Commit Graph

47 Commits

Author SHA1 Message Date
andreimarcu 9b1df43ef2 Trim "-" in filenames 2015-10-28 14:31:51 -04:00
andreimarcu c8fc62398a Enable randomize in remote uploads 2015-10-18 11:07:39 -04:00
andreimarcu 9847beeff5 Cleanup 2015-10-14 22:47:36 -04:00
andreimarcu 3c659601e2 Make it an option for post uploads 2015-10-14 20:40:25 -04:00
andreimarcu 68653372ff Rename auth header to Linx-Api-Key and remove
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
mutantmonkey a7ae455ac1 strict referrer check improvements
* Always check Origin if it is present, regardless of headers sent
* Whitelist X-Requested-With header
2015-10-12 00:28:04 -07:00
mutantmonkey dd4ac3a7ed add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
mutantmonkey 52ec9f8e2d use 303 redirects instead of 301s
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
mutantmonkey 874c23087d add crossdomain.xml to file blacklist 2015-10-09 00:06:23 -07:00
Andrei Marcu d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey 6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu 639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu 6e33fe6ac8 Metadata holds mimetype, sha256sum, archiveFiles 2015-10-07 22:45:34 -04:00
andreimarcu 9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu 11039d57f1 Fix dyreshark breakages + fix small file with no extension bug 2015-10-07 01:15:45 -04:00
Andrei Marcu 3d55697adc Merge pull request #42 from matthazinski/remote_upload_params
Add support for deletion key and expiry in remote upload
2015-10-07 00:11:38 -04:00
Matt Hazinski 875ebd6db2 Add support for deletion key and expiry in remote upload 2015-10-07 00:08:14 -04:00
George Burgess IV 1e421e07cd swap to using time types instead of ints 2015-10-05 23:50:20 -07:00
andreimarcu c5250e529e Headers are now Linx-.. instead of X-... 2015-10-06 00:31:09 -04:00
mutantmonkey ad9d712a3a add a file blacklist and add robots.txt
Fixes #26
2015-10-04 18:16:27 -07:00
andreimarcu 3e2537ca68 Get rid of ace editor 2015-10-04 17:27:47 -04:00
andreimarcu d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
mutantmonkey 98106ec74f use better random for URLs and delete keys
Using a PRNG seeded based on only the time for these is a bad idea as
the output is predictable. Instead, use a package that generates random
strings using go's crypo/rand package to provide cryptographically
secure random URLs and delete keys.
2015-10-01 22:09:40 -07:00
andreimarcu 8f7b47f572 Support remote uploads 2015-10-01 20:58:08 -04:00
andreimarcu 9cd20c81fc This is not the commit you are looking for 2015-10-01 13:01:44 -04:00
andreimarcu 61e1661dde Fix small file uploads 2015-10-01 11:03:41 -04:00
andreimarcu 31359499ac Switch to dropzonejs. Fixes #18 2015-09-30 23:37:00 -04:00
Jacob Melton c22e314d80 Add a check to see if we already hit EOF on Read 2015-09-30 10:58:49 -04:00
andreimarcu 8a1b688b3c Remove error 2015-09-30 00:59:19 -04:00
andreimarcu 2f5bf2cd65 Added pasteHandler and paste upload 2015-09-30 00:56:51 -04:00
Andrei Marcu f1135085c2 Merge pull request #14 from Uncurlhalo/add-mime-detection
Assign extention based on mimetype if empty extension
2015-09-29 22:10:19 -04:00
Jacob Melton 2ef8546864 Add basic MIME detection support 2015-09-29 22:01:55 -04:00
andreimarcu 02f86da3c7 Display expiry and size info 2015-09-29 19:00:16 -04:00
andreimarcu f0b1a8e47b Cleanup artifacts 2015-09-28 16:17:32 -04:00
andreimarcu 5f78fe6619 Added tests for uploads 2015-09-28 16:02:03 -04:00
andreimarcu 8c50d4322f Added support for testing, removed uuid requirement 2015-09-28 12:30:21 -04:00
andreimarcu c32a698cbc upload expiry/barename respect, random fixes 2015-09-28 00:25:57 -04:00
Matt Hazinski a10b838f4d Add preliminary metadata support 2015-09-27 22:43:41 -04:00
andreimarcu 6ca4579e34 Switch to new uuid repo 2015-09-26 07:47:46 -04:00
andreimarcu 9b0385bf6f Check if file exists and increment filename 2015-09-25 12:47:55 -04:00
andreimarcu d98b63e8bd Performance improvements, custom 404+500, -nologs, PUT uploads fix 2015-09-25 12:00:14 -04:00
andreimarcu 9d6dcdcbba Follow some dyretips 2015-09-25 09:04:06 -04:00
andreimarcu 8caae56b39 json response + imported old drag and drop uploader 2015-09-25 00:58:38 -04:00
andreimarcu d869599da7 Bare /static support, some css/templates import 2015-09-24 16:04:51 -04:00
andreimarcu d130cfe8e1 Some cleanup 2015-09-24 08:30:16 -04:00
andreimarcu 2dbe318b18 Initial commit 2015-09-24 01:44:49 -04:00