JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
322 Commits
17 Branches
34 MiB
 
 
 
Tree: ef49a98ee6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ef49a98ee6'
${ noResults }
transfer.sh/server/handlers.go

1017 lines
25 KiB
Raw Blame History 

  1. /*

  2. The MIT License (MIT)

  3. 

  4. Copyright (c) 2014-2017 DutchCoders [https://github.com/dutchcoders/]

  5. 

  6. Permission is hereby granted, free of charge, to any person obtaining a copy

  7. of this software and associated documentation files (the "Software"), to deal

  8. in the Software without restriction, including without limitation the rights

  9. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10. copies of the Software, and to permit persons to whom the Software is

  11. furnished to do so, subject to the following conditions:

  12. 

  13. The above copyright notice and this permission notice shall be included in

  14. all copies or substantial portions of the Software.

  15. 

  16. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

  22. THE SOFTWARE.

  23. */

  24. 

  25. package server

  26. 

  27. import (

  28. 	// _ "transfer.sh/app/handlers"

  29. 	// _ "transfer.sh/app/utils"

  30. 

  31. 	"archive/tar"

  32. 	"archive/zip"

  33. 	"bytes"

  34. 	"compress/gzip"

  35. 	"encoding/base64"

  36. 	"encoding/json"

  37. 	"errors"

  38. 	"fmt"

  39. 	"html"

  40. 	html_template "html/template"

  41. 	"io"

  42. 	"io/ioutil"

  43. 	"log"

  44. 	"math/rand"

  45. 	"mime"

  46. 	"net"

  47. 	"net/http"

  48. 	"net/url"

  49. 	"os"

  50. 	"path"

  51. 	"path/filepath"

  52. 	"strconv"

  53. 	"strings"

  54. 	"sync"

  55. 	text_template "text/template"

  56. 	"time"

  57. 

  58. 	web "github.com/dutchcoders/transfer.sh-web"

  59. 	"github.com/gorilla/mux"

  60. 	"github.com/russross/blackfriday"

  61. 

  62. 	"github.com/skip2/go-qrcode"

  63. 

  64. 	"github.com/klauspost/compress/zstd"

  65. )

  66. 

  67. var (

  68. 	htmlTemplates = initHTMLTemplates()

  69. 	textTemplates = initTextTemplates()

  70. )

  71. 

  72. func stripPrefix(path string) string {

  73. 	return strings.Replace(path, web.Prefix+"/", "", -1)

  74. }

  75. 

  76. func initTextTemplates() *text_template.Template {

  77. 	templateMap := text_template.FuncMap{"format": formatNumber}

  78. 

  79. 	// Templates with functions available to them

  80. 	var templates = text_template.New("").Funcs(templateMap)

  81. 	return templates

  82. }

  83. 

  84. func initHTMLTemplates() *html_template.Template {

  85. 	templateMap := html_template.FuncMap{"format": formatNumber}

  86. 

  87. 	// Templates with functions available to them

  88. 	var templates = html_template.New("").Funcs(templateMap)

  89. 

  90. 	return templates

  91. }

  92. 

  93. func healthHandler(w http.ResponseWriter, r *http.Request) {

  94. 	fmt.Fprintf(w, "Approaching Neutral Zone, all systems normal and functioning.")

  95. }

  96. 

  97. /* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */

  98. func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {

  99. 	vars := mux.Vars(r)

  100. 

  101. 	token := vars["token"]

  102. 	filename := vars["filename"]

  103. 

  104. 	contentType, contentLength, err := s.storage.Head(token, filename)

  105. 	if err != nil {

  106. 		http.Error(w, http.StatusText(404), 404)

  107. 		return

  108. 	}

  109. 

  110. 	var templatePath string

  111. 	var content html_template.HTML

  112. 

  113. 	switch {

  114. 	case strings.HasPrefix(contentType, "image/"):

  115. 		templatePath = "download.image.html"

  116. 	case strings.HasPrefix(contentType, "video/"):

  117. 		templatePath = "download.video.html"

  118. 	case strings.HasPrefix(contentType, "audio/"):

  119. 		templatePath = "download.audio.html"

  120. 	case strings.HasPrefix(contentType, "text/"):

  121. 		templatePath = "download.markdown.html"

  122. 

  123. 		var reader io.ReadCloser

  124. 		if reader, _, _, err = s.storage.Get(token, filename); err != nil {

  125. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  126. 			return

  127. 		}

  128. 

