ZizzyDizzyMC
c4f40d2747
Update upload.go
2021-02-21 20:49:22 -05:00
ZizzyDizzyMC
486e4ed836
Update upload.go
2021-02-21 20:45:13 -05:00
ZizzyDizzyMC
fb1ec8a64c
Update upload.go
2021-02-21 20:43:38 -05:00
ZizzyDizzyMC
49161feb7a
Update upload.go
2021-02-21 20:40:53 -05:00
ZizzyDizzyMC
b8f4b55f05
Content-Length rejection if specified larger than allowed size.
2021-02-21 20:40:10 -05:00
ZizzyDizzyMC
2624427b6c
Update upload.go
2021-02-09 23:07:18 -05:00
ZizzyDizzyMC
cb69d98032
Update upload.go
2021-02-09 22:59:23 -05:00
ZizzyDizzyMC
654a1f0a84
Update upload.go
2021-02-09 22:53:27 -05:00
ZizzyDizzyMC
d6ebc29483
Update upload.go
2021-02-09 22:52:18 -05:00
ZizzyDizzyMC
5effb947e3
Update upload.go
2021-02-09 22:47:08 -05:00
ZizzyDizzyMC
f87914a2a2
Update upload.go
2021-02-09 22:44:04 -05:00
ZizzyDizzyMC
de6b3bc23f
Improved Security Logging
2021-02-09 22:36:14 -05:00
mutantmonkey
456274c1b9
Split and move auth into a separate package ( #224 )
...
* Split and move auth into a separate package
This change will make it easier to implement additional authentication
methods, such as OpenID Connect. For now, only the existing "apikeys"
authentication method is supported.
* Use absolute site prefix to prevent redirect loop
2020-08-14 00:42:45 -07:00
Infinoid
5eb6f32ff0
Switch to a more comprehensive mimetype detection library ( #231 )
2020-08-02 22:16:47 -07:00
Andrei Marcu
7543c82473
Remote upload: Add direct_url param for redirect
2020-03-12 14:18:12 -07:00
Andrei Marcu
a4240680c8
Merge branch 'accesskey' of git://github.com/stek29/linx-server into stek29-accesskey
2020-03-06 15:29:41 -08:00
Paweł Płazieński
597bec430c
Allow Basic authentication in browser ( #195 )
2020-03-06 15:21:49 -08:00
Viktor Oreshkin
b63274ad01
allow limiting access by passwords ( fix #194 )
2020-02-17 18:02:47 +03:00
mutantmonkey
8f3108148b
Add option to force random filenames ( fixes #86 ) ( #159 )
2019-01-26 02:04:32 -08:00
mutantmonkey
5d9a93b1e2
Add S3 backend ( #156 )
2019-01-24 23:33:11 -08:00
Andrei Marcu
e506304b84
Return direct URL in json responses
2019-01-14 15:28:32 -08:00
mutantmonkey
b7fadd9676
Add linx-cleanup tool
...
This doesn't completely fix #116 , but it makes setting up a cron job to
do cleanup much more pleasant.
2017-05-01 21:27:28 -07:00
andreimarcu
37f9a0cbbc
Change unknown extension from .ext to .file
2017-03-25 08:44:18 -07:00
mutantmonkey
e6ac89d6dc
Switch to https://github.com/h2non/filetype
...
This library is much better at detecting MIME types properly than the
existing one. Fixes #117 .
2017-03-25 01:08:56 -07:00
mutantmonkey
647aa2c0f6
Fix max expiry when provided expiry is 0
...
Previously, we did not properly handle the case where the provided
expiry was zero and the max expiry was configured to be nonzero; add an
additional check to cover this case.
Fixes #111 .
2016-11-02 19:31:32 -07:00
mutantmonkey
fef43d856e
Add option for maximum expiration time ( fixes #99 )
2016-09-18 22:05:26 -07:00
andreimarcu
81a1513809
Add newline for PUT response
2016-07-22 18:15:44 -07:00
andreimarcu
1e1f28658d
Remove spaces in mime mapping and ensure no spaces in filenames
2016-07-22 18:08:59 -07:00
mutantmonkey
fcd18eceec
use abstracted storage for flexibility
...
I moved the storage functionality into the StorageBackend interface,
which is currently only implemented by LocalfsBackend.
2016-06-08 20:18:31 -07:00
mutantmonkey
47670af185
Infer site URL from host and headers
...
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
mutantmonkey
b0d2f2a142
support .tar.gz-style extensions
...
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes #74 .
2016-02-12 21:27:39 -08:00
andreimarcu
4856ab0750
Allow for non-/ deployments. Fixes #61
2015-10-30 18:36:47 -04:00
andreimarcu
9b1df43ef2
Trim "-" in filenames
2015-10-28 14:31:51 -04:00
andreimarcu
c8fc62398a
Enable randomize in remote uploads
2015-10-18 11:07:39 -04:00
andreimarcu
9847beeff5
Cleanup
2015-10-14 22:47:36 -04:00
andreimarcu
3c659601e2
Make it an option for post uploads
2015-10-14 20:40:25 -04:00
andreimarcu
68653372ff
Rename auth header to Linx-Api-Key and remove
...
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
mutantmonkey
a7ae455ac1
strict referrer check improvements
...
* Always check Origin if it is present, regardless of headers sent
* Whitelist X-Requested-With header
2015-10-12 00:28:04 -07:00
mutantmonkey
dd4ac3a7ed
add support remote auth keys
...
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
mutantmonkey
52ec9f8e2d
use 303 redirects instead of 301s
...
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
mutantmonkey
874c23087d
add crossdomain.xml to file blacklist
2015-10-09 00:06:23 -07:00
Andrei Marcu
d9723b8350
Merge pull request #49 from mutantmonkey/referrer_check
...
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey
6ff181facb
add strict referrer check for POST uploads
...
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu
e9132a1193
File overwriting support. Fixes #8
2015-10-08 12:49:29 -04:00
andreimarcu
639d519712
Configurable maximum upload file size. Fixes #35
2015-10-08 01:38:50 -04:00
andreimarcu
6e33fe6ac8
Metadata holds mimetype, sha256sum, archiveFiles
2015-10-07 22:45:34 -04:00
andreimarcu
9640e2c7ce
Tests + fixes
2015-10-07 03:00:03 -04:00
andreimarcu
11039d57f1
Fix dyreshark breakages + fix small file with no extension bug
2015-10-07 01:15:45 -04:00
Andrei Marcu
3d55697adc
Merge pull request #42 from matthazinski/remote_upload_params
...
Add support for deletion key and expiry in remote upload
2015-10-07 00:11:38 -04:00
Matt Hazinski
875ebd6db2
Add support for deletion key and expiry in remote upload
2015-10-07 00:08:14 -04:00