Compare commits
No commits in common. "1527445857000fc2e040053db1353c42915ada81" and "e0b5a3fc65ca77d25db97cd426a069ba880c2ad3" have entirely different histories.
1527445857
...
e0b5a3fc65
13 changed files with 336 additions and 557 deletions
526
Cargo.lock
generated
526
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
22
Cargo.toml
22
Cargo.toml
|
@ -1,34 +1,32 @@
|
|||
[package]
|
||||
name = "datatrash"
|
||||
version = "1.1.6"
|
||||
version = "1.1.5"
|
||||
authors = ["neri"]
|
||||
edition = "2021"
|
||||
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
actix-web = { version = "4.2.1", default-features = false, features = [
|
||||
actix-web = { version = "4.1.0", default-features = false, features = [
|
||||
"macros",
|
||||
"compress-gzip",
|
||||
"compress-zstd",
|
||||
] }
|
||||
sqlx = { version = "0.6.2", default-features = false, features = [
|
||||
sqlx = { version = "0.6.0", default-features = false, features = [
|
||||
"runtime-tokio-rustls",
|
||||
"postgres",
|
||||
"time",
|
||||
] }
|
||||
env_logger = "0.9.1"
|
||||
env_logger = "0.9.0"
|
||||
log = "0.4.17"
|
||||
actix-files = "0.6.2"
|
||||
tokio = { version = "1.21.2", features = ["rt", "macros", "sync"] }
|
||||
actix-files = "0.6.1"
|
||||
tokio = { version = "1.19.2", features = ["rt", "macros", "sync"] }
|
||||
actix-multipart = "0.4.0"
|
||||
futures-util = "0.3.24"
|
||||
futures-util = "0.3.21"
|
||||
rand = "0.8.5"
|
||||
time = "0.3.14"
|
||||
time = "0.3.11"
|
||||
htmlescape = "0.3.1"
|
||||
urlencoding = "2.1.2"
|
||||
urlencoding = "2.1.0"
|
||||
tree_magic_mini = { version = "3.0.3", features = ["with-gpl-data"] }
|
||||
mime = "0.3.16"
|
||||
url = "2.3.1"
|
||||
actix-governor = "0.3.2"
|
||||
governor = "0.4.2"
|
||||
url = "2.2.2"
|
||||
|
|
16
README.md
16
README.md
|
@ -18,16 +18,12 @@ To run the software directly, use the compiling instructions below.
|
|||
|
||||
### General configuration
|
||||
|
||||
| environment variable | default value | description |
|
||||
| --------------------- | -------------- | ---------------------------------------------- |
|
||||
| STATIC_DIR | ./static | directory to generate "static" files into |
|
||||
| FILES_DIR | ./files | directory to save uploaded files into |
|
||||
| UPLOAD_MAX_BYTES | 8388608 (8MiB) | maximum size for uploaded files |
|
||||
| BIND_ADDRESS | 0.0.0.0:8000 | address to bind the server to |
|
||||
| RATE_LIMIT | true | whether download rate should be limited |
|
||||
| RATE_LIMIT_PROXIED | false | whether rate limit should read x-forwarded-for |
|
||||
| RATE_LIMIT_PER_SECOND | 60 | seconds to wait between requests |
|
||||
| RATE_LIMIT_BURST | 1440 | allowed request burst |
|
||||
| environment variable | default value |
|
||||
| -------------------- | -------------- |
|
||||
| STATIC_DIR | ./static |
|
||||
| FILES_DIR | ./files |
|
||||
| UPLOAD_MAX_BYTES | 8388608 (8MiB) |
|
||||
| BIND_ADDRESS | 0.0.0.0:8000 |
|
||||
|
||||
### Database configuration
|
||||
|
||||
|
|
|
@ -10,5 +10,3 @@ CREATE TABLE IF NOT EXISTS files (
|
|||
ALTER TABLE files ADD COLUMN IF NOT EXISTS delete_on_download boolean;
|
||||
ALTER TABLE files ALTER COLUMN delete_on_download set not null;
|
||||
ALTER TABLE files ALTER COLUMN valid_till TYPE timestamptz;
|
||||
ALTER TABLE files DROP COLUMN IF EXISTS kind;
|
||||
ALTER TABLE files ADD COLUMN IF NOT EXISTS content_type varchar(255);
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
use std::env;
|
||||
|
||||
use std::path::PathBuf;
|
||||
use time::ext::NumericalDuration;
|
||||
use time::Duration;
|
||||
use tokio::fs;
|
||||
|
||||
|
@ -11,10 +10,6 @@ pub struct Config {
|
|||
pub files_dir: PathBuf,
|
||||
pub max_file_size: Option<u64>,
|
||||
pub no_auth_limits: Option<NoAuthLimits>,
|