  129. 		var data []byte

  130. 		data = make([]byte, _5M)

  131. 		if _, err = reader.Read(data); err != io.EOF && err != nil {

  132. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  133. 			return

  134. 		}

  135. 

  136. 		if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {

  137. 			escapedData := html.EscapeString(string(data))

  138. 			output := blackfriday.MarkdownCommon([]byte(escapedData))

  139. 			content = html_template.HTML(output)

  140. 		} else if strings.HasPrefix(contentType, "text/plain") {

  141. 			content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))

  142. 		} else {

  143. 			templatePath = "download.sandbox.html"

  144. 		}

  145. 

  146. 	default:

  147. 		templatePath = "download.html"

  148. 	}

  149. 

  150. 	resolvedUrl := resolveUrl(r, getURL(r).ResolveReference(r.URL), true)

  151. 	var png []byte

  152. 	png, err = qrcode.Encode(resolvedUrl, qrcode.High, 150)

  153. 	if err != nil {

  154. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  155. 		return

  156. 	}

  157. 

  158. 	qrCode := base64.StdEncoding.EncodeToString(png)

  159. 

  160. 	hostname := getURL(r).Host

  161. 	webAddress := resolveWebAddress(r)

  162. 

  163. 	data := struct {

  164. 		ContentType   string

  165. 		Content       html_template.HTML

  166. 		Filename      string

  167. 		Url           string

  168. 		Hostname      string

  169. 		WebAddress    string

  170. 		ContentLength uint64

  171. 		GAKey         string

  172. 		UserVoiceKey  string

  173. 		QRCode        string

  174. 	}{

  175. 		contentType,

  176. 		content,

  177. 		filename,

  178. 		resolvedUrl,

  179. 		hostname,

  180. 		webAddress,

  181. 		contentLength,

  182. 		s.gaKey,

  183. 		s.userVoiceKey,

  184. 		qrCode,

  185. 	}

  186. 

  187. 	if err := htmlTemplates.ExecuteTemplate(w, templatePath, data); err != nil {

  188. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  189. 		return

  190. 	}

  191. 

  192. }

  193. 

  194. // this handler will output html or text, depending on the

  195. // support of the client (Accept header).

  196. 

  197. func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {

  198. 	// vars := mux.Vars(r)

  199. 

  200. 	hostname := getURL(r).Host

  201. 	webAddress := resolveWebAddress(r)

  202. 

  203. 	data := struct {

  204. 		Hostname     string

  205. 		WebAddress   string

  206. 		GAKey        string

  207. 		UserVoiceKey string

  208. 	}{

  209. 		hostname,

  210. 		webAddress,

  211. 		s.gaKey,

  212. 		s.userVoiceKey,

  213. 	}

  214. 

  215. 	if acceptsHTML(r.Header) {

  216. 		if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {

  217. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  218. 			return

  219. 		}

  220. 	} else {

  221. 		if err := textTemplates.ExecuteTemplate(w, "index.txt", data); err != nil {

  222. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  223. 			return

  224. 		}

  225. 	}

  226. }

  227. 

  228. func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {

  229. 	http.Error(w, http.StatusText(404), 404)

  230. }

  231. 

  232. func sanitize(fileName string) string {

  233. 	return path.Clean(path.Base(fileName))

  234. }

  235. 

  236. func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

  237. 	if err := r.ParseMultipartForm(_24K); nil != err {

  238. 		log.Printf("%s", err.Error())

  239. 		http.Error(w, "Error occurred copying to output stream", 500)

  240. 		return

  241. 	}

  242. 

  243. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  244. 

  245. 	w.Header().Set("Content-Type", "text/plain")

  246. 

  247. 	for _, fheaders := range r.MultipartForm.File {

  248. 		for _, fheader := range fheaders {

  249. 			filename := sanitize(fheader.Filename)

  250. 			contentType := fheader.Header.Get("Content-Type")

  251. 

  252. 			if contentType == "" {

  253. 				contentType = mime.TypeByExtension(filepath.Ext(fheader.Filename))

  254. 			}

  255. 

  256. 			var f io.Reader

  257. 			var err error

  258. 

  259. 			if f, err = fheader.Open(); err != nil {

  260. 				log.Printf("%s", err.Error())

  261. 				http.Error(w, err.Error(), 500)

  262. 				return

  263. 			}

  264. 

  265. 			var b bytes.Buffer

  266. 

