2019-09-10 17:52:45 +02:00
|
|
|
package handlers
|
2019-08-25 21:33:56 +02:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/rand"
|
2019-09-01 01:41:01 +02:00
|
|
|
"crypto/subtle"
|
|
|
|
|
"encoding/base64"
|
2019-09-21 13:11:38 +02:00
|
|
|
"encoding/hex"
|
2019-08-25 21:33:56 +02:00
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
2019-09-01 01:41:01 +02:00
|
|
|
"strings"
|
2019-08-25 21:33:56 +02:00
|
|
|
"time"
|
|
|
|
|
|
2019-08-29 23:40:24 +02:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
|
"github.com/pkg/errors"
|
2019-08-25 21:33:56 +02:00
|
|
|
bolt "go.etcd.io/bbolt"
|
2019-09-10 17:52:45 +02:00
|
|
|
|
2019-09-15 17:43:09 +02:00
|
|
|
"gitea.hashru.nl/dsprenkels/rushlink/db"
|
|
|
|
|
"gitea.hashru.nl/dsprenkels/rushlink/gobmarsh"
|
2019-08-25 21:33:56 +02:00
|
|
|
)
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
type pasteType int
|
|
|
|
|
type pasteState int
|
2019-08-25 21:33:56 +02:00
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
type storedPaste struct {
|
|
|
|
|
Type pasteType
|
|
|
|
|
State pasteState
|
2019-08-31 00:02:01 +02:00
|
|
|
Content []byte
|
2019-09-15 22:54:07 +02:00
|
|
|
Key string
|
2019-09-21 13:11:38 +02:00
|
|
|
DeleteToken [16]byte
|
2019-08-25 21:33:56 +02:00
|
|
|
TimeCreated time.Time
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const (
|
2019-09-21 13:11:38 +02:00
|
|
|
typeUndef pasteType = 0
|
|
|
|
|
typePaste = 1
|
|
|
|
|
typeRedirect = 2
|
2019-08-31 00:02:01 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2019-09-21 13:11:38 +02:00
|
|
|
stateUndef pasteState = 0
|
|
|
|
|
statePresent = 1
|
|
|
|
|
stateDeleted = 2
|
2019-08-25 21:33:56 +02:00
|
|
|
)
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
type viewPaste uint
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
_ viewPaste = 1 << iota
|
|
|
|
|
viewNoRedirect
|
|
|
|
|
viewShowMeta
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const CookieDeleteToken = "owner_token"
|
2019-09-01 01:41:01 +02:00
|
|
|
|
2019-09-01 12:04:43 +02:00
|
|
|
// These keys are designated reserved, and will not be randomly chosen
|
2019-09-15 22:54:07 +02:00
|
|
|
var ReservedPasteKeys = []string{"xd42", "example"}
|
2019-09-01 12:04:43 +02:00
|
|
|
|
2019-09-01 01:41:01 +02:00
|
|
|
// Base64 encoding and decoding
|
|
|
|
|
var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
|
2019-09-11 00:12:31 +02:00
|
|
|
var base64Encoder = base64.RawURLEncoding.WithPadding(base64.NoPadding)
|
2019-09-01 01:41:01 +02:00
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func (t pasteType) String() string {
|
2019-09-01 01:41:01 +02:00
|
|
|
switch t {
|
2019-09-21 13:11:38 +02:00
|
|
|
case typeUndef:
|
|
|
|
|
return "unknown"
|
|
|
|
|
case typePaste:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "paste"
|
2019-09-21 13:11:38 +02:00
|
|
|
case typeRedirect:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "redirect"
|
2019-09-01 01:41:01 +02:00
|
|
|
default:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "invalid"
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func (t pasteState) String() string {
|
2019-09-01 01:41:01 +02:00
|
|
|
switch t {
|
2019-09-21 13:11:38 +02:00
|
|
|
case stateUndef:
|
|
|
|
|
return "unknown"
|
|
|
|
|
case statePresent:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "present"
|
2019-09-21 13:11:38 +02:00
|
|
|
case stateDeleted:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "deleted"
|
2019-09-01 01:41:01 +02:00
|
|
|
default:
|
2019-09-15 22:54:07 +02:00
|
|
|
return "invalid"
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-19 21:29:25 +02:00
|
|
|
func indexGetHandler(w http.ResponseWriter, r *http.Request) {
