2023-09-30 23:06:22 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2023-12-27 20:01:43 +00:00
|
|
|
"crypto/rand"
|
2023-09-30 23:06:22 +00:00
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"strconv"
|
2024-08-19 01:19:17 +00:00
|
|
|
"strings"
|
2023-09-30 23:06:22 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/BurntSushi/toml"
|
|
|
|
"github.com/gabriel-vasile/mimetype"
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/landlock-lsm/go-landlock/landlock"
|
|
|
|
"github.com/rs/zerolog"
|
|
|
|
"github.com/rs/zerolog/log"
|
2023-11-01 01:19:21 +00:00
|
|
|
bolt "go.etcd.io/bbolt"
|
2023-09-30 23:06:22 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
db *bolt.DB
|
|
|
|
conf Config
|
|
|
|
)
|
|
|
|
|
|
|
|
type Config struct {
|
2023-12-12 19:42:00 +00:00
|
|
|
Webroot string `toml:"webroot"`
|
|
|
|
LPort string `toml:"lport"`
|
|
|
|
VHost string `toml:"vhost"`
|
|
|
|
DBFile string `toml:"dbfile"`
|
|
|
|
FileLen int `toml:"filelen"`
|
|
|
|
FileFolder string `toml:"folder"`
|
2023-12-13 13:57:31 +00:00
|
|
|
DefaultTTL int `toml:"default_ttl"`
|
|
|
|
MaxTTL int `toml:"maximum_ttl"`
|
2023-09-30 23:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func LoadConf() {
|
|
|
|
if _, err := toml.DecodeFile("config.toml", &conf); err != nil {
|
|
|
|
log.Fatal().Err(err).Msg("unable to parse config.toml")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-01 13:11:34 +00:00
|
|
|
func Shred(path string) error {
|
2023-11-01 01:19:21 +00:00
|
|
|
fileinfo, err := os.Stat(path)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
size := fileinfo.Size()
|
2023-12-12 19:42:00 +00:00
|
|
|
if err = Scramble(path, size); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-12-12 19:42:00 +00:00
|
|
|
if err = Zeros(path, size); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-12-12 19:42:00 +00:00
|
|
|
if err = os.Remove(path); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-11-01 13:11:34 +00:00
|
|
|
func Scramble(path string, size int64) error {
|
2023-12-27 20:11:13 +00:00
|
|
|
file, err := os.OpenFile(path, os.O_RDWR, 0)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
for i := 0; i < 7; i++ { // 7 iterations
|
|
|
|
buff := make([]byte, size)
|
|
|
|
if _, err := rand.Read(buff); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
return err
|
|
|
|
}
|
2023-12-27 20:11:13 +00:00
|
|
|
if _, err := file.WriteAt(buff, 0); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-11-01 13:11:34 +00:00
|
|
|
func Zeros(path string, size int64) error {
|
2023-11-01 01:19:21 +00:00
|
|
|
file, err := os.OpenFile(path, os.O_RDWR, 0)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-11-01 13:11:34 +00:00
|
|
|
defer file.Close()
|
2023-11-01 01:19:21 +00:00
|
|
|
|
|
|
|
buff := make([]byte, size)
|
2023-12-27 20:21:33 +00:00
|
|
|
file.WriteAt(buff, 0)
|
2023-11-01 01:19:21 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-12-28 04:01:08 +00:00
|
|
|
func NameGen() string {
|
2023-12-13 13:47:04 +00:00
|
|
|
const chars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ0123456789"
|
2023-09-30 23:06:22 +00:00
|
|
|
ll := len(chars)