  267. 			n, err := io.CopyN(&b, f, _24K+1)

  268. 			if err != nil && err != io.EOF {

  269. 				log.Printf("%s", err.Error())

  270. 				http.Error(w, err.Error(), 500)

  271. 				return

  272. 			}

  273. 

  274. 			var file *os.File

  275. 			var reader io.Reader

  276. 

  277. 			if n > _24K {

  278. 				file, err = ioutil.TempFile(s.tempPath, "transfer-")

  279. 				if err != nil {

  280. 					log.Fatal(err)

  281. 				}

  282. 

  283. 				n, err = io.Copy(file, io.MultiReader(&b, f))

  284. 				if err != nil {

  285. 					cleanTmpFile(file)

  286. 

  287. 					log.Printf("%s", err.Error())

  288. 					http.Error(w, err.Error(), 500)

  289. 					return

  290. 				}

  291. 

  292. 				reader, err = os.Open(file.Name())

  293. 			} else {

  294. 				reader = bytes.NewReader(b.Bytes())

  295. 			}

  296. 

  297. 			contentLength := n

  298. 

  299. 			metadata := MetadataForRequest(contentType, r)

  300. 

  301. 			buffer := &bytes.Buffer{}

  302. 			if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  303. 				log.Printf("%s", err.Error())

  304. 				http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  305. 

  306. 				cleanTmpFile(file)

  307. 				return

  308. 			} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  309. 				log.Printf("%s", err.Error())

  310. 				http.Error(w, errors.New("Could not save metadata").Error(), 500)

  311. 

  312. 				cleanTmpFile(file)

  313. 				return

  314. 			}

  315. 

  316. 			log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  317. 

  318. 			if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  319. 				log.Printf("Backend storage error: %s", err.Error())

  320. 				http.Error(w, err.Error(), 500)

  321. 				return

  322. 

  323. 			}

  324. 

  325. 			filename = url.PathEscape(filename)

  326. 			relativeURL, _ := url.Parse(path.Join(token, filename))

  327. 			fmt.Fprintln(w, getURL(r).ResolveReference(relativeURL).String())

  328. 

  329. 			cleanTmpFile(file)

  330. 		}

  331. 	}

  332. }

  333. 

  334. func cleanTmpFile(f *os.File) {

  335. 	if f != nil {

  336. 		err := f.Close()

  337. 		if err != nil {

  338. 			log.Printf("Error closing tmpfile: %s (%s)", err, f.Name())

  339. 		}

  340. 

  341. 		err = os.Remove(f.Name())

  342. 		if err != nil {

  343. 			log.Printf("Error removing tmpfile: %s (%s)", err, f.Name())

  344. 		}

  345. 	}

  346. }

  347. 

  348. type Metadata struct {

  349. 	// ContentType is the original uploading content type

  350. 	ContentType string

  351. 	// Secret as knowledge to delete file

  352. 	// Secret string

  353. 	// Downloads is the actual number of downloads

  354. 	Downloads int

  355. 	// MaxDownloads contains the maximum numbers of downloads

  356. 	MaxDownloads int

  357. 	// MaxDate contains the max age of the file

  358. 	MaxDate time.Time

  359. 	// DeletionToken contains the token to match against for deletion

  360. 	DeletionToken string

  361. }

  362. 

  363. func MetadataForRequest(contentType string, r *http.Request) Metadata {

  364. 	metadata := Metadata{

  365. 		ContentType:   contentType,

  366. 		MaxDate:       time.Now().Add(time.Hour * 24 * 365 * 10),

  367. 		Downloads:     0,

  368. 		MaxDownloads:  99999999,

  369. 		DeletionToken: Encode(10000000+int64(rand.Intn(1000000000))) + Encode(10000000+int64(rand.Intn(1000000000))),

  370. 	}

  371. 

  372. 	if v := r.Header.Get("Max-Downloads"); v == "" {

  373. 	} else if v, err := strconv.Atoi(v); err != nil {

  374. 	} else {

  375. 		metadata.MaxDownloads = v

  376. 	}

  377. 

  378. 	if v := r.Header.Get("Max-Days"); v == "" {

  379. 	} else if v, err := strconv.Atoi(v); err != nil {

  380. 	} else {

  381. 		metadata.MaxDate = time.Now().Add(time.Hour * 24 * time.Duration(v))

  382. 	}

  383. 

  384. 	return metadata

  385. }

  386. 

  387. func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {

  388. 	vars := mux.Vars(r)

  389. 

