ArchiveTeam
/
transfer.sh
forked from JustAnotherArchivist/transfer.sh
11
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
502 Commits
18 Branches
34 MiB
 
 
Tree: e4132f625b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e4132f625b'
${ noResults }
transfer.sh/server/handlers.go

1153 lines
29 KiB
Raw Blame History 

  1. /*

  2. The MIT License (MIT)

  3. 

  4. Copyright (c) 2014-2017 DutchCoders [https://github.com/dutchcoders/]

  5. 

  6. Permission is hereby granted, free of charge, to any person obtaining a copy

  7. of this software and associated documentation files (the "Software"), to deal

  8. in the Software without restriction, including without limitation the rights

  9. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10. copies of the Software, and to permit persons to whom the Software is

  11. furnished to do so, subject to the following conditions:

  12. 

  13. The above copyright notice and this permission notice shall be included in

  14. all copies or substantial portions of the Software.

  15. 

  16. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

  22. THE SOFTWARE.

  23. */

  24. 

  25. package server

  26. 

  27. import (

  28. 	// _ "transfer.sh/app/handlers"

  29. 	// _ "transfer.sh/app/utils"

  30. 

  31. 	"archive/tar"

  32. 	"archive/zip"

  33. 	"bytes"

  34. 	"compress/gzip"

  35. 	"encoding/json"

  36. 	"errors"

  37. 	"fmt"

  38. 	blackfriday "github.com/russross/blackfriday/v2"

  39. 	"html"

  40. 	html_template "html/template"

  41. 	"io"

  42. 	"io/ioutil"

  43. 	"log"

  44. 	"math/rand"

  45. 	"mime"

  46. 	"net/http"

  47. 	"net/url"

  48. 	"os"

  49. 	"path"

  50. 	"path/filepath"

  51. 	"strconv"

  52. 	"strings"

  53. 	"sync"

  54. 	text_template "text/template"

  55. 	"time"

  56. 

  57. 	"net"

  58. 

  59. 	"encoding/base64"

  60. 	web "github.com/dutchcoders/transfer.sh-web"

  61. 	"github.com/gorilla/mux"

  62. 	"github.com/microcosm-cc/bluemonday"

  63. 	"github.com/skip2/go-qrcode"

  64. 

  65. 	"github.com/klauspost/compress/zstd"

  66. )

  67. 

  68. const getPathPart = "get"

  69. 

  70. var (

  71. 	htmlTemplates = initHTMLTemplates()

  72. 	textTemplates = initTextTemplates()

  73. )

  74. 

  75. func stripPrefix(path string) string {

  76. 	return strings.Replace(path, web.Prefix+"/", "", -1)

  77. }

  78. 

  79. func initTextTemplates() *text_template.Template {

  80. 	templateMap := text_template.FuncMap{"format": formatNumber}

  81. 

  82. 	// Templates with functions available to them

  83. 	var templates = text_template.New("").Funcs(templateMap)

  84. 	return templates

  85. }

  86. 

  87. func initHTMLTemplates() *html_template.Template {

  88. 	templateMap := html_template.FuncMap{"format": formatNumber}

  89. 

  90. 	// Templates with functions available to them

  91. 	var templates = html_template.New("").Funcs(templateMap)

  92. 

  93. 	return templates

  94. }

  95. 

  96. func healthHandler(w http.ResponseWriter, r *http.Request) {

  97. 	fmt.Fprintf(w, "Approaching Neutral Zone, all systems normal and functioning.")

  98. }

  99. 

  100. /* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */

  101. func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {

  102. 	vars := mux.Vars(r)

  103. 

  104. 	token := vars["token"]

  105. 	filename := vars["filename"]

  106. 

  107. 	metadata, err := s.CheckMetadata(token, filename, false)

  108. 

  109. 	if err != nil {

  110. 		log.Printf("Error metadata: %s", err.Error())

  111. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  112. 		return

  113. 	}

  114. 

  115. 	contentType := metadata.ContentType

  116. 	contentLength, err := s.storage.Head(token, filename)

  117. 	if err != nil {

  118. 		http.Error(w, http.StatusText(404), 404)

  119. 		return

  120. 	}

  121. 

  122. 	var templatePath string

  123. 	var content html_template.HTML

  124. 

  125. 	switch {

  126. 	case strings.HasPrefix(contentType, "image/"):

  127. 		templatePath = "download.image.html"

  128. 	case strings.HasPrefix(contentType, "video/"):

  129. 		templatePath = "download.video.html"

  130. 	case strings.HasPrefix(contentType, "audio/"):

  131. 		templatePath = "download.audio.html"

  132. 	case strings.HasPrefix(contentType, "text/"):

  133. 		templatePath = "download.markdown.html"

  134. 

  135. 		var reader io.ReadCloser

  136. 		if reader, _, err = s.storage.Get(token, filename); err != nil {

  137. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  138. 			return

  139. 		}

  140. 

  141. 		var data []byte

  142. 		data = make([]byte, _5M)

  143. 		if _, err = reader.Read(data); err != io.EOF && err != nil {

  144. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  145. 			return

  146. 		}

  147. 

