Profouzors
/
ProfouzorsLinx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ProfouzorsLinx/server.go

369 lines
12 KiB
Go
Raw Normal View History

Initial commit
2015-09-24 07:44:49 +02:00
package main
import (
"flag"
"log"
"net"
"net/http"
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
"net/http/fcgi"
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
"net/url"
Make filesDir if it does not exist
2015-09-26 04:03:14 +02:00
"os"
Allow UNIX socket in FastCGI mode (check if bind starts with /) (#190) Allow UNIX socket in FastCGI mode (check if bind starts with /)
2019-12-03 03:24:11 +01:00
"os/signal"
Add preliminary metadata support
2015-09-28 04:17:12 +02:00
"regexp"
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
"strconv"
Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
2016-06-04 07:49:01 +02:00
"strings"
Allow UNIX socket in FastCGI mode (check if bind starts with /) (#190) Allow UNIX socket in FastCGI mode (check if bind starts with /)
2019-12-03 03:24:11 +01:00
"syscall"
Fix static directory listing recursion
2015-09-30 21:54:30 +02:00
"time"
Initial commit
2015-09-24 07:44:49 +02:00
allow limiting access by passwords (fix #194)
2020-02-17 15:58:56 +01:00
rice "github.com/GeertJohan/go.rice"
use abstracted storage for flexibility I moved the storage functionality into the StorageBackend interface, which is currently only implemented by LocalfsBackend.
2016-06-07 08:37:42 +02:00
"github.com/andreimarcu/linx-server/backends"
"github.com/andreimarcu/linx-server/backends/localfs"
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
"github.com/andreimarcu/linx-server/backends/s3"
Cleanup: Integrate expired files periodic cleanup
2020-05-14 02:37:33 +02:00
"github.com/andreimarcu/linx-server/cleanup"
Add template globals, disable template caching while debug
2015-09-25 05:21:37 +02:00
"github.com/flosch/pongo2"
Allow configuration from ini-style file
2015-10-25 19:04:38 +01:00
"github.com/vharitonsky/iniflags"
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
"github.com/zenazn/goji/graceful"
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
"github.com/zenazn/goji/web"
Performance improvements, custom 404+500, -nologs, PUT uploads fix
2015-09-25 18:00:14 +02:00
"github.com/zenazn/goji/web/middleware"
Initial commit
2015-09-24 07:44:49 +02:00
)
Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
2016-06-04 07:49:01 +02:00
type headerList []string
func (h *headerList) String() string {
return strings.Join(*h, ",")
}
func (h *headerList) Set(value string) error {
*h = append(*h, value)
return nil
}
Initial commit
2015-09-24 07:44:49 +02:00
var Config struct {
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
bind string
filesDir string
metaDir string
siteName string
siteURL string
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
sitePath string
Allow changing the "selif" path name
2019-01-14 23:51:02 +01:00
selifPath string
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
certFile string
keyFile string
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
contentSecurityPolicy string
fileContentSecurityPolicy string
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags.
2019-01-08 20:56:09 +01:00
referrerPolicy string
fileReferrerPolicy string
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
xFrameOptions string
Configurable maximum upload file size. Fixes #35
2015-10-08 07:38:50 +02:00
maxSize int64
Add option for maximum expiration time (fixes #99)
2016-09-19 06:45:00 +02:00
maxExpiry uint64
Add option for using Real-IP
2015-10-12 02:32:28 +02:00
realIp bool
housekeeping
2015-10-06 08:51:49 +02:00
noLogs bool
allowHotlink bool
fastcgi bool
remoteUploads bool
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
basicAuth bool
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
authFile string
add support remote auth keys These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
2015-10-12 04:31:13 +02:00
remoteAuthFile string
Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
2016-06-04 07:49:01 +02:00
addHeaders headerList
Serve file directly for curl and wget user agents (#145) * Serve file directly for curl and wget user agents Fix #127 * Add test for get with wget user agent * Add -nodirectagents flag to disable serving files directly for wget/curl user agents * Fix TestPutAndGetCLI failing for Go 1.5 It failed because it doesn't include the Content-Type header for every response.
