kiska
/
transfer.sh
1
0
Rozštěpit 2
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 11 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
406 Revize
9 Větve
34 MiB
 
 
 
Strom: 9a2fb917b7
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „9a2fb917b7“
${ noResults }
transfer.sh/server/handlers.go

1007 řádky
25 KiB
Surový Blame Historie 

  1. /*

  2. The MIT License (MIT)

  3. 

  4. Copyright (c) 2014-2017 DutchCoders [https://github.com/dutchcoders/]

  5. 

  6. Permission is hereby granted, free of charge, to any person obtaining a copy

  7. of this software and associated documentation files (the "Software"), to deal

  8. in the Software without restriction, including without limitation the rights

  9. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  10. copies of the Software, and to permit persons to whom the Software is

  11. furnished to do so, subject to the following conditions:

  12. 

  13. The above copyright notice and this permission notice shall be included in

  14. all copies or substantial portions of the Software.

  15. 

  16. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  17. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  18. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  19. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  20. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  21. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

  22. THE SOFTWARE.

  23. */

  24. 

  25. package server

  26. 

  27. import (

  28. 	// _ "transfer.sh/app/handlers"

  29. 	// _ "transfer.sh/app/utils"

  30. 

  31. 	"archive/tar"

  32. 	"archive/zip"

  33. 	"bytes"

  34. 	"compress/gzip"

  35. 	"errors"

  36. 	"fmt"

  37. 	blackfriday "github.com/russross/blackfriday/v2"

  38. 	"html"

  39. 	html_template "html/template"

  40. 	"io"

  41. 	"io/ioutil"

  42. 	"log"

  43. 	"math/rand"

  44. 	"mime"

  45. 	"net/http"

  46. 	"net/url"

  47. 	"os"

  48. 	"path"

  49. 	"path/filepath"

  50. 	"strconv"

  51. 	"strings"

  52. 	"sync"

  53. 	text_template "text/template"

  54. 	"time"

  55. 

  56. 	"net"

  57. 

  58. 	"encoding/base64"

  59. 	web "github.com/dutchcoders/transfer.sh-web"

  60. 	"github.com/gorilla/mux"

  61. 	"github.com/microcosm-cc/bluemonday"

  62. 	"github.com/skip2/go-qrcode"

  63. )

  64. 

  65. const getPathPart = "get"

  66. 

  67. var (

  68. 	htmlTemplates = initHTMLTemplates()

  69. 	textTemplates = initTextTemplates()

  70. )

  71. 

  72. func stripPrefix(path string) string {

  73. 	return strings.Replace(path, web.Prefix+"/", "", -1)

  74. }

  75. 

  76. func initTextTemplates() *text_template.Template {

  77. 	templateMap := text_template.FuncMap{"format": formatNumber}

  78. 

  79. 	// Templates with functions available to them

  80. 	var templates = text_template.New("").Funcs(templateMap)

  81. 	return templates

  82. }

  83. 

  84. func initHTMLTemplates() *html_template.Template {

  85. 	templateMap := html_template.FuncMap{"format": formatNumber}

  86. 

  87. 	// Templates with functions available to them

  88. 	var templates = html_template.New("").Funcs(templateMap)

  89. 

  90. 	return templates

  91. }

  92. 

  93. func healthHandler(w http.ResponseWriter, r *http.Request) {

  94. 	_, _ = w.Write([]byte("Approaching Neutral Zone, all systems normal and functioning."))

  95. }

  96. 

  97. /* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */

  98. func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {

  99. 	vars := mux.Vars(r)

  100. 

  101. 	token := vars["token"]

  102. 	filename := vars["filename"]

  103. 

  104. 	metadata, err := s.CheckMetadata(token, filename, false)

  105. 

  106. 	if err != nil {

  107. 		log.Printf("Error metadata: %s", err.Error())

  108. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  109. 		return

  110. 	}

  111. 

  112. 	contentType := metadata.ContentType

  113. 

  114. 	var templatePath string

  115. 	var content html_template.HTML

  116. 

  117. 	switch {

  118. 	case strings.HasPrefix(contentType, "image/"):

  119. 		templatePath = "download.image.html"

  120. 	case strings.HasPrefix(contentType, "video/"):

  121. 		templatePath = "download.video.html"

  122. 	case strings.HasPrefix(contentType, "audio/"):

  123. 		templatePath = "download.audio.html"

  124. 	case strings.HasPrefix(contentType, "text/"):

  125. 		templatePath = "download.markdown.html"

  126. 

