2021-09-19 01:50:57 +03:00
|
|
|
#include "mongoose.h"
|
|
|
|
#include "index.h"
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <crypt.h>
|
|
|
|
#include <time.h>
|
|
|
|
|
|
|
|
char *port = "8081";
|
|
|
|
char *data_dir = "/srv/pacebin";
|
|
|
|
char *seed = "secret";
|
2021-09-26 00:54:58 +03:00
|
|
|
char *proto = "http://";
|
2021-09-19 01:50:57 +03:00
|
|
|
|
|
|
|
static struct mg_http_serve_opts s_http_server_opts;
|
|
|
|
|
|
|
|
static void rec_mkdir(const char *dir) {
|
|
|
|
char tmp[256];
|
|
|
|
char *p = NULL;
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
snprintf(tmp, sizeof(tmp),"%s",dir);
|
|
|
|
len = strlen(tmp);
|
|
|
|
if (tmp[len - 1] == '/')
|
|
|
|
tmp[len - 1] = 0;
|
|
|
|
for (p = tmp + 1; *p; p++)
|
|
|
|
if (*p == '/') {
|
|
|
|
*p = 0;
|
|
|
|
mkdir(tmp, S_IRWXU);
|
|
|
|
*p = '/';
|
|
|
|
}
|
|
|
|
mkdir(tmp, S_IRWXU);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool file_exists(char *filename) {
|
|
|
|
struct stat buffer;
|
|
|
|
return (stat (filename, &buffer) == 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *get_paste_filename(char *link) {
|
|
|
|
char *filename = malloc(strlen(data_dir) + strlen(link) + 8);
|
|
|
|
sprintf(filename, "%s/paste/%s", data_dir, link);
|
|
|
|
return filename;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *get_del_filename(char *link) {
|
|
|
|
char *filename = malloc(strlen(data_dir) + strlen(link) + 6);
|
|
|
|
sprintf(filename, "%s/del/%s", data_dir, link);
|
|
|
|
return filename;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool paste_exists(char *link) {
|
|
|
|
return file_exists(get_paste_filename(link));
|
|
|
|
}
|
|
|
|
|
|
|
|
char *gen_random_link() {
|
|
|
|
srand(time(NULL));
|
|
|
|
char *short_link = malloc(17);
|
|
|
|
do {
|
|
|
|
for(size_t i = 0; i < 16; ++i) {
|
|
|
|
sprintf(short_link + i, "%x", rand() % 16);
|
|
|
|
}
|
|
|
|
} while (paste_exists(short_link));
|
|
|
|
return short_link;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *gen_del_key(char *link) {
|
|
|
|
char *salt = malloc(20);
|
|
|
|
char *rand_str = malloc(17);
|
|
|
|
srand(time(NULL));
|
|
|
|
for (size_t i = 0; i < 16; ++i) {
|
|
|
|
rand_str[i] = 37 + (rand() % 90); // random printable char
|
|
|
|
if (rand_str[i] == 92 || rand_str[i] == 58 ||
|
|
|
|
rand_str[i] == 59 || rand_str[i] == 42) --i; // chars not allowed for salts
|
|
|
|
}
|
|
|
|
rand_str[16] = 0;
|
|
|
|
sprintf(salt, "$6$%s", rand_str);
|
|
|
|
|
|
|
|
char *use_link = malloc(strlen(link) + strlen(seed) + 1);
|
|
|
|
sprintf(use_link, "%s%s", seed, link);
|
|
|
|
|
|
|
|
char *del_key = crypt(use_link, salt);
|
|
|
|
|
|
|
|
return del_key;
|
|
|
|
}
|
|
|
|
|
|
|
|
void trim(char *str) {
|
|
|
|
char *_str = str;
|
|
|
|
int len = strlen(_str);
|
|
|
|
|
|
|
|
while(*_str && *_str == '/') ++_str, --len;
|
|
|
|
|
|
|
|
memmove(str, _str, len + 1);
|
|
|
|
}
|
|
|
|
|
2021-09-26 01:14:16 +03:00
|
|
|
#if DISABLE_CUSTOM_LINKS == 1
|
|
|
|
void handle_post(struct mg_connection *nc, char *content, char *host) {
|
|
|
|
char *short_link = gen_random_link();
|
|
|
|
#else
|
2021-09-19 01:50:57 +03:00
|
|
|
void handle_post(struct mg_connection *nc, char *content, char *host, char *link) {
|
|
|
|
char *short_link;
|
|
|
|
if (strlen(link) == 0) {
|
|
|
|
short_link = gen_random_link();
|
|
|
|
