scip/ephemerup
1
0
Fork 0
mirror of https://codeberg.org/scip/ephemerup.git synced 2025-12-16 20:20:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

changes:

Browse Source 
- added unit tests
    - put all subcmds into one file
    - use io.Writer for output, better for testing
    - added upload form support
    - added api docs
    - generalized db engine
    - added mail notify support for forms
    - enhanced server/SetupAuthStore() to also look up form ids
    - added form template (put into .go file by Makefile
    - renamed project
This commit is contained in:
Thomas von Dein
2023-03-21 19:41:24 +01:00
parent b8816f910a
commit 05fa5cd41b
41 changed files with 1973 additions and 545 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
api/auth.go
View File

@@ -23,8 +23,8 @@ import (
"errors"
"github.com/gofiber/fiber/v2"
"github.com/gofiber/keyauth/v2"
"github.com/tlinden/cenophane/cfg"
"regexp"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
)
// these vars can be savely global, since they don't change ever
@@ -39,8 +39,7 @@ var (
Message: "Invalid API key",
}
Authurls []*regexp.Regexp
Apikeys []cfg.Apicontext
Apikeys []cfg.Apicontext
)
// fill from server: accepted keys
@@ -48,13 +47,6 @@ func AuthSetApikeys(keys []cfg.Apicontext) {
Apikeys = keys
}
// fill from server: endpoints we need to authenticate
func AuthSetEndpoints(prefix string, version string, endpoints []string) {
for _, endpoint := range endpoints {
Authurls = append(Authurls, regexp.MustCompile("^"+prefix+version+endpoint))
}
}
// make sure we always return JSON encoded errors
func AuthErrHandler(ctx *fiber.Ctx, err error) error {
ctx.Status(fiber.StatusForbidden)
@@ -66,6 +58,33 @@ func AuthErrHandler(ctx *fiber.Ctx, err error) error {
return ctx.JSON(errInvalid)
}
// validator hook, validates incoming api key against form id, which
// also acts as onetime api key
func AuthValidateOnetimeKey(c *fiber.Ctx, key string, db *Db) (bool, error) {
resp, err := db.Get("", key, common.TypeForm)
if err != nil {
return false, errors.New("Onetime key doesn't match any form id!")
}
if len(resp.Forms) != 1 {
return false, errors.New("db.Get(form) returned no results and no errors!")
}
sess, err := Sessionstore.Get(c)
// store the result into the session, the 'formid' key tells the
// upload handler that the apicontext it sees is in fact a form id
// and has to be deleted if set to asap.
sess.Set("apicontext", resp.Forms[0].Context)
sess.Set("formid", key)
if err := sess.Save(); err != nil {
return false, errors.New("Unable to save session store!")
}
return true, nil
}
// validator hook, called by fiber via server keyauth.New()
func AuthValidateAPIKey(c *fiber.Ctx, key string) (bool, error) {
// create a new session, it will be thrown away if something fails

6
api/cleaner.go
View File

@@ -21,8 +21,8 @@ import (
"fmt"
//"github.com/alecthomas/repr"
"encoding/json"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
bolt "go.etcd.io/bbolt"
"path/filepath"
"time"
@@ -42,7 +42,7 @@ func DeleteExpiredUploads(conf *cfg.Config, db *Db) error {
return fmt.Errorf("unable to unmarshal json: %s", err)
}
if IsExpired(conf, upload.Uploaded.Time, upload.Expire) {
if IsExpired(conf, upload.Created.Time, upload.Expire) {
if err := bucket.Delete([]byte(id)); err != nil {
return nil
}

