350 lines
8.6 KiB
Go
350 lines
8.6 KiB
Go
package rushlink
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"encoding/base64"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"mime/multipart"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/gorilla/mux"
|
|
"github.com/pkg/errors"
|
|
bolt "go.etcd.io/bbolt"
|
|
)
|
|
|
|
type viewPaste uint
|
|
|
|
const (
|
|
_ viewPaste = 1 << iota
|
|
viewNoRedirect
|
|
viewShowMeta
|
|
)
|
|
|
|
const CookieDeleteToken = "owner_token"
|
|
|
|
// These keys are designated reserved, and will not be randomly chosen
|
|
var ReservedPasteKeys = []string{"xd42", "example"}
|
|
|
|
// Base64 encoding and decoding
|
|
var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
|
|
var base64Encoder = base64.RawURLEncoding.WithPadding(base64.NoPadding)
|
|
|
|
func indexGetHandler(w http.ResponseWriter, r *http.Request) {
|
|
render(w, r, "index", map[string]interface{}{})
|
|
}
|
|
|
|
func uploadFileGetHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var fu *fileUpload
|
|
var badID bool
|
|
if err := DB.View(func(tx *bolt.Tx) error {
|
|
fuID, err := uuid.Parse(id)
|
|
if err != nil {
|
|
badID = true
|
|
return err
|
|
}
|
|
fu, err = getFileUpload(tx, fuID)
|
|
return err
|
|
}); err != nil {
|
|
if badID {
|
|
renderError(w, r, http.StatusNotFound, "malformed file id")
|
|
return
|
|
} else {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
filePath := fileStorePath(fu.ID, fu.FileName)
|
|
file, err := os.Open(filePath)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
log.Printf("error: %v should exist according to the database, but it doesn't", filePath)
|
|
renderError(w, r, http.StatusNotFound, "file not found")
|
|
return
|
|
} else {
|
|
panic(err)
|
|
}
|
|
}
|
|
w.Header().Set("Content-Type", fu.ContentType)
|
|
io.Copy(w, file)
|
|
}
|
|
|
|
func viewPasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
viewPasteHandlerInner(w, r, 0)
|
|
}
|
|
|
|
func viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) {
|
|
viewPasteHandlerInner(w, r, viewNoRedirect)
|
|
}
|
|
|
|
func viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) {
|
|
viewPasteHandlerInner(w, r, viewShowMeta)
|
|
}
|
|
|
|
func viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste) {
|
|
vars := mux.Vars(r)
|
|
key := vars["key"]
|
|
var p *paste
|
|
var fuID *uuid.UUID
|
|
var fu *fileUpload
|
|
if err := DB.View(func(tx *bolt.Tx) error {
|
|
var err error
|
|
p, err = getPaste(tx, key)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if p != nil && p.Type == pasteTypeFileUpload {
|
|
var id uuid.UUID
|
|
copy(id[:], p.Content)
|
|
fuID = &id
|
|
fu, err = getFileUpload(tx, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}); err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
if p == nil {
|
|
renderError(w, r, http.StatusNotFound, "url key not found in the database")
|
|
return
|
|
}
|
|
|
|
if flags&viewShowMeta != 0 {
|
|
canDelete := struct {
|
|
Bool bool
|
|
String string
|
|
}{Bool: false}
|
|
deleteToken := getDeleteTokenFromRequest(r)
|
|
if deleteToken == "" {
|
|
canDelete.String = "undefined"
|
|
} else {
|
|
if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {
|
|
canDelete.Bool = true
|
|
canDelete.String = "correct"
|
|
} else {
|
|
canDelete.String = "invalid"
|
|
}
|
|
}
|
|
|
|
data := map[string]interface{}{
|
|
"Paste": p,
|
|
"CanDelete": canDelete,
|
|
}
|
|
render(w, r, "pasteMeta", data)
|
|
return
|
|
}
|
|
|
|
switch p.State {
|
|
case pasteStatePresent:
|
|
var location string
|
|
switch p.Type {
|
|
case pasteTypeFileUpload:
|
|
if fu == nil {
|
|
panic(fmt.Sprintf("file for id %v does not exist in database\n", fuID))
|
|
}
|
|
location = fu.url().String()
|
|
break
|
|
case pasteTypeRedirect:
|
|
location = p.redirectURL().String()
|
|
break
|
|
default:
|
|
panic("paste type unsupported")
|
|
}
|
|
if flags&viewNoRedirect == 0 {
|
|
http.Redirect(w, r, location, http.StatusSeeOther)
|
|
}
|
|
fmt.Fprint(w, location)
|
|
case pasteStateDeleted:
|
|
renderError(w, r, http.StatusGone, "paste has been deleted\n")
|
|
default:
|
|
panic(errors.Errorf("invalid paste.State (%v) for key '%v'", p.State, p.Key))
|
|
}
|
|
}
|
|
|
|
func newPasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
newPasteHandlerMultipart(w, r, func(w http.ResponseWriter, r *http.Request) {
|
|
newPasteHandlerURLEncoded(w, r, func(w http.ResponseWriter, r *http.Request) {
|
|
renderError(w, r, http.StatusBadRequest, "no form data in request\n")
|
|
})
|
|
})
|
|
}
|
|
|
|
// Try to parse the new-paste request as multi-part form.
|
|
//
|
|
// If there is no multi-part form in the request, this handler will call next.