  148. 		if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {

  149. 			unsafe := blackfriday.Run(data)

  150. 			output := bluemonday.UGCPolicy().SanitizeBytes(unsafe)

  151. 			content = html_template.HTML(output)

  152. 		} else if strings.HasPrefix(contentType, "text/plain") {

  153. 			content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))

  154. 		} else {

  155. 			templatePath = "download.sandbox.html"

  156. 		}

  157. 

  158. 	default:

  159. 		templatePath = "download.html"

  160. 	}

  161. 

  162. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  163. 	resolvedURL := resolveURL(r, relativeURL, s.proxyPort)

  164. 	relativeURLGet, _ := url.Parse(path.Join(s.proxyPath, getPathPart, token, filename))

  165. 	resolvedURLGet := resolveURL(r, relativeURLGet, s.proxyPort)

  166. 	var png []byte

  167. 	png, err = qrcode.Encode(resolvedURL, qrcode.High, 150)

  168. 	if err != nil {

  169. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  170. 		return

  171. 	}

  172. 

  173. 	qrCode := base64.StdEncoding.EncodeToString(png)

  174. 

  175. 	hostname := getURL(r, s.proxyPort).Host

  176. 	webAddress := resolveWebAddress(r, s.proxyPath, s.proxyPort)

  177. 

  178. 	data := struct {

  179. 		ContentType   string

  180. 		Content       html_template.HTML

  181. 		Filename      string

  182. 		Url           string

  183. 		UrlGet        string

  184. 		Hostname      string

  185. 		WebAddress    string

  186. 		ContentLength uint64

  187. 		GAKey         string

  188. 		UserVoiceKey  string

  189. 		QRCode        string

  190. 	}{

  191. 		contentType,

  192. 		content,

  193. 		filename,

  194. 		resolvedURL,

  195. 		resolvedURLGet,

  196. 		hostname,

  197. 		webAddress,

  198. 		contentLength,

  199. 		s.gaKey,

  200. 		s.userVoiceKey,

  201. 		qrCode,

  202. 	}

  203. 

  204. 	if err := htmlTemplates.ExecuteTemplate(w, templatePath, data); err != nil {

  205. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  206. 		return

  207. 	}

  208. 

  209. }

  210. 

  211. // this handler will output html or text, depending on the

  212. // support of the client (Accept header).

  213. 

  214. func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {

  215. 	// vars := mux.Vars(r)

  216. 

  217. 	hostname := getURL(r, s.proxyPort).Host

  218. 	webAddress := resolveWebAddress(r, s.proxyPath, s.proxyPort)

  219. 

  220. 	data := struct {

  221. 		Hostname     string

  222. 		WebAddress   string

  223. 		GAKey        string

  224. 		UserVoiceKey string

  225. 	}{

  226. 		hostname,

  227. 		webAddress,

  228. 		s.gaKey,

  229. 		s.userVoiceKey,

  230. 	}

  231. 

  232. 	if acceptsHTML(r.Header) {

  233. 		if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {

  234. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  235. 			return

  236. 		}

  237. 	} else {

  238. 		if err := textTemplates.ExecuteTemplate(w, "index.txt", data); err != nil {

  239. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  240. 			return

  241. 		}

  242. 	}

  243. }

  244. 

  245. func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {

  246. 	http.Error(w, http.StatusText(404), 404)

  247. }

  248. 

  249. func sanitize(fileName string) string {

  250. 	return path.Clean(path.Base(fileName))

  251. }

  252. 

  253. func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

  254. 	if err := r.ParseMultipartForm(_24K); nil != err {

  255. 		log.Printf("%s", err.Error())

  256. 		http.Error(w, "Error occurred copying to output stream", 500)

  257. 		return

  258. 	}

  259. 

  260. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  261. 

  262. 	w.Header().Set("Content-Type", "text/plain")

  263. 

  264. 	for _, fheaders := range r.MultipartForm.File {

  265. 		for _, fheader := range fheaders {

  266. 			filename := sanitize(fheader.Filename)

  267. 			contentType := fheader.Header.Get("Content-Type")

  268. 

  269. 			if contentType == "" {

  270. 				contentType = mime.TypeByExtension(filepath.Ext(fheader.Filename))

  271. 			}

  272. 

  273. 			var f io.Reader

  274. 			var err error

  275. 

  276. 			if f, err = fheader.Open(); err != nil {

  277. 				log.Printf("%s", err.Error())

  278. 				http.Error(w, err.Error(), 500)

  279. 				return

  280. 			}

  281. 

  282. 			var b bytes.Buffer

  283. 

  284. 			n, err := io.CopyN(&b, f, _24K+1)

  285. 			if err != nil && err != io.EOF {

  286. 				log.Printf("%s", err.Error())

  287. 				http.Error(w, err.Error(), 500)

  288. 				return

  289. 			}

  290. 

  291. 			var file *os.File

  292. 			var reader io.Reader

  293. 

  294. 			if n > _24K {

  295. 				file, err = ioutil.TempFile(s.tempPath, "transfer-")

  296. 				if err != nil {

  297. 					log.Fatal(err)

  298. 				}

  299. 