  127. 		var reader io.ReadCloser

  128. 		if reader, _, err = s.storage.Get(token, filename); err != nil {

  129. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  130. 			return

  131. 		}

  132. 

  133. 		var data []byte

  134. 		data = make([]byte, _5M)

  135. 		if _, err = reader.Read(data); err != io.EOF && err != nil {

  136. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  137. 			return

  138. 		}

  139. 

  140. 		if strings.HasPrefix(contentType, "text/x-markdown") || strings.HasPrefix(contentType, "text/markdown") {

  141. 			unsafe := blackfriday.Run(data)

  142. 			output := bluemonday.UGCPolicy().SanitizeBytes(unsafe)

  143. 			content = html_template.HTML(output)

  144. 		} else if strings.HasPrefix(contentType, "text/plain") {

  145. 			content = html_template.HTML(fmt.Sprintf("<pre>%s</pre>", html.EscapeString(string(data))))

  146. 		} else {

  147. 			templatePath = "download.sandbox.html"

  148. 		}

  149. 

  150. 	default:

  151. 		templatePath = "download.html"

  152. 	}

  153. 

  154. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  155. 	resolvedURL := resolveURL(r, relativeURL)

  156. 	relativeURLGet, _ := url.Parse(path.Join(s.proxyPath, getPathPart, token, filename))

  157. 	resolvedURLGet := resolveURL(r, relativeURLGet)

  158. 	var png []byte

  159. 	png, err = qrcode.Encode(resolvedURL, qrcode.High, 150)

  160. 	if err != nil {

  161. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  162. 		return

  163. 	}

  164. 

  165. 	qrCode := base64.StdEncoding.EncodeToString(png)

  166. 

  167. 	hostname := getURL(r).Host

  168. 	webAddress := resolveWebAddress(r, s.proxyPath)

  169. 

  170. 	data := struct {

  171. 		ContentType   string

  172. 		Content       html_template.HTML

  173. 		Filename      string

  174. 		Url           string

  175. 		UrlGet        string

  176. 		Hostname      string

  177. 		WebAddress    string

  178. 		ContentLength int64

  179. 		GAKey         string

  180. 		UserVoiceKey  string

  181. 		QRCode        string

  182. 	}{

  183. 		contentType,

  184. 		content,

  185. 		filename,

  186. 		resolvedURL,

  187. 		resolvedURLGet,

  188. 		hostname,

  189. 		webAddress,

  190. 		metadata.ContentLength,

  191. 		s.gaKey,

  192. 		s.userVoiceKey,

  193. 		qrCode,

  194. 	}

  195. 

  196. 	if err := htmlTemplates.ExecuteTemplate(w, templatePath, data); err != nil {

  197. 		http.Error(w, err.Error(), http.StatusInternalServerError)

  198. 		return

  199. 	}

  200. 

  201. }

  202. 

  203. // this handler will output html or text, depending on the

  204. // support of the client (Accept header).

  205. 

  206. func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {

  207. 	// vars := mux.Vars(r)

  208. 

  209. 	hostname := getURL(r).Host

  210. 	webAddress := resolveWebAddress(r, s.proxyPath)

  211. 

  212. 	data := struct {

  213. 		Hostname     string

  214. 		WebAddress   string

  215. 		GAKey        string

  216. 		UserVoiceKey string

  217. 	}{

  218. 		hostname,

  219. 		webAddress,

  220. 		s.gaKey,

  221. 		s.userVoiceKey,

  222. 	}

  223. 

  224. 	if acceptsHTML(r.Header) {

  225. 		if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {

  226. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  227. 			return

  228. 		}

  229. 	} else {

  230. 		if err := textTemplates.ExecuteTemplate(w, "index.txt", data); err != nil {

  231. 			http.Error(w, err.Error(), http.StatusInternalServerError)

  232. 			return

  233. 		}

  234. 	}

  235. }

  236. 

  237. func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {

  238. 	http.Error(w, http.StatusText(404), 404)

  239. }

  240. 

  241. func sanitize(fileName string) string {

  242. 	return path.Clean(path.Base(fileName))

  243. }

  244. 

  245. func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

  246. 	if err := r.ParseMultipartForm(_24K); nil != err {

  247. 		log.Printf("%s", err.Error())

  248. 		http.Error(w, "Error occurred copying to output stream", 500)

  249. 		return

  250. 	}

  251. 

  252. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  253. 

  254. 	w.Header().Set("Content-Type", "text/plain")

  255. 

  256. 	for _, fheaders := range r.MultipartForm.File {

  257. 		for _, fheader := range fheaders {

  258. 			filename := sanitize(fheader.Filename)

  259. 			contentType := fheader.Header.Get("Content-Type")

  260. 

