diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..5d16c7a --- /dev/null +++ b/.envrc @@ -0,0 +1,2 @@ +watch_file default.nix shell.nix +use flake diff --git a/.gitignore b/.gitignore index ec996f1..3122962 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ upload env .env files +/gomod2nix-template +.direnv +.pre-commit-config.yaml diff --git a/README.md b/README.md index 0f6ac27..d495426 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,12 @@ This one is gonna be a lot easier to deploy since all you need to do is download To change the port or the ip adress to listen for you can use `-p` and `-a` options respectivelly. +There is alse the `-d` option that will set what domain name upfast will return when returning the file path when uploaded. + > example ```bash -./upfast -p 8080 -a 0.0.0.0 +./upfast -p 8080 -a 0.0.0.0 -d https://upfast.cronyakatsuki.xyz ``` By default upfast listen's on 127.0.0.1 adress so if you wan't to access it outside your network you will either need to listen to 0.0.0.0 or use a reverse proxy. I recommend the usage of a reverse proxy. @@ -20,18 +22,49 @@ You will need to rename the `upload` folder to `files`, since I changed the nami ## Installation -```bash -# Create upfast user and home directory -useradd --shell /bin/sh --system --home-dir /usr/local/upfast upfast -mkdir -p /usr/local/upfast # dodge copying of skeletons -chown upfast:upfast /usr/local/upfast -chmod 700 /usr/local/upfast +This installation step's will also harden our installation and limit the size of how much can be uploaded at the same time so your system can't be flooded. -# change to upfast user -su upfast -# go to upfast's user's home and curl the upfast binary -cd ~ -curl -O binary +### Creating user +```bash +# Create upfast user with no login shell, no home directory and as a system user +useradd --shell /usr/sbin/nologin --system -M upfast +# Resctrict login to upfast user +usermod -L upfast +``` + +### Creating virtual filesystem + +This is done in order to limit the amount of storage the upfast installation, so people can't storage dos you. + + +Creating virtual filesystem to limit amount people can upload like chad's, using dd to create an empty file of size you choose. + +Change the size output file to whatever you wan't and size to whatever you wan't. +``` bash +# make sure to first change into a directory where you wan't to save the virtual filesystem +dd if=/dev/zero of=20gb bs=1M count=20480 +# make that file into a filesystem +mkfs.ext4 20gb +# create directory to mount the filesystem, I recommend /usr/local/upfast because that's where the included systemd service looks for upfast binary +mkdir /usr/local/upfast +# mounting the filesystem +mount -o loop,rw /home/ivek/20gb /usr/local/upfast +``` +Now to make it mount on system reboot we need to add this line to fstab. +``` fstab +/home/amir/mydatafile /usr/local/upfast ext4 loop,rw,usrquota,grpquota 0 0 +``` +### Downloading the binary +```bash +# go to upfast's user's home and curl the upfast binary, make sure to run the next command's as root +cd /usr/local/upfast +curl -O https://code.cronyakatsuki.xyz/crony/UpFast/releases/download/v1.2/upfast +chmod +x upfast +``` +```bash +# Own the directory with upfast user and group +chown upfast:upfast -R /usr/local/upfast +chmod 700 /usr/local/upfast ``` ## Updating @@ -40,8 +73,8 @@ When new update of upfast come's out all you will need to change to upfast user ```bash su upfast -cd ~ -curl -O binary +cd /usr/local/upfast +curl -O https://code.cronyakatsuki.xyz/crony/UpFast/releases/download/v1.2/upfast ``` ## Startup automaticallly on system restart @@ -59,14 +92,14 @@ Documentation=https://code.cronyakatsuki.xyz/crony/upfast