b61c08ac13
Update upload.go
2021-02-21 20:54:31 -05:00
ddb89bdc66
Update upload.go
2021-02-21 20:52:18 -05:00
5c3ace8829
Update upload.go
2021-02-21 20:51:32 -05:00
c4f40d2747
Update upload.go
2021-02-21 20:49:22 -05:00
486e4ed836
Update upload.go
2021-02-21 20:45:13 -05:00
fb1ec8a64c
Update upload.go
2021-02-21 20:43:38 -05:00
49161feb7a
Update upload.go
2021-02-21 20:40:53 -05:00
b8f4b55f05
Content-Length rejection if specified larger than allowed size.
2021-02-21 20:40:10 -05:00
2624427b6c
Update upload.go
2021-02-09 23:07:18 -05:00
cb69d98032
Update upload.go
2021-02-09 22:59:23 -05:00
654a1f0a84
Update upload.go
2021-02-09 22:53:27 -05:00
d6ebc29483
Update upload.go
2021-02-09 22:52:18 -05:00
5effb947e3
Update upload.go
2021-02-09 22:47:08 -05:00
f87914a2a2
Update upload.go
2021-02-09 22:44:04 -05:00
de6b3bc23f
Improved Security Logging
2021-02-09 22:36:14 -05:00
456274c1b9
Split and move auth into a separate package ( #224 )
...
* Split and move auth into a separate package
This change will make it easier to implement additional authentication
methods, such as OpenID Connect. For now, only the existing "apikeys"
authentication method is supported.
* Use absolute site prefix to prevent redirect loop
2020-08-14 00:42:45 -07:00
5eb6f32ff0
Switch to a more comprehensive mimetype detection library ( #231 )
2020-08-02 22:16:47 -07:00
7543c82473
Remote upload: Add direct_url param for redirect
2020-03-12 14:18:12 -07:00
a4240680c8
Merge branch 'accesskey' of git://github.com/stek29/linx-server into stek29-accesskey
2020-03-06 15:29:41 -08:00
597bec430c
Allow Basic authentication in browser ( #195 )
2020-03-06 15:21:49 -08:00
b63274ad01
allow limiting access by passwords ( fix #194 )
2020-02-17 18:02:47 +03:00
8f3108148b
Add option to force random filenames ( fixes #86 ) ( #159 )
2019-01-26 02:04:32 -08:00
5d9a93b1e2
Add S3 backend ( #156 )
2019-01-24 23:33:11 -08:00
e506304b84
Return direct URL in json responses
2019-01-14 15:28:32 -08:00
b7fadd9676
Add linx-cleanup tool
...
This doesn't completely fix #116 , but it makes setting up a cron job to
do cleanup much more pleasant.
2017-05-01 21:27:28 -07:00
37f9a0cbbc
Change unknown extension from .ext to .file
2017-03-25 08:44:18 -07:00
e6ac89d6dc
Switch to https://github.com/h2non/filetype
...
This library is much better at detecting MIME types properly than the
existing one. Fixes #117 .
2017-03-25 01:08:56 -07:00
647aa2c0f6
Fix max expiry when provided expiry is 0
...
Previously, we did not properly handle the case where the provided
expiry was zero and the max expiry was configured to be nonzero; add an
additional check to cover this case.
Fixes #111 .
2016-11-02 19:31:32 -07:00
fef43d856e
Add option for maximum expiration time ( fixes #99 )
2016-09-18 22:05:26 -07:00
81a1513809
Add newline for PUT response
2016-07-22 18:15:44 -07:00
1e1f28658d
Remove spaces in mime mapping and ensure no spaces in filenames
2016-07-22 18:08:59 -07:00
fcd18eceec
use abstracted storage for flexibility
...
I moved the storage functionality into the StorageBackend interface,
which is currently only implemented by LocalfsBackend.
2016-06-08 20:18:31 -07:00
47670af185
Infer site URL from host and headers
...
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
b0d2f2a142
support .tar.gz-style extensions
...
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes #74 .
2016-02-12 21:27:39 -08:00
4856ab0750
Allow for non-/ deployments. Fixes #61
2015-10-30 18:36:47 -04:00
9b1df43ef2
Trim "-" in filenames
2015-10-28 14:31:51 -04:00
c8fc62398a
Enable randomize in remote uploads
2015-10-18 11:07:39 -04:00
9847beeff5
Cleanup
2015-10-14 22:47:36 -04:00
3c659601e2
Make it an option for post uploads
2015-10-14 20:40:25 -04:00
68653372ff
Rename auth header to Linx-Api-Key and remove
...
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
a7ae455ac1
strict referrer check improvements
...
* Always check Origin if it is present, regardless of headers sent
* Whitelist X-Requested-With header
2015-10-12 00:28:04 -07:00
dd4ac3a7ed
add support remote auth keys
...
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
52ec9f8e2d
use 303 redirects instead of 301s
...
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
874c23087d
add crossdomain.xml to file blacklist
2015-10-09 00:06:23 -07:00
d9723b8350
Merge pull request #49 from mutantmonkey/referrer_check
...
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
6ff181facb
add strict referrer check for POST uploads
...
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
e9132a1193
File overwriting support. Fixes #8
2015-10-08 12:49:29 -04:00
639d519712
Configurable maximum upload file size. Fixes #35
2015-10-08 01:38:50 -04:00
6e33fe6ac8
Metadata holds mimetype, sha256sum, archiveFiles
2015-10-07 22:45:34 -04:00
9640e2c7ce
Tests + fixes
2015-10-07 03:00:03 -04:00
ZizzyDizzyMC
mutantmonkey
Infinoid
Andrei Marcu
Paweł Płazieński
Viktor Oreshkin
mutantmonkey
mutantmonkey