs, images) and then sharing them to the internet
note: this is a project made for learning purposes, you should use other more mature projects if running in production. probably. note: this is a project made for learning purposes, you should use other more mature projects if running in production. probably.
@ -58,6 +58,7 @@ curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost
- `UPLOAD_KEY`: this is key checked when uploading files. if the key doesn't match with server's one, then it refuses uploading. - `UPLOAD_KEY`: this is key checked when uploading files. if the key doesn't match with server's one, then it refuses uploading.
- `ABYSS_FILEDIR`: this points to the directory where abyss will save the uploads to. defaults to `./files` - `ABYSS_FILEDIR`: this points to the directory where abyss will save the uploads to. defaults to `./files`
- `ABYSS_PORT`: this is the port the server will run on. safe to leave empty. defaults to 3235 - `ABYSS_PORT`: this is the port the server will run on. safe to leave empty. defaults to 3235
- `SHOULD_AUTH`: if it is `yes`, then to upload files you will need authentication (same as `/tree`), anything other than that and upload is free for anyone
## todo: ## todo:

11
abyss.go
View File

@ -25,6 +25,8 @@ func main() {
app.filesDir = os.Getenv("ABYSS_FILEDIR") app.filesDir = os.Getenv("ABYSS_FILEDIR")
app.port = os.Getenv("ABYSS_PORT") app.port = os.Getenv("ABYSS_PORT")
auth := os.Getenv("SHOULD_AUTH")
if app.auth.username == "" { if app.auth.username == "" {
log.Fatal("basic auth username must be provided") log.Fatal("basic auth username must be provided")
} }
@ -64,7 +66,14 @@ func main() {
app.basicAuth(app.fileListingHandler), app.basicAuth(app.fileListingHandler),
), ),
) )
mux.HandleFunc("/last", app.lastHandler) mux.HandleFunc("/last", app.lastUploadedHandler)
if auth == "yes" {
mux.HandleFunc("/upload", app.basicAuth(app.uploadHandler))
slog.Warn("text uploading through the browser will be restricted")
} else {
mux.HandleFunc("/upload", app.uploadHandler)
slog.Warn("text uploading through the browser will NOT be restricted")
}
srv := &http.Server{ srv := &http.Server{
Addr: app.port, Addr: app.port,

8
generate_config.sh
View File

@ -22,6 +22,11 @@ if [ -z $AUTH_PASSWORD ]; then
AUTH_PASSWORD="admin" AUTH_PASSWORD="admin"
fi fi
read -p "Auth for upload form - should password be needed to upload text through the browser? [yes]: " -e SHOULD_AUTH
if [ -z $SHOULD_AUTH ]; then
SHOULD_AUTH="yes"
fi
cat << EOF > .env cat << EOF > .env
# This is the full name of the final domain for the server. Example: paste.abyss.dev # This is the full name of the final domain for the server. Example: paste.abyss.dev
ABYSS_URL=$ABYSS_URL ABYSS_URL=$ABYSS_URL
@ -38,6 +43,9 @@ AUTH_USERNAME=$AUTH_USERNAME
# This is the password of the user for accessing /tree # This is the password of the user for accessing /tree
AUTH_PASSWORD=$AUTH_PASSWORD AUTH_PASSWORD=$AUTH_PASSWORD
# This is whether you need a password to upload text through the browser
SHOULD_AUTH=$SHOULD_AUTH
# This is the key needed to make uploads. Include it as X-Auth in curl. # This is the key needed to make uploads. Include it as X-Auth in curl.
# Tip: Save it somewhere and use it in curl with \$(cat /path/to/key) # Tip: Save it somewhere and use it in curl with \$(cat /path/to/key)
UPLOAD_KEY=$UPLOAD_KEY UPLOAD_KEY=$UPLOAD_KEY

