Update README.md (#272 )

Update README.md
2022-03-23 16:27:04 -07:00 · 2021-12-11 13:27:14 -08:00 · 2021-03-17 16:38:36 -07:00 · 2021-03-17 16:38:13 -07:00 · 2021-03-17 15:41:27 -07:00 · 2021-01-25 11:29:55 -08:00
16 changed files with 279 additions and 129 deletions
--- a/.github/workflows/buildx.yaml
+++ b/.github/workflows/buildx.yaml
@ -0,0 +1,60 @@
+name: buildx
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  buildx:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Prepare
+        id: prepare
+        run: |
+          DOCKER_IMAGE=andreimarcu/linx-server
+          DOCKER_PLATFORMS=linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/386
+          VERSION=version-${GITHUB_REF#refs/tags/v}
+          TAGS="--tag ${DOCKER_IMAGE}:${VERSION} --tag ${DOCKER_IMAGE}:latest"
+
+          echo ::set-output name=docker_image::${DOCKER_IMAGE}
+          echo ::set-output name=version::${VERSION}
+          echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \
+            --build-arg VERSION=${VERSION} \
+            --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
+            --build-arg VCS_REF=${GITHUB_SHA::8} \
+            ${TAGS} --file Dockerfile .
+      -
+        name: Set up Docker Buildx
+        uses: crazy-max/ghaction-docker-buildx@v3
+      -
+        name: Docker Buildx (build)
+        run: |
+          docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }}
+      -
+        name: Docker Login
+        if: success()
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin
+      -
+        name: Docker Buildx (push)
+        if: success()
+        run: |
+          docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }}
+      -
+        name: Docker Check Manifest
+        if: always()
+        run: |
+          docker run --rm mplatform/mquery ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }}
+      -
+        name: Clear
+        if: always()
+        run: |
+          rm -f ${HOME}/.docker/config.json
--- a/.gitignore
+++ b/.gitignore
@ -31,6 +31,7 @@ _testmain.go
 linx-server
 linx-cleanup/linx-cleanup
 linx-genkey/linx-genkey
+linx-server.conf
 files/
 meta/
 binaries/
--- a/README.md
+++ b/README.md
@ -1,19 +1,34 @@
+# Development on this repository has been frozen.   
+
+Feel free to send a pull request if you are maintaining an active fork of this project to add a link to your repository in this readme.
+
+
+### Active Forks
+- ZizzyDizzyMC: [https://github.com/ZizzyDizzyMC/linx-server/](https://github.com/ZizzyDizzyMC/linx-server/)
+- Seb3thehacker: [https://github.com/Seb3thehacker/linx-server](https://github.com/Seb3thehacker/linx-server)
+
+
+---
+

 linx-server 
 ======
-[![Build Status](https://travis-ci.org/andreimarcu/linx-server.svg?branch=master)](https://travis-ci.org/andreimarcu/linx-server)  
-
 Self-hosted file/media sharing website.  

-### Demo
-You can see what it looks like using the demo: [https://demo.linx-server.net/](https://demo.linx-server.net/)
+### Clients
+**Official**
+- CLI: **linx-client** - [Source](https://github.com/andreimarcu/linx-client)
+
+**Unofficial**
+- Android: **LinxShare** - [Source](https://github.com/iksteen/LinxShare/) | [Google Play](https://play.google.com/store/apps/details?id=org.thegraveyard.linxshare)
+- CLI: **golinx** - [Source](https://github.com/mutantmonkey/golinx)


 ### Features

 - Display common filetypes (image, video, audio, markdown, pdf)  
 - Display syntax-highlighted code with in-place editing
- Documented API with keys if need to restrict uploads (can use [linx-client](https://github.com/andreimarcu/linx-client) for uploading through command-line)
+- Documented API with keys for restricting uploads
 - Torrent download of files using web seeding
 - File expiry, deletion key, file access key, and random filename options

@ -28,9 +43,14 @@ Getting started
 -------------------

 #### Using Docker
+1. Create directories ```files``` and ```meta``` and run ```chown -R 65534:65534 meta && chown -R 65534:65534 files``` 
+2. Create a config file (example provided in repo), we'll refer to it as __linx-server.conf__ in the following examples
+
+
+
 Example running
 ```
-docker run -p 8080:8080 -v /path/to/meta:/data/meta -v /path/to/files:/data/files andreimarcu/linx-server
+docker run -p 8080:8080 -v /path/to/linx-server.conf:/data/linx-server.conf -v /path/to/meta:/data/meta -v /path/to/files:/data/files andreimarcu/linx-server -config /data/linx-server.conf
 ``` 