83
api/db.go
View File

@@ -18,15 +18,14 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package api
import (
"encoding/json"
"fmt"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
//"github.com/alecthomas/repr"
bolt "go.etcd.io/bbolt"
)
const Bucket string = "uploads"
const Bucket string = "data"
// wrapper for bolt db
type Db struct {
@@ -44,14 +43,14 @@ func (db *Db) Close() {
db.bolt.Close()
}
func (db *Db) Insert(id string, entry *common.Upload) error {
func (db *Db) Insert(id string, entry common.Dbentry) error {
err := db.bolt.Update(func(tx *bolt.Tx) error {
bucket, err := tx.CreateBucketIfNotExists([]byte(Bucket))
if err != nil {
return fmt.Errorf("create bucket: %s", err)
}
jsonentry, err := json.Marshal(entry)
jsonentry, err := entry.Marshal()
if err != nil {
return fmt.Errorf("json marshalling failure: %s", err)
}
@@ -61,9 +60,6 @@ func (db *Db) Insert(id string, entry *common.Upload) error {
return fmt.Errorf("insert data: %s", err)
}
// results in:
// bbolt get /tmp/uploads.db uploads fb242922-86cb-43a8-92bc-b027c35f0586
// {"id":"fb242922-86cb-43a8-92bc-b027c35f0586","expire":"1d","file":"2023-02-17-13-09-data.zip"}
return nil
})
if err != nil {
@@ -87,12 +83,12 @@ func (db *Db) Delete(apicontext string, id string) error {
return fmt.Errorf("id %s not found", id)
}
upload := &common.Upload{}
if err := json.Unmarshal(j, &upload); err != nil {
entryContext, err := common.GetContext(j)
if err != nil {
return fmt.Errorf("unable to unmarshal json: %s", err)
}
if (apicontext != "" && (db.cfg.Super == apicontext || upload.Context == apicontext)) || apicontext == "" {
if (apicontext != "" && (db.cfg.Super == apicontext || entryContext == apicontext)) || apicontext == "" {
return bucket.Delete([]byte(id))
}
@@ -106,8 +102,8 @@ func (db *Db) Delete(apicontext string, id string) error {
return err
}
func (db *Db) List(apicontext string, filter string) (*common.Uploads, error) {
uploads := &common.Uploads{}
func (db *Db) List(apicontext string, filter string, t int) (*common.Response, error) {
response := &common.Response{}
err := db.bolt.View(func(tx *bolt.Tx) error {
bucket := tx.Bucket([]byte(Bucket))
@@ -116,24 +112,31 @@ func (db *Db) List(apicontext string, filter string) (*common.Uploads, error) {
}
err := bucket.ForEach(func(id, j []byte) error {
upload := &common.Upload{}
if err := json.Unmarshal(j, &upload); err != nil {
entry, err := common.Unmarshal(j, t)
if err != nil {
return fmt.Errorf("unable to unmarshal json: %s", err)
}
fmt.Printf("apicontext: %s, filter: %s\n", apicontext, filter)
var entryContext string
if t == common.TypeUpload {
entryContext = entry.(*common.Upload).Context
} else {
entryContext = entry.(*common.Form).Context
}
//fmt.Printf("apicontext: %s, filter: %s\n", apicontext, filter)
if apicontext != "" && db.cfg.Super != apicontext {
// only return the uploads for this context
if apicontext == upload.Context {
if apicontext == entryContext {
