README.md

@@ -78,8 +78,6 @@ abyss is a basic and mostly single user http server written in go made for uploa
   curl -F "file=@/path/to/file" -H "X-Auth: "$(cat /path/to/.key) http://localhost:3235/
   ```
 
-- it is also possible to add a `-Fsecret=` to your POST to make filenames bigger and harder to guess.
-
 - you should probably create an `alias` or a `function` to do this automatically for you.
   <details>
   <summary>click for an example for bash/zsh:</summary>
@@ -168,7 +166,7 @@ abyss is a basic and mostly single user http server written in go made for uploa
 - `UPLOAD_KEY`: this is key checked when uploading files. if the key doesn't match with server's one, then it refuses uploading.
 - `ABYSS_FILEDIR`: this points to the directory where abyss will save the uploads to. defaults to `./files`
 - `ABYSS_PORT`: this is the port the server will run on. safe to leave empty. defaults to 3235
-- `SHOULD_AUTH`: if it is `yes`, then to upload text you will need authentication (same auth as `/tree`), any value other than that and upload is authless
+- `SHOULD_AUTH`: if it is `yes`, then to upload text through the browser you will need authentication (same auth as `/tree`), any value other than that and upload is auth-less
 
 ## todo:
 

abyss.go

@@ -100,4 +100,12 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
 	mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
 
 	mux.HandleFunc("/files/", app.fileHandler)
+
+	if app.authUpload == "yes" {
+		mux.HandleFunc("/upload", BasicAuth(app.uploadHandler, app))
+		slog.Warn("text uploading through the browser will be restricted")
+	} else {
+		mux.HandleFunc("/upload", app.uploadHandler)
+		slog.Warn("text uploading through the browser will NOT be restricted")
+	}
 }

file_display.go

@@ -17,8 +17,6 @@ var extensions = map[string]string{
 
 	".png": "image", ".jpg": "image", ".jpeg": "image", ".webp": "image",
 
-	".mp3": "audio", ".aac": "audio", ".wav": "audio", ".flac": "audio", ".ogg": "audio",
-
 	".sh": "text", ".bash": "text", ".zsh": "text",
 	".bat": "text", ".cmd": "text", ".ps1": "text",
 	".ini": "text", ".cfg": "text", ".conf": "text",

generate_config.sh

@@ -43,7 +43,7 @@ AUTH_USERNAME=$AUTH_USERNAME
 # This is the password of the user for accessing /tree
 AUTH_PASSWORD=$AUTH_PASSWORD
 
-# This is whether you need a password to upload text (through browser or curl)
+# This is whether you need a password to upload text through the browser
 SHOULD_AUTH=$SHOULD_AUTH
 
 # This is the key needed to make uploads. Include it as X-Auth in curl.

handlers.go

@@ -137,11 +137,7 @@ func (app *Application) lastUploadedHandler(w http.ResponseWriter, r *http.Reque
 
 func (app *Application) uploadHandler(w http.ResponseWriter, r *http.Request) {
 	if contentType := r.Header.Get("Content-Type"); contentType == "application/x-www-form-urlencoded" {
-		if app.authUpload == "yes" {
-			BasicAuth(app.formHandler, app)(w, r)
-		} else {
 		app.formHandler(w, r)
-		}
 	} else if strings.Split(contentType, ";")[0] == "multipart/form-data" {
 		app.curlHandler(w, r)
 	} else {
@@ -162,11 +158,7 @@ func (app *Application) formHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	defer file.Close()
 
-	full := true
-	if len(r.Form["secret"]) == 0 {
-		full = false
-	}
-	filename := app.publicURL(file, ".txt", full)
+	filename := app.publicURL(file, ".txt")
 
 	// reopening file because hash consumes it
 	file, err = os.Open("/tmp/file.txt")
@@ -202,11 +194,7 @@ func (app *Application) curlHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	defer file.Close()
 
-	full := true
-	if len(r.Form["secret"]) == 0 {
-		full = false
-	}
-	filename := app.publicURL(file, filepath.Ext(handler.Filename), full)
+	filename := app.publicURL(file, filepath.Ext(handler.Filename))
 
 	// reopen the file for copying, as the hash process consumed the file reader
 	file, _, err = r.FormFile("file")
@@ -216,15 +204,16 @@ func (app *Application) curlHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	defer file.Close()
 
-	if err = SaveFile(app.lastUploadedFile, file); err != nil {
+	err = SaveFile(app.lastUploadedFile, file)
+	if err != nil {
 		fmt.Fprintf(w, "Error parsing file: %s", err.Error())
 	}
 
 	ResponseURLHandler(w, app.url, filename)
 }
 
-func (app *Application) publicURL(file io.Reader, extension string, full bool) string {
-	filename, _ := HashFile(file, extension, full)
+func (app *Application) publicURL(file io.Reader, extension string) string {
+	filename, _ := HashFile(file, extension)
 
 	filepath := filepath.Join(app.filesDir, filename)
 

helpers.go

@@ -9,7 +9,6 @@ import (
 	"io"
 	"net/http"
 	"os"
-	"strings"
 
 	"github.com/golang-jwt/jwt/v5"
 )
@@ -68,19 +67,17 @@ func FormatFileSize(size int64) string {
 	return fmt.Sprintf("%.2f GB", float64(size)/(1024*1024*1024))
 }
 
-func HashFile(file io.Reader, extension string, full bool) (string, error) {
+func HashFile(file io.Reader, extension string) (string, error) {
 	hasher := md5.New()
 	if _, err := io.Copy(hasher, file); err != nil {
 		return "", err
 	}
 
-	sha1Hash := strings.ToUpper(hex.EncodeToString(hasher.Sum(nil)))
+	sha1Hash := hex.EncodeToString(hasher.Sum(nil))[:8]
+
 	filename := fmt.Sprintf("%s%s", sha1Hash, extension)
-	if full {
+
 	return filename, nil
-	} else {
-		return fmt.Sprintf("%s%s", sha1Hash[:5], extension), nil
-	}
 }
 
 func SaveFile(name string, file io.Reader) error {

static/index.html

@@ -20,9 +20,8 @@
         </a>
     </div>
 
-    <form action="/" method="POST">
-        <textarea name="content" placeholder="Enter your content here..."></textarea>
-        <br />
+    <form action="/upload" method="POST">
+        <textarea name="content" placeholder="Enter your content here..."></textarea><br />
         <button type="submit">upload</button>
     </form>
 

templates/files.html

@@ -213,8 +213,6 @@
             <source src="{{.Name}}" type="video/mp4" />
             Your browser does not support the video tag.
         </video>
-        {{else if eq .Type "audio"}}
-        <audio controls src="{{.Name}}"><audio />
         {{else}}
         <p>
             Couldn't detect file from extension, visit