fionera
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
318 Commits
9 Branches
34 MiB
 
 
 
Tree: cc401433a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cc401433a6'
${ noResults }
transfer.sh/server/handlers.go

1023 lines
25 KiB
Raw Blame History 

  1. /*

  2. The MIT License (MIT)

  3. 

  4. Copyright (c) 2014-2017 DutchCoders [https://github.com/dutchcoders/]

  5. 

  6. Permission is hereby granted, free of charge, to any person obtaining a copy

  7. of this software and associated documentation files (the "Software"), to deal

  8. in the Software without restriction, including without limitation the rights

  9. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10. copies of the Software, and to permit persons to whom the Software is

  11. furnished to do so, subject to the following conditions:

  12. 

  13. The above copyright notice and this permission notice shall be included in

  14. all copies or substantial portions of the Software.

  15. 

  16. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

  22. THE SOFTWARE.

  23. */

  24. 

  25. package server

  26. 

  27. import (

  28. 	// _ "transfer.sh/app/handlers"

  29. 	// _ "transfer.sh/app/utils"

  30. 

  31. 	"archive/tar"

  32. 	"archive/zip"

  33. 	"bytes"

  34. 	"compress/gzip"

  35. 	"encoding/json"

  36. 	"errors"

  37. 	"fmt"

  38. 	"github.com/russross/blackfriday"

  39. 	"html"

  40. 	html_template "html/template"

  41. 	"io"

  42. 	"io/ioutil"

  43. 	"log"

  44. 	"math/rand"

  45. 	"mime"

  46. 	"net/http"

  47. 	"net/url"

  48. 	"os"

  49. 	"path"

  50. 	"path/filepath"

  51. 	"strconv"

  52. 	"strings"

  53. 	"sync"

  54. 	text_template "text/template"

  55. 	"time"

  56. 

  57. 	"net"

  58. 

  59. 	"encoding/base64"

  60. 	web "github.com/dutchcoders/transfer.sh-web"

  61. 	"github.com/gorilla/mux"

  62. 	"github.com/microcosm-cc/bluemonday"

  63. 	"github.com/skip2/go-qrcode"

  64. )

  65. 

  66. var (

  67. 	htmlTemplates = initHTMLTemplates()

  68. 	textTemplates = initTextTemplates()

  69. )

  70. 

  71. func stripPrefix(path string) string {

  72. 	return strings.Replace(path, web.Prefix+"/", "", -1)

  73. }

  74. 

  75. func initTextTemplates() *text_template.Template {

  76. 	templateMap := text_template.FuncMap{"format": formatNumber}

  77. 

  78. 	// Templates with functions available to them

  79. 	var templates = text_template.New("").Funcs(templateMap)

  80. 	return templates

  81. }

  82. 

  83. func initHTMLTemplates() *html_template.Template {

  84. 	templateMap := html_template.FuncMap{"format": formatNumber}

  85. 

  86. 	// Templates with functions available to them

  87. 	var templates = html_template.New("").Funcs(templateMap)

  88. 

  89. 	return templates

  90. }

  91. 

  92. func healthHandler(w http.ResponseWriter, r *http.Request) {

  93. 	fmt.Fprintf(w, "Approaching Neutral Zone, all systems normal and functioning.")

  94. }

  95. 

  96. /* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */

  97. func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {

  98. 	vars := mux.Vars(r)

  99. 

  100. 	token := vars["token"]

  101. 	filename := vars["filename"]

  102. 

  103. 	contentType, contentLength, err := s.storage.Head(token, filename)

  104. 	if err != nil {

  105. 		http.Error(w, http.StatusText(404), 404)

  106. 		return

  107. 	}

  108. 

  109. 	var templatePath string

  110. 	var content html_template.HTML

  111. 

  112. 	switch {

  113. 	case strings.HasPrefix(contentType, "image/"):

  114. 		templatePath = "download.image.html"

  115. 	case strings.HasPrefix(contentType, "video/"):

  116. 		templatePath = "download.video.html"

  117. 	case strings.HasPrefix(contentType, "audio/"):

  118. 		templatePath = "download.audio.html"

  119. 	case strings.HasPrefix(contentType, "text/"):

  120. 		templatePath = "download.markdown.html"

  121. 

  122. 		var reader io.ReadCloser

  123. 		if reader, _, _, err = s.storage.Get(token, filename); err != nil {

  124. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  125. 			return

  126. 		}

  127. 