// unless a filter needed OR no filter specified
if (filter != "" && upload.Context == filter) || filter == "" {
uploads.Entries = append(uploads.Entries, upload)
if (filter != "" && entryContext == filter) || filter == "" {
response.Append(entry)
}
}
} else {
// return all, because we operate a public service or current==super
if (filter != "" && upload.Context == filter) || filter == "" {
uploads.Entries = append(uploads.Entries, upload)
if (filter != "" && entryContext == filter) || filter == "" {
response.Append(entry)
}
}
@@ -143,12 +146,13 @@ func (db *Db) List(apicontext string, filter string) (*common.Uploads, error) {
return err // might be nil as well
})
return uploads, err
return response, err
}
// we only return one obj here, but could return more later
func (db *Db) Get(apicontext string, id string) (*common.Uploads, error) {
uploads := &common.Uploads{}
// FIXME: turn the id into a filter and call (Uploads|Forms)List(), same code!
func (db *Db) Get(apicontext string, id string, t int) (*common.Response, error) {
response := &common.Response{}
err := db.bolt.View(func(tx *bolt.Tx) error {
bucket := tx.Bucket([]byte(Bucket))
@@ -161,35 +165,42 @@ func (db *Db) Get(apicontext string, id string) (*common.Uploads, error) {
return fmt.Errorf("No upload object found with id %s", id)
}
upload := &common.Upload{}
if err := json.Unmarshal(j, &upload); err != nil {
entry, err := common.Unmarshal(j, t)
if err != nil {
return fmt.Errorf("unable to unmarshal json: %s", err)
}
if (apicontext != "" && (db.cfg.Super == apicontext || upload.Context == apicontext)) || apicontext == "" {
var entryContext string
if t == common.TypeUpload {
entryContext = entry.(*common.Upload).Context
} else {
entryContext = entry.(*common.Form).Context
}
if (apicontext != "" && (db.cfg.Super == apicontext || entryContext == apicontext)) || apicontext == "" {
// allowed if no context (public or download)
// or if context matches or if context==super
uploads.Entries = append(uploads.Entries, upload)
response.Append(entry)
}
return nil
})
return uploads, err
return response, err
}
// a wrapper around Lookup() which extracts the 1st upload, if any
func (db *Db) Lookup(apicontext string, id string) (*common.Upload, error) {
uploads, err := db.Get(apicontext, id)
func (db *Db) Lookup(apicontext string, id string, t int) (*common.Response, error) {
response, err := db.Get(apicontext, id, t)
if err != nil {
// non existent db entry with that id, or other db error, see logs
return &common.Upload{}, fmt.Errorf("No upload object found with id %s", id)
return &common.Response{}, fmt.Errorf("No upload object found with id %s", id)
}
if len(uploads.Entries) == 0 {
return &common.Upload{}, fmt.Errorf("No upload object found with id %s", id)
if len(response.Uploads) == 0 {
return &common.Response{}, fmt.Errorf("No upload object found with id %s", id)
}
return uploads.Entries[0], nil
return response, nil
}

