package rushlink import ( "crypto/subtle" "fmt" "log" "mime/multipart" "net/http" "net/url" "os" "strings" "time" "gitea.hashru.nl/dsprenkels/rushlink/internal/boltdb" "github.com/google/uuid" "github.com/gorilla/mux" "github.com/pkg/errors" bolt "go.etcd.io/bbolt" ) const ( // formParseMaxMemory value is based on the default value that is used in // Request.ParseMultipartForm. formParseMaxMemory = 32 << 20 // 32 MB // highOnlineEntropy is the desired entropy of an "unguessable" paste URL // (in bits). It should be chosen such that it should be hard for an // attacker to find *any* key that should not be found. // It is desired that the probability to guess a good key is small. // // [ amount of pastes ] // Pr[ good key ] = --------------------------- // [ amount of possible keys ] // // So with a conservative [ amount of pastes ] = 2^32 (= 4 billion), and // an [ amount of possible keys ] = 2^80 then the probability of a correct // guess is 2^-48. highOnlineEntropy = 80 ) type viewPaste uint const ( _ viewPaste = 1 << iota viewNoRedirect viewShowMeta ) const cookieDeleteToken = "owner_token" type canDelete uint const ( canDeleteUndef canDelete = iota canDeleteYes canDeleteNo ) func (cd *canDelete) Bool() bool { return *cd == canDeleteYes } func (cd *canDelete) String() string { switch *cd { case canDeleteUndef: return "undefined" case canDeleteYes: return "correct" case canDeleteNo: return "invalid" default: panic("unreachable") } } func (rl *rushlink) staticGetHandler(w http.ResponseWriter, r *http.Request) { rl.renderStatic(w, r, mux.Vars(r)["path"]) } func (rl *rushlink) indexGetHandler(w http.ResponseWriter, r *http.Request) { rl.render(w, r, http.StatusOK, "index", map[string]interface{}{}) } func (rl *rushlink) viewPasteHandler(w http.ResponseWriter, r *http.Request) { rl.viewPasteHandlerFlags(w, r, 0) } func (rl *rushlink) viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) { rl.viewPasteHandlerFlags(w, r, viewNoRedirect) } func (rl *rushlink) viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) { rl.viewPasteHandlerFlags(w, r, viewShowMeta) } func (rl *rushlink) viewPasteHandlerFlags(w http.ResponseWriter, r *http.Request, flags viewPaste) { vars := mux.Vars(r) key := vars["key"] var p *boltdb.Paste var fu *boltdb.FileUpload err := rl.db.Bolt.View(func(tx *bolt.Tx) error { var err error p, err = boltdb.GetPaste(tx, key) if err != nil { return err } if p != nil && p.Type == boltdb.PasteTypeFileUpload { var id uuid.UUID copy(id[:], p.Content) fu, err = boltdb.GetFileUpload(tx, id) if err != nil { return err } } return nil }) if err != nil { status := boltdb.ErrHTTPStatusCode(err) if status == http.StatusInternalServerError { panic(err) } rl.renderError(w, r, status, err.Error()) return } rl.viewPasteHandlerInner(w, r, flags, p, fu) } func (rl *rushlink) viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste, p *boltdb.Paste, fu *boltdb.FileUpload) { if flags&viewShowMeta != 0 { rl.viewPasteHandlerInnerMeta(w, r, p, fu) return } switch p.State { case boltdb.PasteStatePresent: switch p.Type { case boltdb.PasteTypeFileUpload: if fu == nil { panic(fmt.Sprintf("file for id %v does not exist in database\n", string(p.Content))) } rl.viewFileUploadHandler(w, r, fu) return case boltdb.PasteTypeRedirect: if flags&viewNoRedirect != 0 { w.Write([]byte(p.RedirectURL().String())) return } http.Redirect(w, r, p.RedirectURL().String(), http.StatusTemporaryRedirect) return default: panic("paste type unsupported") } case boltdb.PasteStateDeleted: rl.renderError(w, r, http.StatusGone, "paste has been deleted\n") return