  390. 	filename := sanitize(vars["filename"])

  391. 

  392. 	contentLength := r.ContentLength

  393. 

  394. 	var reader io.Reader

  395. 

  396. 	reader = r.Body

  397. 

  398. 	defer r.Body.Close()

  399. 

  400. 	if contentLength == -1 {

  401. 		// queue file to disk, because s3 needs content length

  402. 		var err error

  403. 		var f io.Reader

  404. 

  405. 		f = reader

  406. 

  407. 		var b bytes.Buffer

  408. 

  409. 		n, err := io.CopyN(&b, f, _24K+1)

  410. 		if err != nil && err != io.EOF {

  411. 			log.Printf("Error putting new file: %s", err.Error())

  412. 			http.Error(w, err.Error(), 500)

  413. 			return

  414. 		}

  415. 

  416. 		var file *os.File

  417. 

  418. 		if n > _24K {

  419. 			file, err = ioutil.TempFile(s.tempPath, "transfer-")

  420. 			if err != nil {

  421. 				log.Printf("%s", err.Error())

  422. 				http.Error(w, err.Error(), 500)

  423. 				return

  424. 			}

  425. 

  426. 			defer cleanTmpFile(file)

  427. 

  428. 			n, err = io.Copy(file, io.MultiReader(&b, f))

  429. 			if err != nil {

  430. 				log.Printf("%s", err.Error())

  431. 				http.Error(w, err.Error(), 500)

  432. 				return

  433. 			}

  434. 

  435. 			reader, err = os.Open(file.Name())

  436. 		} else {

  437. 			reader = bytes.NewReader(b.Bytes())

  438. 		}

  439. 

  440. 		contentLength = n

  441. 	}

  442. 

  443. 	if contentLength == 0 {

  444. 		log.Print("Empty content-length")

  445. 		http.Error(w, errors.New("Could not upload empty file").Error(), 400)

  446. 		return

  447. 	}

  448. 

  449. 	contentType := r.Header.Get("Content-Type")

  450. 

  451. 	if contentType == "" {

  452. 		contentType = mime.TypeByExtension(filepath.Ext(vars["filename"]))

  453. 	}

  454. 

  455. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  456. 

  457. 	metadata := MetadataForRequest(contentType, r)

  458. 

  459. 	buffer := &bytes.Buffer{}

  460. 	if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  461. 		log.Printf("%s", err.Error())

  462. 		http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  463. 		return

  464. 	} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  465. 		log.Printf("%s", err.Error())

  466. 		http.Error(w, errors.New("Could not save metadata").Error(), 500)

  467. 		return

  468. 	}

  469. 

  470. 	log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  471. 

  472. 	var err error

  473. 

  474. 	if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  475. 		log.Printf("Error putting new file: %s", err.Error())

  476. 		http.Error(w, errors.New("Could not save file").Error(), 500)

  477. 		return

  478. 	}

  479. 

  480. 	// w.Statuscode = 200

  481. 

  482. 	w.Header().Set("Content-Type", "text/plain")

  483. 

  484. 	filename = url.PathEscape(filename)

  485. 	relativeURL, _ := url.Parse(path.Join(token, filename))

  486. 	deleteUrl, _ := url.Parse(path.Join(token, filename, metadata.DeletionToken))

  487. 

  488. 	w.Header().Set("X-Url-Delete", resolveUrl(r, deleteUrl, true))

  489. 

  490. 	fmt.Fprint(w, resolveUrl(r, relativeURL, false))

  491. }

  492. 

  493. func resolveUrl(r *http.Request, u *url.URL, absolutePath bool) string {

  494. 	if absolutePath {

  495. 		r.URL.Path = ""

  496. 	}

  497. 

  498. 	return getURL(r).ResolveReference(u).String()

  499. }

  500. 

  501. func resolveWebAddress(r *http.Request) string {

  502. 	url := getURL(r)

  503. 

  504. 	return fmt.Sprintf("%s://%s", url.ResolveReference(url).Scheme, url.ResolveReference(url).Host)

  505. }

  506. 

  507. func getURL(r *http.Request) *url.URL {

  508. 	u, _ := url.Parse(r.URL.String())

  509. 

  510. 	if r.TLS != nil {

  511. 		u.Scheme = "https"

  512. 	} else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {

  513. 		u.Scheme = proto

  514. 	} else {

  515. 		u.Scheme = "http"

  516. 	}

  517. 

