kiska
/
transfer.sh
1
0
Fork 2
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
412 Commits
9 Branches
34 MiB
 
 
 
Tree: 0d2baeb6a0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0d2baeb6a0'
${ noResults }
transfer.sh/server/handlers.go

888 lines
22 KiB
Raw Blame History 

  1. /*

  2. The MIT License (MIT)

  3. 

  4. Copyright (c) 2014-2017 DutchCoders [https://github.com/dutchcoders/]

  5. 

  6. Permission is hereby granted, free of charge, to any person obtaining a copy

  7. of this software and associated documentation files (the "Software"), to deal

  8. in the Software without restriction, including without limitation the rights

  9. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10. copies of the Software, and to permit persons to whom the Software is

  11. furnished to do so, subject to the following conditions:

  12. 

  13. The above copyright notice and this permission notice shall be included in

  14. all copies or substantial portions of the Software.

  15. 

  16. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

  22. THE SOFTWARE.

  23. */

  24. 

  25. package server

  26. 

  27. import (

  28. 	"archive/tar"

  29. 	"archive/zip"

  30. 	"bytes"

  31. 	"compress/gzip"

  32. 	"encoding/base64"

  33. 	"errors"

  34. 	"fmt"

  35. 	"html"

  36. 	html_template "html/template"

  37. 	"io"

  38. 	"io/ioutil"

  39. 	"log"

  40. 	"math/rand"

  41. 	"mime"

  42. 	"net/http"

  43. 	"net/url"

  44. 	"os"

  45. 	"path"

  46. 	"path/filepath"

  47. 	"strconv"

  48. 	"strings"

  49. 	"sync"

  50. 	text_template "text/template"

  51. 	"time"

  52. 

  53. 	web "github.com/dutchcoders/transfer.sh-web"

  54. 	"github.com/dutchcoders/transfer.sh/server/storage"

  55. 	"github.com/gorilla/mux"

  56. 	"github.com/microcosm-cc/bluemonday"

  57. 	blackfriday "github.com/russross/blackfriday/v2"

  58. 	"github.com/skip2/go-qrcode"

  59. )

  60. 

  61. var (

  62. 	htmlTemplates = initHTMLTemplates()

  63. 	textTemplates = initTextTemplates()

  64. )

  65. 

  66. func stripPrefix(path string) string {

  67. 	return strings.Replace(path, web.Prefix+"/", "", -1)

  68. }

  69. 

  70. func initTextTemplates() *text_template.Template {

  71. 	templateMap := text_template.FuncMap{"format": formatNumber}

  72. 

  73. 	// Templates with functions available to them

  74. 	var templates = text_template.New("").Funcs(templateMap)

  75. 	return templates

  76. }

  77. 

  78. func initHTMLTemplates() *html_template.Template {

  79. 	templateMap := html_template.FuncMap{"format": formatNumber}

  80. 

  81. 	// Templates with functions available to them

  82. 	var templates = html_template.New("").Funcs(templateMap)

  83. 

  84. 	return templates

  85. }

  86. 

  87. // Create a log handler for every request it receives.

  88. func LoveHandler(h http.Handler) http.HandlerFunc {

  89. 	return func(w http.ResponseWriter, r *http.Request) {

  90. 		w.Header().Set("x-made-with", "<3 by DutchCoders")

  91. 		w.Header().Set("x-served-by", "Proudly served by DutchCoders")

  92. 		w.Header().Set("Server", "Transfer.sh HTTP Server 1.0")

  93. 		h.ServeHTTP(w, r)

  94. 	}

  95. }

  96. 

  97. func IPFilterHandler(h http.Handler, ipFilterOptions *IPFilterOptions) http.HandlerFunc {

  98. 	return func(w http.ResponseWriter, r *http.Request) {

  99. 		if ipFilterOptions == nil {

  100. 			h.ServeHTTP(w, r)

  101. 		} else {

  102. 			WrapIPFilter(h, *ipFilterOptions).ServeHTTP(w, r)

  103. 		}

  104. 		return

  105. 	}

  106. }

  107. 