231
api/db_test.go Normal file
View File

@@ -0,0 +1,231 @@
/*
Copyright © 2023 Thomas von Dein
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package api
import (
//"github.com/alecthomas/repr"
"github.com/maxatome/go-testdeep/td"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
"os"
"testing"
"time"
)
func finalize(db *Db) {
if db.bolt != nil {
db.Close()
}
if _, err := os.Stat(db.cfg.DbFile); err == nil {
os.Remove(db.cfg.DbFile)
}
}
func TestNew(t *testing.T) {
var tests = []struct {
name string
dbfile string
wantfail bool
}{
{"opennew", "test.db", false},
{"openfail", "/hopefully/not/existing/directory/test.db", true},
}
for _, tt := range tests {
c := &cfg.Config{DbFile: tt.dbfile}
t.Run(tt.name, func(t *testing.T) {
db, err := NewDb(c)
defer finalize(db)
if err != nil && !tt.wantfail {
t.Errorf("expected: &Db{}, got err: " + err.Error())
}
if err == nil && tt.wantfail {
t.Errorf("expected: fail, got &Db{}")
}
})
}
}
const timeformat string = "2006-01-02T15:04:05.000Z"
var dbtests = []struct {
name string
dbfile string
wantfail bool
id string
context string
ts string
filter string
upload common.Upload
form common.Form
}{
{
"upload", "test.db", false, "1", "foo",
"2023-03-10T11:45:00.000Z", "",
common.Upload{
Id: "1", Expire: "asap", File: "none", Context: "foo",
Created: common.Timestamp{}},
common.Form{},
},
{
"form", "test.db", false, "2", "foo",
"2023-03-10T11:45:00.000Z", "",
common.Upload{},
common.Form{
Id: "1", Expire: "asap", Description: "none", Context: "foo",
Created: common.Timestamp{}},
},
}
/*
We need to test the whole Db operation in one run, because it
doesn't work well if using a global Db.
*/
func TestDboperation(t *testing.T) {
for _, tt := range dbtests {
c := &cfg.Config{DbFile: tt.dbfile}
t.Run(tt.name, func(t *testing.T) {
// create new bbolt db
db, err := NewDb(c)
defer finalize(db)
if err != nil {
t.Errorf("Could not open new DB: " + err.Error())
}
if tt.upload.Id != "" {
// set ts
ts, err := time.Parse(timeformat, tt.ts)
tt.upload.Created = common.Timestamp{Time: ts}
// create new upload db object
err = db.Insert(tt.id, tt.upload)
if err != nil {
t.Errorf("Could not insert new upload object: " + err.Error())
}
// fetch it
response, err := db.Get(tt.context, tt.id, common.TypeUpload)
if err != nil {
t.Errorf("Could not fetch upload object: " + err.Error())
}
// is it there?
if len(response.Uploads) != 1 {
t.Errorf("db.Get() did not return an upload obj")
}
// compare times
if !tt.upload.Created.Time.Equal(response.Uploads[0].Created.Time) {
t.Errorf("Timestamps don't match!\ngot: %s\nexp: %s\n",
response.Uploads[0].Created, tt.upload.Created)
}
// equal them artificially, because otherwise td will
// fail because of time.Time.wall+ext, or TZ is missing
response.Uploads[0].Created = tt.upload.Created
// compare
td.Cmp(t, response.Uploads[0], &tt.upload, tt.name)
// fetch list
response, err = db.List(tt.context, tt.filter, common.TypeUpload)
if err != nil {
t.Errorf("Could not fetch uploads list: " + err.Error())
}
// is it there?
if len(response.Uploads) != 1 {
t.Errorf("db.List() did not return upload obj[s]")
}
// delete
err = db.Delete(tt.context, tt.id)
if err != nil {
t.Errorf("Could not delete upload obj: " + err.Error())
}
// fetch again, shall return empty
response, err = db.Get(tt.context, tt.id, common.TypeUpload)
if err == nil {
t.Errorf("Could fetch upload object again although we deleted it")
}
}
if tt.form.Id != "" {
// set ts
ts, err := time.Parse(timeformat, tt.ts)
tt.form.Created = common.Timestamp{Time: ts}
// create new form db object
err = db.Insert(tt.id, tt.form)
if err != nil {
t.Errorf("Could not insert new form object: " + err.Error())
}
// fetch it
response, err := db.Get(tt.context, tt.id, common.TypeForm)
if err != nil {
t.Errorf("Could not fetch form object: " + err.Error())
}
// is it there?
if len(response.Forms) != 1 {
t.Errorf("db.Get() did not return an form obj")
}
// compare times
if !tt.form.Created.Time.Equal(response.Forms[0].Created.Time) {
t.Errorf("Timestamps don't match!\ngot: %s\nexp: %s\n",
response.Forms[0].Created, tt.form.Created)
}
// equal them artificially, because otherwise td will
// fail because of time.Time.wall+ext, or TZ is missing
response.Forms[0].Created = tt.form.Created
// compare
td.Cmp(t, response.Forms[0], &tt.form, tt.name)
// fetch list
response, err = db.List(tt.context, tt.filter, common.TypeForm)
if err != nil {
t.Errorf("Could not fetch forms list: " + err.Error())
}
// is it there?
if len(response.Forms) != 1 {
t.Errorf("db.FormsList() did not return form obj[s]")
}
// delete
err = db.Delete(tt.context, tt.id)
if err != nil {
t.Errorf("Could not delete form obj: " + err.Error())
}
// fetch again, shall return empty
response, err = db.Get(tt.context, tt.id, common.TypeForm)
if err == nil {
t.Errorf("Could fetch form object again although we deleted it")
}
}
})
}
}

6
api/fileio.go
View File

@@ -21,8 +21,8 @@ import (
"archive/zip"
"errors"
"github.com/gofiber/fiber/v2"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
"io"
"mime/multipart"
"os"
@@ -83,7 +83,7 @@ func ProcessFormFiles(cfg *cfg.Config, members []string, id string) (string, str
return "", "", err
}
returnUrl = strings.Join([]string{cfg.Url + cfg.ApiPrefix + ApiVersion, "file", id, zipfile}, "/")
returnUrl = strings.Join([]string{cfg.Url, "download", id, zipfile}, "/")
Filename = zipfile
// clean up after us