  300. 				n, err = io.Copy(file, io.MultiReader(&b, f))

  301. 				if err != nil {

  302. 					cleanTmpFile(file)

  303. 

  304. 					log.Printf("%s", err.Error())

  305. 					http.Error(w, err.Error(), 500)

  306. 					return

  307. 				}

  308. 

  309. 				reader, err = os.Open(file.Name())

  310. 			} else {

  311. 				reader = bytes.NewReader(b.Bytes())

  312. 			}

  313. 

  314. 			contentLength := n

  315. 

  316. 			if s.maxUploadSize > 0 && contentLength > s.maxUploadSize {

  317. 				log.Print("Entity too large")

  318. 				http.Error(w, http.StatusText(http.StatusRequestEntityTooLarge), http.StatusRequestEntityTooLarge)

  319. 				return

  320. 			}

  321. 

  322. 			metadata := MetadataForRequest(contentType, r)

  323. 

  324. 			buffer := &bytes.Buffer{}

  325. 			if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  326. 				log.Printf("%s", err.Error())

  327. 				http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  328. 

  329. 				cleanTmpFile(file)

  330. 				return

  331. 			} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  332. 				log.Printf("%s", err.Error())

  333. 				http.Error(w, errors.New("Could not save metadata").Error(), 500)

  334. 

  335. 				cleanTmpFile(file)

  336. 				return

  337. 			}

  338. 

  339. 			log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  340. 

  341. 			if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  342. 				log.Printf("Backend storage error: %s", err.Error())

  343. 				http.Error(w, err.Error(), 500)

  344. 				return

  345. 

  346. 			}

  347. 

  348. 			filename = url.PathEscape(filename)

  349. 			relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  350. 			fmt.Fprintln(w, getURL(r, s.proxyPort).ResolveReference(relativeURL).String())

  351. 

  352. 			cleanTmpFile(file)

  353. 		}

  354. 	}

  355. }

  356. 

  357. func cleanTmpFile(f *os.File) {

  358. 	if f != nil {

  359. 		err := f.Close()

  360. 		if err != nil {

  361. 			log.Printf("Error closing tmpfile: %s (%s)", err, f.Name())

  362. 		}

  363. 

  364. 		err = os.Remove(f.Name())

  365. 		if err != nil {

  366. 			log.Printf("Error removing tmpfile: %s (%s)", err, f.Name())

  367. 		}

  368. 	}

  369. }

  370. 

  371. type Metadata struct {

  372. 	// ContentType is the original uploading content type

  373. 	ContentType string

  374. 	// Secret as knowledge to delete file

  375. 	// Secret string

  376. 	// Downloads is the actual number of downloads

  377. 	Downloads int

  378. 	// MaxDownloads contains the maximum numbers of downloads

  379. 	MaxDownloads int

  380. 	// MaxDate contains the max age of the file

  381. 	MaxDate time.Time

  382. 	// DeletionToken contains the token to match against for deletion

  383. 	DeletionToken string

  384. }

  385. 

  386. func MetadataForRequest(contentType string, r *http.Request) Metadata {

  387. 	metadata := Metadata{

  388. 		ContentType:   contentType,

  389. 		MaxDate:       time.Time{},

  390. 		Downloads:     0,

  391. 		MaxDownloads:  -1,

  392. 		DeletionToken: Encode(10000000+int64(rand.Intn(1000000000))) + Encode(10000000+int64(rand.Intn(1000000000))),

  393. 	}

  394. 

  395. 	if v := r.Header.Get("Max-Downloads"); v == "" {

  396. 	} else if v, err := strconv.Atoi(v); err != nil {

  397. 	} else {

  398. 		metadata.MaxDownloads = v

  399. 	}

  400. 

  401. 	if v := r.Header.Get("Max-Days"); v == "" {

  402. 	} else if v, err := strconv.Atoi(v); err != nil {

  403. 	} else {

  404. 		metadata.MaxDate = time.Now().Add(time.Hour * 24 * time.Duration(v))

  405. 	}

  406. 

  407. 	return metadata

  408. }

  409. 

  410. func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {

  411. 	vars := mux.Vars(r)

  412. 

  413. 	filename := sanitize(vars["filename"])

  414. 

  415. 	contentLength := r.ContentLength

  416. 

  417. 	var reader io.Reader

  418. 

  419. 	reader = r.Body

  420. 

  421. 	defer r.Body.Close()

  422. 

  423. 	if contentLength == -1 {

  424. 		// queue file to disk, because s3 needs content length

  425. 		var err error

  426. 		var f io.Reader

  427. 

  428. 		f = reader

  429. 

  430. 		var b bytes.Buffer

  431. 

  432. 		n, err := io.CopyN(&b, f, _24K+1)

  433. 		if err != nil && err != io.EOF {

  434. 			log.Printf("Error putting new file: %s", err.Error())

  435. 			http.Error(w, err.Error(), 500)

  436. 			return

  437. 		}

  438. 

  439. 		var file *os.File

  440. 

  441. 		if n > _24K {

  442. 			file, err = ioutil.TempFile(s.tempPath, "transfer-")

  443. 			if err != nil {

  444. 				log.Printf("%s", err.Error())

  445. 				http.Error(w, err.Error(), 500)

  446. 				return

  447. 			}

  448. 