  261. 			if contentType == "" {

  262. 				contentType = mime.TypeByExtension(filepath.Ext(fheader.Filename))

  263. 			}

  264. 

  265. 			var f io.Reader

  266. 			var err error

  267. 

  268. 			if f, err = fheader.Open(); err != nil {

  269. 				log.Printf("%s", err.Error())

  270. 				http.Error(w, err.Error(), 500)

  271. 				return

  272. 			}

  273. 

  274. 			var b bytes.Buffer

  275. 

  276. 			n, err := io.CopyN(&b, f, _24K+1)

  277. 			if err != nil && err != io.EOF {

  278. 				log.Printf("%s", err.Error())

  279. 				http.Error(w, err.Error(), 500)

  280. 				return

  281. 			}

  282. 

  283. 			var file *os.File

  284. 			var reader io.Reader

  285. 

  286. 			if n > _24K {

  287. 				file, err = ioutil.TempFile(s.tempPath, "transfer-")

  288. 				if err != nil {

  289. 					log.Fatal(err)

  290. 				}

  291. 

  292. 				defer cleanTmpFile(file)

  293. 

  294. 				n, err = io.Copy(file, io.MultiReader(&b, f))

  295. 				if err != nil {

  296. 					log.Printf("%s", err.Error())

  297. 					http.Error(w, err.Error(), 500)

  298. 					return

  299. 				}

  300. 

  301. 				reader, err = os.Open(file.Name())

  302. 			} else {

  303. 				reader = bytes.NewReader(b.Bytes())

  304. 			}

  305. 

  306. 			metadata := s.metadataForRequest(contentType, n, r)

  307. 

  308. 			log.Printf("Uploading %s %s %d %s", token, filename, metadata.ContentLength, metadata.ContentType)

  309. 

  310. 			if err = s.storage.Put(token, filename, reader, metadata); err != nil {

  311. 				log.Printf("Backend storage error: %s", err.Error())

  312. 				http.Error(w, err.Error(), 500)

  313. 				return

  314. 

  315. 			}

  316. 

  317. 			filename = url.PathEscape(filename)

  318. 			relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  319. 			_, _ = fmt.Fprintln(w, getURL(r).ResolveReference(relativeURL).String())

  320. 		}

  321. 	}

  322. }

  323. 

  324. func cleanTmpFile(f *os.File) {

  325. 	if f != nil {

  326. 		err := f.Close()

  327. 		if err != nil {

  328. 			log.Printf("Error closing tmpfile: %s (%s)", err, f.Name())

  329. 		}

  330. 

  331. 		err = os.Remove(f.Name())

  332. 		if err != nil {

  333. 			log.Printf("Error removing tmpfile: %s (%s)", err, f.Name())

  334. 		}

  335. 	}

  336. }

  337. 

  338. func (s *Server) metadataForRequest(contentType string, contentLength int64, r *http.Request) Metadata {

  339. 	metadata := Metadata{

  340. 		ContentType:   contentType,

  341. 		ContentLength: contentLength,

  342. 		MaxDate:       time.Now().Add(s.lifetime),

  343. 		Downloads:     0,

  344. 		MaxDownloads:  -1,

  345. 		DeletionToken: Encode(10000000+int64(rand.Intn(1000000000))) + Encode(10000000+int64(rand.Intn(1000000000))),

  346. 	}

  347. 

  348. 	if v := r.Header.Get("Max-Downloads"); v == "" {

  349. 	} else if v, err := strconv.Atoi(v); err != nil {

  350. 	} else {

  351. 		metadata.MaxDownloads = v

  352. 	}

  353. 

  354. 	if maxDays := r.Header.Get("Max-Days"); maxDays != "" {

  355. 		v, err := strconv.Atoi(maxDays)

  356. 		if err != nil {

  357. 			return metadata

  358. 		}

  359. 		metadata.MaxDate = time.Now().Add(time.Hour * 24 * time.Duration(v))

  360. 	}

  361. 	return metadata

  362. }

  363. 

  364. func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {

  365. 	vars := mux.Vars(r)

  366. 

  367. 	filename := sanitize(vars["filename"])

  368. 

  369. 	contentLength := r.ContentLength

  370. 

  371. 	var reader io.Reader

  372. 

  373. 	reader = r.Body

  374. 

  375. 	defer r.Body.Close()

  376. 

  377. 	if contentLength == -1 {

  378. 		// queue file to disk, because s3 needs content length

  379. 		var err error

  380. 		var f io.Reader

  381. 

