Compare commits
9 Commits
f5cb446264
...
ba7ebb6210
| Author | SHA1 | Date | |
|---|---|---|---|
| ba7ebb6210 | |||
| bdab72dcac | |||
| 8bf4d7e5c4 | |||
| b10bdf21b5 | |||
| 030196cf51 | |||
| 1bd55061bf | |||
| 6ef22dd93f | |||
| 0d6c6d02b1 | |||
| e87382bc77 |
@ -1,6 +1,6 @@
|
||||
# abyss
|
||||
|
||||
abyss is a basic single user http server made for uploading files (logs, images) and then sharing them to the internet
|
||||
abyss is a basic (mostly) single user http server made for uploading files (logs, images) and then sharing them to the internet
|
||||
|
||||
note: this is a project made for learning purposes, you should use other more mature projects if running in production. probably.
|
||||
|
||||
@ -58,6 +58,7 @@ curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost
|
||||
- `UPLOAD_KEY`: this is key checked when uploading files. if the key doesn't match with server's one, then it refuses uploading.
|
||||
- `ABYSS_FILEDIR`: this points to the directory where abyss will save the uploads to. defaults to `./files`
|
||||
- `ABYSS_PORT`: this is the port the server will run on. safe to leave empty. defaults to 3235
|
||||
- `SHOULD_AUTH`: if it is `yes`, then to upload files you will need authentication (same as `/tree`), anything other than that and upload is free for anyone
|
||||
|
||||
## todo:
|
||||
|
||||
|
||||
11
abyss.go
11
abyss.go
@ -25,6 +25,8 @@ func main() {
|
||||
app.filesDir = os.Getenv("ABYSS_FILEDIR")
|
||||
app.port = os.Getenv("ABYSS_PORT")
|
||||
|
||||
auth := os.Getenv("SHOULD_AUTH")
|
||||
|
||||
if app.auth.username == "" {
|
||||
log.Fatal("basic auth username must be provided")
|
||||
}
|
||||
@ -64,7 +66,14 @@ func main() {
|
||||
app.basicAuth(app.fileListingHandler),
|
||||
),
|
||||
)
|
||||
mux.HandleFunc("/last", app.lastHandler)
|
||||
mux.HandleFunc("/last", app.lastUploadedHandler)
|
||||
if auth == "yes" {
|
||||
mux.HandleFunc("/upload", app.basicAuth(app.uploadHandler))
|
||||
slog.Warn("text uploading through the browser will be restricted")
|
||||
} else {
|
||||
mux.HandleFunc("/upload", app.uploadHandler)
|
||||
slog.Warn("text uploading through the browser will NOT be restricted")
|
||||
}
|
||||
|
||||
srv := &http.Server{
|
||||
Addr: app.port,
|
||||
|
||||
@ -22,6 +22,11 @@ if [ -z $AUTH_PASSWORD ]; then
|
||||
AUTH_PASSWORD="admin"
|
||||
fi
|
||||
|
||||
read -p "Auth for upload form - should password be needed to upload text through the browser? [yes]: " -e SHOULD_AUTH
|
||||
if [ -z $SHOULD_AUTH ]; then
|
||||
SHOULD_AUTH="yes"
|
||||
fi
|
||||
|
||||
cat << EOF > .env
|
||||
# This is the full name of the final domain for the server. Example: paste.abyss.dev
|
||||
ABYSS_URL=$ABYSS_URL
|
||||
@ -38,6 +43,9 @@ AUTH_USERNAME=$AUTH_USERNAME
|
||||
# This is the password of the user for accessing /tree
|
||||
AUTH_PASSWORD=$AUTH_PASSWORD
|
||||
|
||||
# This is whether you need a password to upload text through the browser
|
||||
SHOULD_AUTH=$SHOULD_AUTH
|
||||
|
||||
# This is the key needed to make uploads. Include it as X-Auth in curl.
|
||||
# Tip: Save it somewhere and use it in curl with \$(cat /path/to/key)
|
||||
UPLOAD_KEY=$UPLOAD_KEY
|
||||
|
||||
147
handlers.go
147
handlers.go
@ -1,10 +1,8 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"crypto/sha256"
|
||||
"crypto/subtle"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
@ -12,6 +10,7 @@ import (
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type Application struct {
|
||||
@ -70,13 +69,13 @@ func (app *Application) fileListingHandler(w http.ResponseWriter, r *http.Reques
|
||||
URL: app.url,
|
||||
}
|
||||
if err := tmpl.Execute(w, templateData); err != nil {
|
||||
slog.Warn(error.Error(err))
|
||||
slog.Warn(err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodPost {
|
||||
app.uploadCurlHandler(w, r)
|
||||
app.parserHandler(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
@ -127,7 +126,7 @@ func (app *Application) indexHandler(w http.ResponseWriter, r *http.Request) {
|
||||
http.StripPrefix("/", http.FileServer(http.Dir("./static"))).ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
func (app *Application) lastHandler(w http.ResponseWriter, r *http.Request) {
|
||||
func (app *Application) lastUploadedHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if app.lastUploadedFile == "" {
|
||||
http.Error(w, "No new files uploaded yet", http.StatusNotFound)
|
||||
return
|
||||
@ -135,67 +134,26 @@ func (app *Application) lastHandler(w http.ResponseWriter, r *http.Request) {
|
||||
http.ServeFile(w, r, app.lastUploadedFile)
|
||||
}
|
||||
|
||||
func (app *Application) uploadCurlHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/" {
|
||||
http.Error(w, "Method not allowed", http.StatusUnauthorized)
|
||||
func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method == http.MethodPost {
|
||||
app.parserHandler(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if !CheckAuth(r, app.key) {
|
||||
http.Error(w, "You're not authorized.", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
app.uploadHandler(w, r)
|
||||
}
|
||||
|
||||
func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||
file, handler, err := r.FormFile("file")
|
||||
if err != nil {
|
||||
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
func (app *Application) parserHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if _, err := os.Stat(app.filesDir); err != nil {
|
||||
if err := os.Mkdir(app.filesDir, 0750); err != nil {
|
||||
http.Error(w, "Error creating storage directory", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
|
||||
hasher := md5.New()
|
||||
if _, err := io.Copy(hasher, file); err != nil {
|
||||
http.Error(w, "Error hashing file content", http.StatusInternalServerError)
|
||||
return
|
||||
if contentType := r.Header.Get("Content-Type"); contentType == "application/x-www-form-urlencoded" {
|
||||
app.formHandler(w, r)
|
||||
} else if strings.Split(contentType, ";")[0] == "multipart/form-data" {
|
||||
app.curlHandler(w, r)
|
||||
} else {
|
||||
http.Error(w, "Method not allowed", http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]
|
||||
|
||||
filename := fmt.Sprintf("%s%s", sha1Hash, filepath.Ext(handler.Filename))
|
||||
|
||||
filepath := filepath.Join(app.filesDir, filename)
|
||||
|
||||
// reopen the file for copying, as the hash process consumed the file reader
|
||||
file, _, err = r.FormFile("file")
|
||||
if err != nil {
|
||||
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
dst, err := os.Create(filepath)
|
||||
if err != nil {
|
||||
http.Error(w, "Error creating file\n", http.StatusInternalServerError)
|
||||
}
|
||||
defer dst.Close()
|
||||
|
||||
if _, err := io.Copy(dst, file); err != nil {
|
||||
http.Error(w, "Error copying the file", http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
app.lastUploadedFile = filepath
|
||||
|
||||
fmt.Fprintf(w, "http://%s/%s\n", app.url, filename)
|
||||
}
|
||||
|
||||
func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
|
||||
@ -224,3 +182,80 @@ func (app *Application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
|
||||
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||
})
|
||||
}
|
||||
|
||||
func (app *Application) formHandler(w http.ResponseWriter, r *http.Request) {
|
||||
content := r.FormValue("content")
|
||||
|
||||
if err := os.WriteFile("/tmp/file.txt", []byte(content), 0666); err != nil {
|
||||
http.Error(w, "Couldn't parse content body", http.StatusNoContent)
|
||||
}
|
||||
|
||||
file, err := os.Open("/tmp/file.txt")
|
||||
if err != nil {
|
||||
http.Error(w, "Couldn't find file", http.StatusNotFound)
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
filename := app.publicURL(file, ".txt")
|
||||
|
||||
// reopening file because hash consumes it
|
||||
file, err = os.Open("/tmp/file.txt")
|
||||
if err != nil {
|
||||
http.Error(w, "Couldn't find file", http.StatusNotFound)
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
err = SaveFile(app.lastUploadedFile, file)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error parsing file: %s", err.Error())
|
||||
}
|
||||
|
||||
fmt.Fprintf(w, "%s", fmt.Sprintf("http://%s/%s\n", app.url, filename))
|
||||
}
|
||||
|
||||
func (app *Application) curlHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/" {
|
||||
http.Error(w, "Method not allowed", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
if !CheckAuth(r, app.key) {
|
||||
http.Error(w, "You're not authorized.", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
file, handler, err := r.FormFile("file")
|
||||
if err != nil {
|
||||
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
||||
slog.Warn(err.Error())
|
||||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
filename := app.publicURL(file, filepath.Ext(handler.Filename))
|
||||
|
||||
// reopen the file for copying, as the hash process consumed the file reader
|
||||
file, _, err = r.FormFile("file")
|
||||
if err != nil {
|
||||
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
err = SaveFile(app.lastUploadedFile, file)
|
||||
if err != nil {
|
||||
fmt.Fprintf(w, "Error parsing file: %s", err.Error())
|
||||
}
|
||||
|
||||
fmt.Fprintf(w, "%s", fmt.Sprintf("http://%s/%s\n", app.url, filename))
|
||||
}
|
||||
|
||||
func (app *Application) publicURL(file io.Reader, extension string) string {
|
||||
filename, _ := HashFile(file, extension)
|
||||
|
||||
filepath := filepath.Join(app.filesDir, filename)
|
||||
|
||||
app.lastUploadedFile = filepath
|
||||
|
||||
return filename
|
||||
}
|
||||
|
||||
30
helpers.go
30
helpers.go
@ -1,8 +1,12 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
func CheckAuth(r *http.Request, key string) bool {
|
||||
@ -19,3 +23,29 @@ func FormatFileSize(size int64) string {
|
||||
}
|
||||
return fmt.Sprintf("%.2f GB", float64(size)/(1024*1024*1024))
|
||||
}
|
||||
|
||||
func HashFile(file io.Reader, extension string) (string, error) {
|
||||
hasher := md5.New()
|
||||
if _, err := io.Copy(hasher, file); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]
|
||||
|
||||
filename := fmt.Sprintf("%s%s", sha1Hash, extension)
|
||||
|
||||
return filename, nil
|
||||
}
|
||||
|
||||
func SaveFile(name string, file io.Reader) error {
|
||||
dst, err := os.Create(name)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer dst.Close()
|
||||
|
||||
if _, err := io.Copy(dst, file); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -11,9 +11,20 @@
|
||||
|
||||
<body>
|
||||
<h1>abyss paste</h1>
|
||||
<div>
|
||||
<a href="/tree">
|
||||
<button>all uploaded files</button>
|
||||
</a>
|
||||
<a href="/last">
|
||||
<button>last uploaded file</button>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<form action="/upload" method="POST">
|
||||
<textarea name="content" placeholder="Enter your content here..."></textarea><br />
|
||||
<button type="submit">upload</button>
|
||||
</form>
|
||||
|
||||
<footer>
|
||||
abyss paste - powered by
|
||||
<a href="https://github.com/jabuxas/abyss" target="_blank">abyss</a>
|
||||
|
||||
@ -42,3 +42,31 @@ footer a {
|
||||
text-decoration: none;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
div {
|
||||
display: flex;
|
||||
gap: 10px;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
form {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
align-items: center;
|
||||
margin-top: 30px;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
textarea {
|
||||
background-color: #333;
|
||||
color: #fff;
|
||||
border: 1px solid #555;
|
||||
padding: 10px;
|
||||
width: 400px;
|
||||
height: 150px;
|
||||
border-radius: 5px;
|
||||
}
|
||||
|
||||
textarea::placeholder {
|
||||
color: #bbb;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user