Added upload type checking, default name/type, optional metrics, browser auth prompt

This commit is contained in:
alyssadev 2023-09-19 12:01:14 +10:00
parent 3408bdc812
commit 3c44eeebf3
3 changed files with 50 additions and 26 deletions

View file

@ -9,4 +9,4 @@
"devDependencies": { "devDependencies": {
"wrangler": "^3.0.0" "wrangler": "^3.0.0"
} }
} }

View file

@ -1,5 +1,17 @@
// vim: tabstop=4 shiftwidth=4 expandtab // vim: tabstop=4 shiftwidth=4 expandtab
async function isAsciiFile(buf) {
var isAscii = true;
const view = new Uint8Array(buf)
for (var i=0, len=view.byteLength; i<len; i++) {
if (view[i] > 127) {
isAscii=false
break
}
}
return isAscii
}
function makeid(length) { function makeid(length) {
let result = ''; let result = '';
const characters = 'abcdefghijklmnopqrstuvwxyz0123456789'; const characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
@ -15,6 +27,7 @@ function makeid(length) {
async function checkAuth(request) { async function checkAuth(request) {
const auth = request.headers.get("Authorization"); const auth = request.headers.get("Authorization");
const auth_check = await AUTH.get(auth) const auth_check = await AUTH.get(auth)
console.log(auth, auth_check)
return Boolean(auth_check); return Boolean(auth_check);
} }
@ -23,27 +36,35 @@ function getHost(request) {
} }
function create_response(request, body, metadata) { function create_response(request, body, metadata) {
METRICS.writeDataPoint({ try {
indexes: [ METRICS.writeDataPoint({
metadata.status indexes: [
], metadata.status
blobs: [ ],
request.method, blobs: [
request.cf.country, request.method,
request.cf.asn, request.cf.country,
request.cf.timezone, request.cf.asn,
new Date().toISOString(), request.cf.timezone,
request.headers.get("cf-connecting-ip"), new Date().toISOString(),
request.headers.get("referer") request.headers.get("cf-connecting-ip"),
] request.headers.get("referer")
}) ]
})
} catch (e) {
// Metrics disabled
if (!(e instanceof ReferenceError)) {
throw e
}
}
return new Response(body, metadata) return new Response(body, metadata)
} }
async function add(request,host,path) { async function add(request,host,path) {
const auth = await checkAuth(request) const auth = await checkAuth(request)
if (!auth) if (!auth)
return create_response(request, "Only GET requests allowed to unauthed users", {status:403}); return create_response(request, "Auth required", {status:401,headers:{"www-authenticate":"Basic"}});
if (!request.headers.get("content-type")) if (!request.headers.get("content-type"))
return create_response(request, "No data provided", {status:400}) return create_response(request, "No data provided", {status:400})
if (!path) return create_response(request, "No path provided",{status:400}) if (!path) return create_response(request, "No path provided",{status:400})
@ -59,7 +80,7 @@ async function add(request,host,path) {
} }
path = path.toLowerCase() path = path.toLowerCase()
// URL shortening const req_clone = request.clone()
const data = await request.formData() const data = await request.formData()
const dest = data.get("u") const dest = data.get("u")
try { try {
@ -74,10 +95,18 @@ async function add(request,host,path) {
} catch (e) { } catch (e) {
if (e instanceof TypeError) { if (e instanceof TypeError) {
if (!dest) return create_response(request, "No file provided", {status:400}) if (!dest) return create_response(request, "No file provided", {status:400})
const buf = await req_clone.arrayBuffer()
var name = dest.name
var type = dest.type
if (!name || !type) {
const is_ascii = await isAsciiFile(buf)
if (!name) name = is_ascii ? "paste.txt" : "paste.bin"
if (!type) type = is_ascii ? "text/plain" : "application/octet-stream"
}
await FILES.put(path, dest, { await FILES.put(path, dest, {
httpMetadata: { httpMetadata: {
contentType: dest.type, contentType: type,
contentDisposition: `inline; filename="${dest.name}"` contentDisposition: `inline; filename="${name}"`
} }
}) })
await KV.delete(path) await KV.delete(path)
@ -92,7 +121,7 @@ async function add(request,host,path) {
async function remove(request,host,path) { async function remove(request,host,path) {
const auth = await checkAuth(request) const auth = await checkAuth(request)
if (!auth) if (!auth)
return create_response(request, "Only GET requests allowed to unauthed users", {status:403}); return create_response(request, "Auth required", {status:401,headers:{"www-authenticate":"Basic"}});
if (!path) return create_response(request, "No path provided",{status:400}) if (!path) return create_response(request, "No path provided",{status:400})
path = path.toLowerCase() path = path.toLowerCase()
await KV.delete(path) await KV.delete(path)

View file

@ -22,17 +22,12 @@ try:
# unauth requests to auth methods # unauth requests to auth methods
reqs = put(host),post(host),delete(host) reqs = put(host),post(host),delete(host)
assert all(req.status_code == 403 for req in reqs) # unauth requests to auth methods assert all(req.status_code == 401 for req in reqs) # unauth requests to auth methods
# auth put wo data # auth put wo data
req = put(host + "/devtestpath",data={},headers=auth) req = put(host + "/devtestpath",data={},headers=auth)
assert req.status_code == 400 # auth put wo data assert req.status_code == 400 # auth put wo data
# # auth put invalid url
# req = put(host + "/devtestpath",data={"u": "golf sale"},headers=auth)
# assert req.status_code == 400 # auth put invalid url
# # invalid urls would now be stored as files instead
# auth put wo path # auth put wo path
req = put(host,data={"u": "http://www.example.com"},headers=auth) req = put(host,data={"u": "http://www.example.com"},headers=auth)
assert req.status_code == 400 # auth put wo path assert req.status_code == 400 # auth put wo path