 Example with docker-compose 
@ -40,11 +60,11 @@ services:
  linx-server:
    container_name: linx-server
    image: andreimarcu/linx-server
-    entrypoint: /usr/local/bin/linx-server -bind=0.0.0.0:8080 -filespath=/data/files/ -metapath=/data/meta/
-    command: -sitename=Linx -siteurl=https://linx.example.com 
+    command: -config /data/linx-server.conf
    volumes:
      - /path/to/files:/data/files
      - /path/to/meta:/data/meta
+      - /path/to/linx-server.conf:/data/linx-server.conf
    network_mode: bridge
    ports:
      - "8080:8080"
@ -54,43 +74,44 @@ Ideally, you would use a reverse proxy such as nginx or caddy to handle TLS cert

 #### Using a binary release

-1. Grab the latest binary from the [releases](https://github.com/andreimarcu/linx-server/releases)
-2. Run ```./linx-server```
-
+1. Grab the latest binary from the [releases](https://github.com/andreimarcu/linx-server/releases), then run ```go install```
+2. Run ```linx-server -config path/to/linx-server.conf```

  
 Usage
 -----

 #### Configuration
-All configuration options are accepted either as arguments or can be placed in an ini-style file as such:  
+All configuration options are accepted either as arguments or can be placed in a file as such (see example file linx-server.conf.example in repo):  
 ```ini
+bind = 127.0.0.1:8080
+sitename = myLinx
 maxsize = 4294967296
-allowhotlink = true
-# etc
-```  
-...and then invoke ```linx-server -config path/to/config.ini```    
+maxexpiry = 86400
+# ... etc
+``` 
+...and then run ```linx-server -config path/to/linx-server.conf```    

 #### Options

 |Option|Description
 |------|-----------
-| ```-bind 127.0.0.1:8080``` | what to bind to  (default is 127.0.0.1:8080)
-| ```-sitename myLinx``` | the site name displayed on top (default is inferred from Host header)
-| ```-siteurl "https://mylinx.example.org/"``` | the site url (default is inferred from execution context)
-| ```-selifpath "selif"``` | path relative to site base url (the "selif" in mylinx.example.org/selif/image.jpg) where files are accessed directly (default: selif)
-| ```-maxsize 4294967296``` | maximum upload file size in bytes (default 4GB)
-| ```-maxexpiry 86400``` | maximum expiration time in seconds (default is 0, which is no expiry)
-| ```-allowhotlink``` | Allow file hotlinking
-| ```-contentsecuritypolicy "..."``` | Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
-| ```-filecontentsecuritypolicy "..."``` | Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
-| ```-refererpolicy "..."``` | Referrer-Policy header for pages (default is "same-origin")
-| ```-filereferrerpolicy "..."``` | Referrer-Policy header for files (default is "same-origin")
-| ```-xframeoptions "..." ``` | X-Frame-Options header (default is "SAMEORIGIN")
-| ```-remoteuploads``` | (optionally) enable remote uploads (/upload?url=https://...) 
-| ```-nologs``` | (optionally) disable request logs in stdout
-| ```-force-random-filename``` | (optionally) force the use of random filenames
-| ```-custompagespath "custom_pages"``` | (optionally) specify path to directory containing markdown pages (must end in .md) that will be added to the site navigation (this can be useful for providing contact/support information and so on). For example, custom_pages/My_Page.md will become My Page in the site navigation 
+| ```bind = 127.0.0.1:8080``` | what to bind to  (default is 127.0.0.1:8080)
+| ```sitename = myLinx``` | the site name displayed on top (default is inferred from Host header)
+| ```siteurl = https://mylinx.example.org/``` | the site url (default is inferred from execution context)
+| ```selifpath = selif``` | path relative to site base url (the "selif" in mylinx.example.org/selif/image.jpg) where files are accessed directly (default: selif)
+| ```maxsize = 4294967296``` | maximum upload file size in bytes (default 4GB)
+| ```maxexpiry = 86400``` | maximum expiration time in seconds (default is 0, which is no expiry)
+| ```allowhotlink = true``` | Allow file hotlinking
+| ```contentsecuritypolicy = "..."``` | Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
+| ```filecontentsecuritypolicy = "..."``` | Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
+| ```refererpolicy = "..."``` | Referrer-Policy header for pages (default is "same-origin")
+| ```filereferrerpolicy = "..."``` | Referrer-Policy header for files (default is "same-origin")
+| ```xframeoptions = "..." ``` | X-Frame-Options header (default is "SAMEORIGIN")
+| ```remoteuploads = true``` | (optionally) enable remote uploads (/upload?url=https://...) 
+| ```nologs = true``` | (optionally) disable request logs in stdout
+| ```force-random-filename = true``` | (optionally) force the use of random filenames
+| ```custompagespath = custom_pages/``` | (optionally) specify path to directory containing markdown pages (must end in .md) that will be added to the site navigation (this can be useful for providing contact/support information and so on). For example, custom_pages/My_Page.md will become My Page in the site navigation 


 #### Cleaning up expired files
@ -100,16 +121,16 @@ will persist on disk until someone attempts to access them. You can set the foll

 |Option|Description
 |------|-----------
-| ```-cleanup-every-minutes 5``` | How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed)
+| ```cleanup-every-minutes = 5``` | How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed)


 #### Require API Keys for uploads

 |Option|Description
 |------|-----------
-| ```-authfile path/to/authfile``` | (optionally) require authorization for upload/delete by providing a newline-separated file of scrypted auth keys
-| ```-remoteauthfile path/to/remoteauthfile``` | (optionally) require authorization for remote uploads by providing a newline-separated file of scrypted auth keys
-| ```-basicauth``` | (optionally) allow basic authorization to upload or paste files from browser when `-authfile` is enabled. When uploading, you will be prompted to enter a user and password - leave the user blank and use your auth key as the password
+| ```authfile = path/to/authfile``` | (optionally) require authorization for upload/delete by providing a newline-separated file of scrypted auth keys
+| ```remoteauthfile = path/to/remoteauthfile``` | (optionally) require authorization for remote uploads by providing a newline-separated file of scrypted auth keys
+| ```basicauth = true``` | (optionally) allow basic authorization to upload or paste files from browser when `-authfile` is enabled. When uploading, you will be prompted to enter a user and password - leave the user blank and use your auth key as the password

 A helper utility ```linx-genkey``` is provided which hashes keys to the format required in the auth files.

@ -118,25 +139,25 @@ The following storage backends are available:

 |Name|Notes|Options
 |----|-----|-------
-|LocalFS|Enabled by default, this backend uses the filesystem|```-filespath files/``` -- Path to store uploads (default is files/)<br />```-metapath meta/``` -- Path to store information about uploads (default is meta/)|
-|S3|Use with any S3-compatible provider.<br> This implementation will stream files through the linx instance (every download will request and stream the file from the S3 bucket).<br><br>For high-traffic environments, one might consider using an external caching layer such as described [in this article](https://blog.sentry.io/2017/03/01/dodging-s3-downtime-with-nginx-and-haproxy.html).|```-s3-endpoint https://...``` -- S3 endpoint<br>```-s3-region us-east-1``` -- S3 region<br>```-s3-bucket mybucket``` -- S3 bucket to use for files and metadata<br>```-s3-force-path-style``` (optional) -- force path-style addresing (e.g. https://<span></span>s3.amazonaws.com/linx/example.txt)<br><br>Environment variables to provide:<br>```AWS_ACCESS_KEY_ID``` -- the S3 access key<br>```AWS_SECRET_ACCESS_KEY ``` -- the S3 secret key<br>```AWS_SESSION_TOKEN``` (optional) -- the S3 session token|
+|LocalFS|Enabled by default, this backend uses the filesystem|```filespath = files/``` -- Path to store uploads (default is files/)<br />```metapath = meta/``` -- Path to store information about uploads (default is meta/)|
+|S3|Use with any S3-compatible provider.<br> This implementation will stream files through the linx instance (every download will request and stream the file from the S3 bucket). File metadata will be stored as tags on the object in the bucket.<br><br>For high-traffic environments, one might consider using an external caching layer such as described [in this article](https://blog.sentry.io/2017/03/01/dodging-s3-downtime-with-nginx-and-haproxy.html).|```s3-endpoint = https://...``` -- S3 endpoint<br>```s3-region = us-east-1``` -- S3 region<br>```s3-bucket = mybucket``` -- S3 bucket to use for files and metadata<br>```s3-force-path-style = true``` (optional) -- force path-style addresing (e.g. https://<span></span>s3.amazonaws.com/linx/example.txt)<br><br>Environment variables to provide:<br>```AWS_ACCESS_KEY_ID``` -- the S3 access key<br>```AWS_SECRET_ACCESS_KEY ``` -- the S3 secret key<br>```AWS_SESSION_TOKEN``` (optional) -- the S3 session token|


 #### SSL with built-in server 
 |Option|Description
 |------|-----------
-| ```-certfile path/to/your.crt``` | Path to the ssl certificate (required if you want to use the https server)
-| ```-keyfile path/to/your.key``` | Path to the ssl key (required if you want to use the https server)
+| ```certfile = path/to/your.crt``` | Path to the ssl certificate (required if you want to use the https server)
+| ```keyfile = path/to/your.key``` | Path to the ssl key (required if you want to use the https server)

 #### Use with http proxy 
 |Option|Description
 |------|-----------
-| ```-realip``` | let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers.
+| ```realip = true``` | let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers.

 #### Use with fastcgi
 |Option|Description
 |------|-----------
-| ```-fastcgi``` | serve through fastcgi 
+| ```fastcgi = true``` | serve through fastcgi 

 Deployment
 ----------
@ -161,19 +182,16 @@ server {
    }
 }
 ```
-And run linx-server with the ```-fastcgi``` option.
+And run linx-server with the ```fastcgi = true``` option.