  108. func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {

  109. 	return func(w http.ResponseWriter, r *http.Request) {

  110. 		if !s.forceHTTPs {

  111. 			// we don't want to enforce https

  112. 		} else if r.URL.Path == "/health.html" {

  113. 			// health check url won't redirect

  114. 		} else if strings.HasSuffix(ipAddrFromRemoteAddr(r.Host), ".onion") {

  115. 			// .onion addresses cannot get a valid certificate, so don't redirect

  116. 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {

  117. 		} else if r.URL.Scheme == "https" {

  118. 		} else {

  119. 			u := getURL(r)

  120. 			u.Scheme = "https"

  121. 

  122. 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

  123. 			return

  124. 		}

  125. 

  126. 		h.ServeHTTP(w, r)

  127. 	}

  128. }

  129. 

  130. func (s *Server) BasicAuthHandler(h http.Handler) http.HandlerFunc {

  131. 	return func(w http.ResponseWriter, r *http.Request) {

  132. 		if s.AuthUser == "" || s.AuthPass == "" {

  133. 			h.ServeHTTP(w, r)

  134. 			return

  135. 		}

  136. 

  137. 		w.Header().Set("WWW-Authenticate", "Basic realm=\"Restricted\"")

  138. 

  139. 		username, password, authOK := r.BasicAuth()

  140. 		if authOK == false {

  141. 			http.Error(w, "Not authorized", 401)

  142. 			return

  143. 		}

  144. 

  145. 		if username != s.AuthUser || password != s.AuthPass {

  146. 			http.Error(w, "Not authorized", 401)

  147. 			return

  148. 		}

  149. 

  150. 		h.ServeHTTP(w, r)

  151. 	}

  152. }

  153. 

  154. func (s *Server) healthHandler(w http.ResponseWriter, r *http.Request) {

  155. 	_, _ = w.Write([]byte("Approaching Neutral Zone, all systems normal and functioning."))

  156. }

  157. 

  158. // The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh

  159. func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {

  160. 	vars := mux.Vars(r)

  161. 

  162. 	token := vars["token"]

  163. 	filename := vars["filename"]

  164. 

  165. 	metadata, err := s.checkMetadata(token, filename, false)

  166. 

  167. 	if err != nil {

  168. 		log.Printf("Error metadata: %s", err.Error())

  169. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  170. 		return

  171. 	}

  172. 

  173. 	contentType := metadata.ContentType

  174. 

  175. 	var templatePath string

  176. 	var content html_template.HTML

  177. 

  178. 	switch {

  179. 	case strings.HasPrefix(contentType, "image/"):

  180. 		templatePath = "download.image.html"

  181. 	case strings.HasPrefix(contentType, "video/"):

  182. 		templatePath = "download.video.html"

  183. 	case strings.HasPrefix(contentType, "audio/"):

  184. 		templatePath = "download.audio.html"

  185. 	case strings.HasPrefix(contentType, "text/"):

  186. 		templatePath = "download.markdown.html"

  187. 

  188. 		var reader io.ReadCloser

  189. 		if reader, _, err = s.storage.Get(token, filename); err != nil {

  190. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  191. 			return

  192. 		}

  193. 

  194. 		var data []byte

  195. 		data = make([]byte, _5M)

  196. 		if _, err = reader.Read(data); err != io.EOF && err != nil {

  197. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  198. 			return

  199. 		}

  200. 

  201. 		if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {

  202. 			unsafe := blackfriday.Run(data)

  203. 			output := bluemonday.UGCPolicy().SanitizeBytes(unsafe)

  204. 			content = html_template.HTML(output)

  205. 		} else if strings.HasPrefix(contentType, "text/plain") {

  206. 			content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))

  207. 		} else {

  208. 			templatePath = "download.sandbox.html"

  209. 		}

  210. 

  211. 	default:

  212. 		templatePath = "download.html"

  213. 	}

  214. 