  382. 		f = reader

  383. 

  384. 		var b bytes.Buffer

  385. 

  386. 		n, err := io.CopyN(&b, f, _24K+1)

  387. 		if err != nil && err != io.EOF {

  388. 			log.Printf("Error putting new file: %s", err.Error())

  389. 			http.Error(w, err.Error(), 500)

  390. 			return

  391. 		}

  392. 

  393. 		var file *os.File

  394. 

  395. 		if n > _24K {

  396. 			file, err = ioutil.TempFile(s.tempPath, "transfer-")

  397. 			if err != nil {

  398. 				log.Printf("%s", err.Error())

  399. 				http.Error(w, err.Error(), 500)

  400. 				return

  401. 			}

  402. 

  403. 			defer cleanTmpFile(file)

  404. 

  405. 			n, err = io.Copy(file, io.MultiReader(&b, f))

  406. 			if err != nil {

  407. 				log.Printf("%s", err.Error())

  408. 				http.Error(w, err.Error(), 500)

  409. 				return

  410. 			}

  411. 

  412. 			reader, err = os.Open(file.Name())

  413. 		} else {

  414. 			reader = bytes.NewReader(b.Bytes())

  415. 		}

  416. 

  417. 		contentLength = n

  418. 	}

  419. 

  420. 	if contentLength == 0 {

  421. 		log.Print("Empty content-length")

  422. 		http.Error(w, errors.New("Could not upload empty file").Error(), 400)

  423. 		return

  424. 	}

  425. 

  426. 	contentType := r.Header.Get("Content-Type")

  427. 

  428. 	if contentType == "" {

  429. 		contentType = mime.TypeByExtension(filepath.Ext(vars["filename"]))

  430. 	}

  431. 

  432. 	token := Encode(10000000 + int64(rand.Intn(1000000000)))

  433. 

  434. 	metadata := s.metadataForRequest(contentType, contentLength, r)

  435. 

  436. 	log.Printf("Uploading %s %s %d %s", token, filename, contentLength, contentType)

  437. 

  438. 	var err error

  439. 

  440. 	if err = s.storage.Put(token, filename, reader, metadata); err != nil {

  441. 		log.Printf("Error putting new file: %s", err.Error())

  442. 		http.Error(w, errors.New("Could not save file").Error(), 500)

  443. 		return

  444. 	}

  445. 

  446. 	// w.Statuscode = 200

  447. 

  448. 	w.Header().Set("Content-Type", "text/plain")

  449. 

  450. 	filename = url.PathEscape(filename)

  451. 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))

  452. 	deleteURL, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken))

  453. 

  454. 	w.Header().Set("X-Url-Delete", resolveURL(r, deleteURL))

  455. 

  456. 	_, _ = fmt.Fprint(w, resolveURL(r, relativeURL))

  457. }

  458. 

  459. func resolveURL(r *http.Request, u *url.URL) string {

  460. 	r.URL.Path = ""

  461. 

  462. 	return getURL(r).ResolveReference(u).String()

  463. }

  464. 

  465. func resolveKey(key, proxyPath string) string {

  466. 	if strings.HasPrefix(key, "/") {

  467. 		key = key[1:]

  468. 	}

  469. 

  470. 	if strings.HasPrefix(key, proxyPath) {

  471. 		key = key[len(proxyPath):]

  472. 	}

  473. 

  474. 	key = strings.Replace(key, "\\", "/", -1)

  475. 

  476. 	return key

  477. }

  478. 

  479. func resolveWebAddress(r *http.Request, proxyPath string) string {

  480. 	url := getURL(r)

  481. 

  482. 	var webAddress string

  483. 

  484. 	if len(proxyPath) == 0 {

  485. 		webAddress = fmt.Sprintf("%s://%s/",

  486. 			url.ResolveReference(url).Scheme,

  487. 			url.ResolveReference(url).Host)

  488. 	} else {

  489. 		webAddress = fmt.Sprintf("%s://%s/%s",

  490. 			url.ResolveReference(url).Scheme,

  491. 			url.ResolveReference(url).Host,

  492. 			proxyPath)

  493. 	}

  494. 

  495. 	return webAddress

  496. }

  497. 

  498. func getURL(r *http.Request) *url.URL {

  499. 	u, _ := url.Parse(r.URL.String())

  500. 

  501. 	if r.TLS != nil {

  502. 		u.Scheme = "https"

  503. 	} else if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {

  504. 		u.Scheme = proto

  505. 	} else {

  506. 		u.Scheme = "http"

  507. 	}

  508. 