|
2023-12-28 04:01:08 +00:00
|
|
|
b := make([]byte, conf.FileLen)
|
2023-09-30 23:06:22 +00:00
|
|
|
rand.Read(b) // generates len(b) random bytes
|
2023-12-28 04:01:08 +00:00
|
|
|
for i := int64(0); i < int64(conf.FileLen); i++ {
|
2023-09-30 23:06:22 +00:00
|
|
|
b[i] = chars[int(b[i])%ll]
|
|
|
|
}
|
|
|
|
return string(b)
|
|
|
|
}
|
|
|
|
|
2023-12-12 20:04:32 +00:00
|
|
|
func Exists(path string) bool {
|
2023-12-12 19:42:00 +00:00
|
|
|
if _, err := os.Stat(path); os.IsNotExist(err) {
|
2023-09-30 23:06:22 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
func UploadHandler(w http.ResponseWriter, r *http.Request) {
|
2024-08-19 01:19:17 +00:00
|
|
|
var ttl int64 = 0 //expiration
|
2023-09-30 23:06:22 +00:00
|
|
|
|
|
|
|
file, _, err := r.FormFile("file")
|
|
|
|
if err != nil {
|
2024-08-19 01:19:17 +00:00
|
|
|
log.Error().Err(err).Msg("empty file form field")
|
2023-09-30 23:06:22 +00:00
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer file.Close()
|
|
|
|
|
|
|
|
mtype, err := mimetype.DetectReader(file)
|
|
|
|
if err != nil {
|
|
|
|
w.Write([]byte("error detecting the mime type of your file\n"))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
file.Seek(0, 0)
|
|
|
|
|
2023-12-13 09:42:53 +00:00
|
|
|
// Check if expiry time is present and length is too long
|
|
|
|
if r.PostFormValue("expiry") != "" {
|
|
|
|
ttl, err = strconv.ParseInt(r.PostFormValue("expiry"), 10, 64)
|
|
|
|
if err != nil {
|
|
|
|
log.Error().Err(err).Msg("expiry could not be parsed")
|
|
|
|
} else {
|
2023-12-13 13:57:31 +00:00
|
|
|
// Get maximum ttl length from config and kill upload if specified ttl is too long, this can probably be handled better in the future
|
|
|
|
if ttl < 1 || ttl > int64(conf.MaxTTL) {
|
2023-12-13 09:42:53 +00:00
|
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Default to conf if not present
|
|
|
|
if ttl == 0 {
|
2023-12-13 13:57:31 +00:00
|
|
|
ttl = int64(conf.DefaultTTL)
|
2023-12-13 09:42:53 +00:00
|
|
|
}
|
|
|
|
|
2023-09-30 23:06:22 +00:00
|
|
|
// generate + check name
|
2024-01-16 09:00:55 +00:00
|
|
|
var name string
|
2023-09-30 23:06:22 +00:00
|
|
|
for {
|
2023-12-28 04:01:08 +00:00
|
|
|
id := NameGen()
|
2023-09-30 23:06:22 +00:00
|
|
|
name = id + mtype.Extension()
|
2023-12-12 20:04:32 +00:00
|
|
|
if !Exists(conf.FileFolder + "/" + name) {
|
2023-09-30 23:06:22 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err = db.Update(func(tx *bolt.Tx) error {
|
|
|
|
b := tx.Bucket([]byte("expiry"))
|
2023-12-12 19:42:00 +00:00
|
|
|
err := b.Put([]byte(name), []byte(strconv.FormatInt(time.Now().Unix()+ttl, 10)))
|
2023-09-30 23:06:22 +00:00
|
|
|
return err
|
|
|
|
})
|
|
|
|
if err != nil {
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Error().Err(err).Msg("failed to put expiry")
|
2023-09-30 23:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
f, err := os.OpenFile(conf.FileFolder+"/"+name, os.O_WRONLY|os.O_CREATE, 0644)
|
|
|
|
if err != nil {
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Error().Err(err).Msg("error opening a file for write")
|
2023-09-30 23:06:22 +00:00
|
|
|
