Commit Graph

25 Commits

Author SHA1 Message Date
mutantmonkey
39bb999db6 Add ability to set arbitrary headers
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
2016-06-03 22:49:01 -07:00
mutantmonkey
b0d2f2a142 support .tar.gz-style extensions
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.

Fixes #74.
2016-02-12 21:27:39 -08:00
mutantmonkey
39d874374d trim trailing / for origin checking 2015-10-11 20:06:14 -07:00
mutantmonkey
adbc1604dc add some more auth tests
It's going to be difficult to get 100% code coverage, but we can at
least ensure that checkAuth works properly.
2015-10-11 18:37:36 -07:00
mutantmonkey
3c9e260926 improve auth tests and rename auth struct 2015-10-11 17:43:31 -07:00
mutantmonkey
aa7dad3a03 add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
mutantmonkey
52ec9f8e2d use 303 redirects instead of 301s
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
mutantmonkey
a09297389b create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
Andrei Marcu
d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey
6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu
e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu
639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu
a1e3f6f31f go vet complaint 2015-10-07 03:02:07 -04:00
andreimarcu
9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu
c5250e529e Headers are now Linx-.. instead of X-... 2015-10-06 00:31:09 -04:00
andreimarcu
d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
andreimarcu
7f2db43108 DELETE requests respond with 200 on successful deletes 2015-10-04 02:25:00 -04:00
andreimarcu
31359499ac Switch to dropzonejs. Fixes #18 2015-09-30 23:37:00 -04:00
mutantmonkey
091225b9e4 add torrent support
This change adds an option to download files with BitTorrent. A webseed
is provided in the torrent file to bootstrap the swarm.
2015-09-28 22:58:14 -07:00
andreimarcu
738bf25f44 Test deletion key 2015-09-29 00:32:16 -04:00
andreimarcu
f0b1a8e47b Cleanup artifacts 2015-09-28 16:17:32 -04:00
andreimarcu
084c267112 Fix go vet complaints and use go 1.5 for travis 2015-09-28 16:12:15 -04:00
andreimarcu
5f78fe6619 Added tests for uploads 2015-09-28 16:02:03 -04:00
andreimarcu
4599e055e5 Portability 2015-09-28 12:35:11 -04:00
andreimarcu
8c50d4322f Added support for testing, removed uuid requirement 2015-09-28 12:30:21 -04:00