230
api/form_handlers.go Normal file
View File

@@ -0,0 +1,230 @@
/*
Copyright © 2023 Thomas von Dein
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package api
import (
//"github.com/alecthomas/repr"
"github.com/gofiber/fiber/v2"
"github.com/google/uuid"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
"bytes"
"html/template"
"strings"
"time"
)
func FormCreate(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
id := uuid.NewString()
var formdata common.Form
// init form obj
entry := &common.Form{Id: id, Created: common.Timestamp{Time: time.Now()}}
// retrieve the API Context name from the session
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
entry.Context = apicontext
// extract auxilliary form data (expire field et al)
if err := c.BodyParser(&formdata); err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"bodyparser error : "+err.Error())
}
// post process expire
if len(formdata.Expire) == 0 {
entry.Expire = "asap"
} else {
ex, err := common.Untaint(formdata.Expire, cfg.RegDuration) // duration or asap allowed
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Invalid expire data: "+err.Error())
}
entry.Expire = ex
}
if len(formdata.Notify) != 0 {
nt, err := common.Untaint(formdata.Notify, cfg.RegEmail)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Invalid email address: "+err.Error())
}
entry.Notify = nt
}
// get url [and zip if there are multiple files]
returnUrl := strings.Join([]string{cfg.Url, "form", id}, "/")
entry.Url = returnUrl
Log("Now serving %s", returnUrl)
Log("Expire set to: %s", entry.Expire)
Log("Form created with API-Context %s", entry.Context)
// we do this in the background to not thwart the server
go db.Insert(id, entry)
// everything went well so far
res := &common.Response{Forms: []*common.Form{entry}}
res.Success = true
res.Code = fiber.StatusOK
return c.Status(fiber.StatusOK).JSON(res)
}
// delete form
func FormDelete(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
id, err := common.Untaint(c.Params("id"), cfg.RegKey)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Invalid id provided!")
}
if len(id) == 0 {
return JsonStatus(c, fiber.StatusForbidden,
"No id specified!")
}
// retrieve the API Context name from the session
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
err = db.Delete(apicontext, id)
if err != nil {
// non existent db entry with that id, or other db error, see logs
return JsonStatus(c, fiber.StatusForbidden,
"No form with that id could be found!")
}
return nil
}
// returns the whole list + error code, no post processing by server
func FormsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
// fetch filter from body(json expected)
setcontext := new(SetContext)
if err := c.BodyParser(setcontext); err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Unable to parse body: "+err.Error())
}
filter, err := common.Untaint(setcontext.Apicontext, cfg.RegKey)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Invalid api context filter provided!")
}
// retrieve the API Context name from the session
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
// get list
response, err := db.List(apicontext, filter, common.TypeForm)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Unable to list forms: "+err.Error())
}
// if we reached this point we can signal success
response.Success = true
response.Code = fiber.StatusOK
return c.Status(fiber.StatusOK).JSON(response)
}
// returns just one form obj + error code
func FormDescribe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
id, err := common.Untaint(c.Params("id"), cfg.RegKey)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Invalid id provided!")
}
// retrieve the API Context name from the session
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
response, err := db.Get(apicontext, id, common.TypeForm)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"No form with that id could be found!")
}
for _, form := range response.Forms {
form.Url = strings.Join([]string{cfg.Url, "form", id}, "/")
}
// if we reached this point we can signal success
response.Success = true
response.Code = fiber.StatusOK
return c.Status(fiber.StatusOK).JSON(response)
}
/*
Render the upload html form. Template given by --formpage, stored
as text in cfg.Formpage. It will be rendered using golang's
template engine, data to be filled in is the form matching the
given id.
*/
func FormPage(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallexpire bool) error {
id, err := common.Untaint(c.Params("id"), cfg.RegKey)
if err != nil {
return c.Status(fiber.StatusForbidden).SendString("Invalid id provided!")
}
apicontext, err := SessionGetApicontext(c)
if err != nil {
return c.Status(fiber.StatusInternalServerError).SendString("Unable to initialize session store from context:" + err.Error())
}
response, err := db.Get(apicontext, id, common.TypeForm)
if err != nil || len(response.Forms) == 0 {
return c.Status(fiber.StatusForbidden).SendString("No form with that id could be found!")
}
t := template.New("form")
if t, err = t.Parse(cfg.Formpage); err != nil {
return c.Status(fiber.StatusInternalServerError).SendString("Unable to load form template: " + err.Error())
}
// prepare upload url
uploadurl := strings.Join([]string{cfg.ApiPrefix + ApiVersion, "uploads"}, "/")
response.Forms[0].Url = uploadurl
var out bytes.Buffer
if err := t.Execute(&out, response.Forms[0]); err != nil {
return c.Status(fiber.StatusInternalServerError).SendString("Unable to render form template: " + err.Error())
}
c.Set("Content-type", "text/html; charset=utf-8")
return c.Status(fiber.StatusOK).SendString(out.String())
}