|
|
func newPasteHandlerMultipart(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
|
reader, err := r.MultipartReader()
|
|
if err != nil {
|
|
next(w, r)
|
|
return
|
|
}
|
|
|
|
part, err := reader.NextPart()
|
|
if err != nil {
|
|
if err == io.EOF {
|
|
renderError(w, r, http.StatusBadRequest, "multipart form is empty\n")
|
|
return
|
|
}
|
|
panic(errors.Wrap(err, "multipart.Reader.NextPart"))
|
|
}
|
|
if part.FormName() != "file" {
|
|
msg := fmt.Sprintf("invalid multipart form name: %v", part.FormName())
|
|
renderError(w, r, http.StatusBadRequest, msg)
|
|
return
|
|
}
|
|
|
|
newFileUploadPasteHandler(w, r, *part)
|
|
}
|
|
|
|
func newFileUploadPasteHandler(w http.ResponseWriter, r *http.Request, part multipart.Part) {
|
|
var fu *fileUpload
|
|
var paste *paste
|
|
if err := DB.Update(func(tx *bolt.Tx) error {
|
|
var err error
|
|
// Create the fileUpload in the database
|
|
fu, err = newFileUpload(tx, &part, part.FileName(), part.Header.Get("Content-Type"))
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "creating fileUpload"))
|
|
}
|
|
|
|
paste, err = shortenFileUploadID(tx, fu.ID)
|
|
return err
|
|
}); err != nil {
|
|
panic(err)
|
|
}
|
|
data := map[string]interface{}{"Paste": paste}
|
|
render(w, r, "newFileUploadPasteSuccess", data)
|
|
}
|
|
|
|
func newPasteHandlerURLEncoded(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
|
if err := r.ParseForm(); err != nil {
|
|
next(w, r)
|
|
return
|
|
}
|
|
shorten := r.PostFormValue("shorten")
|
|
if shorten == "" {
|
|
renderError(w, r, http.StatusBadRequest, "no 'shorten' param given\n")
|
|
return
|
|
}
|
|
newRedirectPasteHandler(w, r, shorten)
|
|
}
|
|
|
|
func newRedirectPasteHandler(w http.ResponseWriter, r *http.Request, shorten string) {
|
|
rawurl := r.PostForm.Get("shorten")
|
|
userURL, err := url.ParseRequestURI(rawurl)
|
|
if err != nil {
|
|
msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl)
|
|
renderError(w, r, http.StatusBadRequest, msg)
|
|
return
|
|
}
|
|
if userURL.Scheme == "" {
|
|
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)\n")
|
|
return
|
|
}
|
|
if userURL.Host == "" {
|
|
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)\n")
|
|
return
|
|
}
|
|
|
|
var paste *paste
|
|
if err := DB.Update(func(tx *bolt.Tx) error {
|
|
// Generate a new delete token for this paste
|
|
var err error
|
|
paste, err = shortenURL(tx, userURL)
|
|
return err
|
|
}); err != nil {
|
|
panic(err)
|
|
}
|
|
data := map[string]interface{}{"Paste": paste}
|
|
render(w, r, "newRedirectPasteSuccess", data)
|
|
}
|
|
|
|
// Delete a URL from the database
|
|
func deletePasteHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
key := vars["key"]
|
|
|
|
deleteToken := getDeleteTokenFromRequest(r)
|
|
if deleteToken == "" {
|
|
renderError(w, r, http.StatusBadRequest, "no delete token provided\n")
|
|
return
|
|
}
|
|
|
|
var errorCode int
|
|
if err := DB.Update(func(tx *bolt.Tx) error {
|
|
p, err := getPaste(tx, key)
|
|
if err != nil {
|
|
errorCode = http.StatusNotFound
|
|
return err
|
|
}
|
|
if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {
|
|
p.delete(tx)
|
|
}
|
|
errorCode = http.StatusForbidden
|
|
return errors.New("invalid delete token")
|
|
}); err != nil {
|
|
log.Printf("error: %v\n", err)
|
|
renderError(w, r, errorCode, fmt.Sprintf("error: %v\n", err))
|
|
return
|
|
}
|
|
}
|
|
|
|
// Add a new fileUpload redirect to the database
|
|
//
|
|
// Returns the new paste key if the fileUpload was successfully added to the
|
|
// database
|
|
func shortenFileUploadID(tx *bolt.Tx, id uuid.UUID) (*paste, error) {
|
|
return shorten(tx, pasteTypeFileUpload, id[:])
|
|
}
|
|
|
|
// Add a new URL to the database
|
|
//
|
|
// Returns the new paste key if the url was successfully shortened
|
|
func shortenURL(tx *bolt.Tx, userURL *url.URL) (*paste, error) {
|
|
return shorten(tx, pasteTypeRedirect, []byte(userURL.String()))
|
|
}
|
|
|
|
// Add a paste (of any kind) to the database with arbitrary content.
|
|
func shorten(tx *bolt.Tx, ty pasteType, content []byte) (*paste, error) {
|
|
// Generate the paste key
|
|
pasteKey, err := generatePasteKey(tx)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "generating paste key")
|
|
}
|
|
|
|
// Also generate a deleteToken
|
|
deleteToken, err := generateDeleteToken()
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "generating delete token")
|
|
}
|
|
|
|
// Store the new key
|
|
p := paste{
|
|
Type: ty,
|
|
State: pasteStatePresent,
|
|
Content: content,
|
|
Key: pasteKey,
|
|
DeleteToken: deleteToken,
|
|
TimeCreated: time.Now().UTC(),
|
|
}
|
|
if err := p.save(tx); err != nil {
|
|
return nil, err
|
|
}
|
|
return &p, nil
|
|
}
|
|
|
|
func getDeleteTokenFromRequest(r *http.Request) string {
|
|
return r.URL.Query().Get("deleteToken")
|
|
}
|