  215. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  216. 	resolvedURL := resolveURL(r, relativeURL)

  217. 	relativeURLGet, _ := url.Parse(path.Join(s.proxyPath, "get", token, filename))

  218. 	resolvedURLGet := resolveURL(r, relativeURLGet)

  219. 	var png []byte

  220. 	png, err = qrcode.Encode(resolvedURL, qrcode.High, 150)

  221. 	if err != nil {

  222. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  223. 		return

  224. 	}

  225. 

  226. 	qrCode := base64.StdEncoding.EncodeToString(png)

  227. 

  228. 	hostname := getURL(r).Host

  229. 	webAddress := resolveWebAddress(r, s.proxyPath)

  230. 

  231. 	data := struct {

  232. 		ContentType   string

  233. 		Content       html_template.HTML

  234. 		Filename      string

  235. 		Url           string

  236. 		UrlGet        string

  237. 		Hostname      string

  238. 		WebAddress    string

  239. 		ContentLength int64

  240. 		GAKey         string

  241. 		UserVoiceKey  string

  242. 		QRCode        string

  243. 	}{

  244. 		contentType,

  245. 		content,

  246. 		filename,

  247. 		resolvedURL,

  248. 		resolvedURLGet,

  249. 		hostname,

  250. 		webAddress,

  251. 		metadata.ContentLength,

  252. 		s.gaKey,

  253. 		s.userVoiceKey,

  254. 		qrCode,

  255. 	}

  256. 

  257. 	if err := htmlTemplates.ExecuteTemplate(w, templatePath, data); err != nil {

  258. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  259. 		return

  260. 	}

  261. 

  262. }

  263. 

  264. // this handler will output html or text, depending on the support of the client (Accept header).

  265. func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {

  266. 	// vars := mux.Vars(r)

  267. 

  268. 	hostname := getURL(r).Host

  269. 	webAddress := resolveWebAddress(r, s.proxyPath)

  270. 

  271. 	data := struct {

  272. 		Hostname     string

  273. 		WebAddress   string

  274. 		GAKey        string

  275. 		UserVoiceKey string

  276. 	}{

  277. 		hostname,

  278. 		webAddress,

  279. 		s.gaKey,

  280. 		s.userVoiceKey,

  281. 	}

  282. 

  283. 	if acceptsHTML(r.Header) {

  284. 		if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {

  285. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  286. 			return

  287. 		}

  288. 	} else {

  289. 		if err := textTemplates.ExecuteTemplate(w, "index.txt", data); err != nil {

  290. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  291. 			return

  292. 		}

  293. 	}

  294. }

  295. 

  296. func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {

  297. 	http.Error(w, http.StatusText(404), 404)

  298. }

  299. 

  300. func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

  301. 	if err := r.ParseMultipartForm(_24K); nil != err {

  302. 		log.Printf("%s", err.Error())

  303. 		http.Error(w, "Error occurred copying to output stream", 500)

  304. 		return

  305. 	}

  306. 

  307. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  308. 

  309. 	w.Header().Set("Content-Type", "text/plain")

  310. 

  311. 	for _, fheaders := range r.MultipartForm.File {

  312. 		for _, fheader := range fheaders {

  313. 			filename := sanitize(fheader.Filename)

  314. 			contentType := fheader.Header.Get("Content-Type")

  315. 

  316. 			if contentType == "" {

  317. 				contentType = mime.TypeByExtension(filepath.Ext(fheader.Filename))

  318. 			}

  319. 

  320. 			var f io.Reader

  321. 			var err error

  322. 

  323. 			if f, err = fheader.Open(); err != nil {

  324. 				log.Printf("%s", err.Error())

  325. 				http.Error(w, err.Error(), 500)

  326. 				return

  327. 			}

  328. 

  329. 			var b bytes.Buffer

  330. 

  331. 			n, err := io.CopyN(&b, f, _24K+1)

  332. 			if err != nil && err != io.EOF {

  333. 				log.Printf("%s", err.Error())

  334. 				http.Error(w, err.Error(), 500)

  335. 				return

  336. 			}

  337. 