147
handlers.go
View File

@ -1,10 +1,8 @@
package main package main
import ( import (
"crypto/md5"
"crypto/sha256" "crypto/sha256"
"crypto/subtle" "crypto/subtle"
"encoding/hex"
"fmt" "fmt"
"html/template" "html/template"
"io" "io"
@ -12,6 +10,7 @@ import (
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
"strings"
) )
type Application struct { type Application struct {
@ -70,13 +69,13 @@ func (app *Application) fileListingHandler(w http.ResponseWriter, r *http.Reques
URL: app.url, URL: app.url,
} }
if err := tmpl.Execute(w, templateData); err != nil { if err := tmpl.Execute(w, templateData); err != nil {
slog.Warn(error.Error(err)) slog.Warn(err.Error())
} }
} }
func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) { func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
app.uploadCurlHandler(w, r) app.parserHandler(w, r)
return return
} }
@ -127,7 +126,7 @@ func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) {
http.StripPrefix("/", http.FileServer(http.Dir("./static"))).ServeHTTP(w, r) http.StripPrefix("/", http.FileServer(http.Dir("./static"))).ServeHTTP(w, r)
} }
func (app *Application) lastHandler(w http.ResponseWriter, r *http.Request) { func (app *Application) lastUploadedHandler(w http.ResponseWriter, r *http.Request) {
if app.lastUploadedFile == "" { if app.lastUploadedFile == "" {
http.Error(w, "No new files uploaded yet", http.StatusNotFound) http.Error(w, "No new files uploaded yet", http.StatusNotFound)
return return
@ -135,67 +134,26 @@ func (app *Application) lastHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, app.lastUploadedFile) http.ServeFile(w, r, app.lastUploadedFile)
} }
func (app *Application) uploadCurlHandler(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/" {
http.Error(w, "Method not allowed", http.StatusUnauthorized)
return
}
if !CheckAuth(r, app.key) {
http.Error(w, "You're not authorized.", http.StatusBadRequest)
return
}
app.uploadHandler(w, r)
}
func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) { func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
file, handler, err := r.FormFile("file") if r.Method == http.MethodPost {
if err != nil { app.parserHandler(w, r)
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
return return
} }
defer file.Close() }
func (app *Application) parserHandler(w http.ResponseWriter, r *http.Request) {
if _, err := os.Stat(app.filesDir); err != nil { if _, err := os.Stat(app.filesDir); err != nil {
if err := os.Mkdir(app.filesDir, 0750); err != nil { if err := os.Mkdir(app.filesDir, 0750); err != nil {
http.Error(w, "Error creating storage directory", http.StatusInternalServerError) http.Error(w, "Error creating storage directory", http.StatusInternalServerError)
} }
} }
if contentType := r.Header.Get("Content-Type"); contentType == "application/x-www-form-urlencoded" {
hasher := md5.New() app.formHandler(w, r)
if _, err := io.Copy(hasher, file); err != nil { } else if strings.Split(contentType, ";")[0] == "multipart/form-data" {
http.Error(w, "Error hashing file content", http.StatusInternalServerError) app.curlHandler(w, r)
return } else {
http.Error(w, "Method not allowed", http.StatusUnauthorized)
} }
sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]
filename := fmt.Sprintf("%s%s", sha1Hash, filepath.Ext(handler.Filename))
filepath := filepath.Join(app.filesDir, filename)
// reopen the file for copying, as the hash process consumed the file reader
file, _, err = r.FormFile("file")
if err != nil {
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
return
}
defer file.Close()
dst, err := os.Create(filepath)
if err != nil {
http.Error(w, "Error creating file\n", http.StatusInternalServerError)
}
defer dst.Close()
if _, err := io.Copy(dst, file); err != nil {
http.Error(w, "Error copying the file", http.StatusInternalServerError)
}
app.lastUploadedFile = filepath
fmt.Fprintf(w, "http://%s/%s\n", app.url, filename)
} }
func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc { func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
@ -224,3 +182,80 @@ func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
http.Error(w, "Unauthorized", http.StatusUnauthorized) http.Error(w, "Unauthorized", http.StatusUnauthorized)
}) })
} }
func (app *Application) formHandler(w http.ResponseWriter, r *http.Request) {
content := r.FormValue("content")
if err := os.WriteFile("/tmp/file.txt", []byte(content), 0666); err != nil {
http.Error(w, "Couldn't parse content body", http.StatusNoContent)
}
file, err := os.Open("/tmp/file.txt")
if err != nil {
http.Error(w, "Couldn't find file", http.StatusNotFound)
}
defer file.Close()
filename := app.publicURL(file, ".txt")
// reopening file because hash consumes it
file, err = os.Open("/tmp/file.txt")
if err != nil {
http.Error(w, "Couldn't find file", http.StatusNotFound)
}
defer file.Close()
err = SaveFile(app.lastUploadedFile, file)
if err != nil {
fmt.Fprintf(w, "Error parsing file: %s", err.Error())
}
fmt.Fprintf(w, "%s", fmt.Sprintf("http://%s/%s\n", app.url, filename))
}
func (app *Application) curlHandler(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/" {
http.Error(w, "Method not allowed", http.StatusUnauthorized)
return
}
if !CheckAuth(r, app.key) {
http.Error(w, "You're not authorized.", http.StatusBadRequest)
return
}
file, handler, err := r.FormFile("file")
if err != nil {
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
slog.Warn(err.Error())
return
}
defer file.Close()
filename := app.publicURL(file, filepath.Ext(handler.Filename))
// reopen the file for copying, as the hash process consumed the file reader
file, _, err = r.FormFile("file")
if err != nil {
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
return
}
defer file.Close()
err = SaveFile(app.lastUploadedFile, file)
if err != nil {
fmt.Fprintf(w, "Error parsing file: %s", err.Error())
}
fmt.Fprintf(w, "%s", fmt.Sprintf("http://%s/%s\n", app.url, filename))
}
func (app *Application) publicURL(file io.Reader, extension string) string {
filename, _ := HashFile(file, extension)
filepath := filepath.Join(app.filesDir, filename)
app.lastUploadedFile = filepath
return filename
}

