svragv/sakisafe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Damn. For some reason the improved logging thing decided to nuke itself

Browse source
This commit is contained in:
(≧◡≦) 2025-02-23 14:24:55 +01:00
parent 99868f3fe7
commit 838d9da904
1 changed files with 96 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

181
http/sakisafe.pl
View file

@ -4,6 +4,8 @@
use if $^O eq "openbsd", OpenBSD::Pledge, qw(pledge); use if $^O eq "openbsd", OpenBSD::Pledge, qw(pledge);
use Mojolicious::Lite -signatures; use Mojolicious::Lite -signatures;
use Mojolicious::Routes::Pattern; use Mojolicious::Routes::Pattern;
use Mojo::Log;
use Time::HiRes;
use List::MoreUtils qw(uniq); use List::MoreUtils qw(uniq);
use Carp; use Carp;
use Term::ANSIColor; use Term::ANSIColor;
@ -24,89 +26,100 @@ pledge("stdio prot_exec cpath rpath wpath inet flock fattr")
my $MAX_SIZE = 1024 * 1024 * 1000; my $MAX_SIZE = 1024 * 1024 * 1000;
my @BANNED = eval { path('banned.txt')->slurp_utf8 } my @BANNED = eval { path('banned.txt')->slurp_utf8 }
or qw(); # Add banned IP addresses here or qw(); # Add banned IP addresses here
my @BANNED_EXTS = eval { path('banned_exts.txt')->slurp_utf8 } my @BANNED_EXTS = eval { path('banned_exts.txt')->slurp_utf8 }
or qw(); # Add forbidden files extensions here or qw(); # Add forbidden files extensions here
my $dirname; my $dirname;
my $link; my $link;
mkdir "f"; mkdir "f";
# Mojo logger
my $log = Mojo::Log->new(path => 'sakisafe.log', level => 'trace');
$log->color(1);
# Forward logs to STDERR or STDOUT while also writing to the `sakisafe.log` file.
$log->on(message => sub ($l, $level, @lines) {
my $time = time;
my ($s, $m, $h, $day, $month, $year) = localtime time;
$time = sprintf('%04d-%02d-%02d %02d:%02d:%08.5f', $year + 1900, $month + 1, $day, $h, $m,
"$s." . ((split '.', $time)[1] // 0));
my $log_to_print = '[' . $time . '] ' . '[' . $level . '] ' . join(' ', @lines);
if ($level eq 'trace' || $level eq 'info') {
say $log_to_print;
} else {
print \*STDERR, $log_to_print . "\n";
}
}
);
# Function to handle file uploads # Function to handle file uploads
sub logger ( $level, $address, $message ) {
open( my $fh, ">>", "sakisafe.log" );
printf( $fh "[%s]: %s has uploaded file %s\n", $level, $address, $message );
printf("[%s]: %s has uploaded file %s\n", $level, $address, $message );
close($fh);
}
sub handle_file { sub handle_file {
my $c = shift; my $c = shift;
my $filedata = $c->param("file"); my $filedata = $c->param("file");
if ( $filedata->size > $MAX_SIZE ) { if ( $filedata->size > $MAX_SIZE ) {
return $c->render( return $c->render(
text => "Max upload size: $MAX_SIZE", text => "Max upload size: $MAX_SIZE",
status => 400 status => 400
); );
} }
if ( List::MoreUtils::any { /$c->req->headers->header('X-Forwarded-For')/ } uniq @BANNED ) { if ( List::MoreUtils::any { /$c->req->headers->header('X-Forwarded-For')/ } uniq @BANNED ) {
$c->render( $c->render(
text => text =>
"Hi! Seems like the server admin added your IP address to the banned IP array." "Hi! Seems like the server admin added your IP address to the banned IP array."
. "As the developer of sakisafe, I can't do anything.", . "As the developer of sakisafe, I can't do anything.",
status => 403 status => 403
); );
return; return;
} }
# Generate random string for the directory # Generate random string for the directory
my @chars = ( '0' .. '9', 'a' .. 'Z' ); my @chars = ( '0' .. '9', 'a' .. 'Z' );
$dirname .= $chars[ rand @chars ] for 1 .. 5; $dirname .= $chars[ rand @chars ] for 1 .. 5;
my $filename = $filedata->filename; my $filename = $filedata->filename;
my ($ext) = $filename =~ /(\.[^.]+)$/; my ($ext) = $filename =~ /(\.[^.]+)$/;
if ( List::MoreUtils::any { /$ext/ } uniq @BANNED_EXTS ) { if ( List::MoreUtils::any { /$ext/ } uniq @BANNED_EXTS ) {
$c->render( text => "You cannot this filetype.\n", status => 415 ); $c->render( text => "You cannot this filetype.\n", status => 415 );
say $ext; $log->info("Attempt to upload by banned extension: " . $c->req->headers->header('X-Forwarded-For'));
logger( "WARN", $c->req->headers->header('X-Forwarded-For'), $dirname . "/" . $filename ); say $ext;
return; return;
} }
carp( color("bold yellow"),
"sakisafe warning: could not create directory: $ERRNO", $c->req->headers->header('X-Forwarded-For')
color("reset") ) unless mkdir( "f/" . $dirname );
unless mkdir( "f/" . $dirname );
$filename .= ".txt" if $filename eq "-";
# TODO: get whether the server is http or https $filename .= ".txt" if $filename eq "-";
# There's a CGI ENV variable for that.
my $host = $c->req->url->to_abs->host;
my $ua = $c->req->headers->user_agent;
$filedata->move_to( "f/" . $dirname . "/" . $filename );
$link = "http://$host/f/$dirname/$filename";
$c->stash( link => $link, host => $host, dirname => $dirname );
$c->res->headers->header( 'Location' => "$link" . $filename ); # TODO: get whether the server is http or https
# There's a CGI ENV variable for that.
my $host = $c->req->url->to_abs->host;
my $ua = $c->req->headers->user_agent;
$filedata->move_to( "f/" . $dirname . "/" . $filename );
$link = "http://$host/f/$dirname/$filename";
$c->stash( link => $link, host => $host, dirname => $dirname );
# Only give the link to curl, html template for others. $c->res->headers->header( 'Location' => "$link" . $filename );
if ( $ua =~ m/curl/ || $ua eq "" ) { # Only give the link to curl, html template for others.
$c->render(
text => $link . "\n",
status => 201,
);
$dirname = ""; if ( $ua =~ m/curl/ || $ua eq "" ) {
} $c->render(
else { text => $link . "\n",
$c->render( status => 201,
template => 'file', );
status => 201,
);
}
logger( "INFO", $c->req->headers->header('X-Forwarded-For'), $dirname . "/" . $filename );
$dirname = ""; $dirname = "";
} else {
$c->render(
template => 'file',
status => 201,
);
}
$log->info($c->req->headers->header('X-Forwarded-For') . " " . $dirname . "/" . $filename );
$dirname = "";
} }
# Function to log uploaded files # Function to log uploaded files
@ -117,21 +130,22 @@ post '/' => sub ($c) { handle_file($c) };
# Allow files to be downloaded. # Allow files to be downloaded.
get '/f/:dir/#name' => sub ($c) { get '/f/:dir/#name' => sub ($c) {
my $dir = $c->param("dir"); my $dir = $c->param("dir");
my $file = $c->param("name"); my $file = $c->param("name");
my $ext = $file; my $ext = $file;
$ext =~ s/.*\.//; $ext =~ s/.*\.//;
my $path = "f/" . $dir . "/" . $file; my $path = "f/" . $dir . "/" . $file;
#carp "sakisafe warning: could not get file: $ERRNO" unless
$c->render( text => "file not found", status => 404 ) unless -e $path;
$c->render_file(
filepath => $path,
format => $ext,
content_disposition => 'inline'
);
};
#carp "sakisafe warning: could not get file: $ERRNO" unless
$c->render( text => "file not found", status => 404 ) unless -e $path;
$c->render_file(
filepath => $path,
format => $ext,
content_disposition => 'inline'
);
}
;
app->log($log);
app->max_request_size( 1024 * 1024 * 100 ); app->max_request_size( 1024 * 1024 * 100 );
post '/upload' => sub ($c) { handle_file($c) }; post '/upload' => sub ($c) { handle_file($c) };
@ -164,13 +178,10 @@ __DATA__
<h2>LINK</h2> <h2>LINK</h2>
<code><%= $link %></code> <code><%= $link %></code>
</center> </center>
<p>Running sakisafe 2.4.0</p> <p>Running sakisafe 2.6.0</p>
</body> </body>
</html> </html>
__END__
@@ index.html.ep @@ index.html.ep
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
@ -191,7 +202,7 @@ __DATA__
<code>curl -F 'file=@-' https://<%= $c->req->url->to_abs->host; %></code><br/> <code>curl -F 'file=@-' https://<%= $c->req->url->to_abs->host; %></code><br/>
<a href="https://git.suragu.net/svragv/sakisafe">Git repository</a> <a href="https://git.suragu.net/svragv/sakisafe">Git repository</a>
</center> </center>
<p>Running sakisafe 2.4.0</p> <p>Running sakisafe 2.6.0</p>
<h2>FAQ</h2> <h2>FAQ</h2>
<p>(No one has ever asked these questions)</p> <p>(No one has ever asked these questions)</p>
<p><b>How long are the files stored?</b> Until the heat death of the universe</b></p> <p><b>How long are the files stored?</b> Until the heat death of the universe</b></p>