  338. 			var file *os.File

  339. 			var reader io.Reader

  340. 

  341. 			if n > _24K {

  342. 				file, err = ioutil.TempFile(s.tempPath, "transfer-")

  343. 				if err != nil {

  344. 					log.Fatal(err)

  345. 				}

  346. 

  347. 				defer cleanTmpFile(file)

  348. 

  349. 				n, err = io.Copy(file, io.MultiReader(&b, f))

  350. 				if err != nil {

  351. 					log.Printf("%s", err.Error())

  352. 					http.Error(w, err.Error(), 500)

  353. 					return

  354. 				}

  355. 

  356. 				reader, err = os.Open(file.Name())

  357. 			} else {

  358. 				reader = bytes.NewReader(b.Bytes())

  359. 			}

  360. 

  361. 			metadata := s.metadataForRequest(contentType, n, r)

  362. 

  363. 			log.Printf("Uploading %s %s %d %s", token, filename, metadata.ContentLength, metadata.ContentType)

  364. 

  365. 			if err = s.storage.Put(token, filename, reader, metadata); err != nil {

  366. 				log.Printf("Backend storage error: %s", err.Error())

  367. 				http.Error(w, err.Error(), 500)

  368. 				return

  369. 

  370. 			}

  371. 

  372. 			filename = url.PathEscape(filename)

  373. 			relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  374. 			_, _ = fmt.Fprintln(w, getURL(r).ResolveReference(relativeURL).String())

  375. 		}

  376. 	}

  377. }

  378. 

  379. func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {

  380. 	vars := mux.Vars(r)

  381. 

  382. 	filename := sanitize(vars["filename"])

  383. 

  384. 	contentLength := r.ContentLength

  385. 

  386. 	var reader io.Reader

  387. 

  388. 	reader = r.Body

  389. 

  390. 	defer r.Body.Close()

  391. 

  392. 	if contentLength == -1 {

  393. 		// queue file to disk, because s3 needs content length

  394. 		var err error

  395. 		var f io.Reader

  396. 

  397. 		f = reader

  398. 

  399. 		var b bytes.Buffer

  400. 

  401. 		n, err := io.CopyN(&b, f, _24K+1)

  402. 		if err != nil && err != io.EOF {

  403. 			log.Printf("Error putting new file: %s", err.Error())

  404. 			http.Error(w, err.Error(), 500)

  405. 			return

  406. 		}

  407. 

  408. 		var file *os.File

  409. 

  410. 		if n > _24K {

  411. 			file, err = ioutil.TempFile(s.tempPath, "transfer-")

  412. 			if err != nil {

  413. 				log.Printf("%s", err.Error())

  414. 				http.Error(w, err.Error(), 500)

  415. 				return

  416. 			}

  417. 

  418. 			defer cleanTmpFile(file)

  419. 

  420. 			n, err = io.Copy(file, io.MultiReader(&b, f))

  421. 			if err != nil {

  422. 				log.Printf("%s", err.Error())

  423. 				http.Error(w, err.Error(), 500)

  424. 				return

  425. 			}

  426. 

  427. 			reader, err = os.Open(file.Name())

  428. 		} else {

  429. 			reader = bytes.NewReader(b.Bytes())

  430. 		}

  431. 

  432. 		contentLength = n

  433. 	}

  434. 

  435. 	if contentLength == 0 {

  436. 		log.Print("Empty content-length")

  437. 		http.Error(w, errors.New("could not upload empty file").Error(), 400)

  438. 		return

  439. 	}

  440. 

  441. 	contentType := r.Header.Get("Content-Type")

  442. 

  443. 	if contentType == "" {

  444. 		contentType = mime.TypeByExtension(filepath.Ext(vars["filename"]))

  445. 	}

  446. 

  447. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  448. 

  449. 	metadata := s.metadataForRequest(contentType, contentLength, r)

  450. 

  451. 	log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  452. 

  453. 	var err error

  454. 