  449. 			defer cleanTmpFile(file)

  450. 

  451. 			n, err = io.Copy(file, io.MultiReader(&b, f))

  452. 			if err != nil {

  453. 				log.Printf("%s", err.Error())

  454. 				http.Error(w, err.Error(), 500)

  455. 				return

  456. 			}

  457. 

  458. 			reader, err = os.Open(file.Name())

  459. 		} else {

  460. 			reader = bytes.NewReader(b.Bytes())

  461. 		}

  462. 

  463. 		contentLength = n

  464. 	}

  465. 

  466. 	if s.maxUploadSize > 0 && contentLength > s.maxUploadSize {

  467. 		log.Print("Entity too large")

  468. 		http.Error(w, http.StatusText(http.StatusRequestEntityTooLarge), http.StatusRequestEntityTooLarge)

  469. 		return

  470. 	}

  471. 

  472. 	if contentLength == 0 {

  473. 		log.Print("Empty content-length")

  474. 		http.Error(w, errors.New("Could not upload empty file").Error(), 400)

  475. 		return

  476. 	}

  477. 

  478. 	contentType := r.Header.Get("Content-Type")

  479. 

  480. 	if contentType == "" {

  481. 		contentType = mime.TypeByExtension(filepath.Ext(vars["filename"]))

  482. 	}

  483. 

  484. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  485. 

  486. 	metadata := MetadataForRequest(contentType, r)

  487. 

  488. 	buffer := &bytes.Buffer{}

  489. 	if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  490. 		log.Printf("%s", err.Error())

  491. 		http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  492. 		return

  493. 	} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  494. 		log.Printf("%s", err.Error())

  495. 		http.Error(w, errors.New("Could not save metadata").Error(), 500)

  496. 		return

  497. 	}

  498. 

  499. 	log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  500. 

  501. 	var err error

  502. 

  503. 	if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  504. 		log.Printf("Error putting new file: %s", err.Error())

  505. 		http.Error(w, errors.New("Could not save file").Error(), 500)

  506. 		return

  507. 	}

  508. 

  509. 	// w.Statuscode = 200

  510. 

  511. 	w.Header().Set("Content-Type", "text/plain")

  512. 

  513. 	filename = url.PathEscape(filename)

  514. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  515. 	deleteURL, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken))

  516. 

  517. 	w.Header().Set("X-Url-Delete", resolveURL(r, deleteURL, s.proxyPort))

  518. 

  519. 	fmt.Fprint(w, resolveURL(r, relativeURL, s.proxyPort))

  520. }

  521. 

  522. func resolveURL(r *http.Request, u *url.URL, proxyPort string) string {

  523. 	r.URL.Path = ""

  524. 

  525. 	return getURL(r, proxyPort).ResolveReference(u).String()

  526. }

  527. 

  528. func resolveKey(key, proxyPath string) string {

  529. 	if strings.HasPrefix(key, "/") {

  530. 		key = key[1:]

  531. 	}

  532. 

  533. 	if strings.HasPrefix(key, proxyPath) {

  534. 		key = key[len(proxyPath):]

  535. 	}

  536. 

  537. 	key = strings.Replace(key, "\\", "/", -1)

  538. 

  539. 	return key

  540. }

  541. 

  542. func resolveWebAddress(r *http.Request, proxyPath string, proxyPort string) string {

  543. 	url := getURL(r, proxyPort)

  544. 

  545. 	var webAddress string

  546. 

  547. 	if len(proxyPath) == 0 {

  548. 		webAddress = fmt.Sprintf("%s://%s/",

  549. 			url.ResolveReference(url).Scheme,

  550. 			url.ResolveReference(url).Host)

  551. 	} else {

  552. 		webAddress = fmt.Sprintf("%s://%s/%s",

  553. 			url.ResolveReference(url).Scheme,

  554. 			url.ResolveReference(url).Host,

  555. 			proxyPath)

  556. 	}

  557. 

  558. 	return webAddress

  559. }

  560. 

  561. // Similar to the logic found here:

  562. // https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/clone.go#L22-L33

  563. func cloneURL(u *url.URL) *url.URL {

  564. 	c := &url.URL{}

  565. 	*c = *u

  566. 

  567. 	if u.User != nil {

  568. 		c.User = &url.Userinfo{}

  569. 		*c.User = *u.User

  570. 	}

  571. 

  572. 	return c

  573. }

  574. 

  575. func getURL(r *http.Request, proxyPort string) *url.URL {

  576. 	u := cloneURL(r.URL)

  577. 

  578. 	if r.TLS != nil {

  579. 		u.Scheme = "https"

  580. 	} else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {

  581. 		u.Scheme = proto

  582. 	} else {

  583. 		u.Scheme = "http"

  584. 	}

  585. 