  128. 		var data []byte

  129. 		data = make([]byte, _5M)

  130. 		if _, err = reader.Read(data); err != io.EOF && err != nil {

  131. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  132. 			return

  133. 		}

  134. 

  135. 		if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {

  136. 			escapedData := html.EscapeString(string(data))

  137. 			unsafe := blackfriday.Run([]byte(escapedData))

  138. 			output := bluemonday.UGCPolicy().SanitizeBytes(unsafe)

  139. 			content = html_template.HTML(output)

  140. 		} else if strings.HasPrefix(contentType, "text/plain") {

  141. 			content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))

  142. 		} else {

  143. 			templatePath = "download.sandbox.html"

  144. 		}

  145. 

  146. 	default:

  147. 		templatePath = "download.html"

  148. 	}

  149. 

  150. 	resolvedUrl := resolveUrl(r, getURL(r).ResolveReference(r.URL), true)

  151. 	var png []byte

  152. 	png, err = qrcode.Encode(resolvedUrl, qrcode.High, 150)

  153. 	if err != nil {

  154. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  155. 		return

  156. 	}

  157. 

  158. 	qrCode := base64.StdEncoding.EncodeToString(png)

  159. 

  160. 	hostname := getURL(r).Host

  161. 	webAddress := resolveWebAddress(r, s.proxyPath)

  162. 

  163. 	data := struct {

  164. 		ContentType   string

  165. 		Content       html_template.HTML

  166. 		Filename      string

  167. 		Url           string

  168. 		Hostname      string

  169. 		WebAddress    string

  170. 		ContentLength uint64

  171. 		GAKey         string

  172. 		UserVoiceKey  string

  173. 		QRCode        string

  174. 	}{

  175. 		contentType,

  176. 		content,

  177. 		filename,

  178. 		resolvedUrl,

  179. 		hostname,

  180. 		webAddress,

  181. 		contentLength,

  182. 		s.gaKey,

  183. 		s.userVoiceKey,

  184. 		qrCode,

  185. 	}

  186. 

  187. 	if err := htmlTemplates.ExecuteTemplate(w, templatePath, data); err != nil {

  188. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  189. 		return

  190. 	}

  191. 

  192. }

  193. 

  194. // this handler will output html or text, depending on the

  195. // support of the client (Accept header).

  196. 

  197. func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {

  198. 	// vars := mux.Vars(r)

  199. 

  200. 	hostname := getURL(r).Host

  201. 	webAddress := resolveWebAddress(r, s.proxyPath)

  202. 

  203. 	data := struct {

  204. 		Hostname     string

  205. 		WebAddress   string

  206. 		GAKey        string

  207. 		UserVoiceKey string

  208. 	}{

  209. 		hostname,

  210. 		webAddress,

  211. 		s.gaKey,

  212. 		s.userVoiceKey,

  213. 	}

  214. 

  215. 	if acceptsHTML(r.Header) {

  216. 		if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {

  217. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  218. 			return

  219. 		}

  220. 	} else {

  221. 		if err := textTemplates.ExecuteTemplate(w, "index.txt", data); err != nil {

  222. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  223. 			return

  224. 		}

  225. 	}

  226. }

  227. 

  228. func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {

  229. 	http.Error(w, http.StatusText(404), 404)

  230. }

  231. 

  232. func sanitize(fileName string) string {

  233. 	return path.Clean(path.Base(fileName))

  234. }

  235. 

  236. func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

  237. 	if err := r.ParseMultipartForm(_24K); nil != err {

  238. 		log.Printf("%s", err.Error())

  239. 		http.Error(w, "Error occurred copying to output stream", 500)

  240. 		return

  241. 	}

  242. 

  243. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  244. 

  245. 	w.Header().Set("Content-Type", "text/plain")

  246. 

  247. 	for _, fheaders := range r.MultipartForm.File {

  248. 		for _, fheader := range fheaders {

  249. 			filename := sanitize(fheader.Filename)

  250. 			contentType := fheader.Header.Get("Content-Type")

  251. 

  252. 			if contentType == "" {

  253. 				contentType = mime.TypeByExtension(filepath.Ext(fheader.Filename))

  254. 			}

  255. 

  256. 			var f io.Reader

  257. 			var err error

  258. 

  259. 			if f, err = fheader.Open(); err != nil {

  260. 				log.Printf("%s", err.Error())

  261. 				http.Error(w, err.Error(), 500)

  262. 				return

  263. 			}

  264. 

  265. 			var b bytes.Buffer

  266. 