  509. 	if u.Host != "" {

  510. 	} else if host, port, err := net.SplitHostPort(r.Host); err != nil {

  511. 		u.Host = r.Host

  512. 	} else {

  513. 		if port == "80" && u.Scheme == "http" {

  514. 			u.Host = host

  515. 		} else if port == "443" && u.Scheme == "https" {

  516. 			u.Host = host

  517. 		} else {

  518. 			u.Host = net.JoinHostPort(host, port)

  519. 		}

  520. 	}

  521. 

  522. 	return u

  523. }

  524. 

  525. func (metadata Metadata) remainingLimitHeaderValues() (remainingDownloads, remainingDays string) {

  526. 	if metadata.MaxDate.IsZero() {

  527. 		remainingDays = "n/a"

  528. 	} else {

  529. 		timeDifference := metadata.MaxDate.Sub(time.Now())

  530. 		remainingDays = strconv.Itoa(int(timeDifference.Hours()/24) + 1)

  531. 	}

  532. 

  533. 	if metadata.MaxDownloads == -1 {

  534. 		remainingDownloads = "n/a"

  535. 	} else {

  536. 		remainingDownloads = strconv.Itoa(metadata.MaxDownloads - metadata.Downloads)

  537. 	}

  538. 

  539. 	return remainingDownloads, remainingDays

  540. }

  541. 

  542. func (s *Server) Lock(token, filename string) error {

  543. 	key := path.Join(token, filename)

  544. 

  545. 	if _, ok := s.locks[key]; !ok {

  546. 		s.locks[key] = &sync.Mutex{}

  547. 	}

  548. 

  549. 	s.locks[key].Lock()

  550. 

  551. 	return nil

  552. }

  553. 

  554. func (s *Server) Unlock(token, filename string) error {

  555. 	key := path.Join(token, filename)

  556. 	s.locks[key].Unlock()

  557. 

  558. 	return nil

  559. }

  560. 

  561. func (s *Server) CheckMetadata(token, filename string, increaseDownload bool) (Metadata, error) {

  562. 	s.Lock(token, filename)

  563. 	defer s.Unlock(token, filename)

  564. 

  565. 	var metadata Metadata

  566. 

  567. 	metadata, err := s.storage.Head(token, filename)

  568. 	if s.storage.IsNotExist(err) {

  569. 		return metadata, nil

  570. 	} else if err != nil {

  571. 		return metadata, err

  572. 	}

  573. 

  574. 	if metadata.MaxDownloads != -1 && metadata.Downloads >= metadata.MaxDownloads {

  575. 		return metadata, errors.New("MaxDownloads expired.")

  576. 	} else if !metadata.MaxDate.IsZero() && time.Now().After(metadata.MaxDate) {

  577. 		return metadata, errors.New("MaxDate expired.")

  578. 	} else {

  579. 		// todo(nl5887): mutex?

  580. 

  581. 		// update number of downloads

  582. 		if increaseDownload {

  583. 			metadata.Downloads++

  584. 		}

  585. 

  586. 		if err := s.storage.Meta(token, filename, metadata); err != nil {

  587. 			return metadata, errors.New("Could not save metadata")

  588. 		}

  589. 	}

  590. 

  591. 	return metadata, nil

  592. }

  593. 

  594. func (s *Server) CheckDeletionToken(deletionToken, token, filename string) error {

  595. 	s.Lock(token, filename)

  596. 	defer s.Unlock(token, filename)

  597. 

  598. 	var metadata Metadata

  599. 

  600. 	metadata, err := s.storage.Head(token, filename)

  601. 	if s.storage.IsNotExist(err) {

  602. 		return nil

  603. 	}

  604. 	if err != nil {

  605. 		return err

  606. 	}

  607. 

  608. 	if metadata.DeletionToken != deletionToken {

  609. 		return errors.New("Deletion token doesn't match.")

  610. 	}

  611. 

  612. 	return nil

  613. }

  614. 

  615. func (s *Server) deleteHandler(w http.ResponseWriter, r *http.Request) {

  616. 	vars := mux.Vars(r)

  617. 

  618. 	token := vars["token"]

  619. 	filename := vars["filename"]

  620. 	deletionToken := vars["deletionToken"]

  621. 

  622. 	if err := s.CheckDeletionToken(deletionToken, token, filename); err != nil {

  623. 		log.Printf("Error metadata: %s", err.Error())

  624. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  625. 		return

  626. 	}

  627. 

  628. 	err := s.storage.Delete(token, filename)

  629. 	if s.storage.IsNotExist(err) {

  630. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  631. 		return

  632. 	} else if err != nil {

  633. 		log.Printf("%s", err.Error())

  634. 		http.Error(w, "Could not delete file.", 500)

  635. 		return

  636. 	}

  637. }

  638. 