w.WriteHeader(http.StatusInternalServerError) // change to json
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
io.Copy(f, file)
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Info().Str("name", name).Int64("ttl", ttl).Msg("wrote new file")
|
|
|
|
|
|
|
|
hostedurl := "https://" + conf.VHost + "/uploads/" + name
|
2023-09-30 23:06:22 +00:00
|
|
|
|
2024-08-19 01:19:17 +00:00
|
|
|
if strings.Contains(name, "jpeg") || strings.Contains(name, "png") || strings.Contains(name, "jpg") || strings.Contains(name, "txt") || strings.Contains(name, "csv") || strings.Contains(name, "pdf") {
|
|
|
|
w.Header().Set("Location", hostedurl)
|
|
|
|
}
|
2023-12-12 19:42:00 +00:00
|
|
|
w.WriteHeader(http.StatusSeeOther)
|
2024-08-19 01:19:17 +00:00
|
|
|
w.Write([]byte(hostedurl + "\n"))
|
2023-09-30 23:06:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func Cull() {
|
|
|
|
for {
|
|
|
|
db.Update(func(tx *bolt.Tx) error {
|
|
|
|
b := tx.Bucket([]byte("expiry"))
|
|
|
|
c := b.Cursor()
|
|
|
|
for k, v := c.First(); k != nil; k, v = c.Next() {
|
|
|
|
eol, err := strconv.ParseInt(string(v), 10, 64)
|
|
|
|
if err != nil {
|
|
|
|
log.Error().Err(err).Bytes("k", k).Bytes("v", v).Msg("expiration time could not be parsed")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if time.Now().After(time.Unix(eol, 0)) {
|
2023-11-01 13:11:34 +00:00
|
|
|
if err := Shred(conf.FileFolder + "/" + string(k)); err != nil {
|
2023-11-01 01:19:21 +00:00
|
|
|
log.Error().Err(err).Msg("shredding failed")
|
|
|
|
} else {
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Info().Str("name", string(k)).Msg("shredded file")
|
2023-11-01 01:19:21 +00:00
|
|
|
}
|
2023-09-30 23:06:22 +00:00
|
|
|
c.Delete()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
time.Sleep(5 * time.Second)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
|
|
|
|
LoadConf()
|
|
|
|
|
2024-01-16 09:37:08 +00:00
|
|
|
var err error
|
2023-12-12 20:04:32 +00:00
|
|
|
if !Exists(conf.FileFolder) {
|
2024-01-16 09:37:08 +00:00
|
|
|
if err = os.Mkdir(conf.FileFolder, 0755); err != nil {
|
2023-12-12 20:04:32 +00:00
|
|
|
log.Fatal().Err(err).Msg("unable to create folder")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !Exists(conf.DBFile) {
|
2024-01-16 09:37:08 +00:00
|
|
|
if _, err = os.Create(conf.DBFile); err != nil {
|
2023-12-12 20:04:32 +00:00
|
|
|
log.Fatal().Err(err).Msg("unable to create database file")
|
|
|
|
}
|
|
|
|
}
|
2024-01-16 09:37:08 +00:00
|
|
|
if err = landlock.V2.BestEffort().RestrictPaths(
|
2023-11-01 13:11:34 +00:00
|
|
|
landlock.RWDirs(conf.FileFolder),
|
2023-11-01 01:19:21 +00:00
|
|
|
landlock.RWDirs(conf.Webroot),
|
2024-08-19 01:19:17 +00:00
|
|
|
// landlock.RWDirs("/tmp"),
|
2023-09-30 23:06:22 +00:00
|
|
|
landlock.RWFiles(conf.DBFile),
|
2024-01-16 09:00:55 +00:00
|
|
|
); err != nil {
|
2023-09-30 23:06:22 +00:00
|
|
|
log.Warn().Err(err).Msg("could not landlock")
|
|
|
|
}
|
|
|
|
|
2024-08-20 20:55:10 +00:00
|
|
|
if _, err = os.Open("/etc/passwd"); err == nil {
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Warn().Msg("landlock failed, could open /etc/passwd, are you on a 5.13+ kernel?")