  455. 	if err = s.storage.Put(token, filename, reader, metadata); err != nil {

  456. 		log.Printf("Error putting new file: %s", err.Error())

  457. 		http.Error(w, errors.New("could not save file").Error(), 500)

  458. 		return

  459. 	}

  460. 

  461. 	// w.Statuscode = 200

  462. 

  463. 	w.Header().Set("Content-Type", "text/plain")

  464. 

  465. 	filename = url.PathEscape(filename)

  466. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  467. 	deleteURL, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken))

  468. 

  469. 	w.Header().Set("X-Url-Delete", resolveURL(r, deleteURL))

  470. 

  471. 	_, _ = fmt.Fprint(w, resolveURL(r, relativeURL))

  472. }

  473. 

  474. func (s *Server) deleteHandler(w http.ResponseWriter, r *http.Request) {

  475. 	vars := mux.Vars(r)

  476. 

  477. 	token := vars["token"]

  478. 	filename := vars["filename"]

  479. 	deletionToken := vars["deletionToken"]

  480. 

  481. 	if err := s.checkDeletionToken(deletionToken, token, filename); err != nil {

  482. 		log.Printf("Error metadata: %s", err.Error())

  483. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  484. 		return

  485. 	}

  486. 

  487. 	err := s.storage.Delete(token, filename)

  488. 	if s.storage.IsNotExist(err) {

  489. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  490. 		return

  491. 	} else if err != nil {

  492. 		log.Printf("%s", err.Error())

  493. 		http.Error(w, "Could not delete file.", 500)

  494. 		return

  495. 	}

  496. }

  497. 

  498. func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {

  499. 	vars := mux.Vars(r)

  500. 

  501. 	files := vars["files"]

  502. 

  503. 	zipfilename := fmt.Sprintf("transfersh-%d.zip", uint16(time.Now().UnixNano()))

  504. 

  505. 	w.Header().Set("Content-Type", "application/zip")

  506. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", zipfilename))

  507. 	w.Header().Set("Connection", "close")

  508. 

  509. 	zw := zip.NewWriter(w)

  510. 

  511. 	for _, key := range strings.Split(files, ",") {

  512. 		key = resolveKey(key, s.proxyPath)

  513. 

  514. 		token := strings.Split(key, "/")[0]

  515. 		filename := sanitize(strings.Split(key, "/")[1])

  516. 

  517. 		if _, err := s.checkMetadata(token, filename, true); err != nil {

  518. 			log.Printf("Error metadata: %s", err.Error())

  519. 			continue

  520. 		}

  521. 

  522. 		reader, _, err := s.storage.Get(token, filename)

  523. 

  524. 		if err != nil {

  525. 			if s.storage.IsNotExist(err) {

  526. 				http.Error(w, "File not found", 404)

  527. 				return

  528. 			} else {

  529. 				log.Printf("%s", err.Error())

  530. 				http.Error(w, "Could not retrieve file.", 500)

  531. 				return

  532. 			}

  533. 		}

  534. 

  535. 		defer reader.Close()

  536. 

  537. 		header := &zip.FileHeader{

  538. 			Name:     strings.Split(key, "/")[1],

  539. 			Method:   zip.Store,

  540. 			Modified: time.Now(),

  541. 		}

  542. 

  543. 		fw, err := zw.CreateHeader(header)

  544. 

  545. 		if err != nil {

  546. 			log.Printf("%s", err.Error())

  547. 			http.Error(w, "Internal server error.", 500)

  548. 			return

  549. 		}

  550. 

  551. 		if _, err = io.Copy(fw, reader); err != nil {

  552. 			log.Printf("%s", err.Error())

  553. 			http.Error(w, "Internal server error.", 500)

  554. 			return

  555. 		}

  556. 	}

  557. 

  558. 	if err := zw.Close(); err != nil {

  559. 		log.Printf("%s", err.Error())

  560. 		http.Error(w, "Internal server error.", 500)

  561. 		return

  562. 	}

  563. }

  564. 