  639. func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {

  640. 	vars := mux.Vars(r)

  641. 

  642. 	files := vars["files"]

  643. 

  644. 	zipfilename := fmt.Sprintf("transfersh-%d.zip", uint16(time.Now().UnixNano()))

  645. 

  646. 	w.Header().Set("Content-Type", "application/zip")

  647. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", zipfilename))

  648. 	w.Header().Set("Connection", "close")

  649. 

  650. 	zw := zip.NewWriter(w)

  651. 

  652. 	for _, key := range strings.Split(files, ",") {

  653. 		key = resolveKey(key, s.proxyPath)

  654. 

  655. 		token := strings.Split(key, "/")[0]

  656. 		filename := sanitize(strings.Split(key, "/")[1])

  657. 

  658. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  659. 			log.Printf("Error metadata: %s", err.Error())

  660. 			continue

  661. 		}

  662. 

  663. 		reader, _, err := s.storage.Get(token, filename)

  664. 

  665. 		if err != nil {

  666. 			if s.storage.IsNotExist(err) {

  667. 				http.Error(w, "File not found", 404)

  668. 				return

  669. 			} else {

  670. 				log.Printf("%s", err.Error())

  671. 				http.Error(w, "Could not retrieve file.", 500)

  672. 				return

  673. 			}

  674. 		}

  675. 

  676. 		defer reader.Close()

  677. 

  678. 		header := &zip.FileHeader{

  679. 			Name:         strings.Split(key, "/")[1],

  680. 			Method:       zip.Store,

  681. 			ModifiedTime: uint16(time.Now().UnixNano()),

  682. 			ModifiedDate: uint16(time.Now().UnixNano()),

  683. 		}

  684. 

  685. 		fw, err := zw.CreateHeader(header)

  686. 

  687. 		if err != nil {

  688. 			log.Printf("%s", err.Error())

  689. 			http.Error(w, "Internal server error.", 500)

  690. 			return

  691. 		}

  692. 

  693. 		if _, err = io.Copy(fw, reader); err != nil {

  694. 			log.Printf("%s", err.Error())

  695. 			http.Error(w, "Internal server error.", 500)

  696. 			return

  697. 		}

  698. 	}

  699. 

  700. 	if err := zw.Close(); err != nil {

  701. 		log.Printf("%s", err.Error())

  702. 		http.Error(w, "Internal server error.", 500)

  703. 		return

  704. 	}

  705. }

  706. 

  707. func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {

  708. 	vars := mux.Vars(r)

  709. 

  710. 	files := vars["files"]

  711. 

  712. 	tarfilename := fmt.Sprintf("transfersh-%d.tar.gz", uint16(time.Now().UnixNano()))

  713. 

  714. 	w.Header().Set("Content-Type", "application/x-gzip")

  715. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  716. 	w.Header().Set("Connection", "close")

  717. 

  718. 	writer := gzip.NewWriter(w)

  719. 	defer writer.Close()

  720. 

  721. 	zw := tar.NewWriter(writer)

  722. 	defer zw.Close()

  723. 

  724. 	for _, key := range strings.Split(files, ",") {

  725. 		key = resolveKey(key, s.proxyPath)

  726. 

  727. 		token := strings.Split(key, "/")[0]

  728. 		filename := sanitize(strings.Split(key, "/")[1])

  729. 

  730. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  731. 			log.Printf("Error metadata: %s", err.Error())

  732. 			continue

  733. 		}

  734. 

  735. 		reader, metadata, err := s.storage.Get(token, filename)

  736. 		if err != nil {

  737. 			if s.storage.IsNotExist(err) {

  738. 				http.Error(w, "File not found", 404)

  739. 				return

  740. 			} else {

  741. 				log.Printf("%s", err.Error())

  742. 				http.Error(w, "Could not retrieve file.", 500)

  743. 				return

  744. 			}

  745. 		}

  746. 

  747. 		defer reader.Close()

  748. 

  749. 		header := &tar.Header{

  750. 			Name: strings.Split(key, "/")[1],

  751. 			Size: metadata.ContentLength,

  752. 		}

  753. 

  754. 		err = zw.WriteHeader(header)

  755. 		if err != nil {

  756. 			log.Printf("%s", err.Error())

  757. 			http.Error(w, "Internal server error.", 500)

  758. 			return

  759. 		}

  760. 

