Commit Graph

26 Commits

Author SHA1 Message Date
mutantmonkey 47670af185 Infer site URL from host and headers
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
mutantmonkey 39bb999db6 Add ability to set arbitrary headers
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
2016-06-03 22:49:01 -07:00
mutantmonkey b0d2f2a142 support .tar.gz-style extensions
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.

Fixes #74.
2016-02-12 21:27:39 -08:00
mutantmonkey 39d874374d trim trailing / for origin checking 2015-10-11 20:06:14 -07:00
mutantmonkey adbc1604dc add some more auth tests
It's going to be difficult to get 100% code coverage, but we can at
least ensure that checkAuth works properly.
2015-10-11 18:37:36 -07:00
mutantmonkey 3c9e260926 improve auth tests and rename auth struct 2015-10-11 17:43:31 -07:00
mutantmonkey aa7dad3a03 add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
mutantmonkey 52ec9f8e2d use 303 redirects instead of 301s
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
mutantmonkey a09297389b create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
Andrei Marcu d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey 6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu 639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu a1e3f6f31f go vet complaint 2015-10-07 03:02:07 -04:00
andreimarcu 9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu c5250e529e Headers are now Linx-.. instead of X-... 2015-10-06 00:31:09 -04:00
andreimarcu d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
andreimarcu 7f2db43108 DELETE requests respond with 200 on successful deletes 2015-10-04 02:25:00 -04:00
andreimarcu 31359499ac Switch to dropzonejs. Fixes #18 2015-09-30 23:37:00 -04:00
mutantmonkey 091225b9e4 add torrent support
This change adds an option to download files with BitTorrent. A webseed
is provided in the torrent file to bootstrap the swarm.
2015-09-28 22:58:14 -07:00
andreimarcu 738bf25f44 Test deletion key 2015-09-29 00:32:16 -04:00
andreimarcu f0b1a8e47b Cleanup artifacts 2015-09-28 16:17:32 -04:00
andreimarcu 084c267112 Fix go vet complaints and use go 1.5 for travis 2015-09-28 16:12:15 -04:00
andreimarcu 5f78fe6619 Added tests for uploads 2015-09-28 16:02:03 -04:00
andreimarcu 4599e055e5 Portability 2015-09-28 12:35:11 -04:00
andreimarcu 8c50d4322f Added support for testing, removed uuid requirement 2015-09-28 12:30:21 -04:00