} else if (strlen(link) >= 255) {
|
|
|
|
return mg_http_reply(nc, 413, "", "paste link length can not exceed 255 characters");
|
|
|
|
} else {
|
|
|
|
short_link = link;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (paste_exists(short_link)) {
|
|
|
|
return mg_http_reply(nc, 500, "", "a paste named %s already exists", short_link);
|
|
|
|
}
|
2021-09-26 01:14:16 +03:00
|
|
|
#endif
|
2021-09-19 01:50:57 +03:00
|
|
|
|
2021-09-28 17:20:26 +03:00
|
|
|
if (!mg_file_write(get_paste_filename(short_link), content, strlen(content))) {
|
|
|
|
fprintf(stderr, "failed to write to file %s", get_paste_filename(short_link));
|
|
|
|
return mg_http_reply(nc, 500, "", "failed to write data");
|
|
|
|
}
|
2021-09-19 01:50:57 +03:00
|
|
|
|
|
|
|
char *del_key = gen_del_key(short_link);
|
2021-09-28 17:20:26 +03:00
|
|
|
if (!mg_file_write(get_del_filename(short_link), del_key, strlen(del_key))) {
|
|
|
|
fprintf(stderr, "failed to write to file %s", get_del_filename(short_link));
|
|
|
|
return mg_http_reply(nc, 500, "", "failed to write data");
|
|
|
|
}
|
2021-09-19 01:50:57 +03:00
|
|
|
|
|
|
|
char *del_header = malloc(256);
|
|
|
|
sprintf(del_header, "X-Delete-With: %s\r\n", del_key);
|
|
|
|
|
2021-09-26 00:54:58 +03:00
|
|
|
mg_http_reply(nc, 201, del_header, "%s%s/%s", proto, host, short_link);
|
2021-09-19 01:50:57 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
void handle_delete(struct mg_connection *nc, char *link, char *del_key) {
|
|
|
|
if (paste_exists(link)) {
|
2021-09-28 17:20:26 +03:00
|
|
|
char *key = mg_file_read(get_del_filename(link), NULL);
|
2021-09-19 01:50:57 +03:00
|
|
|
if (strcmp(key, del_key) == 0) {
|
|
|
|
remove(get_paste_filename(link));
|
|
|
|
remove(get_del_filename(link));
|
|
|
|
mg_http_reply(nc, 204, "", "");
|
|
|
|
} else {
|
|
|
|
mg_http_reply(nc, 403, "", "incorrect deletion key");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
mg_http_reply(nc, 404, "", "this paste does not exist");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ev_handler(struct mg_connection *nc, int ev, void *p, void *f) {
|
|
|
|
if (ev == MG_EV_HTTP_MSG) {
|
|
|
|
struct mg_http_message *hm = (struct mg_http_message *) p;
|
|
|
|
char *uri = malloc(hm->uri.len + 1);
|
|
|
|
|
|
|
|
snprintf(uri, hm->uri.len + 1, "%s", hm->uri.ptr);
|
|
|
|
trim(uri);
|
|
|
|
|
2021-09-28 17:20:26 +03:00
|
|
|
struct mg_str *pmhost = mg_http_get_header(hm, "Host");
|
|
|
|
struct mg_str mhost;
|
|
|
|
if (pmhost == NULL) {
|
|
|
|
fprintf(stderr, "request sent with no Host header");
|
|
|
|
mhost = mg_str("<UNKNOWN DOMAIN>");
|
|
|
|
} else {
|
|
|
|
mhost = *pmhost;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *host = malloc(mhost.len + 1);
|
|
|
|
snprintf(host, mhost.len + 1, "%s", mhost.ptr);
|
2021-09-19 01:50:57 +03:00
|
|
|
|
|
|
|
char *body = strdup(hm->body.ptr);
|
|
|
|
|
|
|
|
if (strncmp(hm->method.ptr, "POST", hm->method.len) == 0) {
|
2021-09-26 01:14:16 +03:00
|
|
|
#if DISABLE_CUSTOM_LINKS == 1
|
|
|
|
handle_post(nc, body, host); // FIXME: return 400 on bad Content-Type
|
|
|
|
#else
|
2021-09-19 01:50:57 +03:00
|
|
|
handle_post(nc, body, host, uri); // FIXME: return 400 on bad Content-Type
|
2021-09-26 01:14:16 +03:00
|
|
|
#endif
|
2021-09-19 01:50:57 +03:00
|
|
|
} else if (strncmp(hm->method.ptr, "DELETE", hm->method.len) == 0) {
|
|
|
|
