Commit Graph

23 Commits

Author SHA1 Message Date
mutantmonkey 39d874374d trim trailing / for origin checking 2015-10-11 20:06:14 -07:00
mutantmonkey adbc1604dc add some more auth tests
It's going to be difficult to get 100% code coverage, but we can at
least ensure that checkAuth works properly.
2015-10-11 18:37:36 -07:00
mutantmonkey 3c9e260926 improve auth tests and rename auth struct 2015-10-11 17:43:31 -07:00
mutantmonkey aa7dad3a03 add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
mutantmonkey 52ec9f8e2d use 303 redirects instead of 301s
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
mutantmonkey a09297389b create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
Andrei Marcu d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey 6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu 639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu a1e3f6f31f go vet complaint 2015-10-07 03:02:07 -04:00
andreimarcu 9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu c5250e529e Headers are now Linx-.. instead of X-... 2015-10-06 00:31:09 -04:00
andreimarcu d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
andreimarcu 7f2db43108 DELETE requests respond with 200 on successful deletes 2015-10-04 02:25:00 -04:00
andreimarcu 31359499ac Switch to dropzonejs. Fixes #18 2015-09-30 23:37:00 -04:00
mutantmonkey 091225b9e4 add torrent support
This change adds an option to download files with BitTorrent. A webseed
is provided in the torrent file to bootstrap the swarm.
2015-09-28 22:58:14 -07:00
andreimarcu 738bf25f44 Test deletion key 2015-09-29 00:32:16 -04:00
andreimarcu f0b1a8e47b Cleanup artifacts 2015-09-28 16:17:32 -04:00
andreimarcu 084c267112 Fix go vet complaints and use go 1.5 for travis 2015-09-28 16:12:15 -04:00
andreimarcu 5f78fe6619 Added tests for uploads 2015-09-28 16:02:03 -04:00
andreimarcu 4599e055e5 Portability 2015-09-28 12:35:11 -04:00
andreimarcu 8c50d4322f Added support for testing, removed uuid requirement 2015-09-28 12:30:21 -04:00