2018-11-07 19:13:27 +01:00
noDirectAgents bool
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
s3Endpoint string
s3Region string
s3Bucket string
Add -s3-force-path-style flag and config option (#157) This option forces path-style addressing instead of using a subdomain. This appears to be needed by Minio.
2019-01-25 09:10:06 +01:00
s3ForcePathStyle bool
Add option to force random filenames (fixes #86) (#159)
2019-01-26 11:04:32 +01:00
forceRandomFilename bool
allow limiting access by passwords (fix #194)
2020-02-17 15:58:56 +01:00
accessKeyCookieExpiry uint64
Custom pages: Implement adding custom markdown pages to the site navigation
2020-03-12 21:32:35 +01:00
customPagesDir string
Cleanup: Integrate expired files periodic cleanup
2020-05-14 02:37:33 +02:00
cleanupEveryMinutes uint64
Initial commit
2015-09-24 07:44:49 +02:00
}
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
var Templates = make(map[string]*pongo2.Template)
var TemplateSet *pongo2.TemplateSet
Fix static directory listing recursion
2015-09-30 21:54:30 +02:00
var staticBox *rice.Box
var timeStarted time.Time
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
var timeStartedStr string
add support remote auth keys These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
2015-10-12 04:31:13 +02:00
var remoteAuthKeys []string
Add linx-cleanup tool This doesn't completely fix #116, but it makes setting up a cron job to do cleanup much more pleasant.
2017-05-02 06:25:56 +02:00
var metaStorageBackend backends.MetaStorageBackend
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
var storageBackend backends.StorageBackend
Custom pages: Implement adding custom markdown pages to the site navigation
2020-03-12 21:32:35 +01:00
var customPages = make(map[string]string)
var customPagesNames = make(map[string]string)
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
func setup() *web.Mux {
mux := web.New()
// middleware
mux.Use(middleware.RequestID)
Add option for using Real-IP
2015-10-12 02:32:28 +02:00
if Config.realIp {
Real-IP middleware for fastcgi + nginx doc update
2015-10-10 17:22:24 +02:00
mux.Use(middleware.RealIP)
}
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
if !Config.noLogs {
mux.Use(middleware.Logger)
}
mux.Use(middleware.Recoverer)
mux.Use(middleware.AutomaticOptions)
mux.Use(ContentSecurityPolicy(CSPOptions{
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags.
2019-01-08 20:56:09 +01:00
policy: Config.contentSecurityPolicy,
referrerPolicy: Config.referrerPolicy,
frame: Config.xFrameOptions,
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
}))
Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
2016-06-04 07:49:01 +02:00
mux.Use(AddHeaders(Config.addHeaders))
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
if Config.authFile != "" {
mux.Use(UploadAuth(AuthOptions{
AuthFile: Config.authFile,
UnauthMethods: []string{"GET", "HEAD", "OPTIONS", "TRACE"},
}))
}
Add preliminary metadata support
2015-09-28 04:17:12 +02:00
// make directories if needed
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
err := os.MkdirAll(Config.filesDir, 0755)
Make filesDir if it does not exist
2015-09-26 04:03:14 +02:00
if err != nil {
Clean up logging on start
2015-10-06 08:49:57 +02:00
log.Fatal("Could not create files directory:", err)
Make filesDir if it does not exist
2015-09-26 04:03:14 +02:00
}
Check if file exists and increment filename
2015-09-25 18:47:55 +02:00
Add preliminary metadata support
2015-09-28 04:17:12 +02:00
err = os.MkdirAll(Config.metaDir, 0700)
if err != nil {
Clean up logging on start
2015-10-06 08:49:57 +02:00
log.Fatal("Could not create metadata directory:", err)
Add preliminary metadata support
2015-09-28 04:17:12 +02:00
}
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
if Config.siteURL != "" {
// ensure siteURL ends wth '/'
if lastChar := Config.siteURL[len(Config.siteURL)-1:]; lastChar != "/" {
Config.siteURL = Config.siteURL + "/"
}
Add preliminary metadata support
2015-09-28 04:17:12 +02:00
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
parsedUrl, err := url.Parse(Config.siteURL)
if err != nil {
log.Fatal("Could not parse siteurl:", err)
}
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
Config.sitePath = parsedUrl.Path
} else {
Config.sitePath = "/"
}
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
Allow changing the "selif" path name
2019-01-14 23:51:02 +01:00
Config.selifPath = strings.TrimLeft(Config.selifPath, "/")
if lastChar := Config.selifPath[len(Config.selifPath)-1:]; lastChar != "/" {
Config.selifPath = Config.selifPath + "/"
}
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
if Config.s3Bucket != "" {
Add -s3-force-path-style flag and config option (#157) This option forces path-style addressing instead of using a subdomain. This appears to be needed by Minio.