54
api/mail.go Normal file
View File

@@ -0,0 +1,54 @@
/*
Copyright © 2023 Thomas von Dein
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package api
import (
"fmt"
"github.com/tlinden/ephemerup/cfg"
"net/smtp"
)
var mailtpl string = `To: %s\r
From: %s\r
Subject: %s\r
\r
%s\r
`
/*
Send an email via an external mail gateway. SMTP Auth is
required. Errors may occur with a time delay, like server timeouts
etc. So only call it detached via go routine.
*/
func Sendmail(c *cfg.Config, recipient string, body string, subject string) error {
// Message.
message := []byte(fmt.Sprintf(mailtpl, recipient, c.Mail.From, subject, body))
// Authentication.
auth := smtp.PlainAuth("", c.Mail.From, c.Mail.Password, c.Mail.Server)
// Sending email.
Log("Trying to send mail to %s via %s:%s with subject %s",
recipient, c.Mail.Server, c.Mail.Port, subject)
err := smtp.SendMail(c.Mail.Server+":"+c.Mail.Port, auth, c.Mail.From, []string{recipient}, []byte(message))
if err != nil {
return err
}
return nil
}

88
api/server.go
View File

@@ -26,8 +26,8 @@ import (
"github.com/gofiber/fiber/v2/middleware/requestid"
"github.com/gofiber/fiber/v2/middleware/session"
"github.com/gofiber/keyauth/v2"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
)
// sessions are context specific and can be global savely
@@ -47,7 +47,7 @@ func Runserver(conf *cfg.Config, args []string) error {
defer db.Close()
// setup authenticated endpoints
auth := SetupAuthStore(conf)
auth := SetupAuthStore(conf, db)
// setup api server
router := SetupServer(conf)
@@ -56,32 +56,50 @@ func Runserver(conf *cfg.Config, args []string) error {
api := router.Group(conf.ApiPrefix + ApiVersion)
{
// upload
api.Post("/file/", auth, func(c *fiber.Ctx) error {
return FilePut(c, conf, db)
})
// download w/o expire
api.Get("/file/:id/:file", auth, func(c *fiber.Ctx) error {
return FileGet(c, conf, db)
})
api.Get("/file/:id/", auth, func(c *fiber.Ctx) error {
return FileGet(c, conf, db)
api.Post("/uploads", auth, func(c *fiber.Ctx) error {
return UploadPost(c, conf, db)
})
// remove
api.Delete("/file/:id/", auth, func(c *fiber.Ctx) error {
err := DeleteUpload(c, conf, db)
api.Delete("/uploads/:id", auth, func(c *fiber.Ctx) error {
err := UploadDelete(c, conf, db)
return SendResponse(c, "", err)
})
// listing
api.Get("/list/", auth, func(c *fiber.Ctx) error {
return List(c, conf, db)
api.Get("/uploads", auth, func(c *fiber.Ctx) error {
return UploadsList(c, conf, db)
})
// info
api.Get("/upload/:id/", auth, func(c *fiber.Ctx) error {
return Describe(c, conf, db)
// info/describe
api.Get("/uploads/:id", auth, func(c *fiber.Ctx) error {
return UploadDescribe(c, conf, db)
})
// download w/o expire
api.Get("/uploads/:id/file", auth, func(c *fiber.Ctx) error {
return UploadFetch(c, conf, db)
})
// same for forms ************
api.Post("/forms", auth, func(c *fiber.Ctx) error {
return FormCreate(c, conf, db)
})
// remove
api.Delete("/forms/:id", auth, func(c *fiber.Ctx) error {
err := FormDelete(c, conf, db)
return SendResponse(c, "", err)
})
// listing
api.Get("/forms", auth, func(c *fiber.Ctx) error {
return FormsList(c, conf, db)
})
// info/describe
api.Get("/forms/:id", auth, func(c *fiber.Ctx) error {
return FormDescribe(c, conf, db)
})
}
@@ -92,12 +110,17 @@ func Runserver(conf *cfg.Config, args []string) error {
})
router.Get("/download/:id/:file", func(c *fiber.Ctx) error {
return FileGet(c, conf, db, shallExpire)
return UploadFetch(c, conf, db, shallExpire)
})
router.Get("/download/:id/", func(c *fiber.Ctx) error {
return FileGet(c, conf, db, shallExpire)
router.Get("/download/:id", func(c *fiber.Ctx) error {
return UploadFetch(c, conf, db, shallExpire)
})
router.Get("/form/:id", func(c *fiber.Ctx) error {
return FormPage(c, conf, db, shallExpire)
})
}
// setup cleaner
@@ -112,12 +135,23 @@ func Runserver(conf *cfg.Config, args []string) error {
return router.Listen(conf.Listen)
}
func SetupAuthStore(conf *cfg.Config) func(*fiber.Ctx) error {
AuthSetEndpoints(conf.ApiPrefix, ApiVersion, []string{"/file"})
func SetupAuthStore(conf *cfg.Config, db *Db) func(*fiber.Ctx) error {
AuthSetApikeys(conf.Apicontexts)
return keyauth.New(keyauth.Config{
Validator: AuthValidateAPIKey,
Validator: func(c *fiber.Ctx, key string) (bool, error) {
// we use a wrapper closure to be able to forward the db object
formuser, err := AuthValidateOnetimeKey(c, key, db)
// incoming apicontext matches a form id, accept it
if err == nil {
Log("Incoming API Context equals formuser: %t, id: %s", formuser, key)
return formuser, err
}
// nope, we need to check against regular configured apicontexts
return AuthValidateAPIKey(c, key)
},
ErrorHandler: AuthErrHandler,
})
}
@@ -128,7 +162,7 @@ func SetupServer(conf *cfg.Config) *fiber.App {
StrictRouting: true,
Immutable: true,
Prefork: conf.Prefork,
ServerHeader: "Cenophane Server",
ServerHeader: "ephemerup Server",
AppName: conf.AppName,
BodyLimit: conf.BodyLimit,
Network: conf.Network,

