add support remote auth keys

These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
This commit is contained in:
mutantmonkey 2015-10-11 19:31:13 -07:00
parent 3dc4753b7a
commit dd4ac3a7ed
2 changed files with 21 additions and 0 deletions

View File

@ -36,6 +36,7 @@ var Config struct {
fastcgi bool fastcgi bool
remoteUploads bool remoteUploads bool
authFile string authFile string
remoteAuthFile string
} }
var Templates = make(map[string]*pongo2.Template) var Templates = make(map[string]*pongo2.Template)
@ -43,6 +44,7 @@ var TemplateSet *pongo2.TemplateSet
var staticBox *rice.Box var staticBox *rice.Box
var timeStarted time.Time var timeStarted time.Time
var timeStartedStr string var timeStartedStr string
var remoteAuthKeys []string
func setup() *web.Mux { func setup() *web.Mux {
mux := web.New() mux := web.New()
@ -126,6 +128,10 @@ func setup() *web.Mux {
if Config.remoteUploads { if Config.remoteUploads {
mux.Get("/upload", uploadRemote) mux.Get("/upload", uploadRemote)
mux.Get("/upload/", uploadRemote) mux.Get("/upload/", uploadRemote)
if Config.remoteAuthFile != "" {
remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
}
} }
mux.Post("/upload", uploadPostHandler) mux.Post("/upload", uploadPostHandler)
@ -175,6 +181,8 @@ func main() {
"enable remote uploads") "enable remote uploads")
flag.StringVar(&Config.authFile, "authfile", "", flag.StringVar(&Config.authFile, "authfile", "",
"path to a file containing newline-separated scrypted auth keys") "path to a file containing newline-separated scrypted auth keys")
flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
"path to a file containing newline-separated scrypted auth keys for remote uploads")
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy", flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;", "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
"value of default Content-Security-Policy header") "value of default Content-Security-Policy header")

View File

@ -138,6 +138,19 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
} }
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
if Config.remoteAuthFile != "" {
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
if err != nil || !result {
unauthorizedHandler(c, w, r)
}
} else {
// strict referrer checking is mandatory without remote auth keys
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize"}) {
badRequestHandler(c, w, r)
return
}
}
if r.FormValue("url") == "" { if r.FormValue("url") == "" {
http.Redirect(w, r, "/", 303) http.Redirect(w, r, "/", 303)
return return