||||
pub enable_rate_limit: bool,
|
||||
pub proxied: bool,
|
||||
pub rate_limit_per_second: u64,
|
||||
pub rate_limit_burst: u32,
|
||||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
|
@ -29,8 +24,8 @@ pub async fn get_config() -> Config {
|
|||
let max_file_size = env::var("UPLOAD_MAX_BYTES")
|
||||
.ok()
|
||||
.and_then(|variable| variable.parse().ok())
|
||||
.or(Some(8 * 1024 * 1024))
|
||||
.filter(|&max_file_size| max_file_size != 0);
|
||||
.unwrap_or(8 * 1024 * 1024);
|
||||
let max_file_size = (max_file_size != 0).then(|| max_file_size);
|
||||
|
||||
let static_dir =
|
||||
PathBuf::from(env::var("STATIC_DIR").unwrap_or_else(|_| "./static".to_owned()));
|
||||
|
@ -41,26 +36,11 @@ pub async fn get_config() -> Config {
|
|||
|
||||
let no_auth_limits = get_no_auth_limits();
|
||||
|
||||
let enable_rate_limit = matches!(env::var("RATE_LIMIT").as_deref(), Ok("true") | Err(_));
|
||||
let proxied = env::var("PROXIED").as_deref() == Ok("true");
|
||||
let rate_limit_per_second = env::var("RATE_LIMIT_PER_SECOND")
|
||||
.ok()
|
||||
.and_then(|rate_limit| rate_limit.parse().ok())
|
||||
.unwrap_or(60);
|
||||
let rate_limit_burst = env::var("RATE_LIMIT_BURST")
|
||||
.ok()
|
||||
.and_then(|rate_limit| rate_limit.parse().ok())
|
||||
.unwrap_or(1440);
|
||||
|
||||
Config {
|
||||
static_dir,
|
||||
files_dir,
|
||||
max_file_size,
|
||||
no_auth_limits,
|
||||
enable_rate_limit,
|
||||
proxied,
|
||||
rate_limit_per_second,
|
||||
rate_limit_burst,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -74,8 +54,8 @@ fn get_no_auth_limits() -> Option<NoAuthLimits> {
|
|||
(Some(auth_password), Some(max_time), Some(large_file_max_time), Some(large_file_size)) => {
|
||||
Some(NoAuthLimits {
|
||||
auth_password,
|
||||
max_time: (max_time as i64).seconds(),
|
||||
large_file_max_time: (large_file_max_time as i64).seconds(),
|
||||
max_time: Duration::seconds(max_time as i64),
|
||||
large_file_max_time: Duration::seconds(large_file_max_time as i64),
|
||||
large_file_size,
|
||||
})
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
use sqlx::postgres::{PgPool, PgPoolOptions};
|
||||
use std::env;
|
||||
use time::ext::NumericalStdDuration;
|
||||
|
||||
pub async fn setup_db() -> PgPool {
|
||||
let conn_url = &get_db_url();
|
||||
|
@ -8,7 +7,7 @@ pub async fn setup_db() -> PgPool {
|
|||
|
||||
let pool = PgPoolOptions::new()
|
||||
.max_connections(5)
|
||||
.acquire_timeout(5.std_seconds())
|
||||
.acquire_timeout(std::time::Duration::from_secs(5))
|
||||
.connect(conn_url)
|
||||
.await
|
||||
.expect("could not create db pool");
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
use futures_util::TryStreamExt;
|
||||
use time::OffsetDateTime;
|
||||
use sqlx::{postgres::PgPool, Row};
|
||||
use std::cmp::max;
|
||||
use std::path::{Path, PathBuf};
|
||||
use time::ext::NumericalStdDuration;
|
||||
use time::OffsetDateTime;
|
||||
use tokio::fs;
|
||||
use tokio::sync::mpsc::Receiver;
|
||||
use tokio::time::timeout;
|
||||
|
|
|
@ -6,19 +6,19 @@ use actix_web::{
|
|||
http::header::{
|
||||
Accept, CacheControl, CacheDirective, Charset, ContentDisposition, DispositionParam,
|
||||
DispositionType, Expires, ExtendedValue, Header, HeaderValue, HttpDate, TryIntoHeaderValue,
|
||||
ACCEPT, CACHE_CONTROL, CONTENT_TYPE, EXPIRES, VARY,
|
||||
ACCEPT, CACHE_CONTROL, EXPIRES, VARY,
|
||||
},
|
||||
web, Error, HttpRequest, HttpResponse,
|
||||
};
|
||||
use mime::{Mime, APPLICATION_OCTET_STREAM, TEXT_HTML};
|
||||
use mime::{Mime, TEXT_HTML};
|
||||
use sqlx::postgres::PgPool;
|
||||
use std::path::Path;
|
||||
use time::OffsetDateTime;
|
||||
use tokio::fs;
|
||||
use url::Url;
|
||||
|
||||
use crate::config::Config;
|
||||
use crate::deleter;
|
||||