78
api/handlers.go → api/upload_handlers.go
View File

@@ -21,9 +21,10 @@ import (
//"github.com/alecthomas/repr"
"github.com/gofiber/fiber/v2"
"github.com/google/uuid"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
"fmt"
"os"
"path/filepath"
"strings"
@@ -34,7 +35,7 @@ type SetContext struct {
Apicontext string `json:"apicontext" form:"apicontext"`
}
func FilePut(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
func UploadPost(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
// supports upload of multiple files with:
//
// curl -X POST localhost:8080/putfile \
@@ -62,10 +63,10 @@ func FilePut(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// init upload obj
entry := &common.Upload{Id: id, Uploaded: common.Timestamp{Time: time.Now()}}
entry := &common.Upload{Id: id, Created: common.Timestamp{Time: time.Now()}}
// retrieve the API Context name from the session
apicontext, err := GetApicontext(c)
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
@@ -106,6 +107,7 @@ func FilePut(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
"Could not process uploaded file[s]: "+err.Error())
}
entry.File = Newfilename
entry.Url = returnUrl
Log("Now serving %s from %s/%s", returnUrl, cfg.StorageDir, id)
Log("Expire set to: %s", entry.Expire)
@@ -115,14 +117,41 @@ func FilePut(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
go db.Insert(id, entry)
// everything went well so far
res := &common.Uploads{Entries: []*common.Upload{entry}}
res := &common.Response{Uploads: []*common.Upload{entry}}
res.Success = true
res.Message = "Download url: " + returnUrl
res.Code = fiber.StatusOK
// ok, check if we need to remove a form, if so we do it in the
// background. delete error doesn't lead to upload failure, we
// only log it. same applies to mail notification.
formid, _ := SessionGetFormId(c)
if formid != "" {
go func() {
r, err := db.Get(apicontext, formid, common.TypeForm)
if err == nil {
if len(r.Forms) == 1 {
if r.Forms[0].Expire == "asap" {
db.Delete(apicontext, formid)
}
// email notification to form creator
if r.Forms[0].Notify != "" {
body := fmt.Sprintf("Upload is available under: %s", returnUrl)
subject := fmt.Sprintf("Upload form %s has been used", formid)
err := Sendmail(cfg, r.Forms[0].Notify, body, subject)
if err != nil {
Log("Failed to send mail: %s", err.Error())
}
}
}
}
}()
}
return c.Status(fiber.StatusOK).JSON(res)
}
func FileGet(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallExpire ...bool) error {
func UploadFetch(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallExpire ...bool) error {
// deliver a file and delete it if expire is set to asap
// we ignore c.Params("file"), cause it may be malign. Also we've
@@ -133,18 +162,23 @@ func FileGet(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallExpire ...bool) error {
}
// retrieve the API Context name from the session
apicontext, err := GetApicontext(c)
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
upload, err := db.Lookup(apicontext, id)
response, err := db.Lookup(apicontext, id, common.TypeUpload)
if err != nil {
// non existent db entry with that id, or other db error, see logs
return fiber.NewError(404, "No download with that id could be found!")
}
var upload *common.Upload
if len(response.Uploads) > 0 {
upload = response.Uploads[0]
}
file := upload.File
filename := filepath.Join(cfg.StorageDir, id, file)
@@ -173,7 +207,7 @@ func FileGet(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallExpire ...bool) error {
}
// delete file, id dir and db entry
func DeleteUpload(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
func UploadDelete(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
id, err := common.Untaint(c.Params("id"), cfg.RegKey)
if err != nil {