 #### 2. Using the built-in https server
-Run linx-server with the ```-certfile path/to/cert.file``` and ```-keyfile path/to/key.file``` options.
+Run linx-server with the ```certfile = path/to/cert.file``` and ```keyfile = path/to/key.file``` options.

 #### 3. Using the built-in http server
 Run linx-server normally.

 Development
 -----------
-Any help is welcome, PRs will be reviewed and merged accordingly.  
-The official IRC channel is #linx on irc.oftc.net  
-
 1. ```go get -u github.com/andreimarcu/linx-server ```
 2. ```cd $GOPATH/src/github.com/andreimarcu/linx-server ```
 3. ```go build && ./linx-server```
--- a/auth/apikeys/apikeys.go
+++ b/auth/apikeys/apikeys.go
@ -1,4 +1,4 @@
-package main
+package apikeys

 import (
 	"bufio"
@ -24,16 +24,18 @@ const (
 type AuthOptions struct {
 	AuthFile      string
 	UnauthMethods []string
+	BasicAuth     bool
+	SiteName      string
+	SitePath      string
 }

-type auth struct {
+type ApiKeysMiddleware struct {
 	successHandler http.Handler
-	failureHandler http.Handler
 	authKeys       []string
 	o              AuthOptions
 }

-func readAuthKeys(authFile string) []string {
+func ReadAuthKeys(authFile string) []string {
 	var authKeys []string

 	f, err := os.Open(authFile)
@ -55,7 +57,7 @@ func readAuthKeys(authFile string) []string {
 	return authKeys
 }

-func checkAuth(authKeys []string, key string) (result bool, err error) {
+func CheckAuth(authKeys []string, key string) (result bool, err error) {
 	checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
 	if err != nil {
 		return
@ -73,53 +75,74 @@ func checkAuth(authKeys []string, key string) (result bool, err error) {
 	return
 }

-func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if sliceContains(a.o.UnauthMethods, r.Method) {
+func (a ApiKeysMiddleware) getSitePrefix() string {
+	prefix := a.o.SitePath
+	if len(prefix) <= 0 || prefix[0] != '/' {
+		prefix = "/" + prefix
+	}
+	return prefix
+}
+
+func (a ApiKeysMiddleware) goodAuthorizationHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Location", a.getSitePrefix())
+	w.WriteHeader(http.StatusFound)
+}
+
+func (a ApiKeysMiddleware) badAuthorizationHandler(w http.ResponseWriter, r *http.Request) {
+	if a.o.BasicAuth {
+		rs := ""
+		if a.o.SiteName != "" {
+			rs = fmt.Sprintf(` realm="%s"`, a.o.SiteName)
+		}
+		w.Header().Set("WWW-Authenticate", `Basic`+rs)
+	}
+	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+}
+
+func (a ApiKeysMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	var successHandler http.Handler
+	prefix := a.getSitePrefix()
+
+	if r.URL.Path == prefix+"auth" {
+		successHandler = http.HandlerFunc(a.goodAuthorizationHandler)
+	} else {
+		successHandler = a.successHandler
+	}
+
+	if sliceContains(a.o.UnauthMethods, r.Method) && r.URL.Path != prefix+"auth" {
 		// allow unauthenticated methods
-		a.successHandler.ServeHTTP(w, r)
+		successHandler.ServeHTTP(w, r)
 		return
 	}

 	key := r.Header.Get("Linx-Api-Key")
-	if key == "" && Config.basicAuth {
+	if key == "" && a.o.BasicAuth {
 		_, password, ok := r.BasicAuth()
 		if ok {
 			key = password
 		}
 	}