  267. 			n, err := io.CopyN(&b, f, _24K+1)

  268. 			if err != nil && err != io.EOF {

  269. 				log.Printf("%s", err.Error())

  270. 				http.Error(w, err.Error(), 500)

  271. 				return

  272. 			}

  273. 

  274. 			var file *os.File

  275. 			var reader io.Reader

  276. 

  277. 			if n > _24K {

  278. 				file, err = ioutil.TempFile(s.tempPath, "transfer-")

  279. 				if err != nil {

  280. 					log.Fatal(err)

  281. 				}

  282. 

  283. 				n, err = io.Copy(file, io.MultiReader(&b, f))

  284. 				if err != nil {

  285. 					cleanTmpFile(file)

  286. 

  287. 					log.Printf("%s", err.Error())

  288. 					http.Error(w, err.Error(), 500)

  289. 					return

  290. 				}

  291. 

  292. 				reader, err = os.Open(file.Name())

  293. 			} else {

  294. 				reader = bytes.NewReader(b.Bytes())

  295. 			}

  296. 

  297. 			contentLength := n

  298. 

  299. 			metadata := MetadataForRequest(contentType, r)

  300. 

  301. 			buffer := &bytes.Buffer{}

  302. 			if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  303. 				log.Printf("%s", err.Error())

  304. 				http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  305. 

  306. 				cleanTmpFile(file)

  307. 				return

  308. 			} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  309. 				log.Printf("%s", err.Error())

  310. 				http.Error(w, errors.New("Could not save metadata").Error(), 500)

  311. 

  312. 				cleanTmpFile(file)

  313. 				return

  314. 			}

  315. 

  316. 			log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  317. 

  318. 			if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  319. 				log.Printf("Backend storage error: %s", err.Error())

  320. 				http.Error(w, err.Error(), 500)

  321. 				return

  322. 

  323. 			}

  324. 

  325. 			filename = url.QueryEscape(filename)

  326. 			relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  327. 			fmt.Fprintln(w, getURL(r).ResolveReference(relativeURL).String())

  328. 

  329. 			cleanTmpFile(file)

  330. 		}

  331. 	}

  332. }

  333. 

  334. func cleanTmpFile(f *os.File) {

  335. 	if f != nil {

  336. 		err := f.Close()

  337. 		if err != nil {

  338. 			log.Printf("Error closing tmpfile: %s (%s)", err, f.Name())

  339. 		}

  340. 

  341. 		err = os.Remove(f.Name())

  342. 		if err != nil {

  343. 			log.Printf("Error removing tmpfile: %s (%s)", err, f.Name())

  344. 		}

  345. 	}

  346. }

  347. 

  348. type Metadata struct {

  349. 	// ContentType is the original uploading content type

  350. 	ContentType string

  351. 	// Secret as knowledge to delete file

  352. 	// Secret string

  353. 	// Downloads is the actual number of downloads

  354. 	Downloads int

  355. 	// MaxDownloads contains the maximum numbers of downloads

  356. 	MaxDownloads int

  357. 	// MaxDate contains the max age of the file

  358. 	MaxDate time.Time

  359. 	// DeletionToken contains the token to match against for deletion

  360. 	DeletionToken string

  361. }

  362. 

  363. func MetadataForRequest(contentType string, r *http.Request) Metadata {

  364. 	metadata := Metadata{

  365. 		ContentType:   contentType,

  366. 		MaxDate:       time.Now().Add(time.Hour * 24 * 365 * 10),

  367. 		Downloads:     0,

  368. 		MaxDownloads:  99999999,

  369. 		DeletionToken: Encode(10000000+int64(rand.Intn(1000000000))) + Encode(10000000+int64(rand.Intn(1000000000))),

  370. 	}

  371. 

  372. 	if v := r.Header.Get("Max-Downloads"); v == "" {

  373. 	} else if v, err := strconv.Atoi(v); err != nil {

  374. 	} else {

  375. 		metadata.MaxDownloads = v

  376. 	}

  377. 

  378. 	if v := r.Header.Get("Max-Days"); v == "" {

  379. 	} else if v, err := strconv.Atoi(v); err != nil {

  380. 	} else {

  381. 		metadata.MaxDate = time.Now().Add(time.Hour * 24 * time.Duration(v))

  382. 	}

  383. 

  384. 	return metadata

  385. }

  386. 

  387. func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {

  388. 	vars := mux.Vars(r)

  389. 

  390. 	filename := sanitize(vars["filename"])

  391. 

  392. 	contentLength := r.ContentLength

  393. 

  394. 	var reader io.Reader

  395. 

