Commit Graph

162 Commits

Author SHA1 Message Date
Andrei Marcu
60239467fd Merge pull request #56 from mutantmonkey/auth
Add support for auth keys (and remote auth keys)
2015-10-11 22:44:30 -04:00
mutantmonkey
613ab24721 show usage for -authfile and -remoteauthfile 2015-10-11 19:38:04 -07:00
mutantmonkey
2cd432b5d3 update readme 2015-10-11 19:33:48 -07:00
mutantmonkey
dd4ac3a7ed add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
mutantmonkey
3dc4753b7a move reading auth keys into readAuthKeys 2015-10-11 19:30:01 -07:00
andreimarcu
104f648c0f Remove artifact 2015-10-11 21:42:00 -04:00
andreimarcu
ae02f537f7 Add linx-genkey 2015-10-11 21:39:42 -04:00
mutantmonkey
adbc1604dc add some more auth tests
It's going to be difficult to get 100% code coverage, but we can at
least ensure that checkAuth works properly.
2015-10-11 18:37:36 -07:00
mutantmonkey
cc4e2ca0d9 read authfile once only
Read the authfile upon initial server start and store the auth keys in
the auth struct, rather than reading the file for each page load.
2015-10-11 18:36:27 -07:00
mutantmonkey
3c9e260926 improve auth tests and rename auth struct 2015-10-11 17:43:31 -07:00
mutantmonkey
aa7dad3a03 add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
andreimarcu
2b0135697b Add option for using Real-IP 2015-10-11 20:32:28 -04:00
andreimarcu
9ac016c3b5 Document overwriting a file 2015-10-11 20:28:46 -04:00
Andrei Marcu
6c9d517c80 Merge pull request #55 from mutantmonkey/redirect_fix
use 303 redirects instead of 301s
2015-10-10 23:25:57 -04:00
mutantmonkey
52ec9f8e2d use 303 redirects instead of 301s
HTTP status code 301 is for a permanent redirect, which these are not.
Although 302 would work here in most browsers, it would not follow the
HTTP spec, so instead we use 303 which has a clearly and consistently
defined behavior in response to a POST or PUT request.
2015-10-10 20:22:10 -07:00
andreimarcu
354278d488 Real-IP middleware for fastcgi + nginx doc update 2015-10-10 11:22:24 -04:00
andreimarcu
ef13181a23 Adjust the csp_test to use the new mux 2015-10-10 11:17:38 -04:00
Andrei Marcu
d42b2d28ac Merge pull request #53 from mutantmonkey/fixbind
Replace -b and -bind with a single -bind
2015-10-10 11:14:54 -04:00
mutantmonkey
5600dd1ce3 update readme for new -bind flag 2015-10-09 23:16:30 -07:00
mutantmonkey
82edabd036 change -b flag to -bind
This is for consistency with Goji's default flag and is more clear.
2015-10-09 23:06:28 -07:00
mutantmonkey
a09297389b create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
Andrei Marcu
95d3a62c0c Merge pull request #52 from mutantmonkey/textarea_tab
add tab functionality to pastebin (resolves #48)
2015-10-10 01:25:18 -04:00
mutantmonkey
e0d0e40368 add tab functionality to pastebin (resolves #48)
The tab key now inserts a tab instead of changing the focus.
2015-10-09 22:21:23 -07:00
Andrei Marcu
883768f512 Merge pull request #51 from mutantmonkey/blacklist_fixup
add crossdomain.xml to file blacklist
2015-10-09 18:45:03 -04:00
mutantmonkey
874c23087d add crossdomain.xml to file blacklist 2015-10-09 00:06:23 -07:00
andreimarcu
eeede281a7 Case insensitive fs again 2015-10-08 23:58:57 -04:00
Andrei Marcu
d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey
6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu
5885ef0832 Case-insensitive filesystems... 2015-10-08 21:50:10 -04:00
andreimarcu
62443e984d API documentation. Fixes #30 2015-10-08 21:48:06 -04:00
andreimarcu
e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu
8ad079ed0a Fix readme 2015-10-08 01:40:03 -04:00
andreimarcu
639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu
040ffa89f7 Adjust margin 2015-10-08 01:18:21 -04:00
andreimarcu
37d3e96e22 Fix no-javascript fallback ugliness of index page. Fixes #37 2015-10-08 00:19:22 -04:00
andreimarcu
ed6ce1d1fa Small cosmetic changes 2015-10-07 23:49:21 -04:00
andreimarcu
a60a7cc9e6 Cache static files + Separate CSS more. Fixes #44 2015-10-07 23:35:48 -04:00
andreimarcu
6e33fe6ac8 Metadata holds mimetype, sha256sum, archiveFiles 2015-10-07 22:45:34 -04:00
andreimarcu
d05f0b645b Display contents of common archives. Fixes #34 2015-10-07 16:45:41 -04:00
andreimarcu
edfb80daac Markdown display handler. Fixes #33 2015-10-07 15:00:42 -04:00
andreimarcu
3c868d8fe5 Document new usage options 2015-10-07 13:25:38 -04:00
andreimarcu
9b07728ddb Added https option + graceful shutdown 2015-10-07 12:48:44 -04:00
andreimarcu
a1e3f6f31f go vet complaint 2015-10-07 03:02:07 -04:00
andreimarcu
9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu
11039d57f1 Fix dyreshark breakages + fix small file with no extension bug 2015-10-07 01:15:45 -04:00
Andrei Marcu
3d55697adc Merge pull request #42 from matthazinski/remote_upload_params
Add support for deletion key and expiry in remote upload
2015-10-07 00:11:38 -04:00
Matt Hazinski
875ebd6db2 Add support for deletion key and expiry in remote upload 2015-10-07 00:08:14 -04:00
Andrei Marcu
a5d4f754e7 Merge pull request #41 from dyreshark/master
Cleanup
2015-10-06 03:01:33 -04:00
George Burgess IV
12551d12b3 housekeeping 2015-10-05 23:51:49 -07:00
George Burgess IV
1e421e07cd swap to using time types instead of ints 2015-10-05 23:50:20 -07:00