  518. 	if u.Host != "" {

  519. 	} else if host, port, err := net.SplitHostPort(r.Host); err != nil {

  520. 		u.Host = r.Host

  521. 	} else {

  522. 		if port == "80" && u.Scheme == "http" {

  523. 			u.Host = host

  524. 		} else if port == "443" && u.Scheme == "https" {

  525. 			u.Host = host

  526. 		} else {

  527. 			u.Host = net.JoinHostPort(host, port)

  528. 		}

  529. 	}

  530. 

  531. 	return u

  532. }

  533. 

  534. func (s *Server) Lock(token, filename string) error {

  535. 	key := path.Join(token, filename)

  536. 

  537. 	if _, ok := s.locks[key]; !ok {

  538. 		s.locks[key] = &sync.Mutex{}

  539. 	}

  540. 

  541. 	s.locks[key].Lock()

  542. 

  543. 	return nil

  544. }

  545. 

  546. func (s *Server) Unlock(token, filename string) error {

  547. 	key := path.Join(token, filename)

  548. 	s.locks[key].Unlock()

  549. 

  550. 	return nil

  551. }

  552. 

  553. func (s *Server) CheckMetadata(token, filename string) error {

  554. 	s.Lock(token, filename)

  555. 	defer s.Unlock(token, filename)

  556. 

  557. 	var metadata Metadata

  558. 

  559. 	r, _, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  560. 	//if s.storage.IsNotExist(err) {

  561. 	// return nil

  562. 	//} else if err != nil {

  563. 	if err != nil {

  564. 		return err

  565. 	}

  566. 

  567. 	defer r.Close()

  568. 

  569. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  570. 		return err

  571. 	} else if metadata.Downloads >= metadata.MaxDownloads {

  572. 		return errors.New("MaxDownloads expired.")

  573. 	} else if time.Now().After(metadata.MaxDate) {

  574. 		return errors.New("MaxDate expired.")

  575. 	} else {

  576. 		// todo(nl5887): mutex?

  577. 

  578. 		// update number of downloads

  579. 		metadata.Downloads++

  580. 

  581. 		buffer := &bytes.Buffer{}

  582. 		if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  583. 			return errors.New("Could not encode metadata")

  584. 		} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  585. 			return errors.New("Could not save metadata")

  586. 		}

  587. 	}

  588. 

  589. 	return nil

  590. }

  591. 

  592. func (s *Server) CheckDeletionToken(deletionToken, token, filename string) error {

  593. 	s.Lock(token, filename)

  594. 	defer s.Unlock(token, filename)

  595. 

  596. 	var metadata Metadata

  597. 

  598. 	r, _, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  599. 	if s.storage.IsNotExist(err) {

  600. 		return nil

  601. 	} else if err != nil {

  602. 		return err

  603. 	}

  604. 

  605. 	defer r.Close()

  606. 

  607. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  608. 		return err

  609. 	} else if metadata.DeletionToken != deletionToken {

  610. 		return errors.New("Deletion token doesn't match.")

  611. 	}

  612. 

  613. 	return nil

  614. }

  615. 

  616. func (s *Server) deleteHandler(w http.ResponseWriter, r *http.Request) {

  617. 	vars := mux.Vars(r)

  618. 

  619. 	token := vars["token"]

  620. 	filename := vars["filename"]

  621. 	deletionToken := vars["deletionToken"]

  622. 

  623. 	if err := s.CheckDeletionToken(deletionToken, token, filename); err != nil {

  624. 		log.Printf("Error metadata: %s", err.Error())

  625. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  626. 		return

  627. 	}

  628. 

  629. 	err := s.storage.Delete(token, filename)

  630. 	if s.storage.IsNotExist(err) {

  631. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  632. 		return

  633. 	} else if err != nil {

  634. 		log.Printf("%s", err.Error())

  635. 		http.Error(w, "Could not delete file.", 500)

  636. 		return

  637. 	}

  638. }

  639. 

  640. func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {

  641. 	vars := mux.Vars(r)

  642. 

  643. 	files := vars["files"]

  644. 

  645. 	zipfilename := fmt.Sprintf("transfersh-%d.zip", uint16(time.Now().UnixNano()))

  646. 

  647. 	w.Header().Set("Content-Type", "application/zip")

  648. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", zipfilename))

  649. 	w.Header().Set("Connection", "close")

  650. 

  651. 	zw := zip.NewWriter(w)

  652. 