  396. 	reader = r.Body

  397. 

  398. 	defer r.Body.Close()

  399. 

  400. 	if contentLength == -1 {

  401. 		// queue file to disk, because s3 needs content length

  402. 		var err error

  403. 		var f io.Reader

  404. 

  405. 		f = reader

  406. 

  407. 		var b bytes.Buffer

  408. 

  409. 		n, err := io.CopyN(&b, f, _24K+1)

  410. 		if err != nil && err != io.EOF {

  411. 			log.Printf("Error putting new file: %s", err.Error())

  412. 			http.Error(w, err.Error(), 500)

  413. 			return

  414. 		}

  415. 

  416. 		var file *os.File

  417. 

  418. 		if n > _24K {

  419. 			file, err = ioutil.TempFile(s.tempPath, "transfer-")

  420. 			if err != nil {

  421. 				log.Printf("%s", err.Error())

  422. 				http.Error(w, err.Error(), 500)

  423. 				return

  424. 			}

  425. 

  426. 			defer cleanTmpFile(file)

  427. 

  428. 			n, err = io.Copy(file, io.MultiReader(&b, f))

  429. 			if err != nil {

  430. 				log.Printf("%s", err.Error())

  431. 				http.Error(w, err.Error(), 500)

  432. 				return

  433. 			}

  434. 

  435. 			reader, err = os.Open(file.Name())

  436. 		} else {

  437. 			reader = bytes.NewReader(b.Bytes())

  438. 		}

  439. 

  440. 		contentLength = n

  441. 	}

  442. 

  443. 	if contentLength == 0 {

  444. 		log.Print("Empty content-length")

  445. 		http.Error(w, errors.New("Could not upload empty file").Error(), 400)

  446. 		return

  447. 	}

  448. 

  449. 	contentType := r.Header.Get("Content-Type")

  450. 

  451. 	if contentType == "" {

  452. 		contentType = mime.TypeByExtension(filepath.Ext(vars["filename"]))

  453. 	}

  454. 

  455. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  456. 

  457. 	metadata := MetadataForRequest(contentType, r)

  458. 

  459. 	buffer := &bytes.Buffer{}

  460. 	if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  461. 		log.Printf("%s", err.Error())

  462. 		http.Error(w, errors.New("Could not encode metadata").Error(), 500)

  463. 		return

  464. 	} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  465. 		log.Printf("%s", err.Error())

  466. 		http.Error(w, errors.New("Could not save metadata").Error(), 500)

  467. 		return

  468. 	}

  469. 

  470. 	log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  471. 

  472. 	var err error

  473. 

  474. 	if err = s.storage.Put(token, filename, reader, contentType, uint64(contentLength)); err != nil {

  475. 		log.Printf("Error putting new file: %s", err.Error())

  476. 		http.Error(w, errors.New("Could not save file").Error(), 500)

  477. 		return

  478. 	}

  479. 

  480. 	// w.Statuscode = 200

  481. 

  482. 	w.Header().Set("Content-Type", "text/plain")

  483. 

  484. 	filename = url.QueryEscape(filename)

  485. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  486. 	deleteUrl, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken))

  487. 

  488. 	w.Header().Set("X-Url-Delete", resolveUrl(r, deleteUrl, true))

  489. 

  490. 	fmt.Fprint(w, resolveUrl(r, relativeURL, false))

  491. }

  492. 

  493. func resolveUrl(r *http.Request, u *url.URL, absolutePath bool) string {

  494. 	if absolutePath {

  495. 		r.URL.Path = ""

  496. 	}

  497. 

  498. 	return getURL(r).ResolveReference(u).String()

  499. }

  500. 

  501. func resolveKey(key, proxyPath string) string {

  502. 	if strings.HasPrefix(key, "/") {

  503. 		key = key[1:]

  504. 	}

  505. 

  506. 	if strings.HasPrefix(key, proxyPath) {

  507. 		key = key[len(proxyPath):]

  508. 	}

  509. 

  510. 	key = strings.Replace(key, "\\", "/", -1)

  511. 

  512. 	return key

  513. }

  514. 

  515. func resolveWebAddress(r *http.Request, proxyPath string) string {

  516. 	url := getURL(r)

  517. 

  518. 	var webAddress string

  519. 

  520. 	if len(proxyPath) == 0 {

  521. 		webAddress  = fmt.Sprintf("%s://%s/",

  522. 			url.ResolveReference(url).Scheme,

  523. 			url.ResolveReference(url).Host)

  524. 	} else {

  525. 		webAddress = fmt.Sprintf("%s://%s/%s",

  526. 			url.ResolveReference(url).Scheme,

  527. 			url.ResolveReference(url).Host,

  528. 			proxyPath)

  529. 	}

  530. 