  586. 	if u.Host == "" {

  587. 		host, port, err := net.SplitHostPort(r.Host)

  588. 		if err != nil {

  589. 			host = r.Host

  590. 			port = ""

  591. 		}

  592. 		if len(proxyPort) != 0 {

  593. 			port = proxyPort

  594. 		}

  595. 		if len(port) == 0 {

  596. 			u.Host = host

  597. 		} else {

  598. 			if port == "80" && u.Scheme == "http" {

  599. 				u.Host = host

  600. 			} else if port == "443" && u.Scheme == "https" {

  601. 				u.Host = host

  602. 			} else {

  603. 				u.Host = net.JoinHostPort(host, port)

  604. 			}

  605. 		}

  606. 	}

  607. 

  608. 	return u

  609. }

  610. 

  611. func (metadata Metadata) remainingLimitHeaderValues() (remainingDownloads, remainingDays string) {

  612. 	if metadata.MaxDate.IsZero() {

  613. 		remainingDays = "n/a"

  614. 	} else {

  615. 		timeDifference := metadata.MaxDate.Sub(time.Now())

  616. 		remainingDays = strconv.Itoa(int(timeDifference.Hours()/24) + 1)

  617. 	}

  618. 

  619. 	if metadata.MaxDownloads == -1 {

  620. 		remainingDownloads = "n/a"

  621. 	} else {

  622. 		remainingDownloads = strconv.Itoa(metadata.MaxDownloads - metadata.Downloads)

  623. 	}

  624. 

  625. 	return remainingDownloads, remainingDays

  626. }

  627. 

  628. func (s *Server) Lock(token, filename string) {

  629. 	key := path.Join(token, filename)

  630. 

  631. 	lock, _ := s.locks.LoadOrStore(key, &sync.Mutex{})

  632. 	lock.(*sync.Mutex).Lock()

  633. }

  634. 

  635. func (s *Server) Unlock(token, filename string) {

  636. 	key := path.Join(token, filename)

  637. 

  638. 	lock, _ := s.locks.LoadOrStore(key, &sync.Mutex{})

  639. 	lock.(*sync.Mutex).Unlock()

  640. }

  641. 

  642. func (s *Server) CheckMetadata(token, filename string, increaseDownload bool) (Metadata, error) {

  643. 	s.Lock(token, filename)

  644. 	defer s.Unlock(token, filename)

  645. 

  646. 	var metadata Metadata

  647. 

  648. 	r, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  649. 	if err != nil {

  650. 		return metadata, err

  651. 	}

  652. 

  653. 	defer r.Close()

  654. 

  655. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  656. 		return metadata, err

  657. 	} else if metadata.MaxDownloads != -1 && metadata.Downloads >= metadata.MaxDownloads {

  658. 		return metadata, errors.New("MaxDownloads expired.")

  659. 	} else if !metadata.MaxDate.IsZero() && time.Now().After(metadata.MaxDate) {

  660. 		return metadata, errors.New("MaxDate expired.")

  661. 	} else if metadata.MaxDownloads != -1 && increaseDownload {

  662. 		// todo(nl5887): mutex?

  663. 

  664. 		// update number of downloads

  665. 		metadata.Downloads++

  666. 

  667. 		buffer := &bytes.Buffer{}

  668. 		if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  669. 			return metadata, errors.New("Could not encode metadata")

  670. 		} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  671. 			return metadata, errors.New("Could not save metadata")

  672. 		}

  673. 	}

  674. 

  675. 	return metadata, nil

  676. }

  677. 

  678. func (s *Server) CheckDeletionToken(deletionToken, token, filename string) error {

  679. 	s.Lock(token, filename)

  680. 	defer s.Unlock(token, filename)

  681. 

  682. 	var metadata Metadata

  683. 

  684. 	r, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  685. 	if s.storage.IsNotExist(err) {

  686. 		return nil

  687. 	} else if err != nil {

  688. 		return err

  689. 	}

  690. 

  691. 	defer r.Close()

  692. 

  693. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  694. 		return err

  695. 	} else if metadata.DeletionToken != deletionToken {

  696. 		return errors.New("Deletion token doesn't match.")

  697. 	}

  698. 

  699. 	return nil

  700. }

  701. 

  702. func (s *Server) purgeHandler() {

  703. 	ticker := time.NewTicker(s.purgeInterval)

  704. 	go func() {

  705. 		for {

  706. 			select {

  707. 			case <-ticker.C:

  708. 				err := s.storage.Purge(s.purgeDays)

  709. 				log.Printf("error cleaning up expired files: %v", err)

  710. 			}

  711. 		}

  712. 	}()

  713. }

  714. 

  715. func (s *Server) deleteHandler(w http.ResponseWriter, r *http.Request) {

  716. 	vars := mux.Vars(r)

  717. 

  718. 	token := vars["token"]

  719. 	filename := vars["filename"]

  720. 	deletionToken := vars["deletionToken"]

  721. 

  722. 	if err := s.CheckDeletionToken(deletionToken, token, filename); err != nil {

  723. 		log.Printf("Error metadata: %s", err.Error())

  724. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  725. 		return

  726. 	}

  727. 

  728. 	err := s.storage.Delete(token, filename)

  729. 	if s.storage.IsNotExist(err) {

  730. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  731. 		return

  732. 	} else if err != nil {

  733. 		log.Printf("%s", err.Error())

  734. 		http.Error(w, "Could not delete file.", 500)

  735. 		return

  736. 	}

  737. }

  738. 

