url length and expiry on post request

This commit is contained in:
Hugh Bord 2023-12-12 16:58:08 +08:00
parent 979c7e34d4
commit cb270d1e16

61
main.go
View File

@ -99,12 +99,12 @@ func Zeros(path string, size int64) error {
return nil return nil
} }
func NameGen() string { func NameGen(fileNameLength int) string {
const chars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789" const chars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ1234567890-_"
ll := len(chars) ll := len(chars)
b := make([]byte, conf.FileLen) b := make([]byte, fileNameLength)
rand.Read(b) // generates len(b) random bytes rand.Read(b) // generates len(b) random bytes
for i := int64(0); i < int64(conf.FileLen); i++ { for i := int64(0); i < int64(fileNameLength); i++ {
b[i] = chars[int(b[i])%ll] b[i] = chars[int(b[i])%ll]
} }
return string(b) return string(b)
@ -120,8 +120,12 @@ func CheckFile(name string) bool { // false if doesn't exist, true if exists
} }
func UploadHandler(w http.ResponseWriter, r *http.Request) { func UploadHandler(w http.ResponseWriter, r *http.Request) {
// expiry sanitize var name string
twentyfour := int64(conf.FileExpirySeconds) var expiryTime int64
var fileNameLength int
fileNameLength = 0
expiryTime = 0
file, _, err := r.FormFile("file") file, _, err := r.FormFile("file")
if err != nil { if err != nil {
@ -137,10 +141,47 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
} }
file.Seek(0, 0) file.Seek(0, 0)
// Check if expiry time is present and length is too long
if r.PostFormValue("expiry") != "" {
expiryTime, err = strconv.ParseInt(r.PostFormValue("expiry"), 10, 64)
if err != nil {
log.Error().Err(err).Msg("expiry could not be parsed")
} else {
// 5 days max
if expiryTime < 1 || expiryTime > 432000 {
w.WriteHeader(http.StatusBadRequest)
return
}
}
}
// Default to conf if not present
if expiryTime == 0 {
expiryTime = int64(conf.FileExpirySeconds)
}
// Check if the file length parameter exists and also if it's too long
if r.PostFormValue("url_len") != "" {
fileNameLength, err = strconv.Atoi(r.PostFormValue("url_len"))
if err != nil {
log.Error().Err(err).Msg("url_len could not be parsed")
} else {
// if the length is < 3 and > 128 return error
if fileNameLength < 3 || fileNameLength > 128 {
w.WriteHeader(http.StatusBadRequest)
return
}
}
}
// Default to conf if not present
if fileNameLength == 0 {
fileNameLength = conf.FileLen
}
// generate + check name // generate + check name
var name string
for { for {
id := NameGen() id := NameGen(fileNameLength)
name = id + mtype.Extension() name = id + mtype.Extension()
if !CheckFile(name) { if !CheckFile(name) {
break break
@ -149,14 +190,14 @@ func UploadHandler(w http.ResponseWriter, r *http.Request) {
err = db.Update(func(tx *bolt.Tx) error { err = db.Update(func(tx *bolt.Tx) error {
b := tx.Bucket([]byte("expiry")) b := tx.Bucket([]byte("expiry"))
err := b.Put([]byte(name), []byte(strconv.FormatInt(time.Now().Unix()+twentyfour, 10))) err := b.Put([]byte(name), []byte(strconv.FormatInt(time.Now().Unix()+expiryTime, 10)))
return err return err
}) })
if err != nil { if err != nil {
log.Error().Err(err).Msg("Failed to put expiry") log.Error().Err(err).Msg("Failed to put expiry")
} }
log.Info().Int64("expiry", twentyfour).Msg("Writing new file") log.Info().Int64("expiry", expiryTime).Msg("Writing new file")
f, err := os.OpenFile(conf.FileFolder+"/"+name, os.O_WRONLY|os.O_CREATE, 0644) f, err := os.OpenFile(conf.FileFolder+"/"+name, os.O_WRONLY|os.O_CREATE, 0644)
if err != nil { if err != nil {