use crate::{config::Config, file_kind::FileKind};
|
||||
|
||||
const TEXT_VIEW_HTML: &str = include_str!("../template/text-view.html");
|
||||
const URL_VIEW_HTML: &str = include_str!("../template/url-view.html");
|
||||
|
@ -37,14 +37,14 @@ pub async fn download(
|
|||
config: web::Data<Config>,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let id = req.match_info().query("id");
|
||||
let (file_id, file_name, valid_till, content_type, delete) = load_file_info(id, &db).await?;
|
||||
let (file_id, file_name, valid_till, file_kind, delete) = load_file_info(id, &db).await?;
|
||||
let mut path = config.files_dir.clone();
|
||||
path.push(&file_id);
|
||||
|
||||
let mime = Mime::from_str(&content_type).unwrap_or(APPLICATION_OCTET_STREAM);
|
||||
let mut response = match get_view_type(&req, &mime, &path, delete).await {
|
||||
ViewType::Raw => build_file_response(false, &file_name, path, mime, &req).await,
|
||||
ViewType::Download => build_file_response(true, &file_name, path, mime, &req).await,
|
||||
let file_mime = get_content_type(&path);
|
||||
let mut response = match get_view_type(&req, &file_kind, &file_mime, &path, delete).await {
|
||||
ViewType::Raw => build_file_response(false, &file_name, path, file_mime, &req).await,
|
||||
ViewType::Download => build_file_response(true, &file_name, path, file_mime, &req).await,
|
||||
ViewType::Html => build_text_response(&path).await,
|
||||
}?;
|
||||
|
||||
|
@ -67,7 +67,7 @@ async fn load_file_info(
|
|||
db: &web::Data<sqlx::Pool<sqlx::Postgres>>,
|
||||
) -> Result<(String, String, OffsetDateTime, String, bool), Error> {
|
||||
sqlx::query_as(
|
||||
"SELECT file_id, file_name, valid_till, content_type, delete_on_download from files WHERE file_id = $1",
|
||||
"SELECT file_id, file_name, valid_till, kind, delete_on_download from files WHERE file_id = $1",
|
||||
)
|
||||
.bind(id)
|
||||
.fetch_optional(db.as_ref())
|
||||
|
@ -79,9 +79,18 @@ async fn load_file_info(
|
|||
.ok_or_else(|| error::ErrorNotFound("file does not exist or has expired"))
|
||||
}
|
||||
|
||||
fn get_content_type(path: &Path) -> Mime {
|
||||
let std_path = std::path::Path::new(path.as_os_str());
|
||||
tree_magic_mini::from_filepath(std_path)
|
||||
.unwrap_or("application/octet-stream")
|
||||
.parse::<Mime>()
|
||||
.expect("tree_magic_mini should not produce invalid mime")
|
||||
}
|
||||
|
||||
async fn get_view_type(
|
||||
req: &HttpRequest,
|
||||
mime: &Mime,
|
||||
file_kind: &str,
|
||||
file_mime: &Mime,
|
||||
file_path: &Path,
|
||||
delete_on_download: bool,
|
||||
) -> ViewType {
|
||||
|
@ -91,7 +100,9 @@ async fn get_view_type(
|
|||
if req.query_string().contains("raw") {
|
||||
return ViewType::Raw;
|
||||
}
|
||||
if mime.type_() != mime::TEXT {
|
||||
let is_text =
|
||||
FileKind::from_str(file_kind) == Ok(FileKind::Text) || file_mime.type_() == mime::TEXT;
|
||||
if !is_text {
|
||||
return ViewType::Raw;
|
||||
}
|
||||
if get_file_size(file_path).await >= TEXT_VIEW_SIZE_LIMIT {
|
||||
|
@ -102,7 +113,7 @@ async fn get_view_type(
|
|||
if accept_mime == TEXT_HTML {
|
||||
return ViewType::Html;
|
||||
}
|
||||
if mime_matches(&accept_mime, mime) {
|
||||
if mime_matches(&accept_mime, file_mime) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -146,7 +157,7 @@ async fn build_file_response(
|
|||
download: bool,
|
||||
file_name: &str,
|
||||
path: PathBuf,
|
||||
mime: Mime,
|
||||
content_type: Mime,
|
||||
req: &HttpRequest,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let content_disposition = ContentDisposition {
|
||||
|
@ -162,32 +173,10 @@ async fn build_file_response(
|
|||
log::error!("file could not be read {:?}", file_err);
|
||||
error::ErrorInternalServerError("this file should be here but could not be found")
|
||||
})?