2019-01-25 09:10:06 +01:00
storageBackend = s3.NewS3Backend(Config.s3Bucket, Config.s3Region, Config.s3Endpoint, Config.s3ForcePathStyle)
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
} else {
storageBackend = localfs.NewLocalfsBackend(Config.metaDir, Config.filesDir)
Cleanup: Integrate expired files periodic cleanup
2020-05-14 02:37:33 +02:00
if Config.cleanupEveryMinutes > 0 {
go cleanup.PeriodicCleanup(time.Duration(Config.cleanupEveryMinutes)*time.Minute, Config.filesDir, Config.metaDir, Config.noLogs)
}
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
}
use abstracted storage for flexibility I moved the storage functionality into the StorageBackend interface, which is currently only implemented by LocalfsBackend.
2016-06-07 08:37:42 +02:00
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
// Template setup
go.rice needs string literal
2015-09-29 03:58:50 +02:00
p2l, err := NewPongo2TemplatesLoader()
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
if err != nil {
Clean up logging on start
2015-10-06 08:49:57 +02:00
log.Fatal("Error: could not load templates", err)
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
}
TemplateSet := pongo2.NewSet("templates", p2l)
err = populateTemplatesMap(TemplateSet, Templates)
if err != nil {
Clean up logging on start
2015-10-06 08:49:57 +02:00
log.Fatal("Error: could not load templates", err)
go.rice now serves static and template files
2015-09-29 02:46:58 +02:00
}
Add template globals, disable template caching while debug
2015-09-25 05:21:37 +02:00
Fix static directory listing recursion
2015-09-30 21:54:30 +02:00
staticBox = rice.MustFindBox("static")
timeStarted = time.Now()
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
timeStartedStr = strconv.FormatInt(timeStarted.Unix(), 10)
Fix static directory listing recursion
2015-09-30 21:54:30 +02:00
Add template globals, disable template caching while debug
2015-09-25 05:21:37 +02:00
// Routing setup
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
nameRe := regexp.MustCompile("^" + Config.sitePath + `(?P<name>[a-z0-9-\.]+)$`)
Allow changing the "selif" path name
2019-01-14 23:51:02 +01:00
selifRe := regexp.MustCompile("^" + Config.sitePath + Config.selifPath + `(?P<name>[a-z0-9-\.]+)$`)
selifIndexRe := regexp.MustCompile("^" + Config.sitePath + Config.selifPath + `$`)
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
torrentRe := regexp.MustCompile("^" + Config.sitePath + `(?P<name>[a-z0-9-\.]+)/torrent$`)
Initial commit
2015-09-24 07:44:49 +02:00
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
if Config.authFile == "" || Config.basicAuth {
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath, indexHandler)
mux.Get(Config.sitePath+"paste/", pasteHandler)
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
} else {
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath, http.RedirectHandler(Config.sitePath+"API", 303))
mux.Get(Config.sitePath+"paste/", http.RedirectHandler(Config.sitePath+"API/", 303))
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
}
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath+"paste", http.RedirectHandler(Config.sitePath+"paste/", 301))
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath+"API/", apiDocHandler)
