add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all keys will be logged since this is a GET request.
This commit is contained in:
parent
3dc4753b7a
commit
dd4ac3a7ed
@ -36,6 +36,7 @@ var Config struct {
|
||||
fastcgi bool
|
||||
remoteUploads bool
|
||||
authFile string
|
||||
remoteAuthFile string
|
||||
}
|
||||
|
||||
var Templates = make(map[string]*pongo2.Template)
|
||||
@ -43,6 +44,7 @@ var TemplateSet *pongo2.TemplateSet
|
||||
var staticBox *rice.Box
|
||||
var timeStarted time.Time
|
||||
var timeStartedStr string
|
||||
var remoteAuthKeys []string
|
||||
|
||||
func setup() *web.Mux {
|
||||
mux := web.New()
|
||||
@ -126,6 +128,10 @@ func setup() *web.Mux {
|
||||
if Config.remoteUploads {
|
||||
mux.Get("/upload", uploadRemote)
|
||||
mux.Get("/upload/", uploadRemote)
|
||||
|
||||
if Config.remoteAuthFile != "" {
|
||||
remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
|
||||
}
|
||||
}
|
||||
|
||||
mux.Post("/upload", uploadPostHandler)
|
||||
@ -175,6 +181,8 @@ func main() {
|
||||
"enable remote uploads")
|
||||
flag.StringVar(&Config.authFile, "authfile", "",
|
||||
"path to a file containing newline-separated scrypted auth keys")
|
||||
flag.StringVar(&Config.remoteAuthFile, "remoteauthfile", "",
|
||||
"path to a file containing newline-separated scrypted auth keys for remote uploads")
|
||||
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
|
||||
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
|
||||
"value of default Content-Security-Policy header")
|
||||
|
13
upload.go
13
upload.go
@ -138,6 +138,19 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||
if Config.remoteAuthFile != "" {
|
||||
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
|
||||
if err != nil || !result {
|
||||
unauthorizedHandler(c, w, r)
|
||||
}
|
||||
} else {
|
||||
// strict referrer checking is mandatory without remote auth keys
|
||||
if !strictReferrerCheck(r, Config.siteURL, []string{"Linx-Delete-Key", "Linx-Expiry", "Linx-Randomize"}) {
|
||||
badRequestHandler(c, w, r)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if r.FormValue("url") == "" {
|
||||
http.Redirect(w, r, "/", 303)
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user