|
2019-09-21 13:11:38 +02:00
|
|
|
render(w, r, "index", map[string]interface{}{})
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func viewPasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
viewPasteHandlerInner(w, r, 0)
|
2019-08-31 00:02:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
viewPasteHandlerInner(w, r, viewNoRedirect)
|
2019-08-31 00:02:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
viewPasteHandlerInner(w, r, viewShowMeta)
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste) {
|
2019-08-29 00:50:26 +02:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
key := vars["key"]
|
2019-09-21 13:11:38 +02:00
|
|
|
var storedPaste *storedPaste
|
2019-09-10 17:52:45 +02:00
|
|
|
if err := db.DB.View(func(tx *bolt.Tx) error {
|
2019-08-29 00:50:26 +02:00
|
|
|
var err error
|
2019-09-21 13:11:38 +02:00
|
|
|
storedPaste, err = getURL(tx, key)
|
2019-08-29 00:50:26 +02:00
|
|
|
return err
|
|
|
|
|
}); err != nil {
|
|
|
|
|
log.Printf("error: %v\n", err)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderInternalServerError(w, r, err)
|
2019-08-29 00:50:26 +02:00
|
|
|
return
|
|
|
|
|
}
|
2019-08-31 00:02:01 +02:00
|
|
|
if storedPaste == nil {
|
2019-09-19 21:42:01 +02:00
|
|
|
renderError(w, r, http.StatusNotFound, "url key not found in the database")
|
2019-09-01 01:41:01 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
if flags&viewShowMeta != 0 {
|
|
|
|
|
canDelete := struct {
|
|
|
|
|
Bool bool
|
|
|
|
|
String string
|
|
|
|
|
}{Bool: false}
|
|
|
|
|
deleteToken, err := getDeleteTokenFromRequest(r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
canDelete.String = "invalid"
|
|
|
|
|
} else if deleteToken == nil {
|
|
|
|
|
canDelete.String = "undefined"
|
|
|
|
|
} else {
|
|
|
|
|
if subtle.ConstantTimeCompare(deleteToken[:], storedPaste.DeleteToken[:]) == 1 {
|
|
|
|
|
canDelete.Bool = true
|
|
|
|
|
canDelete.String = "correct"
|
|
|
|
|
} else {
|
|
|
|
|
canDelete.String = "invalid"
|
|
|
|
|
}
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-15 22:54:07 +02:00
|
|
|
data := map[string]interface{}{
|
2019-09-21 13:11:38 +02:00
|
|
|
"Paste": storedPaste,
|
|
|
|
|
"CanDelete": canDelete,
|
2019-09-15 22:54:07 +02:00
|
|
|
}
|
2019-09-19 21:42:01 +02:00
|
|
|
render(w, r, "pasteMeta", data)
|
2019-08-31 00:02:01 +02:00
|
|
|
return
|
2019-08-29 00:50:26 +02:00
|
|
|
}
|
2019-09-01 01:41:01 +02:00
|
|
|
|
2019-08-31 00:02:01 +02:00
|
|
|
switch storedPaste.State {
|
2019-09-21 13:11:38 +02:00
|
|
|
case statePresent:
|
|
|
|
|
if flags&viewNoRedirect == 0 {
|
2019-08-31 00:02:01 +02:00
|
|
|
rawurl := string(storedPaste.Content)
|
|
|
|
|
urlParse, err := url.Parse(rawurl)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("error: invalid URL ('%v') in database for key '%v': %v\n", rawurl, storedPaste.Key, err)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderInternalServerError(w, r, "invalid url in database")
|
2019-08-31 00:02:01 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
http.Redirect(w, r, urlParse.String(), http.StatusSeeOther)
|
|
|
|
|
}
|
|
|
|
|
w.Write(storedPaste.Content)
|
2019-09-21 13:11:38 +02:00
|
|
|
case stateDeleted:
|
2019-09-19 21:42:01 +02:00
|
|
|
renderError(w, r, http.StatusGone, "key has been deleted")
|
2019-08-29 00:50:26 +02:00
|
|
|
default:
|
2019-08-31 00:02:01 +02:00
|
|
|
log.Printf("error: invalid storedPaste.State (%v) for key '%v'\n", storedPaste.State, storedPaste.Key)
|
2019-09-15 21:34:41 +02:00
|
|
|
msg := fmt.Sprintf("internal server error: invalid storedPaste.State (%v\n)", storedPaste.State)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderInternalServerError(w, r, msg)
|