  565. func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {

  566. 	vars := mux.Vars(r)

  567. 

  568. 	files := vars["files"]

  569. 

  570. 	tarfilename := fmt.Sprintf("transfersh-%d.tar.gz", uint16(time.Now().UnixNano()))

  571. 

  572. 	w.Header().Set("Content-Type", "application/x-gzip")

  573. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  574. 	w.Header().Set("Connection", "close")

  575. 

  576. 	writer := gzip.NewWriter(w)

  577. 	defer writer.Close()

  578. 

  579. 	zw := tar.NewWriter(writer)

  580. 	defer zw.Close()

  581. 

  582. 	for _, key := range strings.Split(files, ",") {

  583. 		key = resolveKey(key, s.proxyPath)

  584. 

  585. 		token := strings.Split(key, "/")[0]

  586. 		filename := sanitize(strings.Split(key, "/")[1])

  587. 

  588. 		if _, err := s.checkMetadata(token, filename, true); err != nil {

  589. 			log.Printf("Error metadata: %s", err.Error())

  590. 			continue

  591. 		}

  592. 

  593. 		reader, metadata, err := s.storage.Get(token, filename)

  594. 		if err != nil {

  595. 			if s.storage.IsNotExist(err) {

  596. 				http.Error(w, "File not found", 404)

  597. 				return

  598. 			} else {

  599. 				log.Printf("%s", err.Error())

  600. 				http.Error(w, "Could not retrieve file.", 500)

  601. 				return

  602. 			}

  603. 		}

  604. 

  605. 		defer reader.Close()

  606. 

  607. 		header := &tar.Header{

  608. 			Name: strings.Split(key, "/")[1],

  609. 			Size: metadata.ContentLength,

  610. 		}

  611. 

  612. 		err = zw.WriteHeader(header)

  613. 		if err != nil {

  614. 			log.Printf("%s", err.Error())

  615. 			http.Error(w, "Internal server error.", 500)

  616. 			return

  617. 		}

  618. 

  619. 		if _, err = io.Copy(zw, reader); err != nil {

  620. 			log.Printf("%s", err.Error())

  621. 			http.Error(w, "Internal server error.", 500)

  622. 			return

  623. 		}

  624. 	}

  625. }

  626. 

  627. func (s *Server) tarHandler(w http.ResponseWriter, r *http.Request) {

  628. 	vars := mux.Vars(r)

  629. 

  630. 	files := vars["files"]

  631. 

  632. 	tarfilename := fmt.Sprintf("transfersh-%d.tar", uint16(time.Now().UnixNano()))

  633. 

  634. 	w.Header().Set("Content-Type", "application/x-tar")

  635. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  636. 	w.Header().Set("Connection", "close")

  637. 

  638. 	zw := tar.NewWriter(w)

  639. 	defer zw.Close()

  640. 

  641. 	for _, key := range strings.Split(files, ",") {

  642. 		key = resolveKey(key, s.proxyPath)

  643. 

  644. 		token := strings.Split(key, "/")[0]

  645. 		filename := strings.Split(key, "/")[1]

  646. 

  647. 		if _, err := s.checkMetadata(token, filename, true); err != nil {

  648. 			log.Printf("Error metadata: %s", err.Error())

  649. 			continue

  650. 		}

  651. 

  652. 		reader, metadata, err := s.storage.Get(token, filename)

  653. 		if err != nil {

  654. 			if s.storage.IsNotExist(err) {

  655. 				http.Error(w, "File not found", 404)

  656. 				return

  657. 			} else {

  658. 				log.Printf("%s", err.Error())

  659. 				http.Error(w, "Could not retrieve file.", 500)

  660. 				return

  661. 			}

  662. 		}

  663. 

  664. 		defer reader.Close()

  665. 

  666. 		header := &tar.Header{

  667. 			Name: strings.Split(key, "/")[1],

  668. 			Size: metadata.ContentLength,

  669. 		}

  670. 