|
||||
.set_content_type(mime)
|
||||
.set_content_type(content_type)
|
||||
.set_content_disposition(content_disposition);
|
||||
|
||||
let mut response = file.into_response(req);
|
||||
add_headers(req, download, &mut response);
|
||||
Ok(response)
|
||||
}
|
||||
|
||||
fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
|
||||
// if the browser is trying to fetch this resource in a secure context pretend the reponse is
|
||||
// just binary data so it won't be executed
|
||||
let sec_fetch_mode = req
|
||||
.headers()
|
||||
.get("sec-fetch-mode")
|
||||
.and_then(|v| v.to_str().ok());
|
||||
if !download && sec_fetch_mode.is_some() && sec_fetch_mode != Some("navigate") {
|
||||
response.headers_mut().insert(
|
||||
CONTENT_TYPE,
|
||||
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())
|
||||
.expect("mime type can be encoded to header value"),
|
||||
);
|
||||
}
|
||||
// the reponse varies based on these request headers
|
||||
response
|
||||
.headers_mut()
|
||||
.append(VARY, HeaderValue::from_static("accept, sec-fetch-mode"));
|
||||
Ok(file.into_response(req))
|
||||
}
|
||||
|
||||
fn get_disposition_params(filename: &str) -> Vec<DispositionParam> {
|
||||
|
|
27
src/file_kind.rs
Normal file
27
src/file_kind.rs
Normal file
|
@ -0,0 +1,27 @@
|
|||
use std::{fmt::Display, str::FromStr};
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
pub(crate) enum FileKind {
|
||||
Text,
|
||||
Binary,
|
||||
}
|
||||
|
||||
impl Display for FileKind {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
match self {
|
||||
FileKind::Text => write!(f, "text"),
|
||||
FileKind::Binary => write!(f, "binary"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl FromStr for FileKind {
|
||||
type Err = String;
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
match s.to_lowercase().as_str() {
|
||||
"text" => Ok(FileKind::Text),
|
||||
"binary" => Ok(FileKind::Binary),
|
||||
_ => Err(format!("unknown kind {}", s)),
|
||||
}
|
||||
}
|
||||
}
|
45
src/main.rs
45
src/main.rs
|
@ -2,17 +2,14 @@ mod config;
|
|||
mod db;
|
||||
mod deleter;
|
||||
mod download;
|
||||
mod file_kind;
|
||||
mod multipart;
|
||||
mod rate_limit;
|
||||
mod template;
|
||||
mod upload;
|
||||
|
||||
use crate::rate_limit::ForwardedPeerIpKeyExtractor;
|
||||
use actix_files::Files;
|
||||
use actix_governor::{Governor, GovernorConfigBuilder};
|
||||
use actix_web::{
|
||||
http::header::{HeaderName, HeaderValue, CONTENT_SECURITY_POLICY, X_CONTENT_TYPE_OPTIONS},
|
||||
middleware::{self, DefaultHeaders, Logger},
|
||||
middleware::{self, Logger},
|
||||
web::{self, Data},
|
||||
App, Error, HttpResponse, HttpServer,
|
||||
};
|
||||
|
@ -21,11 +18,6 @@ use sqlx::postgres::PgPool;
|
|||
use std::env;
|
||||
use tokio::{sync::mpsc::channel, task};
|
||||
|
||||
const DEFAULT_CSP: (HeaderName, &str) = (
|
||||
CONTENT_SECURITY_POLICY,
|
||||
