rushlink/handlers.go
2019-11-22 18:41:54 +01:00

348 lines
8.4 KiB
Go

package rushlink
import (
"crypto/subtle"
"encoding/base64"
"fmt"
"io"
"log"
"mime/multipart"
"net/http"
"net/url"
"os"
"time"
"github.com/google/uuid"
"github.com/gorilla/mux"
"github.com/pkg/errors"
bolt "go.etcd.io/bbolt"
)
type viewPaste uint
const (
_ viewPaste = 1 << iota
viewNoRedirect
viewShowMeta
)
const CookieDeleteToken = "owner_token"
// These keys are designated reserved, and will not be randomly chosen
var ReservedPasteKeys = []string{"xd42", "example"}
// Base64 encoding and decoding
var base64Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
var base64Encoder = base64.RawURLEncoding.WithPadding(base64.NoPadding)
func indexGetHandler(w http.ResponseWriter, r *http.Request) {
render(w, r, "index", map[string]interface{}{})
}
func uploadFileGetHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
id := vars["id"]
var fu *fileUpload
var badID bool
if err := DB.View(func(tx *bolt.Tx) error {
fuID, err := uuid.Parse(id)
if err != nil {
badID = true
return err
}
fu, err = getFileUpload(tx, fuID)
return err
}); err != nil {
if badID {
renderError(w, r, http.StatusNotFound, "malformed file id")
return
} else {
panic(err)
}
}
filePath := fileStorePath(fu.ID, fu.FileName)
file, err := os.Open(filePath)
if err != nil {
if os.IsNotExist(err) {
log.Printf("error: %v should exist according to the database, but it doesn't", filePath)
renderError(w, r, http.StatusNotFound, "file not found")
return
} else {
panic(err)
}
}
w.Header().Set("Content-Type", fu.ContentType)
io.Copy(w, file)
}
func viewPasteHandler(w http.ResponseWriter, r *http.Request) {
viewPasteHandlerInner(w, r, 0)
}
func viewPasteHandlerNoRedirect(w http.ResponseWriter, r *http.Request) {
viewPasteHandlerInner(w, r, viewNoRedirect)
}
func viewPasteHandlerMeta(w http.ResponseWriter, r *http.Request) {
viewPasteHandlerInner(w, r, viewShowMeta)
}
func viewPasteHandlerInner(w http.ResponseWriter, r *http.Request, flags viewPaste) {
vars := mux.Vars(r)
key := vars["key"]
var p *paste
var fuID *uuid.UUID
var fu *fileUpload
if err := DB.View(func(tx *bolt.Tx) error {
var err error
p, err = getPaste(tx, key)
if err != nil {
return err
}
if p != nil && p.Type == pasteTypeFileUpload {
var id uuid.UUID
copy(id[:], p.Content)
fuID = &id
fu, err = getFileUpload(tx, id)
if err != nil {
return err
}
}
return nil
}); err != nil {
panic(err)
}
if p == nil {
renderError(w, r, http.StatusNotFound, "url key not found in the database")
return
}
if flags&viewShowMeta != 0 {
canDelete := struct {
Bool bool
String string
}{Bool: false}
deleteToken := getDeleteTokenFromRequest(r)
if deleteToken == "" {
canDelete.String = "undefined"
} else {
if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 1 {
canDelete.Bool = true
canDelete.String = "correct"
} else {
canDelete.String = "invalid"
}
}
data := map[string]interface{}{
"Paste": p,
"CanDelete": canDelete,
}
render(w, r, "pasteMeta", data)
return
}
switch p.State {
case pasteStatePresent:
var location string
switch p.Type {
case pasteTypeFileUpload:
if fu == nil {
panic(fmt.Sprintf("file for id %v does not exist in database\n", fuID))
}
location = fu.url().String()
break
case pasteTypeRedirect:
location = p.redirectURL().String()
break
default:
panic("paste type unsupported")
}
if flags&viewNoRedirect == 0 {
http.Redirect(w, r, location, http.StatusSeeOther)
}
fmt.Fprint(w, location)
case pasteStateDeleted:
renderError(w, r, http.StatusGone, "paste has been deleted\n")
default:
panic(errors.Errorf("invalid paste.State (%v) for key '%v'", p.State, p.Key))
}
}
func newPasteHandler(w http.ResponseWriter, r *http.Request) {
file, fileHeader, err := r.FormFile("file")
if err == nil {
newFileUploadPasteHandler(w, r, file, *fileHeader)
return
} else if err == http.ErrMissingFile {
// Fallthrough
} else {
msg := fmt.Sprintf("could not parse form: %v\n", err)
renderError(w, r, http.StatusBadRequest, msg)
return
}
shorten := r.FormValue("shorten")
if shorten != "" {
newRedirectPasteHandler(w, r, shorten)