-	result, err := checkAuth(a.authKeys, key)
+	result, err := CheckAuth(a.authKeys, key)
 	if err != nil || !result {
-		a.failureHandler.ServeHTTP(w, r)
+		http.HandlerFunc(a.badAuthorizationHandler).ServeHTTP(w, r)
 		return
 	}

-	a.successHandler.ServeHTTP(w, r)
+	successHandler.ServeHTTP(w, r)
 }

-func UploadAuth(o AuthOptions) func(*web.C, http.Handler) http.Handler {
+func NewApiKeysMiddleware(o AuthOptions) func(*web.C, http.Handler) http.Handler {
 	fn := func(c *web.C, h http.Handler) http.Handler {
-		return auth{
+		return ApiKeysMiddleware{
 			successHandler: h,
-			failureHandler: http.HandlerFunc(badAuthorizationHandler),
-			authKeys:       readAuthKeys(o.AuthFile),
+			authKeys:       ReadAuthKeys(o.AuthFile),
 			o:              o,
 		}
 	}
 	return fn
 }

-func badAuthorizationHandler(w http.ResponseWriter, r *http.Request) {
-	if Config.basicAuth {
-		rs := ""
-		if Config.siteName != "" {
-			rs = fmt.Sprintf(` realm="%s"`, Config.siteName)
-		}
-		w.Header().Set("WWW-Authenticate", `Basic`+rs)
-	}
-	http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-}
-
 func sliceContains(slice []string, s string) bool {
 	for _, v := range slice {
 		if s == v {
--- a/auth/apikeys/apikeys_test.go
+++ b/auth/apikeys/apikeys_test.go
@ -1,4 +1,4 @@
-package main
+package apikeys

 import (
 	"testing"
@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
 		"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
 	}

-	if r, err := checkAuth(authKeys, ""); err != nil && r {
+	if r, err := CheckAuth(authKeys, ""); err != nil && r {
 		t.Fatal("Authorization passed for empty key")
 	}

-	if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
+	if r, err := CheckAuth(authKeys, "thisisnotvalid"); err != nil && r {
 		t.Fatal("Authorization passed for invalid key")
 	}

-	if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
+	if r, err := CheckAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
 		t.Fatal("Authorization failed for valid key")
 	}
 }
--- a/display.go
+++ b/display.go
@ -122,6 +122,7 @@ func fileDisplayHandler(c web.C, w http.ResponseWriter, r *http.Request, fileNam
 		"forcerandom": Config.forceRandomFilename,
 		"lines":       lines,
 		"files":       metadata.ArchiveFiles,
+		"siteurl":     strings.TrimSuffix(getSiteURL(r), "/"),
 	}, r, w)

 	if err != nil {
--- a/go.mod
+++ b/go.mod
@ -8,6 +8,7 @@ require (
 	github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5
 	github.com/dustin/go-humanize v1.0.0
 	github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4
+	github.com/gabriel-vasile/mimetype v1.1.1
 	github.com/microcosm-cc/bluemonday v1.0.2
 	github.com/minio/sha256-simd v0.1.1
 	github.com/russross/blackfriday v1.5.1
@ -15,5 +16,4 @@ require (
 	github.com/zeebo/bencode v1.0.0
 	github.com/zenazn/goji v0.9.0
 	golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073
-	gopkg.in/h2non/filetype.v1 v1.0.5
 )
--- a/go.sum
+++ b/go.sum
@ -15,6 +15,8 @@ github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4 h1:GY1+t5Dr9OKADM64SYnQjw/w99HMYvQ0A8/JoUkxVmc=
 github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4/go.mod h1:T9YF2M40nIgbVgp3rreNmTged+9HrbNTIQf1PsaIiTA=
+github.com/gabriel-vasile/mimetype v1.1.1 h1:qbN9MPuRf3bstHu9zkI9jDWNfH//9+9kHxr9oRBBBOA=
+github.com/gabriel-vasile/mimetype v1.1.1/go.mod h1:6CDPel/o/3/s4+bp6kIbsWATq8pmgOisOPG40CJa6To=
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127 h1:0gkP6mzaMqkmpcJYCFOLkIBwI7xFExG03bbkOkCvUPI=
 github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
@ -68,8 +70,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/h2non/filetype.v1 v1.0.5 h1:CC1jjJjoEhNVbMhXYalmGBhOBK2V70Q1N850wt/98/Y=
-gopkg.in/h2non/filetype.v1 v1.0.5/go.mod h1:M0yem4rwSX5lLVrkEuRRp2/NinFMD5vgJ4DlAhZcfNo=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY+ILlfndk4bRioVHaU=
 gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
--- a/helpers/helpers.go
+++ b/helpers/helpers.go
@ -7,8 +7,8 @@ import (
 	"unicode"