|
2023-09-30 23:06:22 +00:00
|
|
|
} else {
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Info().Err(err).Msg("landlocked")
|
2023-09-30 23:06:22 +00:00
|
|
|
}
|
|
|
|
|
2024-01-16 09:37:08 +00:00
|
|
|
if db, err = bolt.Open(conf.DBFile, 0600, nil); err != nil {
|
2023-09-30 23:06:22 +00:00
|
|
|
log.Fatal().Err(err).Msg("unable to open database file")
|
|
|
|
}
|
|
|
|
db.Update(func(tx *bolt.Tx) error {
|
|
|
|
_, err := tx.CreateBucketIfNotExists([]byte("expiry"))
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal().Err(err).Msg("error creating expiry bucket")
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
})
|
|
|
|
|
|
|
|
r := mux.NewRouter()
|
|
|
|
r.HandleFunc("/", UploadHandler).Methods("POST")
|
2023-11-01 13:11:34 +00:00
|
|
|
r.HandleFunc("/uploads/{name}", func(w http.ResponseWriter, r *http.Request) {
|
2023-09-30 23:06:22 +00:00
|
|
|
vars := mux.Vars(r)
|
2023-12-12 20:04:32 +00:00
|
|
|
if !Exists(conf.FileFolder + "/" + vars["name"]) {
|
2023-09-30 23:06:22 +00:00
|
|
|
w.WriteHeader(http.StatusNotFound)
|
2023-12-12 19:42:00 +00:00
|
|
|
w.Write([]byte("file not found"))
|
2023-09-30 23:06:22 +00:00
|
|
|
} else {
|
|
|
|
http.ServeFile(w, r, conf.FileFolder+"/"+vars["name"])
|
|
|
|
}
|
|
|
|
}).Methods("GET")
|
|
|
|
r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
http.ServeFile(w, r, conf.Webroot+"/index.html")
|
2023-12-12 19:42:00 +00:00
|
|
|
})
|
|
|
|
r.HandleFunc("/{file}", func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
file := mux.Vars(r)["file"]
|
|
|
|
if _, err := os.Stat(conf.Webroot + "/" + file); os.IsNotExist(err) {
|
|
|
|
http.Redirect(w, r, "/", http.StatusSeeOther)
|
|
|
|
} else {
|
|
|
|
http.ServeFile(w, r, conf.Webroot+"/"+file)
|
|
|
|
}
|
2023-11-16 02:43:18 +00:00
|
|
|
}).Methods("GET")
|
2023-09-30 23:06:22 +00:00
|
|
|
http.Handle("/", r)
|
|
|
|
|
|
|
|
go Cull()
|
|
|
|
|
|
|
|
serv := &http.Server{
|
2024-08-19 01:19:17 +00:00
|
|
|
Addr: ":" + conf.LPort,
|
|
|
|
Handler: r,
|
|
|
|
ErrorLog: nil,
|
|
|
|
IdleTimeout: 60 * time.Second,
|
|
|
|
ReadTimeout: 600 * time.Second,
|
|
|
|
WriteTimeout: 600 * time.Second,
|
2023-09-30 23:06:22 +00:00
|
|
|
}
|
|
|
|
|
2023-12-12 19:42:00 +00:00
|
|
|
log.Warn().Msg("shredding is only effective on HDD volumes")
|
2023-11-01 13:11:34 +00:00
|
|
|
log.Info().Err(err).Msg("listening on port " + conf.LPort + "...")
|
2023-09-30 23:06:22 +00:00
|
|
|
|
|
|
|
if err := serv.ListenAndServe(); err != nil {
|
|
|
|
log.Fatal().Err(err).Msg("error starting server")
|
|
|
|
}
|
|
|
|
|
|
|
|
db.Close()
|
|
|
|
}
|