  739. func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {

  740. 	vars := mux.Vars(r)

  741. 

  742. 	files := vars["files"]

  743. 

  744. 	zipfilename := fmt.Sprintf("transfersh-%d.zip", uint16(time.Now().UnixNano()))

  745. 

  746. 	w.Header().Set("Content-Type", "application/zip")

  747. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", zipfilename))

  748. 	w.Header().Set("Connection", "close")

  749. 

  750. 	zw := zip.NewWriter(w)

  751. 

  752. 	for _, key := range strings.Split(files, ",") {

  753. 		key = resolveKey(key, s.proxyPath)

  754. 

  755. 		token := strings.Split(key, "/")[0]

  756. 		filename := sanitize(strings.Split(key, "/")[1])

  757. 

  758. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  759. 			log.Printf("Error metadata: %s", err.Error())

  760. 			continue

  761. 		}

  762. 

  763. 		reader, _, err := s.storage.Get(token, filename)

  764. 

  765. 		if err != nil {

  766. 			if s.storage.IsNotExist(err) {

  767. 				http.Error(w, "File not found", 404)

  768. 				return

  769. 			} else {

  770. 				log.Printf("%s", err.Error())

  771. 				http.Error(w, "Could not retrieve file.", 500)

  772. 				return

  773. 			}

  774. 		}

  775. 

  776. 		defer reader.Close()

  777. 

  778. 		header := &zip.FileHeader{

  779. 			Name:         strings.Split(key, "/")[1],

  780. 			Method:       zip.Store,

  781. 			ModifiedTime: uint16(time.Now().UnixNano()),

  782. 			ModifiedDate: uint16(time.Now().UnixNano()),

  783. 		}

  784. 

  785. 		fw, err := zw.CreateHeader(header)

  786. 

  787. 		if err != nil {

  788. 			log.Printf("%s", err.Error())

  789. 			http.Error(w, "Internal server error.", 500)

  790. 			return

  791. 		}

  792. 

  793. 		if _, err = io.Copy(fw, reader); err != nil {

  794. 			log.Printf("%s", err.Error())

  795. 			http.Error(w, "Internal server error.", 500)

  796. 			return

  797. 		}

  798. 	}

  799. 

  800. 	if err := zw.Close(); err != nil {

  801. 		log.Printf("%s", err.Error())

  802. 		http.Error(w, "Internal server error.", 500)

  803. 		return

  804. 	}

  805. }

  806. 

  807. func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {

  808. 	vars := mux.Vars(r)

  809. 

  810. 	files := vars["files"]

  811. 

  812. 	tarfilename := fmt.Sprintf("transfersh-%d.tar.gz", uint16(time.Now().UnixNano()))

  813. 

  814. 	w.Header().Set("Content-Type", "application/x-gzip")

  815. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  816. 	w.Header().Set("Connection", "close")

  817. 

  818. 	os := gzip.NewWriter(w)

  819. 	defer os.Close()

  820. 

  821. 	zw := tar.NewWriter(os)

  822. 	defer zw.Close()

  823. 

  824. 	for _, key := range strings.Split(files, ",") {

  825. 		key = resolveKey(key, s.proxyPath)

  826. 

  827. 		token := strings.Split(key, "/")[0]

  828. 		filename := sanitize(strings.Split(key, "/")[1])

  829. 

  830. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  831. 			log.Printf("Error metadata: %s", err.Error())

  832. 			continue

  833. 		}

  834. 

  835. 		reader, contentLength, err := s.storage.Get(token, filename)

  836. 		if err != nil {

  837. 			if s.storage.IsNotExist(err) {

  838. 				http.Error(w, "File not found", 404)

  839. 				return

  840. 			} else {

  841. 				log.Printf("%s", err.Error())

  842. 				http.Error(w, "Could not retrieve file.", 500)

  843. 				return

  844. 			}

  845. 		}

  846. 

  847. 		defer reader.Close()

  848. 

  849. 		header := &tar.Header{

  850. 			Name: strings.Split(key, "/")[1],

  851. 			Size: int64(contentLength),

  852. 		}

  853. 

  854. 		err = zw.WriteHeader(header)

  855. 		if err != nil {

  856. 			log.Printf("%s", err.Error())

  857. 			http.Error(w, "Internal server error.", 500)

  858. 			return

  859. 		}

  860. 

  861. 		if _, err = io.Copy(zw, reader); err != nil {

  862. 			log.Printf("%s", err.Error())

  863. 			http.Error(w, "Internal server error.", 500)

  864. 			return

  865. 		}

  866. 	}

  867. }

  868. 

  869. func (s *Server) tarHandler(w http.ResponseWriter, r *http.Request) {

  870. 	vars := mux.Vars(r)

  871. 

  872. 	files := vars["files"]

  873. 

  874. 	tarfilename := fmt.Sprintf("transfersh-%d.tar", uint16(time.Now().UnixNano()))

  875. 

  876. 	w.Header().Set("Content-Type", "application/x-tar")

  877. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  878. 	w.Header().Set("Connection", "close")

  879. 

  880. 	zw := tar.NewWriter(w)

  881. 	defer zw.Close()

  882. 