"default-src 'none'; connect-src 'self'; img-src 'self'; media-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; base-uri 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'self';"
|
||||
);
|
||||
|
||||
async fn not_found() -> Result<HttpResponse, Error> {
|
||||
Ok(HttpResponse::NotFound()
|
||||
.content_type("text/plain")
|
||||
|
@ -55,25 +47,10 @@ async fn main() -> std::io::Result<()> {
|
|||
template::write_prefillable_templates(&config).await;
|
||||
let config = Data::new(config);
|
||||
|
||||
let governor_conf = GovernorConfigBuilder::default()
|
||||
.per_second(config.rate_limit_per_second)
|
||||
.burst_size(config.rate_limit_burst)
|
||||
.key_extractor(ForwardedPeerIpKeyExtractor {
|
||||
proxied: config.proxied,
|
||||
})
|
||||
.use_headers()
|
||||
.finish()
|
||||
.unwrap();
|
||||
|
||||
HttpServer::new({
|
||||
move || {
|
||||
let app = App::new()
|
||||
App::new()
|
||||
.wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#))
|
||||
.wrap(
|
||||
DefaultHeaders::new()
|
||||
.add(DEFAULT_CSP)
|
||||
.add((X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"))),
|
||||
)
|
||||
.wrap(middleware::Compress::default())
|
||||
.app_data(db.clone())
|
||||
.app_data(expiry_watch_sender.clone())
|
||||
|
@ -85,19 +62,7 @@ async fn main() -> std::io::Result<()> {
|
|||
.route(web::get().to(upload::uploaded)),
|
||||
)
|
||||
.service(Files::new("/static", "static").disable_content_disposition())
|
||||
.default_service(web::route().to(not_found));
|
||||
if config.enable_rate_limit {
|
||||
app.service(
|
||||
web::resource([
|
||||
"/{id:[a-z0-9]{5}}",
|
||||
"/{id:[a-z0-9]{5}}/",
|
||||
"/{id:[a-z0-9]{5}}/{name}",
|
||||
])
|
||||
.wrap(Governor::new(&governor_conf))
|
||||
.route(web::get().to(download::download)),
|
||||
)
|
||||
} else {
|
||||
app.service(
|
||||
.service(
|
||||
web::resource([
|
||||
"/{id:[a-z0-9]{5}}",
|
||||
"/{id:[a-z0-9]{5}}/",
|
||||
|
@ -105,7 +70,7 @@ async fn main() -> std::io::Result<()> {
|
|||
])
|
||||
.route(web::get().to(download::download)),
|
||||
)
|
||||
}
|
||||
.default_service(web::route().to(not_found))
|
||||
}
|
||||
})
|
||||
.bind(bind_address)?
|
||||
|
|
|
@ -1,30 +1,30 @@
|
|||
use crate::config;
|
||||
use crate::{config, file_kind::FileKind};
|
||||
use actix_multipart::{Field, Multipart};
|
||||
use actix_web::{error, http::header::DispositionParam, Error};
|
||||
use futures_util::{StreamExt, TryStreamExt};
|
||||
use mime::{Mime, TEXT_PLAIN};
|
||||
use std::path::Path;
|
||||
use time::{Duration, OffsetDateTime};
|
||||
use tokio::{fs::File, io::AsyncWriteExt};
|
||||
|
||||
const MAX_UPLOAD_DURATION: Duration = Duration::days(31);
|
||||
const DEFAULT_UPLOAD_DURATION: Duration = Duration::minutes(30);
|
||||
const MAX_UPLOAD_SECONDS: i64 = 31 * 24 * 60 * 60;
|
||||
const DEFAULT_UPLOAD_SECONDS: u32 = 30 * 60;
|
||||
|
||||
pub(crate) struct UploadConfig {
|