return
}
renderError(w, r, http.StatusBadRequest, "no 'file' and no 'shorten' fields given in form\n")
}
func newFileUploadPasteHandler(w http.ResponseWriter, r *http.Request, file multipart.File, header multipart.FileHeader) {
var fu *fileUpload
var paste *paste
if err := DB.Update(func(tx *bolt.Tx) error {
var err error
// Create the fileUpload in the database
fu, err = newFileUpload(tx, file, header.Filename, header.Header.Get("Content-Type"))
if err != nil {
panic(errors.Wrap(err, "creating fileUpload"))
}
paste, err = shortenFileUploadID(tx, fu.ID)
return err
}); err != nil {
panic(err)
}
data := map[string]interface{}{"Paste": paste}
render(w, r, "newFileUploadPasteSuccess", data)
}
func newPasteHandlerURLEncoded(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
if err := r.ParseForm(); err != nil {
next(w, r)
return
}
shorten := r.PostFormValue("shorten")
if shorten == "" {
renderError(w, r, http.StatusBadRequest, "no 'shorten' param given\n")
return
}
newRedirectPasteHandler(w, r, shorten)
}
func newRedirectPasteHandler(w http.ResponseWriter, r *http.Request, rawurl string) {
userURL, err := url.ParseRequestURI(rawurl)
if err != nil {
msg := fmt.Sprintf("invalid url (%v): %v", err, rawurl)
renderError(w, r, http.StatusBadRequest, msg)
return
}
if userURL.Scheme == "" {
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified scheme)\n")
return
}
if userURL.Host == "" {
renderError(w, r, http.StatusBadRequest, "invalid url (unspecified host)\n")
return
}
var paste *paste
if err := DB.Update(func(tx *bolt.Tx) error {
var err error
paste, err = shortenURL(tx, userURL)
return err
}); err != nil {
panic(err)
}
data := map[string]interface{}{"Paste": paste}
render(w, r, "newRedirectPasteSuccess", data)
}
// Delete a URL from the database
func deletePasteHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
key := vars["key"]
deleteToken := getDeleteTokenFromRequest(r)
if deleteToken == "" {
renderError(w, r, http.StatusBadRequest, "no delete token provided\n")
return
}
var errorCode int
var paste paste
if err := DB.Update(func(tx *bolt.Tx) error {
p, err := getPaste(tx, key)
if err != nil {
errorCode = http.StatusNotFound
return err
}
if p.State == pasteStateDeleted {
errorCode = http.StatusGone
return errors.New("already deleted")
}
if subtle.ConstantTimeCompare([]byte(deleteToken), []byte(p.DeleteToken)) == 0 {
errorCode = http.StatusForbidden
return errors.New("invalid delete token")
}
if err := p.delete(tx); err != nil {
errorCode = http.StatusInternalServerError
return err
}
paste = *p
return nil
}); err != nil {
log.Printf("error: %v\n", err)
renderError(w, r, errorCode, fmt.Sprintf("error: %v\n", err))
return
}
data := map[string]interface{}{"Paste": paste}
render(w, r, "deletePasteSuccess", data)
}
// Add a new fileUpload redirect to the database
//
// Returns the new paste key if the fileUpload was successfully added to the
// database
func shortenFileUploadID(tx *bolt.Tx, id uuid.UUID) (*paste, error) {
return shorten(tx, pasteTypeFileUpload, id[:])
}
// Add a new URL to the database
//
// Returns the new paste key if the url was successfully shortened
func shortenURL(tx *bolt.Tx, userURL *url.URL) (*paste, error) {
return shorten(tx, pasteTypeRedirect, []byte(userURL.String()))
}
// Add a paste (of any kind) to the database with arbitrary content.
func shorten(tx *bolt.Tx, ty pasteType, content []byte) (*paste, error) {
// Generate the paste key
pasteKey, err := generatePasteKey(tx)
if err != nil {
return nil, errors.Wrap(err, "generating paste key")
}
// Also generate a deleteToken
deleteToken, err := generateDeleteToken()
if err != nil {
return nil, errors.Wrap(err, "generating delete token")
}
// Store the new key
p := paste{
Type: ty,
State: pasteStatePresent,
Content: content,
Key: pasteKey,
DeleteToken: deleteToken,
TimeCreated: time.Now().UTC(),
}
if err := p.save(tx); err != nil {
return nil, err
}
return &p, nil
}
func getDeleteTokenFromRequest(r *http.Request) string {
return r.URL.Query().Get("deleteToken")
}