 	"github.com/andreimarcu/linx-server/backends"
+	"github.com/gabriel-vasile/mimetype"
 	"github.com/minio/sha256-simd"
-	"gopkg.in/h2non/filetype.v1"
 )

 func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) {
@ -21,7 +21,7 @@ func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) {

 	// Get first 512 bytes for mimetype detection
 	header := make([]byte, 512)
-	_, err = teeReader.Read(header)
+	headerlen, err := teeReader.Read(header)
 	if err != nil {
 		return
 	}
@ -47,17 +47,8 @@ func GenerateMetadata(r io.Reader) (m backends.Metadata, err error) {

 	// Use the bytes we extracted earlier and attempt to determine the file
 	// type
-	kind, err := filetype.Match(header)
-	if err != nil {
-		m.Mimetype = "application/octet-stream"
-		return m, err
-	} else if kind.MIME.Value != "" {
-		m.Mimetype = kind.MIME.Value
-	} else if printable(header) {
-		m.Mimetype = "text/plain"
-	} else {
-		m.Mimetype = "application/octet-stream"
-	}
+	kind := mimetype.Detect(header[:headerlen])
+	m.Mimetype = kind.String()

 	return
 }
--- a/helpers/helpers_test.go
+++ b/helpers/helpers_test.go
@ -1,8 +1,10 @@
 package helpers

 import (
+	"bytes"
 	"strings"
 	"testing"
+	"unicode/utf16"
 )

 func TestGenerateMetadata(t *testing.T) {
@ -17,7 +19,7 @@ func TestGenerateMetadata(t *testing.T) {
 		t.Fatalf("Sha256sum was %q instead of expected value of %q", m.Sha256sum, expectedSha256sum)
 	}

-	expectedMimetype := "text/plain"
+	expectedMimetype := "text/plain; charset=utf-8"
 	if m.Mimetype != expectedMimetype {
 		t.Fatalf("Mimetype was %q instead of expected value of %q", m.Mimetype, expectedMimetype)
 	}
@ -27,3 +29,45 @@ func TestGenerateMetadata(t *testing.T) {
 		t.Fatalf("Size was %d instead of expected value of %d", m.Size, expectedSize)
 	}
 }
+
+func TestTextCharsets(t *testing.T) {
+	// verify that different text encodings are detected and passed through
+	orig := "This is a text string"
+	utf16 := utf16.Encode([]rune(orig))
+	utf16LE := make([]byte, len(utf16)*2+2)
+	utf16BE := make([]byte, len(utf16)*2+2)
+	utf8 := []byte(orig)
+	utf16LE[0] = 0xff
+	utf16LE[1] = 0xfe
+	utf16BE[0] = 0xfe
+	utf16BE[1] = 0xff
+	for i := 0; i < len(utf16); i++ {
+		lsb := utf16[i] & 0xff
+		msb := utf16[i] >> 8
+		utf16LE[i*2+2] = byte(lsb)
+		utf16LE[i*2+3] = byte(msb)
+		utf16BE[i*2+2] = byte(msb)
+		utf16BE[i*2+3] = byte(lsb)
+	}
+
+	testcases := []struct {
+		data      []byte
+		extension string
+		mimetype  string
+	}{
+		{mimetype: "text/plain; charset=utf-8", data: utf8},
+		{mimetype: "text/plain; charset=utf-16le", data: utf16LE},
+		{mimetype: "text/plain; charset=utf-16be", data: utf16BE},
+	}
+
+	for i, testcase := range testcases {
+		r := bytes.NewReader(testcase.data)
+		m, err := GenerateMetadata(r)
+		if err != nil {
+			t.Fatalf("[%d] unexpected error return %v\n", i, err)
+		}
+		if m.Mimetype != testcase.mimetype {
+			t.Errorf("[%d] Expected mimetype '%s', got mimetype '%s'\n", i, testcase.mimetype, m.Mimetype)
+		}
+	}
+}
--- a/linx-server.conf.example
+++ b/linx-server.conf.example
@ -0,0 +1,12 @@
+
+bind = 127.0.0.1:8080
+sitename = myLinx
+siteurl = https://mylinx.example.org/
+selifpath = s
+maxsize = 4294967296
+maxexpiry = 86400
+allowhotlink = true
+remoteuploads = true
+nologs = true
+force-random-filename = false
+cleanup-every-minutes = 5
--- a/server.go
+++ b/server.go
@ -16,6 +16,7 @@ import (
 	"time"