  653. 	for _, key := range strings.Split(files, ",") {

  654. 		if strings.HasPrefix(key, "/") {

  655. 			key = key[1:]

  656. 		}

  657. 

  658. 		key = strings.Replace(key, "\\", "/", -1)

  659. 

  660. 		token := strings.Split(key, "/")[0]

  661. 		filename := sanitize(strings.Split(key, "/")[1])

  662. 

  663. 		if err := s.CheckMetadata(token, filename); err != nil {

  664. 			log.Printf("Error metadata: %s", err.Error())

  665. 			continue

  666. 		}

  667. 

  668. 		reader, _, _, err := s.storage.Get(token, filename)

  669. 

  670. 		if err != nil {

  671. 			if s.storage.IsNotExist(err) {

  672. 				http.Error(w, "File not found", 404)

  673. 				return

  674. 			} else {

  675. 				log.Printf("%s", err.Error())

  676. 				http.Error(w, "Could not retrieve file.", 500)

  677. 				return

  678. 			}

  679. 		}

  680. 

  681. 		defer reader.Close()

  682. 

  683. 		header := &zip.FileHeader{

  684. 			Name:         strings.Split(key, "/")[1],

  685. 			Method:       zip.Store,

  686. 			ModifiedTime: uint16(time.Now().UnixNano()),

  687. 			ModifiedDate: uint16(time.Now().UnixNano()),

  688. 		}

  689. 

  690. 		fw, err := zw.CreateHeader(header)

  691. 

  692. 		if err != nil {

  693. 			log.Printf("%s", err.Error())

  694. 			http.Error(w, "Internal server error.", 500)

  695. 			return

  696. 		}

  697. 

  698. 		if _, err = io.Copy(fw, reader); err != nil {

  699. 			log.Printf("%s", err.Error())

  700. 			http.Error(w, "Internal server error.", 500)

  701. 			return

  702. 		}

  703. 	}

  704. 

  705. 	if err := zw.Close(); err != nil {

  706. 		log.Printf("%s", err.Error())

  707. 		http.Error(w, "Internal server error.", 500)

  708. 		return

  709. 	}

  710. }

  711. 

  712. func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {

  713. 	vars := mux.Vars(r)

  714. 

  715. 	files := vars["files"]

  716. 

  717. 	tarfilename := fmt.Sprintf("transfersh-%d.tar.gz", uint16(time.Now().UnixNano()))

  718. 

  719. 	w.Header().Set("Content-Type", "application/x-gzip")

  720. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  721. 	w.Header().Set("Connection", "close")

  722. 

  723. 	os := gzip.NewWriter(w)

  724. 	defer os.Close()

  725. 

  726. 	zw := tar.NewWriter(os)

  727. 	defer zw.Close()

  728. 

  729. 	for _, key := range strings.Split(files, ",") {

  730. 		if strings.HasPrefix(key, "/") {

  731. 			key = key[1:]

  732. 		}

  733. 

  734. 		key = strings.Replace(key, "\\", "/", -1)

  735. 

  736. 		token := strings.Split(key, "/")[0]

  737. 		filename := sanitize(strings.Split(key, "/")[1])

  738. 

  739. 		if err := s.CheckMetadata(token, filename); err != nil {

  740. 			log.Printf("Error metadata: %s", err.Error())

  741. 			continue

  742. 		}

  743. 

  744. 		reader, _, contentLength, err := s.storage.Get(token, filename)

  745. 		if err != nil {

  746. 			if s.storage.IsNotExist(err) {

  747. 				http.Error(w, "File not found", 404)

  748. 				return

  749. 			} else {

  750. 				log.Printf("%s", err.Error())

  751. 				http.Error(w, "Could not retrieve file.", 500)

  752. 				return

  753. 			}

  754. 		}

  755. 

  756. 		defer reader.Close()

  757. 

  758. 		header := &tar.Header{

  759. 			Name: strings.Split(key, "/")[1],

  760. 			Size: int64(contentLength),

  761. 		}

  762. 

  763. 		err = zw.WriteHeader(header)

  764. 		if err != nil {

  765. 			log.Printf("%s", err.Error())

  766. 			http.Error(w, "Internal server error.", 500)

  767. 			return

  768. 		}

  769. 

  770. 		if _, err = io.Copy(zw, reader); err != nil {

  771. 			log.Printf("%s", err.Error())

  772. 			http.Error(w, "Internal server error.", 500)

  773. 			return

  774. 		}

  775. 	}

  776. }

  777. 