handle_delete(nc, uri, body);
|
|
|
|
} else if (strncmp(hm->method.ptr, "GET", hm->method.len) == 0) {
|
|
|
|
if (strlen(uri) == 0) {
|
|
|
|
return mg_http_reply(nc, 200, "Content-Type: text/html\r\n", INDEX_HTML,
|
|
|
|
host, host, host, host, host); // FIXME: need better solution
|
|
|
|
}
|
|
|
|
|
|
|
|
mg_http_serve_dir(nc, hm, &s_http_server_opts);
|
|
|
|
} else {
|
|
|
|
mg_http_reply(nc, 405, "Allow: GET, POST, DELETE\r\n", "");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int main(int argc, char *argv[]) {
|
|
|
|
int index;
|
|
|
|
int c;
|
|
|
|
|
|
|
|
opterr = 0;
|
|
|
|
setvbuf(stdout, NULL, _IONBF, 0);
|
|
|
|
|
2021-09-26 00:54:58 +03:00
|
|
|
while ((c = getopt (argc, argv, "p:d:s:kh")) != -1) {
|
2021-09-19 01:50:57 +03:00
|
|
|
switch (c) {
|
|
|
|
case 'p':
|
|
|
|
port = optarg;
|
|
|
|
break;
|
|
|
|
case 'd':
|
|
|
|
data_dir = optarg;
|
|
|
|
break;
|
|
|
|
case 's':
|
|
|
|
seed = optarg;
|
|
|
|
break;
|
2021-09-26 00:54:58 +03:00
|
|
|
case 'k':
|
|
|
|
proto = "https://";
|
|
|
|
break;
|
2021-09-19 01:50:57 +03:00
|
|
|
case 'h':
|
|
|
|
printf("pacebin: a minimal pastebin\n");
|
2021-09-26 00:54:58 +03:00
|
|
|
printf("usage: %s [-p port] [-d data_dir] [-s seed] [-k]\n\n", argv[0]);
|
2021-09-19 01:50:57 +03:00
|
|
|
printf("options:\n");
|
|
|
|
printf("-p <port>\t\tport to use (default 8081)\n");
|
|
|
|
printf("-d <data directory>\tdirectory to store data (default /srv/pacebin)\n");
|
2021-09-26 00:54:58 +03:00
|
|
|
printf("-s <seed>\t\tsecret seed to use (DO NOT SHARE THIS; default 'secret')\n");
|
|
|
|
printf("-k\t\t\treturns HTTPS URLs when uploading files, use with an HTTPS-enabled reverse proxy\n\n");
|
2021-09-19 01:50:57 +03:00
|
|
|
printf("source: https://short.swurl.xyz/pacebin (submit bug reports, suggestions, etc. here)\n");
|
|
|
|
return 0;
|
|
|
|
case '?':
|
|
|
|
if (optopt == 'p' || optopt == 'd' || optopt == 's') {
|
|
|
|
fprintf(stderr, "Option -%c requires an argument.\n", optopt);
|
|
|
|
}
|
|
|
|
else if (isprint (optopt)) {
|
|
|
|
fprintf(stderr, "Unknown option `-%c'.\n", optopt);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
fprintf(stderr, "Unknown option character `\\x%x'.\n", optopt);
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
default:
|
|
|
|
abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (index = optind; index < argc; index++) {
|
|
|
|
printf ("Non-option argument %s\n", argv[index]);
|
|
|
|
}
|
|
|
|
|
|
|
|
rec_mkdir(strcat(strdup(data_dir), "/paste"));
|
|
|
|
rec_mkdir(strcat(strdup(data_dir), "/del"));
|
|
|
|
struct mg_mgr mgr;
|
|
|
|
struct mg_connection *nc;
|
|
|
|
|
|
|
|
char *root = malloc(strlen(data_dir) + 7);
|
|
|
|
snprintf(root, strlen(data_dir) + 7, "%s/paste", data_dir);
|
|
|
|
memset(&s_http_server_opts, 0, sizeof(s_http_server_opts));
|
|
|
|
s_http_server_opts.root_dir = root;
|
|
|
|
|
|
|
|
mg_mgr_init(&mgr);
|
|
|
|
printf("Starting web server on port %s\n", port);
|
|
|
|
char *str_port = malloc(20);
|
|
|
|
sprintf(str_port, "http://0.0.0.0:%s", port);
|
|
|
|
nc = mg_http_listen(&mgr, str_port, ev_handler, &mgr);
|
|
|
|
if (nc == NULL) {
|
|
|
|
printf("Failed to create listener\n");
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (;;) { mg_mgr_poll(&mgr, 1000); }
|
|
|
|
mg_mgr_free(&mgr);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|