 	rice "github.com/GeertJohan/go.rice"
+	"github.com/andreimarcu/linx-server/auth/apikeys"
 	"github.com/andreimarcu/linx-server/backends"
 	"github.com/andreimarcu/linx-server/backends/localfs"
 	"github.com/andreimarcu/linx-server/backends/s3"
@ -110,9 +111,12 @@ func setup() *web.Mux {
 	mux.Use(AddHeaders(Config.addHeaders))

 	if Config.authFile != "" {
-		mux.Use(UploadAuth(AuthOptions{
+		mux.Use(apikeys.NewApiKeysMiddleware(apikeys.AuthOptions{
 			AuthFile:      Config.authFile,
 			UnauthMethods: []string{"GET", "HEAD", "OPTIONS", "TRACE"},
+			BasicAuth:     Config.basicAuth,
+			SiteName:      Config.siteName,
+			SitePath:      Config.sitePath,
 		}))
 	}

@ -196,29 +200,10 @@ func setup() *web.Mux {
 		mux.Get(Config.sitePath+"upload/", uploadRemote)

 		if Config.remoteAuthFile != "" {
-			remoteAuthKeys = readAuthKeys(Config.remoteAuthFile)
+			remoteAuthKeys = apikeys.ReadAuthKeys(Config.remoteAuthFile)
 		}
 	}

-	if Config.basicAuth {
-		options := AuthOptions{
-			AuthFile:      Config.authFile,
-			UnauthMethods: []string{},
-		}
-		okFunc := func(w http.ResponseWriter, r *http.Request) {
-			w.Header().Set("Location", Config.sitePath)
-			w.WriteHeader(http.StatusFound)
-		}
-		authHandler := auth{
-			successHandler: http.HandlerFunc(okFunc),
-			failureHandler: http.HandlerFunc(badAuthorizationHandler),
-			authKeys:       readAuthKeys(Config.authFile),
-			o:              options,
-		}
-		mux.Head(Config.sitePath+"auth", authHandler)
-		mux.Get(Config.sitePath+"auth", authHandler)
-	}
-
 	mux.Post(Config.sitePath+"upload", uploadPostHandler)
 	mux.Post(Config.sitePath+"upload/", uploadPostHandler)
 	mux.Put(Config.sitePath+"upload", uploadPutHandler)
--- a/templates/display/audio.html
+++ b/templates/display/audio.html
@ -1,9 +1,12 @@
 {% extends "base.html" %}

+{% block head %}
+<meta property="og:audio" content="{{ siteurl }}{{ sitepath }}{{ selifpath }}{{ filename }}" />
+{% endblock %}
+
 {% block main %}
 <audio class="display-audio" controls preload='auto'>
    <source src='{{ sitepath }}{{ selifpath }}{{ filename }}'>
    <a href='{{ sitepath }}{{ selifpath }}{{ filename }}'>Download it instead</a>
 </audio>
-{% endblock %}
-
+{% endblock %}
--- a/templates/display/image.html
+++ b/templates/display/image.html
@ -1,7 +1,11 @@
 {% extends "base.html" %}

+{% block head %}
+<meta property="og:image" content="{{ siteurl }}{{ sitepath }}{{ selifpath }}{{ filename }}" />
+{% endblock %}
+
 {% block main %}
 <a href="{{ sitepath }}{{ selifpath }}{{ filename }}">
    <img class="display-image" src="{{ sitepath }}{{ selifpath }}{{ filename }}" />
 </a>
-{% endblock %}
+{% endblock %}
--- a/templates/display/video.html
+++ b/templates/display/video.html
@ -1,8 +1,12 @@
 {% extends "base.html" %}

+{% block head %}
+<meta property="og:video" content="{{ siteurl }}{{ sitepath }}{{ selifpath }}{{ filename }}" />
+{% endblock %}
+
 {% block main %}
 <video class="display-video" controls autoplay>
-    <source src="{{ sitepath }}{{ selifpath }}{{ filename }}"/>
+    <source src="{{ sitepath }}{{ selifpath }}{{ filename }}" />
    <a href='{{ sitepath }}{{ selifpath }}{{ filename }}'>Download it instead</a>
 </video>
-{% endblock %}
+{% endblock %}
--- a/upload.go
+++ b/upload.go
@ -15,11 +15,12 @@ import (
 	"strings"
 	"time"