2019-08-29 00:50:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func newPasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if err := r.ParseMultipartForm(50 * 1000 * 1000); err != nil {
|
|
|
|
|
log.Printf("error: %v\n", err)
|
|
|
|
|
renderInternalServerError(w, r, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Determine what kind of post this is, currently only `shorten=...`
|
|
|
|
|
if len(r.PostForm) == 0 {
|
|
|
|
|
renderError(w, r, http.StatusBadRequest, "empty body in POST request\n")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
shorten_values, prs := r.PostForm["shorten"]
|
|
|
|
|
if !prs {
|
|
|
|
|
renderError(w, r, http.StatusBadRequest, "no 'shorten' param given\n")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if len(shorten_values) != 1 {
|
|
|
|
|
renderError(w, r, http.StatusBadRequest, "only one 'shorten' param is allowed per request\n")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newRedirectPasteHandler(w, r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newRedirectPasteHandler(w http.ResponseWriter, r *http.Request) {
|
2019-08-25 21:33:56 +02:00
|
|
|
rawurl := r.PostForm.Get("shorten")
|
|
|
|
|
userURL, err := url.ParseRequestURI(rawurl)
|
|
|
|
|
if err != nil {
|
2019-09-15 21:34:41 +02:00
|
|
|
msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderError(w, r, http.StatusBadRequest, msg)
|
2019-08-25 21:33:56 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if userURL.Scheme == "" {
|
2019-09-19 21:42:01 +02:00
|
|
|
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)")
|
2019-08-25 21:33:56 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if userURL.Host == "" {
|
2019-09-19 21:42:01 +02:00
|
|
|
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)")
|
2019-08-25 21:33:56 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
var storedPaste *storedPaste
|
2019-09-10 17:52:45 +02:00
|
|
|
if err := db.DB.Update(func(tx *bolt.Tx) error {
|
2019-09-21 13:11:38 +02:00
|
|
|
// Generate a new delete token for this paste
|
|
|
|
|
deleteToken, err := generateDeleteToken()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "generating delete token")
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
sp, err := shortenURL(tx, userURL, deleteToken)
|
2019-09-01 01:41:01 +02:00
|
|
|
storedPaste = sp
|
2019-08-25 21:33:56 +02:00
|
|
|
return err
|
|
|
|
|
}); err != nil {
|
2019-08-29 00:50:26 +02:00
|
|
|
log.Printf("error: %v\n", err)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderInternalServerError(w, r, err)
|
2019-08-25 21:33:56 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
deleteToken := hex.EncodeToString(storedPaste.DeleteToken[:])
|
|
|
|
|
saveRawurl := fmt.Sprintf("%v/%v?deleteToken=%v", r.Host, string(storedPaste.Key), deleteToken)
|
|
|
|
|
saveURL, err := r.URL.Parse(saveRawurl)
|
2019-09-01 01:41:01 +02:00
|
|
|
if err != nil {
|
2019-09-06 00:07:50 +02:00
|
|
|
err = errors.Wrap(err, "parsing url")
|
|
|
|
|
log.Printf("error: %v\n", err)
|
2019-09-19 21:42:01 +02:00
|
|
|
renderInternalServerError(w, r, err)
|
2019-09-06 00:07:50 +02:00
|
|
|
return
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-15 21:34:41 +02:00
|
|
|
// TODO(dsprenkels) Put this into a template
|
2019-09-05 23:57:43 +02:00
|
|
|
w.WriteHeader(http.StatusOK)
|
2019-09-21 13:11:38 +02:00
|
|
|
fmt.Fprintf(w, "%v\n", saveURL)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete a URL from the database
|
|
|
|
|
func deletePasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
// TODO(dsprenkels) LEFT HERE; this functionality still untested
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
key := vars["key"]
|
|
|
|
|
|
|
|
