Commit Graph

82 Commits

Author SHA1 Message Date
ZizzyDizzyMC cd79f0db40 Disable Access Key option. 2021-02-22 13:32:38 -05:00
ZizzyDizzyMC 605773decc Adding in Large Files adjustable expiry limit. 2021-02-22 00:13:04 -05:00
ZizzyDizzyMC 0f0753ad60 ShareX URL Delete compatibility 2021-02-21 00:15:30 -05:00
ZizzyDizzyMC 83da9c898d Update server.go 2021-02-12 22:27:19 -05:00
ZizzyDizzyMC 5b6ae7f0ea Update server.go 2021-02-10 22:55:25 -05:00
ZizzyDizzyMC 3ef06652a8 Update server.go 2021-02-09 20:05:09 -05:00
ZizzyDizzyMC 5a42af9611 Update server.go 2021-02-09 20:02:21 -05:00
ZizzyDizzyMC 63975c2019 Extra footer text block test. 2021-02-09 20:00:20 -05:00
mutantmonkey 456274c1b9
Split and move auth into a separate package (#224)
* Split and move auth into a separate package

This change will make it easier to implement additional authentication
methods, such as OpenID Connect. For now, only the existing "apikeys"
authentication method is supported.

* Use absolute site prefix to prevent redirect loop
2020-08-14 00:42:45 -07:00
Andrei Marcu 151515f516 Cleanup: Integrate expired files periodic cleanup 2020-05-13 17:38:03 -07:00
Andrei Marcu fb0d44f132 Custom pages: Implement adding custom markdown pages to the site navigation 2020-03-12 13:32:35 -07:00
Andrei Marcu 773eb877bd Basic auth: Fix #201 - broken uploads 2020-03-10 22:45:24 -07:00
Andrei Marcu a4240680c8 Merge branch 'accesskey' of git://github.com/stek29/linx-server into stek29-accesskey 2020-03-06 15:29:41 -08:00
Paweł Płazieński 597bec430c
Allow Basic authentication in browser (#195) 2020-03-06 15:21:49 -08:00
Viktor Oreshkin b63274ad01 allow limiting access by passwords (fix #194) 2020-02-17 18:02:47 +03:00
PaulC 0e763cb776 Allow UNIX socket in FastCGI mode (check if bind starts with /) (#190)
Allow UNIX socket in FastCGI mode (check if bind starts with /)
2019-12-02 18:24:11 -08:00
mutantmonkey 8f3108148b Add option to force random filenames (fixes #86) (#159) 2019-01-26 02:04:32 -08:00
mutantmonkey 207c19e3df Add -s3-force-path-style flag and config option (#157)
This option forces path-style addressing instead of using a subdomain.
This appears to be needed by Minio.
2019-01-25 00:10:06 -08:00
mutantmonkey 5d9a93b1e2 Add S3 backend (#156) 2019-01-24 23:33:11 -08:00
Andrei Marcu c746f70c10 Allow changing the "selif" path name 2019-01-14 14:55:27 -08:00
mutantmonkey 10938a3e0b Remove Google URL shortener (fix #146) (#150) 2019-01-08 11:56:32 -08:00
mutantmonkey bad7d2666e Switch to Referrer-Policy header (#149)
Use of the Content-Security-Policy header to specify a referrer policy
was deprecated in favor of a [new
header](fc55d917be).
This change changes the existing referrer policy directives to use this
header and adds corresponding config options/command line flags.
2019-01-08 11:56:09 -08:00
Thor77 5d8a0ef605 Serve file directly for curl and wget user agents (#145)
* Serve file directly for curl and wget user agents

Fix #127

* Add test for get with wget user agent

* Add -nodirectagents flag

to disable serving files directly for wget/curl user agents

* Fix TestPutAndGetCLI failing for Go 1.5

It failed because it doesn't include the Content-Type header for every
response.
2018-11-07 10:13:27 -08:00
mutantmonkey b7fadd9676 Add linx-cleanup tool
This doesn't completely fix #116, but it makes setting up a cron job to
do cleanup much more pleasant.
2017-05-01 21:27:28 -07:00
mutantmonkey fef43d856e Add option for maximum expiration time (fixes #99) 2016-09-18 22:05:26 -07:00
Atrox 027f5cce42 Add ability to short urls for uploaded content (#85)
Add ability to short urls for uploaded content
2016-06-15 08:42:57 -07:00
andreimarcu 47a1aa6396 Infer sitename from Host if empty 2016-06-14 23:21:39 -07:00
Andrei Marcu 9c6088cfe5 Merge pull request #84 from mutantmonkey/abstract_storage
use abstracted storage for flexibility
2016-06-14 21:10:46 -07:00
mutantmonkey fcd18eceec use abstracted storage for flexibility
I moved the storage functionality into the StorageBackend interface,
which is currently only implemented by LocalfsBackend.
2016-06-08 20:18:31 -07:00
Andrei Marcu 61eb32a79b Merge pull request #83 from mutantmonkey/csp_frame_ancestors
Use Content-Security-Policy frame-ancestors
2016-06-05 00:29:13 -07:00
mutantmonkey 47670af185 Infer site URL from host and headers
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
mutantmonkey 2b5cc07005 Use Content-Security-Policy frame-ancestors
X-Frame-Options has been deprecated by Content Security Policy Level 2.
We will need to provide the option for older browsers for the time
being, but frame-ancestors is preferred on newer ones.
2016-06-04 15:04:32 -07:00
mutantmonkey 39bb999db6 Add ability to set arbitrary headers
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
2016-06-03 22:49:01 -07:00
mutantmonkey 817ac67632 workaround chrome nonsense with CSP
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
2015-12-04 19:28:30 -08:00
andreimarcu 4856ab0750 Allow for non-/ deployments. Fixes #61 2015-10-30 18:36:47 -04:00
andreimarcu 0b37309237 Allow configuration from ini-style file 2015-10-25 14:04:38 -04:00
andreimarcu be08b7f0fd Remove "sandbox" from files CSP to have pdfs work in chrome 2015-10-21 18:20:14 -04:00
andreimarcu 0d365409d0 Allow /upload/ for PUT requests without filename 2015-10-15 16:02:46 -04:00
andreimarcu 68653372ff Rename auth header to Linx-Api-Key and remove
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
andreimarcu 6987edc0d8 Remove non-API navigation links when using auth 2015-10-14 15:20:41 -04:00
mutantmonkey cd83f9f0eb fix CSP referrer policy
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.

A fix was also needed for referrer checks in two places.
2015-10-11 23:49:15 -07:00
mutantmonkey dd4ac3a7ed add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
mutantmonkey aa7dad3a03 add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
andreimarcu 2b0135697b Add option for using Real-IP 2015-10-11 20:32:28 -04:00
andreimarcu 354278d488 Real-IP middleware for fastcgi + nginx doc update 2015-10-10 11:22:24 -04:00
mutantmonkey 82edabd036 change -b flag to -bind
This is for consistency with Goji's default flag and is more clear.
2015-10-09 23:06:28 -07:00
mutantmonkey a09297389b create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
andreimarcu 62443e984d API documentation. Fixes #30 2015-10-08 21:48:06 -04:00
andreimarcu 639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu 9b07728ddb Added https option + graceful shutdown 2015-10-07 12:48:44 -04:00