  761. 		if _, err = io.Copy(zw, reader); err != nil {

  762. 			log.Printf("%s", err.Error())

  763. 			http.Error(w, "Internal server error.", 500)

  764. 			return

  765. 		}

  766. 	}

  767. }

  768. 

  769. func (s *Server) tarHandler(w http.ResponseWriter, r *http.Request) {

  770. 	vars := mux.Vars(r)

  771. 

  772. 	files := vars["files"]

  773. 

  774. 	tarfilename := fmt.Sprintf("transfersh-%d.tar", uint16(time.Now().UnixNano()))

  775. 

  776. 	w.Header().Set("Content-Type", "application/x-tar")

  777. 	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", tarfilename))

  778. 	w.Header().Set("Connection", "close")

  779. 

  780. 	zw := tar.NewWriter(w)

  781. 	defer zw.Close()

  782. 

  783. 	for _, key := range strings.Split(files, ",") {

  784. 		key = resolveKey(key, s.proxyPath)

  785. 

  786. 		token := strings.Split(key, "/")[0]

  787. 		filename := strings.Split(key, "/")[1]

  788. 

  789. 		if _, err := s.CheckMetadata(token, filename, true); err != nil {

  790. 			log.Printf("Error metadata: %s", err.Error())

  791. 			continue

  792. 		}

  793. 

  794. 		reader, metadata, err := s.storage.Get(token, filename)

  795. 		if err != nil {

  796. 			if s.storage.IsNotExist(err) {

  797. 				http.Error(w, "File not found", 404)

  798. 				return

  799. 			} else {

  800. 				log.Printf("%s", err.Error())

  801. 				http.Error(w, "Could not retrieve file.", 500)

  802. 				return

  803. 			}

  804. 		}

  805. 

  806. 		defer reader.Close()

  807. 

  808. 		header := &tar.Header{

  809. 			Name: strings.Split(key, "/")[1],

  810. 			Size: metadata.ContentLength,

  811. 		}

  812. 

  813. 		err = zw.WriteHeader(header)

  814. 		if err != nil {

  815. 			log.Printf("%s", err.Error())

  816. 			http.Error(w, "Internal server error.", 500)

  817. 			return

  818. 		}

  819. 

  820. 		if _, err = io.Copy(zw, reader); err != nil {

  821. 			log.Printf("%s", err.Error())

  822. 			http.Error(w, "Internal server error.", 500)

  823. 			return

  824. 		}

  825. 	}

  826. }

  827. 

  828. func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {

  829. 	vars := mux.Vars(r)

  830. 

  831. 	token := vars["token"]

  832. 	filename := vars["filename"]

  833. 

  834. 	metadata, err := s.CheckMetadata(token, filename, false)

  835. 

  836. 	if err != nil {

  837. 		log.Printf("Error metadata: %s", err.Error())

  838. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  839. 		return

  840. 	}

  841. 

  842. 	if s.storage.IsNotExist(err) {

  843. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  844. 		return

  845. 	} else if err != nil {

  846. 		log.Printf("%s", err.Error())

  847. 		http.Error(w, "Could not retrieve file.", 500)

  848. 		return

  849. 	}

  850. 

  851. 	remainingDownloads, remainingDays := metadata.remainingLimitHeaderValues()

  852. 

  853. 	w.Header().Set("Content-Type", metadata.ContentType)

  854. 	w.Header().Set("Content-Length", strconv.FormatInt(metadata.ContentLength, 10))

  855. 	w.Header().Set("Connection", "close")

  856. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  857. 	w.Header().Set("X-Remaining-Days", remainingDays)

  858. }

  859. 

  860. func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

  861. 	vars := mux.Vars(r)

  862. 

  863. 	action := vars["action"]

  864. 	token := vars["token"]

  865. 	filename := vars["filename"]

  866. 

  867. 	metadata, err := s.CheckMetadata(token, filename, true)

  868. 

  869. 	if err != nil {

  870. 		log.Printf("Error metadata: %s", err.Error())

  871. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  872. 		return

  873. 	}

  874. 

  875. 	reader, _, err := s.storage.Get(token, filename)

  876. 	if s.storage.IsNotExist(err) {

  877. 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)

  878. 		return

  879. 	} else if err != nil {

  880. 		log.Printf("%s", err.Error())

  881. 		http.Error(w, "Could not retrieve file.", 500)

  882. 		return

  883. 	}

  884. 

  885. 	defer reader.Close()

  886. 

  887. 	var disposition string

  888. 

  889. 	if action == "inline" {

  890. 		disposition = "inline"

  891. 	} else {

  892. 		disposition = "attachment"

  893. 	}

  894. 

