add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
This commit is contained in:
parent
3dc4753b7a
commit
dd4ac3a7ed
|
@ -36,6 +36,7 @@ var Config struct {
|
||||||
fastcgi bool
|
fastcgi bool
|
||||||
remoteUploads bool
|
remoteUploads bool
|
||||||
authFile string
|
authFile string
|
||||||
|
remoteAuthFile string
|
||||||
}
|
}
|
||||||
|
|
||||||
var Templates = make(map[string]*pongo2.Template)
|
var Templates = make(map[string]*pongo2.Template)
|
||||||
|
@ -43,6 +44,7 @@ var TemplateSet *pongo2.TemplateSet
|
||||||
var staticBox *rice.Box
|
var staticBox *rice.Box
|
||||||
var timeStarted time.Time
|
var timeStarted time.Time
|
||||||
var timeStartedStr string
|
var timeStartedStr string
|
||||||
|
var remoteAuthKeys []string
|
||||||
|
|
||||||
func setup() *web.Mux {
|
func setup() *web.Mux {
|
||||||
mux := web.New()
|
mux := web.New()
|
||||||
|
@ -126,6 +128,10 @@ func setup() *web.Mux {
|
||||||
if Config.remoteUploads {
|
if Config.remoteUploads {
|
||||||
mux.Get("/upload", uploadRemote)
|
mux.Get("/upload", uploadRemote)
|
||||||
mux.Get("/upload/", uploadRemote)
|
mux.Get("/upload/", uploadRemote)
|
||||||
|
|
||||||
|
if Config.remoteAuthFile != "" {
|
||||||
|
remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mux.Post("/upload", uploadPostHandler)
|
mux.Post("/upload", uploadPostHandler)
|
||||||
|
@ -175,6 +181,8 @@ func main() {
|
||||||
"enable remote uploads")
|
"enable remote uploads")
|
||||||
flag.StringVar(&Config.authFile, "authfile", "",
|
flag.StringVar(&Config.authFile, "authfile", "",
|
||||||
"path to a file containing newline-separated scrypted auth keys")
|
"path to a file containing newline-separated scrypted auth keys")
|
||||||
|
flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
|
||||||
|
"path to a file containing newline-separated scrypted auth keys for remote uploads")
|
||||||
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
|
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
|
||||||
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
|
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
|
||||||
"value of default Content-Security-Policy header")
|
"value of default Content-Security-Policy header")
|
||||||
|
|
13
upload.go
13
upload.go
|
@ -138,6 +138,19 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
|
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||||
|
if Config.remoteAuthFile != "" {
|
||||||
|
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
|
||||||
|
if err != nil || !result {
|
||||||
|
unauthorizedHandler(c, w, r)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// strict referrer checking is mandatory without remote auth keys
|
||||||
|
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize"}) {
|
||||||
|
badRequestHandler(c, w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if r.FormValue("url") == "" {
|
if r.FormValue("url") == "" {
|
||||||
http.Redirect(w, r, "/", 303)
|
http.Redirect(w, r, "/", 303)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue