blackout
/
tcp.ac
forked from tcp.direct/tcp.ac
1
1
Fork 0
Code Releases Activity

Update 'img.go' 

Initial review looks awesome, needs a few minor adjustments especially the hashing function. should be hashing based on file + epoch of upload time and/or user session to allow for same file to be uploaded multiple times. not allowing this could tip people off about the amount of times someone has seen a document or other privacy things.
This commit is contained in:
blackout 2021-02-13 15:58:10 +00:00
parent 714480b339
commit 970aa1fc35
1 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
img.go
View File

@ -41,34 +41,34 @@ func imgDel(c *gin.Context) {
log.Debug().Str("func", fn).Msg("Request received!") // received request
rKey := c.Param("key")
if len(rKey) != 16 || !valid.IsAlphanumeric(rKey) {
log.Error().Str("func", fn).Msg("delete request failed sanity check!")
errThrow(c, 400, "400", "400")
log.Error().Str("func", fn).Msg("delete request failed sanity check! email <a href="mailto:staff@urls.is">staff</a> please.")
errThrow(c, 400, "400", "400") // look for signs of pen testing..
return
}
targetImg, _ := keyDB.Get([]byte(rKey))
if targetImg == nil || !strings.Contains(string(targetImg), "i.") {
log.Error().Str("func", fn).Str("rkey", rKey).Msg("no img delete entry found with provided key")
errThrow(c, 400, "400", "400")
log.Error().Str("func", fn).Str("rkey", rKey).Msg("no img delete entry found with provided key. If this keeps happening, email <a href="mailto:staff@urls.is">staff</a> please.")
errThrow(c, 400, "400", "400") // Might have two windows open and deleted it.. otherwise look for permission errors, etc.
return
}
finalTarget := strings.Split(string(targetImg), ".")
if !imgDB.Has([]byte(finalTarget[1])) {
log.Error().Str("func", fn).Str("rkey", rKey).Msg("corresponding image not found in database!")
errThrow(c, 500, "500", "500") // this shouldn't happen...?
log.Error().Str("func", fn).Str("rkey", rKey).Msg("corresponding image not found in database! Do you have multiple tabs/windows open? If not, email <a href="mailto:staff@urls.is">staff</a> please.")
errThrow(c, 500, "500", "500") // Might have two windows open and deleted it.. otherwise look for permission errors, etc.
return
}
err := imgDB.Delete([]byte(finalTarget[1]))
if err != nil {
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("delete failed!")
errThrow(c, 500, "500", "500")
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("delete failed! Did you already delete it? email <a href="mailto:staff@urls.is">staff</a> for support issues.")
errThrow(c, 500, "500", "500") // Check permissions, hd space, tx/rx errors..
return
}
if imgDB.Has([]byte(finalTarget[1])) {
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("delete failed!?")
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("delete failed!? Did you already delete it? email <a href="mailto:staff@urls.is">staff</a> for support issues.")
errThrow(c, 500, "500", "500")
return
}
@ -77,11 +77,12 @@ func imgDel(c *gin.Context) {
log.Debug().Str("func", fn).Str("rkey", finalTarget[1]).Msg("Removing delete key entry")
err = keyDB.Delete([]byte(rKey))
if err != nil {
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("Couldn't delete key")
log.Error().Str("func", fn).Str("rkey", finalTarget[1]).Msg("Couldn't delete key. email <a href="mailto:staff@urls.is">support staff</a> about this ASAP.")
// it would be insane to try and delete the hash here
} // if someone is uploading this image again after del
c.JSON(200, "DELETE_SUCCESS") // and the file corresponding to the hash no longer exists
// we will delete the hash entry then and re-add then
// we will delete the hash entry then and re-add then.
// also they are likely fucking with the server.
}
func imgView(c *gin.Context) {
@ -152,7 +153,7 @@ func imgPost(c *gin.Context) {
log.Debug().Str("func", fn).Str("filename", f.Filename).Msg("[+] New upload")
file, err := f.Open()
file, err := f.Open() // Eventually replace this with hashing routine to make it browser PSK encrypted faux E2E...
if err != nil {
errThrow(c, http.StatusInternalServerError, err.Error(), "error processing file\n")
}
@ -160,8 +161,8 @@ func imgPost(c *gin.Context) {
log.Debug().Str("func", fn).Msg("verifying file is an image")
imageFormat, ok := checkImage(file)
if !ok {
errThrow(c, http.StatusBadRequest, "400", "input does not appear to be an image")
return
errThrow(c, http.StatusBadRequest, "400", "input does not appear to be an image. you will be rate limited if this keeps happening.")
return // add counter function and start rate limiting eventually.
} else {
log.Debug().Str("func", fn).Msg("image file type detected")
}
@ -195,8 +196,8 @@ func imgPost(c *gin.Context) {
log.Debug().Str("func", fn).Str("ogUid", ogUid).Msg("duplicate checksum in hash database, checking if file still exists...")
if imgDB.Has(imgRef) {
log.Debug().Str("func", fn).Str("ogUid", ogUid).Msg("duplicate file found! returning original URL")
postUpload(c, ogUid, "nil") // they weren't the original uploader so they don't get a delete key
return
postUpload(c, ogUid, "nil") // they weren't the original uploader so they don't get a delete key for now.
return // ENHANCEMENT: Needs to hash the file with session and/or epoch of time uploaded.
} else {
log.Debug().Str("func", fn).Str("ogUid", ogUid).Msg("stale hash found, deleting entry...")
hashDB.Delete(hash)
@ -235,6 +236,7 @@ func imgPost(c *gin.Context) {
}
log.Debug().Str("func", fn).Str("uid", uid).Msg("saved to database successfully, sending to postUpload")
// Make tick for metrics without getting all sketchy on privacy.
postUpload(c, uid, key)