From 987d11188f3956e56cdf6fb13f83d82cd048a66f Mon Sep 17 00:00:00 2001 From: darmiel <71837281+darmiel@users.noreply.github.com> Date: Thu, 1 Apr 2021 21:02:06 +0200 Subject: [PATCH] Implemented custom hashes (#7) --- cmd/serve.go | 2 +- internal/common/validators.go | 40 +++++++++++++++++++----------- internal/common/validators_test.go | 8 ++++++ internal/server/request_get.go | 2 +- internal/server/request_post.go | 19 +++++++++++++- internal/server/server.go | 10 +++++++- 6 files changed, 62 insertions(+), 19 deletions(-) diff --git a/cmd/serve.go b/cmd/serve.go index 718a542..4fb1141 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -108,7 +108,7 @@ func init() { regDurP(serveCmd, "max-ttl", "s", 60*time.Minute, "Max TTL") // other - regIntP(serveCmd, "max-body-length", "x", 1024, "Max Body Length") + regIntP(serveCmd, "max-body-length", "x", 8192, "Max Body Length") regBoolP(serveCmd, "enable-encryption", "e", true, "Enable Encryption") regStr(serveCmd, "proxy-header", "", "Proxy Header") } diff --git a/internal/common/validators.go b/internal/common/validators.go index 5959ff8..70ec4da 100644 --- a/internal/common/validators.go +++ b/internal/common/validators.go @@ -11,28 +11,38 @@ const ( ) var ( - APAllowedChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789:.-_+*!$%~@") + APAllowedChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789:.-_+*!$%~@") + HexAllowedChars = []byte("0123456789abcdef") ) +func ContainsOtherThan(str string, allowed []byte) bool { + for _, c := range str { + b := byte(c) + v := false + // check if allowed array contains + for _, a := range allowed { + if b == a { + v = true + break + } + } + if !v { + return true + } + } + return false +} + func ValidateAnywherePath(anywhere string) bool { l := len(anywhere) if l < APMinLength || l > APMaxLength { return false } - for _, c := range anywhere { - b := byte(c) - f := false - for _, a := range APAllowedChars { - if a == b { - f = true - break - } - } - if !f { - return false - } - } - return true + return !ContainsOtherThan(anywhere, APAllowedChars) +} + +func ValidateHex(anywhere string) bool { + return !ContainsOtherThan(anywhere, HexAllowedChars) } var p *regexp.Regexp diff --git a/internal/common/validators_test.go b/internal/common/validators_test.go index a923b68..a65f017 100644 --- a/internal/common/validators_test.go +++ b/internal/common/validators_test.go @@ -64,6 +64,14 @@ func TestValidateAnywherePath(t *testing.T) { } } +func TestContainsOtherThan(t *testing.T) { + AssertFalse(t, ContainsOtherThan("hello", []byte("hello"))) + AssertTrue(t, ContainsOtherThan("hello!", []byte("hello"))) + AssertFalse(t, ContainsOtherThan("Hello", []byte("helloH"))) + AssertTrue(t, ContainsOtherThan("Hello", []byte("hello"))) + AssertTrue(t, ContainsOtherThan("Hello!", []byte("hello!"))) +} + // AssertEqual checks if values are equal func AssertEqual(t *testing.T, a interface{}, b interface{}) { if a == b { diff --git a/internal/server/request_get.go b/internal/server/request_get.go index 092c94a..823e8e6 100644 --- a/internal/server/request_get.go +++ b/internal/server/request_get.go @@ -47,7 +47,7 @@ func (s *yAxCServer) handleGetHashAnywhere(ctx *fiber.Ctx) (err error) { return } - log.Warning(ctx.IP(), "requested HASH", path) + log.Warning(ctx.IP(), "requested HASH", path, "with result", res) if res == "" { ctx.Status(404) diff --git a/internal/server/request_post.go b/internal/server/request_post.go index ce3160a..7d562f0 100644 --- a/internal/server/request_post.go +++ b/internal/server/request_post.go @@ -13,7 +13,21 @@ var errEncryptionNotEnabled = errors.New("encryption not enabled") func (s *yAxCServer) handlePostAnywhere(ctx *fiber.Ctx) (err error) { path := strings.TrimSpace(ctx.Params("anywhere")) + log.Debug("requested path", path) + return s.setAnywhereWithHash(ctx, path, "") +} +func (s *yAxCServer) handlePostAnywhereWithHash(ctx *fiber.Ctx) (err error) { + path := strings.TrimSpace(ctx.Params("anywhere")) + hash := strings.TrimSpace(ctx.Params("hash")) + // validate hash + if !common.ValidateHex(hash) { + return ctx.Status(400).SendString("ERROR: Invalid hash") + } + return s.setAnywhereWithHash(ctx, path, hash) +} + +func (s *yAxCServer) setAnywhereWithHash(ctx *fiber.Ctx, path, hash string) (err error) { // validate path if !common.ValidateAnywherePath(path) { return ctx.Status(400).SendString("ERROR: Invalid path") @@ -52,7 +66,10 @@ func (s *yAxCServer) handlePostAnywhere(ctx *fiber.Ctx) (err error) { return ctx.Status(400).SendString("ERROR: TTL out of range") } - hash := common.MD5Hash(content) + // generate hash + if hash == "" { + hash = common.MD5Hash(content) + } // Set contents errVal := s.Backend.Set(path, content, ttl) diff --git a/internal/server/server.go b/internal/server/server.go index f131238..bce038d 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -39,10 +39,18 @@ func (s *yAxCServer) Start() { return ctx.SendString(body) }) + // GET contents s.App.Get("/:anywhere", s.handleGetAnywhere) - s.App.Post("/:anywhere", s.handlePostAnywhere) + + // GET hash s.App.Get("/hash/:anywhere", s.handleGetHashAnywhere) + // SET contents, auto hash + s.App.Post("/:anywhere", s.handlePostAnywhere) + + // SET contents, custom hash + s.App.Post("/:anywhere/:hash", s.handlePostAnywhereWithHash) + if err := s.App.Listen(s.BindAddress); err != nil { log.Critical(err) }