  778. func (s *Server) tarHandler(w http.ResponseWriter, r *http.Request) {

  779. 	vars := mux.Vars(r)

  780. 

  781. 	files := vars["files"]

  782. 

  783. 	tarfilename := fmt.Sprintf("transfersh-%d.tar", uint16(time.Now().UnixNano()))

  784. 

  785. 	w.Header().Set("Content-Type", "application/x-tar")

  786. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  787. 	w.Header().Set("Connection", "close")

  788. 

  789. 	zw := tar.NewWriter(w)

  790. 	defer zw.Close()

  791. 

  792. 	for _, key := range strings.Split(files, ",") {

  793. 		token := strings.Split(key, "/")[0]

  794. 		filename := strings.Split(key, "/")[1]

  795. 

  796. 		if err := s.CheckMetadata(token, filename); err != nil {

  797. 			log.Printf("Error metadata: %s", err.Error())

  798. 			continue

  799. 		}

  800. 

  801. 		reader, _, contentLength, err := s.storage.Get(token, filename)

  802. 		if err != nil {

  803. 			if s.storage.IsNotExist(err) {

  804. 				http.Error(w, "File not found", 404)

  805. 				return

  806. 			} else {

  807. 				log.Printf("%s", err.Error())

  808. 				http.Error(w, "Could not retrieve file.", 500)

  809. 				return

  810. 			}

  811. 		}

  812. 

  813. 		defer reader.Close()

  814. 

  815. 		header := &tar.Header{

  816. 			Name: strings.Split(key, "/")[1],

  817. 			Size: int64(contentLength),

  818. 		}

  819. 

  820. 		err = zw.WriteHeader(header)

  821. 		if err != nil {

  822. 			log.Printf("%s", err.Error())

  823. 			http.Error(w, "Internal server error.", 500)

  824. 			return

  825. 		}

  826. 

  827. 		if _, err = io.Copy(zw, reader); err != nil {

  828. 			log.Printf("%s", err.Error())

  829. 			http.Error(w, "Internal server error.", 500)

  830. 			return

  831. 		}

  832. 	}

  833. }

  834. 

  835. func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {

  836. 	vars := mux.Vars(r)

  837. 

  838. 	token := vars["token"]

  839. 	filename := vars["filename"]

  840. 

  841. 	if err := s.CheckMetadata(token, filename); err != nil {

  842. 		log.Printf("Error metadata: %s", err.Error())

  843. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  844. 		return

  845. 	}

  846. 

  847. 	contentType, contentLength, err := s.storage.Head(token, filename)

  848. 	if s.storage.IsNotExist(err) {

  849. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  850. 		return

  851. 	} else if err != nil {

  852. 		log.Printf("%s", err.Error())

  853. 		http.Error(w, "Could not retrieve file.", 500)

  854. 		return

  855. 	}

  856. 

  857. 	w.Header().Set("Content-Type", contentType)

  858. 	w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  859. 	w.Header().Set("Connection", "close")

  860. }

  861. 

  862. func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

  863. 	vars := mux.Vars(r)

  864. 

  865. 	action := vars["action"]

  866. 	token := vars["token"]

  867. 	filename := vars["filename"]

  868. 	realFilename := filename

  869. 	useZST := false

  870. 

  871. 	if err := s.CheckMetadata(token, filename); err != nil {

  872. 		log.Printf("Error metadata: %v; trying with .zst", err)

  873. 

  874. 		useZST = true

  875. 		filename += ".zst"

  876. 		if err := s.CheckMetadata(token, filename); err != nil {

  877. 			log.Printf("Error metadata: %v", err)

  878. 			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  879. 			return

  880. 		}

  881. 	}

  882. 

  883. 	reader, contentType, contentLength, err := s.storage.Get(token, filename)

  884. 	if s.storage.IsNotExist(err) {

  885. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  886. 		return

  887. 	} else if err != nil {

  888. 		log.Printf("%s", err.Error())

  889. 		http.Error(w, "Could not retrieve file.", 500)

  890. 		return

  891. 	}

  892. 	defer reader.Close()

  893. 

  894. 	if useZST {

  895. 		contentType = mime.TypeByExtension(filepath.Ext(realFilename))

  896. 

  897. 		d, err := zstd.NewReader(reader)

  898. 		if err != nil {

  899. 			log.Printf("Failed to create zstd reader: %s", err.Error())

  900. 			http.Error(w, "Could not retrieve file.", 500)

  901. 			return

  902. 		}

  903. 