|
|
deleteToken, err := getDeleteTokenFromRequest(r)
|
|
|
|
|
if err != nil {
|
|
|
|
|
renderError(w, r, http.StatusBadRequest, "invalid delete token")
|
|
|
|
|
return
|
|
|
|
|
} else if deleteToken == nil {
|
|
|
|
|
renderError(w, r, http.StatusBadRequest, "no delete token provided")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var errorCode int
|
|
|
|
|
if err := db.DB.Update(func(tx *bolt.Tx) error {
|
|
|
|
|
paste, err := getURL(tx, key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
errorCode = http.StatusNotFound
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if subtle.ConstantTimeCompare(deleteToken[:], paste.DeleteToken[:]) == 1 {
|
|
|
|
|
// Replace the old paste with a new empty paste
|
|
|
|
|
return savePaste(tx, key, storedPaste{
|
|
|
|
|
Key: paste.Key,
|
|
|
|
|
State: stateDeleted,
|
|
|
|
|
DeleteToken: paste.DeleteToken,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
errorCode = http.StatusForbidden
|
|
|
|
|
return errors.New("invalid delete token")
|
|
|
|
|
}); err != nil {
|
|
|
|
|
log.Printf("error: %v\n", err)
|
|
|
|
|
renderError(w, r, errorCode, fmt.Sprintf("error: %v", err))
|
|
|
|
|
return
|
|
|
|
|
}
|
2019-08-29 00:50:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Retrieve a URL from the database
|
2019-09-21 13:11:38 +02:00
|
|
|
func getURL(tx *bolt.Tx, key string) (*storedPaste, error) {
|
|
|
|
|
pastesBucket := tx.Bucket([]byte(db.BUCKET_PASTES))
|
|
|
|
|
if pastesBucket == nil {
|
|
|
|
|
return nil, errors.Errorf("bucket %v does not exist", db.BUCKET_PASTES)
|
2019-08-29 00:50:26 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
storedBytes := pastesBucket.Get([]byte(key))
|
2019-08-29 00:50:26 +02:00
|
|
|
if storedBytes == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
storedPaste := &storedPaste{}
|
2019-08-31 00:02:01 +02:00
|
|
|
err := gobmarsh.Unmarshal(storedBytes, storedPaste)
|
|
|
|
|
return storedPaste, err
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add a new URL to the database
|
|
|
|
|
//
|
|
|
|
|
// Returns the new ID if the url was successfully shortened
|
2019-09-21 13:11:38 +02:00
|
|
|
func shortenURL(tx *bolt.Tx, userURL *url.URL, deleteToken [16]byte) (*storedPaste, error) {
|
|
|
|
|
pastesBucket := tx.Bucket([]byte(db.BUCKET_PASTES))
|
|
|
|
|
if pastesBucket == nil {
|
|
|
|
|
return nil, errors.Errorf("bucket %v does not exist", db.BUCKET_PASTES)
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate a key until it is not in the database, this occurs in O(log N),
|
|
|
|
|
// where N is the amount of keys stored in the url-shorten database.
|
|
|
|
|
epoch := 0
|
2019-09-15 22:54:07 +02:00
|
|
|
var urlKey string
|
2019-08-25 21:33:56 +02:00
|
|
|
for {
|
|
|
|
|
var err error
|
|
|
|
|
urlKey, err = generateURLKey(epoch)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "url-key generation failed")
|
|
|
|
|
}
|
2019-09-01 12:04:43 +02:00
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
found := pastesBucket.Get([]byte(urlKey))
|
2019-08-25 21:33:56 +02:00
|
|
|
if found == nil {
|
|
|
|
|
break
|
|
|
|
|
}
|
2019-09-01 12:04:43 +02:00
|
|
|
|
|
|
|
|
isReserved := false
|
|
|
|
|
for _, reservedKey := range ReservedPasteKeys {
|
2019-09-15 22:54:07 +02:00
|
|
|
if strings.HasPrefix(urlKey, reservedKey) {
|
2019-09-01 12:04:43 +02:00
|
|
|
isReserved = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !isReserved {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-25 21:33:56 +02:00
|
|
|
epoch++
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Store the new key
|
2019-09-21 13:11:38 +02:00
|
|
|
storedPaste := storedPaste{
|
|
|
|
|
Type: typeRedirect,
|
|
|
|
|
State: statePresent,