  531. 	return webAddress

  532. }

  533. 

  534. func getURL(r *http.Request) *url.URL {

  535. 	u, _ := url.Parse(r.URL.String())

  536. 

  537. 	if r.TLS != nil {

  538. 		u.Scheme = "https"

  539. 	} else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {

  540. 		u.Scheme = proto

  541. 	} else {

  542. 		u.Scheme = "http"

  543. 	}

  544. 

  545. 	if u.Host != "" {

  546. 	} else if host, port, err := net.SplitHostPort(r.Host); err != nil {

  547. 		u.Host = r.Host

  548. 	} else {

  549. 		if port == "80" && u.Scheme == "http" {

  550. 			u.Host = host

  551. 		} else if port == "443" && u.Scheme == "https" {

  552. 			u.Host = host

  553. 		} else {

  554. 			u.Host = net.JoinHostPort(host, port)

  555. 		}

  556. 	}

  557. 

  558. 	return u

  559. }

  560. 

  561. func (s *Server) Lock(token, filename string) error {

  562. 	key := path.Join(token, filename)

  563. 

  564. 	if _, ok := s.locks[key]; !ok {

  565. 		s.locks[key] = &sync.Mutex{}

  566. 	}

  567. 

  568. 	s.locks[key].Lock()

  569. 

  570. 	return nil

  571. }

  572. 

  573. func (s *Server) Unlock(token, filename string) error {

  574. 	key := path.Join(token, filename)

  575. 	s.locks[key].Unlock()

  576. 

  577. 	return nil

  578. }

  579. 

  580. func (s *Server) CheckMetadata(token, filename string) error {

  581. 	s.Lock(token, filename)

  582. 	defer s.Unlock(token, filename)

  583. 

  584. 	var metadata Metadata

  585. 

  586. 	r, _, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  587. 	if s.storage.IsNotExist(err) {

  588. 		return nil

  589. 	} else if err != nil {

  590. 		return err

  591. 	}

  592. 

  593. 	defer r.Close()

  594. 

  595. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  596. 		return err

  597. 	} else if metadata.Downloads >= metadata.MaxDownloads {

  598. 		return errors.New("MaxDownloads expired.")

  599. 	} else if time.Now().After(metadata.MaxDate) {

  600. 		return errors.New("MaxDate expired.")

  601. 	} else {

  602. 		// todo(nl5887): mutex?

  603. 

  604. 		// update number of downloads

  605. 		metadata.Downloads++

  606. 

  607. 		buffer := &bytes.Buffer{}

  608. 		if err := json.NewEncoder(buffer).Encode(metadata); err != nil {

  609. 			return errors.New("Could not encode metadata")

  610. 		} else if err := s.storage.Put(token, fmt.Sprintf("%s.metadata", filename), buffer, "text/json", uint64(buffer.Len())); err != nil {

  611. 			return errors.New("Could not save metadata")

  612. 		}

  613. 	}

  614. 

  615. 	return nil

  616. }

  617. 

  618. func (s *Server) CheckDeletionToken(deletionToken, token, filename string) error {

  619. 	s.Lock(token, filename)

  620. 	defer s.Unlock(token, filename)

  621. 

  622. 	var metadata Metadata

  623. 

  624. 	r, _, _, err := s.storage.Get(token, fmt.Sprintf("%s.metadata", filename))

  625. 	if s.storage.IsNotExist(err) {

  626. 		return nil

  627. 	} else if err != nil {

  628. 		return err

  629. 	}

  630. 

  631. 	defer r.Close()

  632. 

  633. 	if err := json.NewDecoder(r).Decode(&metadata); err != nil {

  634. 		return err

  635. 	} else if metadata.DeletionToken != deletionToken {

  636. 		return errors.New("Deletion token doesn't match.")

  637. 	}

  638. 

  639. 	return nil

  640. }

  641. 

  642. func (s *Server) deleteHandler(w http.ResponseWriter, r *http.Request) {

  643. 	vars := mux.Vars(r)

  644. 

  645. 	token := vars["token"]

  646. 	filename := vars["filename"]

  647. 	deletionToken := vars["deletionToken"]

  648. 

  649. 	if err := s.CheckDeletionToken(deletionToken, token, filename); err != nil {

  650. 		log.Printf("Error metadata: %s", err.Error())

  651. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  652. 		return

  653. 	}

  654. 