default: panic(errors.Errorf("invalid paste.State (%v) for key '%v'", p.State, p.Key)) } } func (rl *rushlink) viewFileUploadHandler(w http.ResponseWriter, r *http.Request, fu *boltdb.FileUpload) { filePath := fu.Path(rl.fs) file, err := os.Open(filePath) if err != nil { if os.IsNotExist(err) { log.Printf("error: '%v' should exist according to the database, but it doesn't", filePath) rl.renderError(w, r, http.StatusNotFound, "file not found") return } // unexpected error panic(err) } var modtime time.Time info, err := file.Stat() if err != nil { log.Printf("error: %v", errors.Wrapf(err, "could not stat file '%v'", filePath)) } else { modtime = info.ModTime() } // Provide the real filename to the client (to be used in Ctrl+S etc.) quotedName := strings.ReplaceAll(fu.FileName, "\"", "\\\"") w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=\"%s\"", quotedName)) // We use http.ServeContent (instead of http.ServeFile) because we cannot // use http.ServeFile together with the assertion that the file exists, // without introducing a TOCTOU flaw. http.ServeContent(w, r, fu.FileName, modtime, file) } func (rl *rushlink) viewPasteHandlerInnerMeta(w http.ResponseWriter, r *http.Request, p *boltdb.Paste, fu *boltdb.FileUpload) { var cd canDelete deleteToken := getDeleteTokenFromRequest(r) if deleteToken != "" { if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 { cd = canDeleteYes } else { cd = canDeleteNo } } var fileExt string if fu != nil { fileExt = fu.Ext() } data := map[string]interface{}{ "Paste": p, "FileExt": fileExt, "CanDeleteString": cd.String(), "CanDeleteBool": cd.Bool(), } var status int if p.State == boltdb.PasteStateDeleted { status = http.StatusGone } else { status = http.StatusOK } rl.render(w, r, status, "pasteMeta", data) return } func (rl *rushlink) viewActionSuccess(w http.ResponseWriter, r *http.Request, p *boltdb.Paste, fu *boltdb.FileUpload) { var fileExt string if fu != nil { fileExt = fu.Ext() } // Redirect to the new paste. pasteURL := url.URL{ Path: fmt.Sprintf("/%s%s/meta", p.Key, fileExt), RawQuery: fmt.Sprintf("deleteToken=%s", url.QueryEscape(p.DeleteToken)), } http.Redirect(w, r, pasteURL.String(), http.StatusFound) // But still render the page for CURL-like clients. cd := canDeleteYes data := map[string]interface{}{ "Paste": p, "FileExt": fileExt, "CanDeleteString": cd.String(), "CanDeleteBool": cd.Bool(), } rl.render(w, r, 0, "pasteMeta", data) return } func (rl *rushlink) newPasteHandler(w http.ResponseWriter, r *http.Request) { if err := r.ParseMultipartForm(formParseMaxMemory); err != nil { msg := fmt.Sprintf("could not parse form: %v\n", err) rl.renderError(w, r, http.StatusBadRequest, msg) return } fileHeaders, fileHeadersPrs := r.MultipartForm.File["file"] shortens, shortensPrs := r.MultipartForm.Value["shorten"] if !shortensPrs && !fileHeadersPrs { rl.renderError(w, r, http.StatusBadRequest, "no 'file' and no 'shorten' fields given in form\n") return } if shortensPrs && fileHeadersPrs { rl.renderError(w, r, http.StatusBadRequest, "both 'file' and 'shorten' fields provided in form\n") return } if shortensPrs { rl.newRedirectPasteHandler(w, r, shortens[0]) return } if fileHeadersPrs { fileHeader := fileHeaders[0] file, err := fileHeader.Open() if err != nil { rl.renderInternalServerError(w, r, err) return } rl.newFileUploadPasteHandler(w, r, file, *fileHeader) return } } func (rl *rushlink) newFileUploadPasteHandler(w http.ResponseWriter, r *http.Request, file multipart.File, header multipart.FileHeader) { var fu *boltdb.FileUpload var paste *boltdb.Paste if err := rl.db.Bolt.Update(func(tx *bolt.Tx) error { var err error fu, err = boltdb.NewFileUpload(rl.fs, file, header.Filename) if err != nil { panic(errors.Wrap(err, "creating fileUpload")) } if err := fu.Save(tx); err != nil { panic(errors.Wrap(err, "saving fileUpload in db")) } paste, err = shortenFileUploadID(tx, fu.ID) return err }); err != nil { panic(err) } rl.viewActionSuccess(w, r, paste, fu) } func (rl *rushlink) newRedirectPasteHandler(w http.ResponseWriter, r *http.Request, rawurl string) { userURL, err := url.Parse(rawurl) if err != nil { msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl) rl.renderError(w, r, http.StatusBadRequest, msg) return } if userURL.Scheme == "" { rl.renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)\n") return } if userURL.Host == "" { rl.renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)\n") return } var paste *boltdb.Paste if err := rl.db.Bolt.Update(func(tx *bolt.Tx) error { var err error paste, err = shortenURL(tx, userURL) return err }); err != nil { panic(err) } rl.viewActionSuccess(w, r, paste, nil) } // Delete a URL from the database func (rl *rushlink) deletePasteHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) key := vars["key"] deleteToken := getDeleteTokenFromRequest(r) if deleteToken == "" { rl.renderError(w, r, http.StatusBadRequest, "no delete token provided\n") return } var errorCode int var paste *boltdb.Paste if err := rl.db.Bolt.Update(func(tx *bolt.Tx) error { var err error paste, err = boltdb.GetPaste(tx, key) if err != nil { errorCode = http.StatusNotFound return err } if paste.State == boltdb.PasteStateDeleted { errorCode = http.StatusGone return errors.New("already deleted") } if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(paste.DeleteToken)) == 0 { errorCode = http.StatusForbidden return errors.New("invalid delete token") } if err := paste.Delete(tx, rl.fs); err != nil { errorCode = http.StatusInternalServerError return err } return nil }); err != nil { log.Printf("error: %v\n", err) rl.renderError(w, r, errorCode, fmt.Sprintf("error: %v\n", err)) return } rl.viewActionSuccess(w, r, paste, nil) } // Add a new fileUpload redirect to the database // // Returns the new paste key if the fileUpload was successfully added to the // database func shortenFileUploadID(tx *bolt.Tx, id uuid.UUID) (*boltdb.Paste, error) { return shorten(tx, boltdb.PasteTypeFileUpload, id[:]) } // Add a new URL to the database // // Returns the new paste key if the url was successfully shortened func shortenURL(tx *bolt.Tx, userURL *url.URL) (*boltdb.Paste, error) { return shorten(tx, boltdb.PasteTypeRedirect, []byte(userURL.String())) } // Add a paste (of any kind) to the database with arbitrary content. func shorten(tx *bolt.Tx, ty boltdb.PasteType, content []byte) (*boltdb.Paste, error) { // Generate the paste key var keyEntropy int if ty == boltdb.PasteTypeFileUpload || ty == boltdb.PasteTypePaste { keyEntropy = highOnlineEntropy } pasteKey, err := boltdb.GeneratePasteKey(tx, keyEntropy) if err != nil { return nil, errors.Wrap(err, "generating paste key") } // Also generate a deleteToken deleteToken, err := boltdb.GenerateDeleteToken() if err != nil { return nil, errors.Wrap(err, "generating delete token") } // Store the new key p := boltdb.Paste{ Type: ty, State: boltdb.PasteStatePresent, Content: content, Key: pasteKey, DeleteToken: deleteToken, TimeCreated: time.Now().UTC(), } if err := p.Save(tx); err != nil { return nil, err } return &p, nil } func getDeleteTokenFromRequest(r *http.Request) string { return r.URL.Query().Get("deleteToken") }