@@ -187,7 +221,7 @@ func DeleteUpload(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// retrieve the API Context name from the session
apicontext, err := GetApicontext(c)
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
@@ -206,7 +240,7 @@ func DeleteUpload(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// returns the whole list + error code, no post processing by server
func List(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
func UploadsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
// fetch filter from body(json expected)
setcontext := new(SetContext)
if err := c.BodyParser(setcontext); err != nil {
@@ -221,14 +255,14 @@ func List(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// retrieve the API Context name from the session
apicontext, err := GetApicontext(c)
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
// get list
uploads, err := db.List(apicontext, filter)
uploads, err := db.List(apicontext, filter, common.TypeUpload)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"Unable to list uploads: "+err.Error())
@@ -242,7 +276,7 @@ func List(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// returns just one upload obj + error code, no post processing by server
func Describe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
func UploadDescribe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
id, err := common.Untaint(c.Params("id"), cfg.RegKey)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
@@ -250,25 +284,25 @@ func Describe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
}
// retrieve the API Context name from the session
apicontext, err := GetApicontext(c)
apicontext, err := SessionGetApicontext(c)
if err != nil {
return JsonStatus(c, fiber.StatusInternalServerError,
"Unable to initialize session store from context: "+err.Error())
}
uploads, err := db.Get(apicontext, id)
response, err := db.Get(apicontext, id, common.TypeUpload)
if err != nil {
return JsonStatus(c, fiber.StatusForbidden,
"No upload with that id could be found!")
}
for _, upload := range uploads.Entries {
for _, upload := range response.Uploads {
upload.Url = strings.Join([]string{cfg.Url, "download", id, upload.File}, "/")
}
// if we reached this point we can signal success
uploads.Success = true
uploads.Code = fiber.StatusOK
response.Success = true
response.Code = fiber.StatusOK
return c.Status(fiber.StatusOK).JSON(uploads)
return c.Status(fiber.StatusOK).JSON(response)
}

25
api/utils.go
View File

@@ -20,8 +20,8 @@ package api
import (
"fmt"
"github.com/gofiber/fiber/v2"
"github.com/tlinden/cenophane/cfg"
"github.com/tlinden/cenophane/common"
"github.com/tlinden/ephemerup/cfg"
"github.com/tlinden/ephemerup/common"
"time"
)
@@ -55,7 +55,7 @@ func Ts() string {
If there's no apicontext in the session, assume unauth user, return ""
*/
func GetApicontext(c *fiber.Ctx) (string, error) {
func SessionGetApicontext(c *fiber.Ctx) (string, error) {
sess, err := Sessionstore.Get(c)
if err != nil {
return "", fmt.Errorf("Unable to initialize session store from context: " + err.Error())
@@ -69,6 +69,25 @@ func GetApicontext(c *fiber.Ctx) (string, error) {
return "", nil
}
/*
Retrieve the formid (aka onetime api key) from the session. It is
configured if an upload request has been successfully authenticated
using a onetime key.
*/
func SessionGetFormId(c *fiber.Ctx) (string, error) {
sess, err := Sessionstore.Get(c)
if err != nil {
return "", fmt.Errorf("Unable to initialize session store from context: " + err.Error())
}
formid := sess.Get("formid")
if formid != nil {
return formid.(string), nil
}
return "", nil
}
/*
Calculate if time is up based on start time.Time and
duration. Returns true if time is expired. Start time comes from