  655. 	err := s.storage.Delete(token, filename)

  656. 	if s.storage.IsNotExist(err) {

  657. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  658. 		return

  659. 	} else if err != nil {

  660. 		log.Printf("%s", err.Error())

  661. 		http.Error(w, "Could not delete file.", 500)

  662. 		return

  663. 	}

  664. }

  665. 

  666. func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {

  667. 	vars := mux.Vars(r)

  668. 

  669. 	files := vars["files"]

  670. 

  671. 	zipfilename := fmt.Sprintf("transfersh-%d.zip", uint16(time.Now().UnixNano()))

  672. 

  673. 	w.Header().Set("Content-Type", "application/zip")

  674. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", zipfilename))

  675. 	w.Header().Set("Connection", "close")

  676. 

  677. 	zw := zip.NewWriter(w)

  678. 

  679. 	for _, key := range strings.Split(files, ",") {

  680. 		key = resolveKey(key, s.proxyPath)

  681. 

  682. 		token := strings.Split(key, "/")[0]

  683. 		filename := sanitize(strings.Split(key, "/")[1])

  684. 

  685. 		if err := s.CheckMetadata(token, filename); err != nil {

  686. 			log.Printf("Error metadata: %s", err.Error())

  687. 			continue

  688. 		}

  689. 

  690. 		reader, _, _, err := s.storage.Get(token, filename)

  691. 

  692. 		if err != nil {

  693. 			if s.storage.IsNotExist(err) {

  694. 				http.Error(w, "File not found", 404)

  695. 				return

  696. 			} else {

  697. 				log.Printf("%s", err.Error())

  698. 				http.Error(w, "Could not retrieve file.", 500)

  699. 				return

  700. 			}

  701. 		}

  702. 

  703. 		defer reader.Close()

  704. 

  705. 		header := &zip.FileHeader{

  706. 			Name:         strings.Split(key, "/")[1],

  707. 			Method:       zip.Store,

  708. 			ModifiedTime: uint16(time.Now().UnixNano()),

  709. 			ModifiedDate: uint16(time.Now().UnixNano()),

  710. 		}

  711. 

  712. 		fw, err := zw.CreateHeader(header)

  713. 

  714. 		if err != nil {

  715. 			log.Printf("%s", err.Error())

  716. 			http.Error(w, "Internal server error.", 500)

  717. 			return

  718. 		}

  719. 

  720. 		if _, err = io.Copy(fw, reader); err != nil {

  721. 			log.Printf("%s", err.Error())

  722. 			http.Error(w, "Internal server error.", 500)

  723. 			return

  724. 		}

  725. 	}

  726. 

  727. 	if err := zw.Close(); err != nil {

  728. 		log.Printf("%s", err.Error())

  729. 		http.Error(w, "Internal server error.", 500)

  730. 		return

  731. 	}

  732. }

  733. 

  734. func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {

  735. 	vars := mux.Vars(r)

  736. 

  737. 	files := vars["files"]

  738. 

  739. 	tarfilename := fmt.Sprintf("transfersh-%d.tar.gz", uint16(time.Now().UnixNano()))

  740. 

  741. 	w.Header().Set("Content-Type", "application/x-gzip")

  742. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  743. 	w.Header().Set("Connection", "close")

  744. 

  745. 	os := gzip.NewWriter(w)

  746. 	defer os.Close()

  747. 

  748. 	zw := tar.NewWriter(os)

  749. 	defer zw.Close()

  750. 

  751. 	for _, key := range strings.Split(files, ",") {

  752. 		key = resolveKey(key, s.proxyPath)

  753. 

  754. 		token := strings.Split(key, "/")[0]

  755. 		filename := sanitize(strings.Split(key, "/")[1])

  756. 

  757. 		if err := s.CheckMetadata(token, filename); err != nil {

  758. 			log.Printf("Error metadata: %s", err.Error())

  759. 			continue

  760. 		}

  761. 

  762. 		reader, _, contentLength, err := s.storage.Get(token, filename)

  763. 		if err != nil {

  764. 			if s.storage.IsNotExist(err) {

  765. 				http.Error(w, "File not found", 404)

  766. 				return

  767. 			} else {

  768. 				log.Printf("%s", err.Error())

  769. 				http.Error(w, "Could not retrieve file.", 500)

  770. 				return

  771. 			}

  772. 		}

  773. 

  774. 		defer reader.Close()

  775. 