User=upfast Group=upfast WorkingDirectory=/usr/local/upfast/ -ExecStart=/usr/local/upfast/upfast -p 8000 -a 127.0.0.1 +ExecStart=/usr/local/upfast/upfast -p 8000 -a 127.0.0.1 -d https://upfast.cronyakatsuki.xyz Restart=on-failure [Install] WantedBy=multi-user.target ``` -Remember to change the port if you need to or the listening adress. +Remember to change the port if you need to, the listening adress and the domain name. After that run `systemctl daemon-reload` as root or with sudo. diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..0f78549 --- /dev/null +++ b/default.nix @@ -0,0 +1,21 @@ +{ pkgs ? ( + let + inherit (builtins) fetchTree fromJSON readFile; + inherit ((fromJSON (readFile ./flake.lock)).nodes) nixpkgs gomod2nix; + in + import (fetchTree nixpkgs.locked) { + overlays = [ + (import "${fetchTree gomod2nix.locked}/overlay.nix") + ]; + } + ) +, buildGoApplication ? pkgs.buildGoApplication +}: + +buildGoApplication { + pname = "upfast"; + version = "1.3"; + pwd = ./.; + src = ./.; + modules = ./gomod2nix.toml; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..539a3b7 --- /dev/null +++ b/flake.lock @@ -0,0 +1,210 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gomod2nix": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705314449, + "narHash": "sha256-yfQQ67dLejP0FLK76LKHbkzcQqNIrux6MFe32MMFGNQ=", + "owner": "nix-community", + "repo": "gomod2nix", + "rev": "30e3c3a9ec4ac8453282ca7f67fca9e1da12c3e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "gomod2nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1704842529, + "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1708018599, + "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "gomod2nix": "gomod2nix", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..fe57114 --- /dev/null +++ b/flake.nix @@ -0,0 +1,31 @@ +{ + description = "A basic gomod2nix flake"; + + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + inputs.gomod2nix.url = "github:nix-community/gomod2nix"; + inputs.gomod2nix.inputs.nixpkgs.follows = "nixpkgs"; + inputs.gomod2nix.inputs.flake-utils.follows = "flake-utils"; + inputs.pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; + + outputs = { self, nixpkgs, flake-utils, gomod2nix, pre-commit-hooks }: + (flake-utils.lib.eachDefaultSystem + (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + + # The current default sdk for macOS fails to compile go projects, so we use a newer one for now. + # This has no effect on other platforms. + callPackage = pkgs.darwin.apple_sdk_11_0.callPackage or pkgs.callPackage; + in + { + packages.default = callPackage ./. { + inherit (gomod2nix.legacyPackages.${system}) buildGoApplication; + }; + devShells.default = callPackage ./shell.nix { + inherit (gomod2nix.legacyPackages.${system}) mkGoEnv gomod2nix; + inherit pre-commit-hooks; + }; + }) + ); +} diff --git a/gomod2nix.toml b/gomod2nix.toml new file mode 100644 index 0000000..08676c7 --- /dev/null +++ b/gomod2nix.toml @@ -0,0 +1,39 @@ +schema = 3 + +[mod] + [mod."github.com/golang-jwt/jwt"] + version = "v3.2.2+incompatible" + hash = "sha256-LOkpuXhWrFayvVf1GOaOmZI5YKEsgqVSb22aF8LnCEM=" + [mod."github.com/labstack/echo/v4"] + version = "v4.11.3" + hash = "sha256-rdqH4HQB/vZyEsoymrEsQ8izjf0m7jhrIxbF6r5ZmBo=" + [mod."github.com/labstack/gommon"] + version = "v0.4.0" + hash = "sha256-xISAIJEu2xh0hoWsORbgjnz3rDK3ft3hrvmxt0wfHVw=" + [mod."github.com/mattn/go-colorable"] + version = "v0.1.13" + hash = "sha256-qb3Qbo0CELGRIzvw7NVM1g/aayaz4Tguppk9MD2/OI8=" + [mod."github.com/mattn/go-isatty"] + version = "v0.0.19" + hash = "sha256-wYQqGxeqV3Elkmn26Md8mKZ/viw598R4Ych3vtt72YE=" + [mod."github.com/valyala/bytebufferpool"] + version = "v1.0.0" + hash = "sha256-I9FPZ3kCNRB+o0dpMwBnwZ35Fj9+ThvITn8a3Jr8mAY=" + [mod."github.com/valyala/fasttemplate"] + version = "v1.2.2" + hash = "sha256-gp+lNXE8zjO+qJDM/YbS6V43HFsYP6PKn4ux1qa5lZ0=" + [mod."golang.org/x/crypto"] + version = "v0.14.0" + hash = "sha256-UUSt3X/i34r1K0mU+Y5IzljX5HYy07JcHh39Pm1MU+o=" + [mod."golang.org/x/net"] + version = "v0.17.0" + hash = "sha256-qRawHWLSsJ06QNbLhUWPXGVSO1eaioeC9xZlUEWN8J8=" + [mod."golang.org/x/sys"] + version = "v0.13.0" + hash = "sha256-/+RDZ0a0oEfJ0k304VqpJpdrl2ZXa3yFlOxy4mjW7w0=" + [mod."golang.org/x/text"] + version = "v0.13.0" + hash = "sha256-J34dbc8UNVIdRJUZP7jPt11oxuwG8VvrOOylxE7V3oA=" + [mod."golang.org/x/time"] + version = "v0.3.0" + hash = "sha256-/hmc9skIswMYbivxNS7R8A6vCTUF9k2/7tr/ACkcEaM=" diff --git a/main.go b/main.go index 325ed15..f506920 100644 --- a/main.go +++ b/main.go @@ -22,16 +22,21 @@ var templates embed.FS //go:embed all:static/* var static embed.FS +var domain string + func main() { t := &Template{ templates: template.Must(template.ParseFS(templates, "public/views/*.html")), } - port := flag.Int("p", 1323, "upfast port to listen on.") - adress := flag.String("a", "127.0.0.1", "upfast ip to listen to") + p := flag.Int("p", 1323, "upfast port to listen on.") + a := flag.String("a", "127.0.0.1", "upfast ip to listen to") + d := flag.String("d", "127.0.0.1", "upfast domain") flag.Parse() - host := *adress + ":" + strconv.Itoa(*port) + host := *a + ":" + strconv.Itoa(*p) + + domain = *d e := echo.New() @@ -91,7 +96,7 @@ func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Con func Index(c echo.Context) error { data := IndexData{ - Host: c.Request().Host, + Host: domain, } return c.Render(http.StatusOK, "index", data) } @@ -117,13 +122,30 @@ func Files(c echo.Context) error { log.Fatal(err) } + UserAgent := c.Request().UserAgent() + + log.Print(UserAgent) + + match, err := regexp.MatchString("^curl/.*", UserAgent) + if err != nil { + log.Fatal(err) + } + + if match { + out := "" + for _, f := range filelist { + out += f.Name() + "\n" + } + return c.String(http.StatusOK, out) + } + var Type string var Content string ImageMatch := regexp.MustCompile("^image/.*") VideoMatch := regexp.MustCompile("^video/.*") JsonMatch := regexp.MustCompile("application/json") - TextMatch := regexp.MustCompile("^text/.*|application/octet-stream") + TextMatch := regexp.MustCompile("^text/.*") for _, f := range filelist { filePath := "files/" + f.Name() @@ -191,7 +213,7 @@ func Upload(c echo.Context) error { return err } - fileUrl := c.Request().Host + "/files/" + file.Filename + "\n" + fileUrl := domain + "/files/" + file.Filename + "\n" UserAgent := c.Request().UserAgent() @@ -206,7 +228,7 @@ func Upload(c echo.Context) error { return c.String(http.StatusOK, fileUrl) } - return c.Redirect(http.StatusMovedPermanently, "/files/"+file.Filename) + return c.HTML(http.StatusOK, "File uploaded at url: "+fileUrl+"") } func Delete(c echo.Context) error { diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..5cde177 --- /dev/null +++ b/shell.nix @@ -0,0 +1,32 @@ +{ pkgs ? ( + let + inherit (builtins) fetchTree fromJSON readFile; + inherit ((fromJSON (readFile ./flake.lock)).nodes) nixpkgs gomod2nix; + in + import (fetchTree nixpkgs.locked) { + overlays = [ + (import "${fetchTree gomod2nix.locked}/overlay.nix") + ]; + } + ) +, mkGoEnv ? pkgs.mkGoEnv +, gomod2nix ? pkgs.gomod2nix +, pre-commit-hooks +}: + +let + goEnv = mkGoEnv { pwd = ./.; }; + pre-commit-check = pre-commit-hooks.lib.${pkgs.system}.run { + src = ./.; + hooks = { + gofmt.enable = true; + }; + }; +in +pkgs.mkShell { + inherit (pre-commit-check) shellHook; + packages = [ + goEnv + gomod2nix + ]; +}