+	"github.com/andreimarcu/linx-server/auth/apikeys"
 	"github.com/andreimarcu/linx-server/backends"
 	"github.com/andreimarcu/linx-server/expiry"
 	"github.com/dchest/uniuri"
+	"github.com/gabriel-vasile/mimetype"
 	"github.com/zenazn/goji/web"
-	"gopkg.in/h2non/filetype.v1"
 )

 var FileTooLargeError = errors.New("File too large.")
@ -166,13 +167,16 @@ func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
 				key = password
 			}
 		}
-		result, err := checkAuth(remoteAuthKeys, key)
+		result, err := apikeys.CheckAuth(remoteAuthKeys, key)
 		if err != nil || !result {
 			if Config.basicAuth {
-				badAuthorizationHandler(w, r)
-			} else {
-				unauthorizedHandler(c, w, r)
+				rs := ""
+				if Config.siteName != "" {
+					rs = fmt.Sprintf(` realm="%s"`, Config.siteName)
+				}
+				w.Header().Set("WWW-Authenticate", `Basic`+rs)
 			}
+			unauthorizedHandler(c, w, r)
 			return
 		}
 	}
@ -263,11 +267,11 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
 		header = header[:n]

 		// Determine the type of file from header
-		kind, err := filetype.Match(header)
-		if err != nil || kind.Extension == "unknown" {
+		kind := mimetype.Detect(header)
+		if len(kind.Extension()) < 2 {
 			extension = "file"
 		} else {
-			extension = kind.Extension
+			extension = kind.Extension()[1:] // remove leading "."
 		}
 	}
Author	SHA1	Message	Date
Seb3thehacker	9a76ff358f	Update README.md (#272 )	2022-03-23 16:27:04 -07:00
Andrei Marcu	282c63153d	Update README.md	2021-12-11 13:27:14 -08:00
Andrei Marcu	926d9bf458	Update README.md	2021-03-17 16:38:36 -07:00
ZizzyDizzyMC	2ccd06b9d7	Adding my own actively maintained fork. (#268 )	2021-03-17 16:38:13 -07:00
Andrei Marcu	e41270ab91	Update README.md	2021-03-17 15:41:27 -07:00
Andrei Marcu	94f63c2045	Update README.md	2021-01-25 11:29:55 -08:00
Steven Tang	486cc6ff77	Remove entrypoint from sample docker-compose.yml (#252 ) Resolves #225 Entrypoint in Dockerfile specifies default bind, filespath, metapath. Having entrypoint in docker-compose.yml will remove those defaults. Without the entrypoint line, the command executed is: `/usr/local/bin/linx-server -bind=0.0.0.0:8080 -filespath=/data/files/ -metapath=/data/meta/ -config /data/linx-server.conf`	2020-11-29 11:09:53 -08:00
Andrei Marcu	91b9885ac6	Update README.md	2020-10-16 16:57:09 -07:00
tuxx	ef99024433	Add LinxShare android client to README.md (#246 )	2020-10-16 16:55:11 -07:00
Andrei Marcu	9a5fc11dff	Fix GH action (again)	2020-08-14 00:52:25 -07:00
mutantmonkey	456274c1b9	Split and move auth into a separate package (#224 ) * Split and move auth into a separate package This change will make it easier to implement additional authentication methods, such as OpenID Connect. For now, only the existing "apikeys" authentication method is supported. * Use absolute site prefix to prevent redirect loop	2020-08-14 00:42:45 -07:00
mutantmonkey	a2e00d06e0	Clarify how metadata is stored with the S3 backend (#223 ) This was suggested in #221.	2020-08-14 00:40:52 -07:00
Andrei Marcu	965d5f6c29	Fix GH action	2020-08-14 00:39:53 -07:00
Andrei Marcu	8ed205181a	Add buildx GH action for multi-arch docker images	2020-08-14 00:32:55 -07:00
Infinoid	5eb6f32ff0	Switch to a more comprehensive mimetype detection library (#231 )	2020-08-02 22:16:47 -07:00
Andrei Marcu	6ce2bd6b9f	Display pages: Add OpenGraph tags for media	2020-05-14 01:12:24 -07:00
Andrei Marcu	e2a65a5b62	README: Clarify docker usage and example	2020-05-14 00:51:19 -07:00