  776. 		header := &tar.Header{

  777. 			Name: strings.Split(key, "/")[1],

  778. 			Size: int64(contentLength),

  779. 		}

  780. 

  781. 		err = zw.WriteHeader(header)

  782. 		if err != nil {

  783. 			log.Printf("%s", err.Error())

  784. 			http.Error(w, "Internal server error.", 500)

  785. 			return

  786. 		}

  787. 

  788. 		if _, err = io.Copy(zw, reader); err != nil {

  789. 			log.Printf("%s", err.Error())

  790. 			http.Error(w, "Internal server error.", 500)

  791. 			return

  792. 		}

  793. 	}

  794. }

  795. 

  796. func (s *Server) tarHandler(w http.ResponseWriter, r *http.Request) {

  797. 	vars := mux.Vars(r)

  798. 

  799. 	files := vars["files"]

  800. 

  801. 	tarfilename := fmt.Sprintf("transfersh-%d.tar", uint16(time.Now().UnixNano()))

  802. 

  803. 	w.Header().Set("Content-Type", "application/x-tar")

  804. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  805. 	w.Header().Set("Connection", "close")

  806. 

  807. 	zw := tar.NewWriter(w)

  808. 	defer zw.Close()

  809. 

  810. 	for _, key := range strings.Split(files, ",") {

  811. 		key = resolveKey(key, s.proxyPath)

  812. 

  813. 		token := strings.Split(key, "/")[0]

  814. 		filename := strings.Split(key, "/")[1]

  815. 

  816. 		if err := s.CheckMetadata(token, filename); err != nil {

  817. 			log.Printf("Error metadata: %s", err.Error())

  818. 			continue

  819. 		}

  820. 

  821. 		reader, _, contentLength, err := s.storage.Get(token, filename)

  822. 		if err != nil {

  823. 			if s.storage.IsNotExist(err) {

  824. 				http.Error(w, "File not found", 404)

  825. 				return

  826. 			} else {

  827. 				log.Printf("%s", err.Error())

  828. 				http.Error(w, "Could not retrieve file.", 500)

  829. 				return

  830. 			}

  831. 		}

  832. 

  833. 		defer reader.Close()

  834. 

  835. 		header := &tar.Header{

  836. 			Name: strings.Split(key, "/")[1],

  837. 			Size: int64(contentLength),

  838. 		}

  839. 

  840. 		err = zw.WriteHeader(header)

  841. 		if err != nil {

  842. 			log.Printf("%s", err.Error())

  843. 			http.Error(w, "Internal server error.", 500)

  844. 			return

  845. 		}

  846. 

  847. 		if _, err = io.Copy(zw, reader); err != nil {

  848. 			log.Printf("%s", err.Error())

  849. 			http.Error(w, "Internal server error.", 500)

  850. 			return

  851. 		}

  852. 	}

  853. }

  854. 

  855. func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {

  856. 	vars := mux.Vars(r)

  857. 

  858. 	token := vars["token"]

  859. 	filename := vars["filename"]

  860. 

  861. 	if err := s.CheckMetadata(token, filename); err != nil {

  862. 		log.Printf("Error metadata: %s", err.Error())

  863. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  864. 		return

  865. 	}

  866. 

  867. 	contentType, contentLength, err := s.storage.Head(token, filename)

  868. 	if s.storage.IsNotExist(err) {

  869. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  870. 		return

  871. 	} else if err != nil {

  872. 		log.Printf("%s", err.Error())

  873. 		http.Error(w, "Could not retrieve file.", 500)

  874. 		return

  875. 	}

  876. 

  877. 	w.Header().Set("Content-Type", contentType)

  878. 	w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  879. 	w.Header().Set("Connection", "close")

  880. }

  881. 

  882. func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

  883. 	vars := mux.Vars(r)

  884. 

  885. 	action := vars["action"]

  886. 	token := vars["token"]

  887. 	filename := vars["filename"]

  888. 

  889. 	if err := s.CheckMetadata(token, filename); err != nil {

  890. 		log.Printf("Error metadata: %s", err.Error())

  891. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  892. 		return

  893. 	}

  894. 

  895. 	reader, contentType, contentLength, err := s.storage.Get(token, filename)

  896. 	if s.storage.IsNotExist(err) {

  897. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  898. 		return

  899. 	} else if err != nil {

  900. 		log.Printf("%s", err.Error())

  901. 		http.Error(w, "Could not retrieve file.", 500)

  902. 		return

  903. 	}

  904. 

  905. 	defer reader.Close()

  906. 

  907. 	var disposition string

  908. 

