From d0c7060012bdf9597559f10bebeb5d0f920ea235 Mon Sep 17 00:00:00 2001
From: getimiskon <31846052+getimiskon@users.noreply.github.com>
Date: Mon, 13 Feb 2023 21:29:06 +0000
Subject: [PATCH] Add filename randomizing (#17)

* Added filename randomizing code

* Updated the README file

---------

Co-authored-by: getimiskon <getimiskon@disroot.org>
---
 README.md        | 16 ++++++----------
 http/sakisafe.pl | 13 ++++++++++++-
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index fad1925..269c7ca 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 1. install the dependencies using `cpan`:
 
 ~~~
-cpan -i Mojolicious::Lite Mojolicious::Routes::Pattern Mojoliciuos::Plugin::RenderFile
+cpan -i Mojolicious::Lite Mojolicious::Routes::Pattern Mojolicious::Plugin::RenderFile List::MoreUtils MIME::Types
 ~~~
 
 2. Clone the repo and start the daemon:
@@ -22,14 +22,10 @@ cd sakisafe/http
 ./sakisafe.pl daemon -m production
 ~~~
 
-3. Create a 'f' directory in the directory sakisafe will run with
-`mkdir f`. Make sure that the user which will run sakisafe.pl can
-write in that directory.
-
 By default, sakisafe will bind in 127.0.0.1 port 3000. Because that's
 the default bind Mojolicious uses.
 
-4. Create a proxy rule in nginx configuration (If you're using another
+3. Create a proxy rule in nginx configuration (If you're using another
 HTTP server, you're on your own.)
 
 ~~~conf
@@ -41,10 +37,10 @@ server {
 	  # ssl configuration here
 
 	  location / {
-			 proxy_set_header    Host            $host;
-			 proxy_set_header    X-Real-IP       $remote_addr;
-    			 proxy_set_header    X-Forwarded-for $remote_addr;
-			 proxy_pass http://127.0.0.1:3000$request_uri;
+	  		   proxy_set_header    Host            $host;
+			   proxy_set_header    X-Real-IP       $remote_addr;
+			   proxy_set_header    X-Forwarded-for $remote_addr;
+			   proxy_pass http://127.0.0.1:3000$request_uri;
 	  }
 }
 ~~~
diff --git a/http/sakisafe.pl b/http/sakisafe.pl
index 0f86595..fb4269e 100755
--- a/http/sakisafe.pl
+++ b/http/sakisafe.pl
@@ -12,6 +12,7 @@ use MIME::Types;
 use warnings;
 use experimental 'signatures';
 use feature 'say';
+use Encode qw(decode encode);
 plugin 'RenderFile';
 
 # OpenBSD promises.
@@ -22,8 +23,9 @@ pledge("stdio cpath rpath wpath inet flock fattr") if $openbsd;
 # 100 MBs
 
 my $MAX_SIZE = 1024 * 1024 * 100;
-
 my @BANNED = qw();			  # Add banned IP addresses here
+my $RANDOMIZE_FILENAME = 0;   # Enable/disable randomization
+
 my $dirname;
 my $link;
 
@@ -60,6 +62,15 @@ sub handle_file {
 	my @chars = ( '0' .. '9', 'a' .. 'Z' );
 	$dirname .= $chars[ rand @chars ] for 1 .. 5;
 	my $filename = $filedata->filename;
+	my $enc = encode( "UTF-8", $filename );
+	$filename = $enc;
+	if ( $RANDOMIZE_FILENAME = 1 ) {
+		my $extension = $filename;
+		$extension =~ s/.*\.//;
+		$filename = "";
+		$filename .= $chars[ rand @chars ] for 1 .. 5;
+		$filename = $filename . "." . $extension;
+	}
 	carp( color("bold yellow"),
 		 "sakisafe warning: could not create directory: $ERRNO",
 		 color("reset") )