  883. 	for _, key := range strings.Split(files, ",") {

  884. 		key = resolveKey(key, s.proxyPath)

  885. 

  886. 		token := strings.Split(key, "/")[0]

  887. 		filename := strings.Split(key, "/")[1]

  888. 

  889. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  890. 			log.Printf("Error metadata: %s", err.Error())

  891. 			continue

  892. 		}

  893. 

  894. 		reader, contentLength, err := s.storage.Get(token, filename)

  895. 		if err != nil {

  896. 			if s.storage.IsNotExist(err) {

  897. 				http.Error(w, "File not found", 404)

  898. 				return

  899. 			} else {

  900. 				log.Printf("%s", err.Error())

  901. 				http.Error(w, "Could not retrieve file.", 500)

  902. 				return

  903. 			}

  904. 		}

  905. 

  906. 		defer reader.Close()

  907. 

  908. 		header := &tar.Header{

  909. 			Name: strings.Split(key, "/")[1],

  910. 			Size: int64(contentLength),

  911. 		}

  912. 

  913. 		err = zw.WriteHeader(header)

  914. 		if err != nil {

  915. 			log.Printf("%s", err.Error())

  916. 			http.Error(w, "Internal server error.", 500)

  917. 			return

  918. 		}

  919. 

  920. 		if _, err = io.Copy(zw, reader); err != nil {

  921. 			log.Printf("%s", err.Error())

  922. 			http.Error(w, "Internal server error.", 500)

  923. 			return

  924. 		}

  925. 	}

  926. }

  927. 

  928. func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {

  929. 	vars := mux.Vars(r)

  930. 

  931. 	token := vars["token"]

  932. 	filename := vars["filename"]

  933. 	realFilename := filename

  934. 	useZstd := false

  935. 

  936. 	metadata, err := s.CheckMetadata(token, filename, false)

  937. 

  938. 	var contentType string

  939. 	if err != nil {

  940. 		log.Printf("Error metadata: %s; trying .zst", err.Error())

  941. 		useZstd = true

  942. 		filename += ".zst"

  943. 		metadata, err = s.CheckMetadata(token, filename, false)

  944. 		if err != nil {

  945. 			log.Printf("Error metadata .zst: %s", err.Error())

  946. 			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  947. 			return

  948. 		}

  949. 		contentType = mime.TypeByExtension(filepath.Ext(realFilename))

  950. 	} else {

  951. 		contentType = metadata.ContentType

  952. 	}

  953. 

  954. 	contentLength, err := s.storage.Head(token, filename)

  955. 	if s.storage.IsNotExist(err) {

  956. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  957. 		return

  958. 	} else if err != nil {

  959. 		log.Printf("%s", err.Error())

  960. 		http.Error(w, "Could not retrieve file.", 500)

  961. 		return

  962. 	}

  963. 

  964. 	remainingDownloads, remainingDays := metadata.remainingLimitHeaderValues()

  965. 

  966. 	if contentType != "" {

  967. 		w.Header().Set("Content-Type", contentType)

  968. 	}

  969. 	if !useZstd {

  970. 		w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  971. 	}

  972. 	w.Header().Set("Connection", "close")

  973. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  974. 	w.Header().Set("X-Remaining-Days", remainingDays)

  975. }

  976. 

  977. func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

  978. 	vars := mux.Vars(r)

  979. 

  980. 	action := vars["action"]

  981. 	token := vars["token"]

  982. 	filename := vars["filename"]

  983. 	realFilename := filename

  984. 	useZstd := false

  985. 

  986. 	metadata, err := s.CheckMetadata(token, filename, true)

  987. 

  988. 	if err != nil {

  989. 		log.Printf("Error metadata: %s; trying .zst", err.Error())

  990. 		useZstd = true

  991. 		filename += ".zst"

  992. 		metadata, err = s.CheckMetadata(token, filename, true)

  993. 		if err != nil {

  994. 			log.Printf("Error metadata .zst: %s", err.Error())

  995. 			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  996. 			return

  997. 		}

  998. 	}

  999. 

  1000. 	contentType := metadata.ContentType

  1001. 	reader, contentLength, err := s.storage.Get(token, filename)

  1002. 	if s.storage.IsNotExist(err) {

  1003. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  1004. 		return

  1005. 	} else if err != nil {

  1006. 		log.Printf("%s", err.Error())

  1007. 		http.Error(w, "Could not retrieve file.", 500)

  1008. 		return

  1009. 	}

  1010. 

  1011. 	defer reader.Close()

  1012. 

  1013. 	if useZstd {

  1014. 		contentType = mime.TypeByExtension(filepath.Ext(realFilename))

  1015. 

  1016. 		d, err := zstd.NewReader(reader)

  1017. 		if err != nil {

  1018. 			log.Printf("Failed to create zstd reader: %s", err.Error())

  1019. 			http.Error(w, "Could not retrieve file.", 500)

  1020. 			return

  1021. 		}

  1022. 

  1023. 		defer d.Close()

  1024. 

  1025. 		reader = d.IOReadCloser()

  1026. 	}

  1027. 