  904. 		defer d.Close()

  905. 

  906. 		reader = d.IOReadCloser()

  907. 	}

  908. 

  909. 	var disposition string

  910. 	if action == "inline" {

  911. 		disposition = "inline"

  912. 	} else {

  913. 		disposition = "attachment"

  914. 	}

  915. 

  916. 	w.Header().Set("Content-Type", contentType)

  917. 	if useZST {

  918. 		w.Header().Set("Transfer-Encoding", "chunked")

  919. 	} else {

  920. 		w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  921. 	}

  922. 	w.Header().Set("Content-Disposition", fmt.Sprintf("%s; filename=\"%s\"", disposition, realFilename))

  923. 	w.Header().Set("Connection", "keep-alive")

  924. 

  925. 	if w.Header().Get("Range") == "" {

  926. 		if _, err = io.Copy(w, reader); err != nil {

  927. 			log.Printf("%s", err.Error())

  928. 			http.Error(w, "Error occurred copying to output stream", 500)

  929. 			return

  930. 		}

  931. 

  932. 		return

  933. 	}

  934. 

  935. 	file, err := ioutil.TempFile(s.tempPath, "range-")

  936. 	if err != nil {

  937. 		log.Printf("%s", err.Error())

  938. 		http.Error(w, "Error occurred copying to output stream", 500)

  939. 		return

  940. 	}

  941. 

  942. 	defer cleanTmpFile(file)

  943. 

  944. 	tee := io.TeeReader(reader, file)

  945. 	for {

  946. 		b := make([]byte, _5M)

  947. 		_, err = tee.Read(b)

  948. 		if err == io.EOF {

  949. 			break

  950. 		}

  951. 

  952. 		if err != nil {

  953. 			log.Printf("%s", err.Error())

  954. 			http.Error(w, "Error occurred copying to output stream", 500)

  955. 			return

  956. 		}

  957. 	}

  958. 

  959. 	http.ServeContent(w, r, filename, time.Unix(0, 0), file)

  960. }

  961. 

  962. func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {

  963. 	return func(w http.ResponseWriter, r *http.Request) {

  964. 		if !s.forceHTTPs {

  965. 			// we don't want to enforce https

  966. 		} else if r.URL.Path == "/health.html" {

  967. 			// health check url won't redirect

  968. 		} else if strings.HasSuffix(ipAddrFromRemoteAddr(r.Host), ".onion") {

  969. 			// .onion addresses cannot get a valid certificate, so don't redirect

  970. 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {

  971. 		} else if r.URL.Scheme == "https" {

  972. 		} else {

  973. 			u := getURL(r)

  974. 			u.Scheme = "https"

  975. 

  976. 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

  977. 			return

  978. 		}

  979. 

  980. 		h.ServeHTTP(w, r)

  981. 	}

  982. }

  983. 

  984. // Create a log handler for every request it receives.

  985. func LoveHandler(h http.Handler) http.HandlerFunc {

  986. 	return func(w http.ResponseWriter, r *http.Request) {

  987. 		w.Header().Set("x-made-with", "<3 by DutchCoders")

  988. 		w.Header().Set("x-served-by", "Proudly served by DutchCoders")

  989. 		w.Header().Set("Server", "Transfer.sh HTTP Server 1.0")

  990. 		h.ServeHTTP(w, r)

  991. 	}

  992. }

  993. 

  994. func (s *Server) BasicAuthHandler(h http.Handler) http.HandlerFunc {

  995. 	return func(w http.ResponseWriter, r *http.Request) {

  996. 		if s.AuthUser == "" || s.AuthPass == "" {

  997. 			h.ServeHTTP(w, r)

  998. 			return

  999. 		}

  1000. 

  1001. 		w.Header().Set("WWW-Authenticate", "Basic realm=\"Restricted\"")

  1002. 

  1003. 		username, password, authOK := r.BasicAuth()

  1004. 		if authOK == false {

  1005. 			http.Error(w, "Not authorized", 401)

  1006. 			return

  1007. 		}

  1008. 

  1009. 		if username != s.AuthUser || password != s.AuthPass {

  1010. 			http.Error(w, "Not authorized", 401)

  1011. 			return

  1012. 		}

  1013. 

  1014. 		h.ServeHTTP(w, r)

  1015. 	}

  1016. }