30
helpers.go
View File

@ -1,8 +1,12 @@
package main package main
import ( import (
"crypto/md5"
"encoding/hex"
"fmt" "fmt"
"io"
"net/http" "net/http"
"os"
) )
func CheckAuth(r *http.Request, key string) bool { func CheckAuth(r *http.Request, key string) bool {
@ -19,3 +23,29 @@ func FormatFileSize(size int64) string {
} }
return fmt.Sprintf("%.2f GB", float64(size)/(1024*1024*1024)) return fmt.Sprintf("%.2f GB", float64(size)/(1024*1024*1024))
} }
func HashFile(file io.Reader, extension string) (string, error) {
hasher := md5.New()
if _, err := io.Copy(hasher, file); err != nil {
return "", err
}
sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]
filename := fmt.Sprintf("%s%s", sha1Hash, extension)
return filename, nil
}
func SaveFile(name string, file io.Reader) error {
dst, err := os.Create(name)
if err != nil {
return err
}
defer dst.Close()
if _, err := io.Copy(dst, file); err != nil {
return err
}
return nil
}

11
static/index.html
View File

@ -11,9 +11,20 @@
<body> <body>
<h1>abyss paste</h1> <h1>abyss paste</h1>
<div>
<a href="/tree">
<button>all uploaded files</button>
</a>
<a href="/last"> <a href="/last">
<button>last uploaded file</button> <button>last uploaded file</button>
</a> </a>
</div>
<form action="/upload" method="POST">
<textarea name="content" placeholder="Enter your content here..."></textarea><br />
<button type="submit">upload</button>
</form>
<footer> <footer>
abyss paste - powered by abyss paste - powered by
<a href="https://github.com/jabuxas/abyss" target="_blank">abyss</a> <a href="https://github.com/jabuxas/abyss" target="_blank">abyss</a>

28
static/style.css
View File

@ -42,3 +42,31 @@ footer a {
text-decoration: none; text-decoration: none;
font-weight: bold; font-weight: bold;
} }
div {
display: flex;
gap: 10px;
align-items: center;
}
form {
display: flex;
flex-direction: column;
align-items: center;
margin-top: 30px;
gap: 10px;
}
textarea {
background-color: #333;
color: #fff;
border: 1px solid #555;
padding: 10px;
width: 400px;
height: 150px;
border-radius: 5px;
}
textarea::placeholder {
color: #bbb;
}