mux.Get(Config.sitePath+"API", http.RedirectHandler(Config.sitePath+"API/", 301))
Performance improvements, custom 404+500, -nologs, PUT uploads fix
2015-09-25 18:00:14 +02:00
Support remote uploads
2015-10-02 02:58:08 +02:00
if Config.remoteUploads {
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath+"upload", uploadRemote)
mux.Get(Config.sitePath+"upload/", uploadRemote)
add support remote auth keys These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
2015-10-12 04:31:13 +02:00
if Config.remoteAuthFile != "" {
remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
}
Support remote uploads
2015-10-02 02:58:08 +02:00
}
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
if Config.basicAuth {
options := AuthOptions{
AuthFile: Config.authFile,
UnauthMethods: []string{},
}
Basic auth: Fix #201 - broken uploads
2020-03-11 06:45:24 +01:00
okFunc := func(w http.ResponseWriter, r *http.Request) {
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
w.Header().Set("Location", Config.sitePath)
w.WriteHeader(http.StatusFound)
}
Basic auth: Fix #201 - broken uploads
2020-03-11 06:45:24 +01:00
authHandler := auth{
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
successHandler: http.HandlerFunc(okFunc),
failureHandler: http.HandlerFunc(badAuthorizationHandler),
authKeys: readAuthKeys(Config.authFile),
o: options,
}
mux.Head(Config.sitePath+"auth", authHandler)
mux.Get(Config.sitePath+"auth", authHandler)
}
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Post(Config.sitePath+"upload", uploadPostHandler)
mux.Post(Config.sitePath+"upload/", uploadPostHandler)
mux.Put(Config.sitePath+"upload", uploadPutHandler)
mux.Put(Config.sitePath+"upload/", uploadPutHandler)
mux.Put(Config.sitePath+"upload/:name", uploadPutHandler)
Rename auth header to Linx-Api-Key and remove b64encoding requirement for uploading with keys
2015-10-14 22:13:29 +02:00
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Delete(Config.sitePath+":name", deleteHandler)
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
Allow for non-/ deployments. Fixes #61
2015-10-30 23:36:47 +01:00
mux.Get(Config.sitePath+"static/*", staticHandler)
mux.Get(Config.sitePath+"favicon.ico", staticHandler)
mux.Get(Config.sitePath+"robots.txt", staticHandler)
allow limiting access by passwords (fix #194)
2020-02-17 15:58:56 +01:00
mux.Get(nameRe, fileAccessHandler)
mux.Post(nameRe, fileAccessHandler)
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
mux.Get(selifRe, fileServeHandler)
mux.Get(selifIndexRe, unauthorizedHandler)
mux.Get(torrentRe, fileTorrentHandler)
Add ability to short urls for uploaded content (#85) Add ability to short urls for uploaded content
2016-06-15 17:42:57 +02:00
Custom pages: Implement adding custom markdown pages to the site navigation
2020-03-12 21:32:35 +01:00
if Config.customPagesDir != "" {
initializeCustomPages(Config.customPagesDir)
for fileName := range customPagesNames {
mux.Get(Config.sitePath+fileName, makeCustomPageHandler(fileName))
mux.Get(Config.sitePath+fileName+"/", makeCustomPageHandler(fileName))
}
}
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
mux.NotFound(notFoundHandler)
return mux
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
}
func main() {
change -b flag to -bind This is for consistency with Goji's default flag and is more clear.