||||
pub original_name: Option<String>,
|
||||
pub content_type: Mime,
|
||||
pub original_name: String,
|
||||
pub valid_till: OffsetDateTime,
|
||||
pub kind: FileKind,
|
||||
pub delete_on_download: bool,
|
||||
}
|
||||
|
||||
pub(crate) async fn parse_multipart(
|
||||
mut payload: Multipart,
|
||||
file_path: &Path,
|
||||
file_id: &str,
|
||||
file_name: &Path,
|
||||
config: &config::Config,
|
||||
) -> Result<UploadConfig, error::Error> {
|
||||
let mut original_name: Option<String> = None;
|
||||
let mut content_type: Option<Mime> = None;
|
||||
let mut keep_for_seconds: Option<String> = None;
|
||||
let mut keep_for: Option<String> = None;
|
||||
let mut kind: Option<FileKind> = None;
|
||||
let mut delete_on_download = false;
|
||||
let mut password = None;
|
||||
let mut size = 0;
|
||||
|
@ -34,23 +34,25 @@ pub(crate) async fn parse_multipart(
|
|||
let name = name.as_str();
|
||||
match name {
|
||||
"keep_for" => {
|
||||
keep_for_seconds = Some(parse_string(name, field).await?);
|
||||
keep_for = Some(parse_string(name, field).await?);
|
||||
}
|
||||
"file" => {
|
||||
let (mime, uploaded_name) = get_file_metadata(&field);
|
||||
if uploaded_name == None || uploaded_name.map(|f| f.as_str()) == Some("") {
|
||||
let file_original_name = get_original_filename(&field);
|
||||
if file_original_name == None || file_original_name.map(|f| f.as_str()) == Some("")
|
||||
{
|
||||
continue;
|
||||
}
|
||||
original_name = uploaded_name.map(|f| f.to_string());
|
||||
content_type = Some(mime.clone());
|
||||
size = create_file(file_path, field, config.max_file_size).await?;
|
||||
original_name = file_original_name.map(|f| f.to_string());
|
||||
kind = Some(FileKind::Binary);
|
||||
size = create_file(file_name, field, config.max_file_size).await?;
|
||||
}
|
||||
"text" => {
|
||||
if original_name.is_some() {
|
||||
continue;
|
||||
}
|
||||
size = create_file(file_path, field, config.max_file_size).await?;
|
||||
content_type = Some(get_content_type(file_path));
|
||||
original_name = Some(format!("{}.txt", file_id));
|
||||
kind = Some(FileKind::Text);
|
||||
size = create_file(file_name, field, config.max_file_size).await?;
|
||||
}
|
||||
"delete_on_download" => {
|
||||
delete_on_download = parse_string(name, field).await? != "false";
|
||||
|
@ -62,24 +64,24 @@ pub(crate) async fn parse_multipart(
|
|||
};
|
||||
}
|
||||
|
||||
let content_type =
|
||||
content_type.ok_or_else(|| error::ErrorBadRequest("no content type found"))?;
|
||||
let keep_for = keep_for_seconds
|
||||
let original_name = original_name.ok_or_else(|| error::ErrorBadRequest("no content found"))?;
|
||||
let kind = kind.ok_or_else(|| error::ErrorBadRequest("no content found"))?;
|
||||
let keep_for: u32 = keep_for
|
||||
.map(|k| k.parse())
|
||||
.transpose()
|
||||
.map_err(|e| error::ErrorBadRequest(format!("field keep_for is not a number: {}", e)))?
|
||||
.map(Duration::seconds)
|
||||
.unwrap_or(DEFAULT_UPLOAD_DURATION);
|
||||
let valid_till = OffsetDateTime::now_utc() + keep_for;
|
||||
.unwrap_or(DEFAULT_UPLOAD_SECONDS);
|
||||
let valid_duration = Duration::seconds(keep_for.into());
|
||||
let valid_till = OffsetDateTime::now_utc() + valid_duration;
|
||||
|
||||
let upload_config = UploadConfig {
|
||||
original_name,
|
||||
content_type,
|
||||
valid_till,
|
||||
kind,
|
||||
delete_on_download,
|
||||
};
|
||||
|
||||
check_requirements(&upload_config, size, password, &keep_for, config)?;
|
||||
check_requirements(&upload_config, size, password, &valid_duration, config)?;
|
||||
|
||||
Ok(upload_config)
|
||||
}
|
||||
|
@ -88,25 +90,24 @@ fn check_requirements(
|
|||
upload_config: &UploadConfig,
|
||||
size: u64,
|
||||
password: Option<String>,
|
||||
keep_for: &Duration,
|
||||
valid_duration: &Duration,
|
||||
config: &config::Config,
|
||||
) -> Result<(), error::Error> {
|
||||
if let Some(original_name) = upload_config.original_name.as_ref() {
|
||||
if original_name.len() > 255 {
|
||||
if upload_config.original_name.len() > 255 {
|
||||
return Err(error::ErrorBadRequest("filename is too long"));
|
||||
}
|
||||
}
|
||||
|
||||
if *keep_for > MAX_UPLOAD_DURATION {
|
||||
let valid_seconds = valid_duration.whole_seconds();
|
||||
if valid_seconds > MAX_UPLOAD_SECONDS {
|
||||
return Err(error::ErrorBadRequest(format!(
|
||||
"maximum allowed validity is {}, but you specified {}",
|
||||
MAX_UPLOAD_DURATION, keep_for
|
||||
"maximum allowed validity is {} seconds, but you specified {} seconds",
|
||||
MAX_UPLOAD_SECONDS, valid_seconds
|
||||
)));
|
||||
}
|
||||
|
||||
if let Some(no_auth_limits) = &config.no_auth_limits {
|
||||
let requires_auth = *keep_for > no_auth_limits.max_time
|
||||
|| *keep_for > no_auth_limits.large_file_max_time
|
||||
let requires_auth = valid_seconds > no_auth_limits.max_time.whole_seconds()
|
||||
|| valid_seconds > no_auth_limits.large_file_max_time.whole_seconds()
|
||||
&& size > no_auth_limits.large_file_size;
|
||||
// hIGh sECUriTy paSsWoRD CHEck
|
||||
if requires_auth && password.as_ref() != Some(&no_auth_limits.auth_password) {
|
||||
|
@ -179,22 +180,13 @@ async fn write_to_file(
|
|||
Ok(written_bytes)
|
||||
}
|
||||
|
||||
fn get_file_metadata(field: &actix_multipart::Field) -> (&Mime, Option<&String>) {
|
||||
let mime = field.content_type();
|
||||
let filename = field
|
||||
fn get_original_filename(field: &actix_multipart::Field) -> Option<&String> {
|
||||
field
|
||||
.content_disposition()
|
||||
.parameters
|
||||
.iter()
|
||||
.find_map(|param| match param {
|
||||
DispositionParam::Filename(filename) => Some(filename),
|
||||
_ => None,
|
||||
});
|
||||
(mime, filename)
|
||||
}
|
||||
|
||||
fn get_content_type(path: &Path) -> Mime {
|
||||
let std_path = std::path::Path::new(path.as_os_str());
|
||||
tree_magic_mini::from_filepath(std_path)
|
||||
.and_then(|mime| mime.parse().ok())
|
||||
.unwrap_or(TEXT_PLAIN)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
use actix_governor::KeyExtractor;
|
||||
use actix_governor::PeerIpKeyExtractor;
|
||||
use actix_web::{dev::ServiceRequest, http::header::ContentType};
|
||||
use governor::clock::{Clock, DefaultClock, QuantaInstant};
|
||||
use governor::NotUntil;
|
||||
use std::net::IpAddr;
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub struct ForwardedPeerIpKeyExtractor {
|
||||
pub proxied: bool,
|
||||
}
|
||||
|
||||
impl KeyExtractor for ForwardedPeerIpKeyExtractor {
|
||||
type Key = IpAddr;
|
||||
type KeyExtractionError = &'static str;
|
||||
|
||||
fn extract(&self, req: &ServiceRequest) -> Result<Self::Key, Self::KeyExtractionError> {
|
||||
let forwarded_for = req.headers().get("x-forwarded-for");
|
||||
if !self.proxied && forwarded_for.is_some() {
|
||||
let forwarded_for = forwarded_for
|
||||
.unwrap()
|
||||
.to_str()
|
||||
.map_err(|_| "x-forwarded-for contains invalid header value")?;
|
||||
forwarded_for
|
||||
.parse::<IpAddr>()
|
||||
.map_err(|_| "x-forwarded-for contains invalid ip adress")
|
||||
} else {
|
||||
PeerIpKeyExtractor.extract(req)
|
||||
}
|
||||
}
|
||||
|
||||
fn response_error_content(&self, negative: &NotUntil<QuantaInstant>) -> (String, ContentType) {
|
||||
let wait_time = negative
|
||||
.wait_time_from(DefaultClock::default().now())
|
||||
.as_secs();
|
||||
(
|
||||
format!("too many requests, retry in {}s", wait_time),
|
||||
ContentType::plaintext(),
|
||||
)
|
||||
}
|
||||
|
||||
fn response_error(&self, err: Self::KeyExtractionError) -> actix_web::Error {
|
||||
actix_web::error::ErrorUnauthorized(err.to_string())
|
||||
}
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
use std::io::ErrorKind;
|
||||
|
||||
use crate::config::Config;
|
||||
use crate::file_kind::FileKind;
|
||||
use crate::multipart::UploadConfig;
|
||||
use crate::{multipart, template};
|
||||
use actix_files::NamedFile;
|
||||
|
@ -17,8 +18,8 @@ const UPLOAD_HTML: &str = include_str!("../template/upload.html");
|
|||
const UPLOAD_SHORT_HTML: &str = include_str!("../template/upload-short.html");
|
||||
|
||||
const ID_CHARS: &[char] = &[
|
||||
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u',
|
||||
'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9',
|
||||
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v',
|
||||
'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9',
|
||||
];
|
||||
|
||||
pub async fn index(config: web::Data<Config>) -> Result<NamedFile, Error> {
|
||||
|
@ -41,11 +42,11 @@ pub async fn upload(
|
|||
error::ErrorInternalServerError("could not create file")
|
||||
})?;
|
||||
|
||||
let parsed_multipart = multipart::parse_multipart(payload, &file_name, &config).await;
|
||||
let parsed_multipart = multipart::parse_multipart(payload, &file_id, &file_name, &config).await;
|
||||
let UploadConfig {
|
||||
original_name,
|
||||
content_type,
|
||||
valid_till,
|
||||
kind,
|
||||
delete_on_download,
|
||||
} = match parsed_multipart {
|
||||
Ok(data) => data,
|
||||
|
@ -64,17 +65,14 @@ pub async fn upload(
|
|||
}
|
||||
};
|
||||
|
||||
let file_name = original_name
|
||||
.clone()
|
||||
.unwrap_or_else(|| format!("{}.txt", file_id));
|
||||
let db_insert = sqlx::query(
|
||||
"INSERT INTO Files (file_id, file_name, content_type, valid_till, delete_on_download) \
|
||||
"INSERT INTO Files (file_id, file_name, valid_till, kind, delete_on_download) \
|
||||
VALUES ($1, $2, $3, $4, $5)",
|
||||
)
|
||||
.bind(&file_id)
|
||||
.bind(&file_name)
|
||||
.bind(&content_type.to_string())
|
||||
.bind(&original_name)
|
||||
.bind(valid_till)
|
||||
.bind(kind.to_string())
|
||||
.bind(delete_on_download)
|
||||
.execute(db.as_ref())
|
||||
.await;
|
||||
|
@ -92,24 +90,24 @@ pub async fn upload(
|
|||
}
|
||||
|
||||
log::info!(
|
||||
"{} create new file {} (valid_till: {}, content_type: {}, delete_on_download: {})",
|
||||
"{} create new file {} (valid_till: {}, kind: {}, delete_on_download: {})",
|
||||
req.connection_info().realip_remote_addr().unwrap_or("-"),
|
||||
file_id,
|
||||
valid_till,
|
||||
content_type,
|
||||
kind,
|
||||
delete_on_download
|
||||
);
|
||||
|
||||
expiry_watch_sender.send(()).await.unwrap();
|
||||
|
||||
let redirect = if let Some(original_name) = original_name.as_ref() {
|
||||
let encoded_name = urlencoding::encode(original_name);
|
||||
let redirect = if kind == FileKind::Binary {
|
||||
let encoded_name = urlencoding::encode(&original_name);
|
||||
format!("/upload/{}/{}", file_id, encoded_name)
|
||||
} else {
|
||||
format!("/upload/{}", file_id)
|
||||
};
|
||||
|
||||
let url = get_file_url(&req, &file_id, original_name.as_deref());
|
||||
let url = get_file_url(&req, &file_id, Some(&original_name));
|
||||
Ok(HttpResponse::SeeOther()
|
||||
.insert_header((LOCATION, redirect))
|
||||
.body(format!("{}\n", url)))
|
||||
|
|
Loading…
Reference in a new issue