  1028. 	var disposition string

  1029. 	if action == "inline" {

  1030. 		disposition = "inline"

  1031. 	} else {

  1032. 		disposition = "attachment"

  1033. 	}

  1034. 

  1035. 	remainingDownloads, remainingDays := metadata.remainingLimitHeaderValues()

  1036. 

  1037. 	if contentType != "" {

  1038. 		w.Header().Set("Content-Type", contentType)

  1039. 	}

  1040. 	if !useZstd {

  1041. 		w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  1042. 	} else {

  1043. 		w.Header().Set("Transfer-Encoding", "chunked")

  1044. 	}

  1045. 	w.Header().Set("Content-Disposition", fmt.Sprintf("%s; filename=\"%s\"", disposition, realFilename))

  1046. 	w.Header().Set("Connection", "keep-alive")

  1047. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  1048. 	w.Header().Set("X-Remaining-Days", remainingDays)

  1049. 

  1050. 	if w.Header().Get("Range") == "" {

  1051. 		if _, err = io.Copy(w, reader); err != nil {

  1052. 			log.Printf("%s", err.Error())

  1053. 			http.Error(w, "Error occurred copying to output stream", 500)

  1054. 			return

  1055. 		}

  1056. 

  1057. 		return

  1058. 	}

  1059. 

  1060. 	file, err := ioutil.TempFile(s.tempPath, "range-")

  1061. 	if err != nil {

  1062. 		log.Printf("%s", err.Error())

  1063. 		http.Error(w, "Error occurred copying to output stream", 500)

  1064. 		return

  1065. 	}

  1066. 

  1067. 	defer cleanTmpFile(file)

  1068. 

  1069. 	tee := io.TeeReader(reader, file)

  1070. 	for {

  1071. 		b := make([]byte, _5M)

  1072. 		_, err = tee.Read(b)

  1073. 		if err == io.EOF {

  1074. 			break

  1075. 		}

  1076. 

  1077. 		if err != nil {

  1078. 			log.Printf("%s", err.Error())

  1079. 			http.Error(w, "Error occurred copying to output stream", 500)

  1080. 			return

  1081. 		}

  1082. 	}

  1083. 

  1084. 	http.ServeContent(w, r, filename, time.Unix(0, 0), file)

  1085. }

  1086. 

  1087. func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {

  1088. 	return func(w http.ResponseWriter, r *http.Request) {

  1089. 		if !s.forceHTTPs {

  1090. 			// we don't want to enforce https

  1091. 		} else if r.URL.Path == "/health.html" {

  1092. 			// health check url won't redirect

  1093. 		} else if strings.HasSuffix(ipAddrFromRemoteAddr(r.Host), ".onion") {

  1094. 			// .onion addresses cannot get a valid certificate, so don't redirect

  1095. 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {

  1096. 		} else if r.URL.Scheme == "https" {

  1097. 		} else {

  1098. 			u := getURL(r, s.proxyPort)

  1099. 			u.Scheme = "https"

  1100. 

  1101. 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

  1102. 			return

  1103. 		}

  1104. 

  1105. 		h.ServeHTTP(w, r)

  1106. 	}

  1107. }

  1108. 

  1109. // Create a log handler for every request it receives.

  1110. func LoveHandler(h http.Handler) http.HandlerFunc {

  1111. 	return func(w http.ResponseWriter, r *http.Request) {

  1112. 		w.Header().Set("x-made-with", "<3 by DutchCoders")

  1113. 		w.Header().Set("x-served-by", "Proudly served by DutchCoders")

  1114. 		w.Header().Set("Server", "Transfer.sh HTTP Server 1.0")

  1115. 		h.ServeHTTP(w, r)

  1116. 	}

  1117. }

  1118. 

  1119. func IPFilterHandler(h http.Handler, ipFilterOptions *IPFilterOptions) http.HandlerFunc {

  1120. 	return func(w http.ResponseWriter, r *http.Request) {

  1121. 		if ipFilterOptions == nil {

  1122. 			h.ServeHTTP(w, r)

  1123. 		} else {

  1124. 			WrapIPFilter(h, *ipFilterOptions).ServeHTTP(w, r)

  1125. 		}

  1126. 		return

  1127. 	}

  1128. }

  1129. 

  1130. func (s *Server) BasicAuthHandler(h http.Handler) http.HandlerFunc {

  1131. 	return func(w http.ResponseWriter, r *http.Request) {

  1132. 		if s.AuthUser == "" || s.AuthPass == "" {

  1133. 			h.ServeHTTP(w, r)

  1134. 			return

  1135. 		}

  1136. 

  1137. 		w.Header().Set("WWW-Authenticate", "Basic realm=\"Restricted\"")

  1138. 

  1139. 		username, password, authOK := r.BasicAuth()

  1140. 		if authOK == false {

  1141. 			http.Error(w, "Not authorized", 401)

  1142. 			return

  1143. 		}

  1144. 

  1145. 		if username != s.AuthUser || password != s.AuthPass {

  1146. 			http.Error(w, "Not authorized", 401)

  1147. 			return

  1148. 		}

  1149. 

  1150. 		h.ServeHTTP(w, r)

  1151. 	}

  1152. }