2015-10-10 08:06:28 +02:00
flag.StringVar(&Config.bind, "bind", "127.0.0.1:8080",
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
"host to bind to (default: 127.0.0.1:8080)")
flag.StringVar(&Config.filesDir, "filespath", "files/",
"path to files directory")
flag.StringVar(&Config.metaDir, "metapath", "meta/",
"path to metadata directory")
Allow Basic authentication in browser (#195)
2020-03-07 00:21:49 +01:00
flag.BoolVar(&Config.basicAuth, "basicauth", false,
"allow logging by basic auth password")
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
flag.BoolVar(&Config.noLogs, "nologs", false,
"remove stdout output for each request")
Implement hotlink protection
2015-09-30 01:28:10 +02:00
flag.BoolVar(&Config.allowHotlink, "allowhotlink", false,
"Allow hotlinking of files")
Infer sitename from Host if empty
2016-06-15 08:21:39 +02:00
flag.StringVar(&Config.siteName, "sitename", "",
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
"name of the site")
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
flag.StringVar(&Config.siteURL, "siteurl", "",
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
"site base url (including trailing slash)")
Allow changing the "selif" path name
2019-01-14 23:51:02 +01:00
flag.StringVar(&Config.selifPath, "selifpath", "selif",
"path relative to site base url where files are accessed directly")
Configurable maximum upload file size. Fixes #35
2015-10-08 07:38:50 +02:00
flag.Int64Var(&Config.maxSize, "maxsize", 4*1024*1024*1024,
"maximum upload file size in bytes (default 4GB)")
Add option for maximum expiration time (fixes #99)
2016-09-19 06:45:00 +02:00
flag.Uint64Var(&Config.maxExpiry, "maxexpiry", 0,
"maximum expiration time in seconds (default is 0, which is no expiry)")
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
flag.StringVar(&Config.certFile, "certfile", "",
"path to ssl certificate (for https)")
flag.StringVar(&Config.keyFile, "keyfile", "",
"path to ssl key (for https)")
Add option for using Real-IP
2015-10-12 02:32:28 +02:00
flag.BoolVar(&Config.realIp, "realip", false,
"use X-Real-IP/X-Forwarded-For headers as original host")
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
flag.BoolVar(&Config.fastcgi, "fastcgi", false,
"serve through fastcgi")
Support remote uploads
2015-10-02 02:58:08 +02:00
flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
"enable remote uploads")
add support for auth keys Add a middleware that requires authorization for all POST, PUT, and DELETE requests. This is done using the Authorization header and the provided auth key is then checked against a file containing scrypted auth keys. These keys are salted the constant string `linx-server`.
2015-10-10 21:26:47 +02:00
flag.StringVar(&Config.authFile, "authfile", "",
"path to a file containing newline-separated scrypted auth keys")
add support remote auth keys These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
2015-10-12 04:31:13 +02:00
flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
"path to a file containing newline-separated scrypted auth keys for remote uploads")
Document csp flags
2015-10-05 04:43:42 +02:00
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags.
2019-01-08 20:56:09 +01:00
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';",
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
"value of default Content-Security-Policy header")
Document csp flags
2015-10-05 04:43:42 +02:00
flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags.
2019-01-08 20:56:09 +01:00
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';",
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
"value of Content-Security-Policy header for file access")
Switch to Referrer-Policy header (#149) Use of the Content-Security-Policy header to specify a referrer policy was deprecated in favor of a [new header](https://github.com/w3c/webappsec-referrer-policy/commit/fc55d917bee0d5636f52a19a5aefa65f8995c766). This change changes the existing referrer policy directives to use this header and adds corresponding config options/command line flags.
2019-01-08 20:56:09 +01:00
flag.StringVar(&Config.referrerPolicy, "referrerpolicy",
"same-origin",
"value of default Referrer-Policy header")
flag.StringVar(&Config.fileReferrerPolicy, "filereferrerpolicy",
"same-origin",
"value of Referrer-Policy header for file access")
Document csp flags
2015-10-05 04:43:42 +02:00
flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
add support for some security headers This commit adds support for Content-Security-Policy and X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 23:58:00 +02:00
"value of X-Frame-Options header")
Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.
2016-06-04 07:49:01 +02:00
flag.Var(&Config.addHeaders, "addheader",
"Add an arbitrary header to the response. This option can be used multiple times.")
Serve file directly for curl and wget user agents (#145) * Serve file directly for curl and wget user agents Fix #127 * Add test for get with wget user agent * Add -nodirectagents flag to disable serving files directly for wget/curl user agents * Fix TestPutAndGetCLI failing for Go 1.5 It failed because it doesn't include the Content-Type header for every response.