  909. 	if action == "inline" {

  910. 		disposition = "inline"

  911. 	} else {

  912. 		disposition = "attachment"

  913. 	}

  914. 

  915. 	w.Header().Set("Content-Type", contentType)

  916. 	w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))

  917. 	w.Header().Set("Content-Disposition", fmt.Sprintf("%s; filename=\"%s\"", disposition, filename))

  918. 	w.Header().Set("Connection", "keep-alive")

  919. 

  920. 	if w.Header().Get("Range") == "" {

  921. 		if _, err = io.Copy(w, reader); err != nil {

  922. 			log.Printf("%s", err.Error())

  923. 			http.Error(w, "Error occurred copying to output stream", 500)

  924. 			return

  925. 		}

  926. 

  927. 		return

  928. 	}

  929. 

  930. 	file, err := ioutil.TempFile(s.tempPath, "range-")

  931. 	if err != nil {

  932. 		log.Printf("%s", err.Error())

  933. 		http.Error(w, "Error occurred copying to output stream", 500)

  934. 		return

  935. 	}

  936. 

  937. 	defer cleanTmpFile(file)

  938. 

  939. 	tee := io.TeeReader(reader, file)

  940. 	for {

  941. 		b := make([]byte, _5M)

  942. 		_, err = tee.Read(b)

  943. 		if err == io.EOF {

  944. 			break

  945. 		}

  946. 

  947. 		if err != nil {

  948. 			log.Printf("%s", err.Error())

  949. 			http.Error(w, "Error occurred copying to output stream", 500)

  950. 			return

  951. 		}

  952. 	}

  953. 

  954. 	http.ServeContent(w, r, filename, time.Now(), file)

  955. }

  956. 

  957. func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {

  958. 	return func(w http.ResponseWriter, r *http.Request) {

  959. 		if !s.forceHTTPs {

  960. 			// we don't want to enforce https

  961. 		} else if r.URL.Path == "/health.html" {

  962. 			// health check url won't redirect

  963. 		} else if strings.HasSuffix(ipAddrFromRemoteAddr(r.Host), ".onion") {

  964. 			// .onion addresses cannot get a valid certificate, so don't redirect

  965. 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {

  966. 		} else if r.URL.Scheme == "https" {

  967. 		} else {

  968. 			u := getURL(r)

  969. 			u.Scheme = "https"

  970. 

  971. 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

  972. 			return

  973. 		}

  974. 

  975. 		h.ServeHTTP(w, r)

  976. 	}

  977. }

  978. 

  979. // Create a log handler for every request it receives.

  980. func LoveHandler(h http.Handler) http.HandlerFunc {

  981. 	return func(w http.ResponseWriter, r *http.Request) {

  982. 		w.Header().Set("x-made-with", "<3 by DutchCoders")

  983. 		w.Header().Set("x-served-by", "Proudly served by DutchCoders")

  984. 		w.Header().Set("Server", "Transfer.sh HTTP Server 1.0")

  985. 		h.ServeHTTP(w, r)

  986. 	}

  987. }

  988. 

  989. func IPFilterHandler(h http.Handler, ipFilterOptions *IPFilterOptions) http.HandlerFunc {

  990. 	return func(w http.ResponseWriter, r *http.Request) {

  991. 		if ipFilterOptions == nil {

  992. 			h.ServeHTTP(w, r)

  993. 		} else {

  994. 			WrapIPFilter(h, *ipFilterOptions).ServeHTTP(w, r)

  995. 		}

  996. 		return

  997. 	}

  998. }

  999. 

  1000. func (s *Server) BasicAuthHandler(h http.Handler) http.HandlerFunc {

  1001. 	return func(w http.ResponseWriter, r *http.Request) {

  1002. 		if s.AuthUser == "" || s.AuthPass == "" {

  1003. 			h.ServeHTTP(w, r)

  1004. 			return

  1005. 		}

  1006. 

  1007. 		w.Header().Set("WWW-Authenticate", "Basic realm=\"Restricted\"")

  1008. 

  1009. 		username, password, authOK := r.BasicAuth()

  1010. 		if authOK == false {

  1011. 			http.Error(w, "Not authorized", 401)

  1012. 			return

  1013. 		}

  1014. 

  1015. 		if username != s.AuthUser || password != s.AuthPass {

  1016. 			http.Error(w, "Not authorized", 401)

  1017. 			return

  1018. 		}

  1019. 

  1020. 		h.ServeHTTP(w, r)

  1021. 	}

  1022. }