  671. 		err = zw.WriteHeader(header)

  672. 		if err != nil {

  673. 			log.Printf("%s", err.Error())

  674. 			http.Error(w, "Internal server error.", 500)

  675. 			return

  676. 		}

  677. 

  678. 		if _, err = io.Copy(zw, reader); err != nil {

  679. 			log.Printf("%s", err.Error())

  680. 			http.Error(w, "Internal server error.", 500)

  681. 			return

  682. 		}

  683. 	}

  684. }

  685. 

  686. func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {

  687. 	vars := mux.Vars(r)

  688. 

  689. 	token := vars["token"]

  690. 	filename := vars["filename"]

  691. 

  692. 	metadata, err := s.checkMetadata(token, filename, false)

  693. 

  694. 	if err != nil {

  695. 		log.Printf("Error metadata: %s", err.Error())

  696. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  697. 		return

  698. 	}

  699. 

  700. 	if s.storage.IsNotExist(err) {

  701. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  702. 		return

  703. 	} else if err != nil {

  704. 		log.Printf("%s", err.Error())

  705. 		http.Error(w, "Could not retrieve file.", 500)

  706. 		return

  707. 	}

  708. 

  709. 	remainingDownloads, remainingDays := metadata.RemainingLimitHeaderValues()

  710. 

  711. 	w.Header().Set("Content-Type", metadata.ContentType)

  712. 	w.Header().Set("Content-Length", strconv.FormatInt(metadata.ContentLength, 10))

  713. 	w.Header().Set("Connection", "close")

  714. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  715. 	w.Header().Set("X-Remaining-Days", remainingDays)

  716. }

  717. 

  718. func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

  719. 	vars := mux.Vars(r)

  720. 

  721. 	action := vars["action"]

  722. 	token := vars["token"]

  723. 	filename := vars["filename"]

  724. 

  725. 	metadata, err := s.checkMetadata(token, filename, true)

  726. 

  727. 	if err != nil {

  728. 		log.Printf("Error metadata: %s", err.Error())

  729. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  730. 		return

  731. 	}

  732. 

  733. 	reader, _, err := s.storage.Get(token, filename)

  734. 	if s.storage.IsNotExist(err) {

  735. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  736. 		return

  737. 	} else if err != nil {

  738. 		log.Printf("%s", err.Error())

  739. 		http.Error(w, "Could not retrieve file.", 500)

  740. 		return

  741. 	}

  742. 

  743. 	defer reader.Close()

  744. 

  745. 	var disposition string

  746. 

  747. 	if action == "inline" {

  748. 		disposition = "inline"

  749. 	} else {

  750. 		disposition = "attachment"

  751. 	}

  752. 

  753. 	remainingDownloads, remainingDays := metadata.RemainingLimitHeaderValues()

  754. 

  755. 	w.Header().Set("Content-Type", metadata.ContentType)

  756. 	w.Header().Set("Content-Length", strconv.FormatInt(metadata.ContentLength, 10))

  757. 	w.Header().Set("Content-Disposition", fmt.Sprintf("%s; filename=\"%s\"", disposition, filename))

  758. 	w.Header().Set("Connection", "keep-alive")

  759. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  760. 	w.Header().Set("X-Remaining-Days", remainingDays)

  761. 

  762. 	if w.Header().Get("Range") == "" {

  763. 		if _, err = io.Copy(w, reader); err != nil {

  764. 			log.Printf("%s", err.Error())

  765. 			http.Error(w, "Error occurred copying to output stream", 500)

  766. 			return

  767. 		}

  768. 

  769. 		return

  770. 	}

  771. 

  772. 	file, err := ioutil.TempFile(s.tempPath, "range-")

  773. 	if err != nil {

  774. 		log.Printf("%s", err.Error())

  775. 		http.Error(w, "Error occurred copying to output stream", 500)

  776. 		return

  777. 	}

  778. 

  779. 	defer cleanTmpFile(file)

  780. 

  781. 	tee := io.TeeReader(reader, file)

  782. 	for {

  783. 		b := make([]byte, _5M)

  784. 		_, err = tee.Read(b)

  785. 		if err == io.EOF {

  786. 			break

  787. 		}

  788. 