2018-11-07 19:13:27 +01:00
flag.BoolVar(&Config.noDirectAgents, "nodirectagents", false,
"disable serving files directly for wget/curl user agents")
Add S3 backend (#156)
2019-01-25 08:33:11 +01:00
flag.StringVar(&Config.s3Endpoint, "s3-endpoint", "",
"S3 endpoint")
flag.StringVar(&Config.s3Region, "s3-region", "",
"S3 region")
flag.StringVar(&Config.s3Bucket, "s3-bucket", "",
"S3 bucket to use for files and metadata")
Add -s3-force-path-style flag and config option (#157) This option forces path-style addressing instead of using a subdomain. This appears to be needed by Minio.
2019-01-25 09:10:06 +01:00
flag.BoolVar(&Config.s3ForcePathStyle, "s3-force-path-style", false,
"Force path-style addressing for S3 (e.g. https://s3.amazonaws.com/linx/example.txt)")
Add option to force random filenames (fixes #86) (#159)
2019-01-26 11:04:32 +01:00
flag.BoolVar(&Config.forceRandomFilename, "force-random-filename", false,
"Force all uploads to use a random filename")
allow limiting access by passwords (fix #194)
2020-02-17 15:58:56 +01:00
flag.Uint64Var(&Config.accessKeyCookieExpiry, "access-cookie-expiry", 0, "Expiration time for access key cookies in seconds (set 0 to use session cookies)")
Custom pages: Implement adding custom markdown pages to the site navigation
2020-03-12 21:32:35 +01:00
flag.StringVar(&Config.customPagesDir, "custompagespath", "",
"path to directory containing .md files to render as custom pages")
Cleanup: Integrate expired files periodic cleanup
2020-05-14 02:37:33 +02:00
flag.Uint64Var(&Config.cleanupEveryMinutes, "cleanup-every-minutes", 0,
"How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed)")
Allow configuration from ini-style file
2015-10-25 19:04:38 +01:00
iniflags.Parse()
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
mux := setup()
Added support for testing, removed uuid requirement
2015-09-28 18:30:21 +02:00
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
if Config.fastcgi {
Allow UNIX socket in FastCGI mode (check if bind starts with /) (#190) Allow UNIX socket in FastCGI mode (check if bind starts with /)
2019-12-03 03:24:11 +01:00
var listener net.Listener
var err error
if Config.bind[0] == '/' {
// UNIX path
listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: Config.bind, Net: "unix"})
cleanup := func() {
log.Print("Removing FastCGI socket")
os.Remove(Config.bind)
}
defer cleanup()
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
go func() {
sig := <-sigs
log.Print("Signal: ", sig)
cleanup()
os.Exit(0)
}()
} else {
listener, err = net.Listen("tcp", Config.bind)
}
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
if err != nil {
log.Fatal("Could not bind: ", err)
}
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
log.Printf("Serving over fastcgi, bound on %s", Config.bind)
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
fcgi.Serve(listener, mux)
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
} else if Config.certFile != "" {
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
log.Printf("Serving over https, bound on %s", Config.bind)
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
err := graceful.ListenAndServeTLS(Config.bind, Config.certFile, Config.keyFile, mux)
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
if err != nil {
log.Fatal(err)
}
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
} else {
Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.
2016-06-04 10:22:01 +02:00
log.Printf("Serving over http, bound on %s", Config.bind)
create our own mux instead of using goji default This is a better way to do things since we were customizing middleware and everything anyway. It's also necessary in order to avoid pulling in the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-10 08:04:08 +02:00
err := graceful.ListenAndServe(Config.bind, mux)
Added https option + graceful shutdown
2015-10-07 18:48:44 +02:00
if err != nil {
log.Fatal(err)
}
Add fastcgi support and static cache headers
2015-10-01 16:32:59 +02:00
}
Initial commit
2015-09-24 07:44:49 +02:00
}