  895. 	remainingDownloads, remainingDays := metadata.remainingLimitHeaderValues()

  896. 

  897. 	w.Header().Set("Content-Type", metadata.ContentType)

  898. 	w.Header().Set("Content-Length", strconv.FormatInt(metadata.ContentLength, 10))

  899. 	w.Header().Set("Content-Disposition", fmt.Sprintf("%s; filename=\"%s\"", disposition, filename))

  900. 	w.Header().Set("Connection", "keep-alive")

  901. 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)

  902. 	w.Header().Set("X-Remaining-Days", remainingDays)

  903. 

  904. 	if w.Header().Get("Range") == "" {

  905. 		if _, err = io.Copy(w, reader); err != nil {

  906. 			log.Printf("%s", err.Error())

  907. 			http.Error(w, "Error occurred copying to output stream", 500)

  908. 			return

  909. 		}

  910. 

  911. 		return

  912. 	}

  913. 

  914. 	file, err := ioutil.TempFile(s.tempPath, "range-")

  915. 	if err != nil {

  916. 		log.Printf("%s", err.Error())

  917. 		http.Error(w, "Error occurred copying to output stream", 500)

  918. 		return

  919. 	}

  920. 

  921. 	defer cleanTmpFile(file)

  922. 

  923. 	tee := io.TeeReader(reader, file)

  924. 	for {

  925. 		b := make([]byte, _5M)

  926. 		_, err = tee.Read(b)

  927. 		if err == io.EOF {

  928. 			break

  929. 		}

  930. 

  931. 		if err != nil {

  932. 			log.Printf("%s", err.Error())

  933. 			http.Error(w, "Error occurred copying to output stream", 500)

  934. 			return

  935. 		}

  936. 	}

  937. 

  938. 	http.ServeContent(w, r, filename, time.Now(), file)

  939. }

  940. 

  941. func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {

  942. 	return func(w http.ResponseWriter, r *http.Request) {

  943. 		if !s.forceHTTPs {

  944. 			// we don't want to enforce https

  945. 		} else if r.URL.Path == "/health.html" {

  946. 			// health check url won't redirect

  947. 		} else if strings.HasSuffix(ipAddrFromRemoteAddr(r.Host), ".onion") {

  948. 			// .onion addresses cannot get a valid certificate, so don't redirect

  949. 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {

  950. 		} else if r.URL.Scheme == "https" {

  951. 		} else {

  952. 			u := getURL(r)

  953. 			u.Scheme = "https"

  954. 

  955. 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

  956. 			return

  957. 		}

  958. 

  959. 		h.ServeHTTP(w, r)

  960. 	}

  961. }

  962. 

  963. // Create a log handler for every request it receives.

  964. func LoveHandler(h http.Handler) http.HandlerFunc {

  965. 	return func(w http.ResponseWriter, r *http.Request) {

  966. 		w.Header().Set("x-made-with", "<3 by DutchCoders")

  967. 		w.Header().Set("x-served-by", "Proudly served by DutchCoders")

  968. 		w.Header().Set("Server", "Transfer.sh HTTP Server 1.0")

  969. 		h.ServeHTTP(w, r)

  970. 	}

  971. }

  972. 

  973. func IPFilterHandler(h http.Handler, ipFilterOptions *IPFilterOptions) http.HandlerFunc {

  974. 	return func(w http.ResponseWriter, r *http.Request) {

  975. 		if ipFilterOptions == nil {

  976. 			h.ServeHTTP(w, r)

  977. 		} else {

  978. 			WrapIPFilter(h, *ipFilterOptions).ServeHTTP(w, r)

  979. 		}

  980. 		return

  981. 	}

  982. }

  983. 

  984. func (s *Server) BasicAuthHandler(h http.Handler) http.HandlerFunc {

  985. 	return func(w http.ResponseWriter, r *http.Request) {

  986. 		if s.AuthUser == "" || s.AuthPass == "" {

  987. 			h.ServeHTTP(w, r)

  988. 			return

  989. 		}

  990. 

  991. 		w.Header().Set("WWW-Authenticate", "Basic realm=\"Restricted\"")

  992. 

  993. 		username, password, authOK := r.BasicAuth()

  994. 		if authOK == false {

  995. 			http.Error(w, "Not authorized", 401)

  996. 			return

  997. 		}

  998. 

  999. 		if username != s.AuthUser || password != s.AuthPass {

  1000. 			http.Error(w, "Not authorized", 401)

  1001. 			return

  1002. 		}

  1003. 

  1004. 		h.ServeHTTP(w, r)

  1005. 	}

  1006. }