  789. 		if err != nil {

  790. 			log.Printf("%s", err.Error())

  791. 			http.Error(w, "Error occurred copying to output stream", 500)

  792. 			return

  793. 		}

  794. 	}

  795. 

  796. 	http.ServeContent(w, r, filename, time.Now(), file)

  797. }

  798. 

  799. func (s *Server) metadataForRequest(contentType string, contentLength int64, r *http.Request) storage.Metadata {

  800. 	metadata := storage.Metadata{

  801. 		ContentType:   contentType,

  802. 		ContentLength: contentLength,

  803. 		MaxDate:       time.Now().Add(s.lifetime),

  804. 		Downloads:     0,

  805. 		MaxDownloads:  -1,

  806. 		DeletionToken: Encode(10000000+int64(rand.Intn(1000000000))) + Encode(10000000+int64(rand.Intn(1000000000))),

  807. 	}

  808. 

  809. 	if v := r.Header.Get("Max-Downloads"); v == "" {

  810. 	} else if v, err := strconv.Atoi(v); err != nil {

  811. 	} else {

  812. 		metadata.MaxDownloads = v

  813. 	}

  814. 

  815. 	if maxDays := r.Header.Get("Max-Days"); maxDays != "" {

  816. 		v, err := strconv.Atoi(maxDays)

  817. 		if err != nil {

  818. 			return metadata

  819. 		}

  820. 		metadata.MaxDate = time.Now().Add(time.Hour * 24 * time.Duration(v))

  821. 	}

  822. 	return metadata

  823. }

  824. 

  825. func (s *Server) checkMetadata(token, filename string, increaseDownload bool) (metadata storage.Metadata, err error) {

  826. 	s.Lock(token, filename)

  827. 	defer s.Unlock(token, filename)

  828. 

  829. 	metadata, err = s.storage.Head(token, filename)

  830. 	if s.storage.IsNotExist(err) {

  831. 		return metadata, nil

  832. 	} else if err != nil {

  833. 		return metadata, err

  834. 	}

  835. 

  836. 	if metadata.MaxDownloads != -1 && metadata.Downloads >= metadata.MaxDownloads {

  837. 		return metadata, errors.New("max downloads exceeded")

  838. 	} else if !metadata.MaxDate.IsZero() && time.Now().After(metadata.MaxDate) {

  839. 		return metadata, errors.New("file access expired")

  840. 	} else {

  841. 

  842. 		// update number of downloads

  843. 		if increaseDownload {

  844. 			metadata.Downloads++

  845. 		}

  846. 

  847. 		if err := s.storage.Meta(token, filename, metadata); err != nil {

  848. 			return metadata, errors.New("could not save metadata")

  849. 		}

  850. 	}

  851. 

  852. 	return metadata, nil

  853. }

  854. 

  855. func (s *Server) checkDeletionToken(deletionToken, token, filename string) error {

  856. 	s.Lock(token, filename)

  857. 	defer s.Unlock(token, filename)

  858. 

  859. 	metadata, err := s.storage.Head(token, filename)

  860. 	if s.storage.IsNotExist(err) {

  861. 		return nil

  862. 	}

  863. 	if err != nil {

  864. 		return err

  865. 	}

  866. 

  867. 	if metadata.DeletionToken != deletionToken {

  868. 		return errors.New("deletion token does not match")

  869. 	}

  870. 

  871. 	return nil

  872. }

  873. 

  874. func (s *Server) Lock(token, filename string) {

  875. 	key := path.Join(token, filename)

  876. 

  877. 	if _, ok := s.locks[key]; !ok {

  878. 		s.locks[key] = &sync.Mutex{}

  879. 	}

  880. 

  881. 	s.locks[key].Lock()

  882. }

  883. 

  884. func (s *Server) Unlock(token, filename string) {

  885. 	key := path.Join(token, filename)

  886. 	s.locks[key].Unlock()

  887. }