|
2019-08-31 00:02:01 +02:00
|
|
|
Content: []byte(userURL.String()),
|
2019-08-29 00:50:26 +02:00
|
|
|
Key: urlKey,
|
2019-09-21 13:11:38 +02:00
|
|
|
DeleteToken: deleteToken,
|
2019-08-25 21:33:56 +02:00
|
|
|
TimeCreated: time.Now().UTC(),
|
|
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
if err := savePaste(tx, urlKey, storedPaste); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &storedPaste, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func savePaste(tx *bolt.Tx, key string, paste storedPaste) error {
|
|
|
|
|
bucket := tx.Bucket([]byte(db.BUCKET_PASTES))
|
|
|
|
|
if bucket == nil {
|
|
|
|
|
return errors.Errorf("bucket %v does not exist", db.BUCKET_PASTES)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf, err := gobmarsh.Marshal(paste)
|
2019-08-25 21:33:56 +02:00
|
|
|
if err != nil {
|
2019-09-21 13:11:38 +02:00
|
|
|
return errors.Wrap(err, "encoding for database failed")
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
if err := bucket.Put([]byte(key), buf); err != nil {
|
|
|
|
|
return errors.Wrap(err, "database transaction failed")
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
return nil
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-15 22:54:07 +02:00
|
|
|
func generateURLKey(epoch int) (string, error) {
|
2019-08-25 21:33:56 +02:00
|
|
|
urlKey := make([]byte, 4+epoch)
|
|
|
|
|
_, err := rand.Read(urlKey)
|
|
|
|
|
if err != nil {
|
2019-09-15 22:54:07 +02:00
|
|
|
return "", err
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
|
|
|
|
// Put all the values in the range 0..64 for easier base64-encoding
|
|
|
|
|
for i := 0; i < len(urlKey); i++ {
|
|
|
|
|
urlKey[i] &= 0x3F
|
|
|
|
|
}
|
|
|
|
|
// Implement truncate-resistance by forcing the prefix to
|
|
|
|
|
// 0b111110xxxxxxxxxx
|
|
|
|
|
// ^----- {epoch} ones followed by a single 0
|
|
|
|
|
//
|
|
|
|
|
// Example when epoch is 1: prefix is 0b10.
|
|
|
|
|
i := 0
|
|
|
|
|
for i < epoch {
|
|
|
|
|
// Set this bit to 1
|
|
|
|
|
limb := i / 6
|
|
|
|
|
bit := i % 6
|
|
|
|
|
urlKey[limb] |= 1 << uint(5-bit)
|
|
|
|
|
i++
|
|
|
|
|
}
|
|
|
|
|
// Finally set the next bit to 0
|
|
|
|
|
limb := i / 6
|
|
|
|
|
bit := i % 6
|
|
|
|
|
urlKey[limb] &= ^(1 << uint(5-bit))
|
|
|
|
|
|
|
|
|
|
// Convert this ID to a canonical base64 notation
|
2019-08-29 00:50:26 +02:00
|
|
|
for i := range urlKey {
|
|
|
|
|
urlKey[i] = base64Alphabet[urlKey[i]]
|
|
|
|
|
}
|
2019-09-15 22:54:07 +02:00
|
|
|
return string(urlKey), nil
|
2019-08-25 21:33:56 +02:00
|
|
|
}
|
2019-09-01 01:41:01 +02:00
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func generateDeleteToken() ([16]byte, error) {
|
|
|
|
|
var deleteToken [16]byte
|
|
|
|
|
_, err := rand.Read(deleteToken[:])
|
2019-09-01 01:41:01 +02:00
|
|
|
if err != nil {
|
2019-09-21 13:11:38 +02:00
|
|
|
return deleteToken, err
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
return deleteToken, nil
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-21 13:11:38 +02:00
|
|
|
func getDeleteTokenFromRequest(r *http.Request) (*[16]byte, error) {
|
|
|
|
|
deleteTokenQuery := r.URL.Query().Get("deleteToken")
|
|
|
|
|
if deleteTokenQuery == "" {
|
|
|
|
|
return nil, nil
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
var deleteToken [16]byte
|
|
|
|
|
n, err := hex.Decode(deleteToken[:], []byte(deleteTokenQuery))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "decoding hex")
|
|
|
|
|
} else if n != 16 {
|
|
|
|
|
return nil, errors.Errorf("invalid deleteToken length (%v bytes)", n)
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
2019-09-21 13:11:38 +02:00
|
|
|
return &deleteToken, nil
|
2019-09-01 01:41:01 +02:00
|
|
|
}
|
