Skip to content

Commit

Permalink
Implemented simple URL filtering
Browse files Browse the repository at this point in the history
  • Loading branch information
@millinon
millinon committed Sep 4, 2016
1 parent 423e82e commit f70038c
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 107 deletions.
2 changes: 1 addition & 1 deletion nginx-conf/sites-available/jump.conf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
log_format jump_access '[$time_local] $remote_addr $server_name $request $status "$http_referer $http_user_agent"';
log_format jump_access '[$time_local] $remote_addr $server_name $request $status $http_referer $http_user_agent';

# redirect http://jump.wtf to https://jump.wtf
server {
Expand Down
2 changes: 1 addition & 1 deletion www/go.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ function g_main(string $uri): void {
$result = jump_api::jumpTo(['action' => 'jumpTo', 'jump-key' => $uri]);

if ($result['success'] !== true) {
error_log($result['message']);
// error_log($result['message']);
error_page($result['code'], $uri);
} else {
header('Location:'.$result['url']);
Expand Down
196 changes: 91 additions & 105 deletions www/include/api/api.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ require_once ('mimes.hh');
require_once ('api/validation.hh');
require_once ('api/router.hh');

function banned_terms() {
return [ 'jenniferhot1', 'jenniferhot.1' ];
}

class KeygenException extends Exception {
protected $t;

Expand All @@ -22,6 +26,17 @@ class KeygenException extends Exception {

class jump_api {

// basic URL scanning
public static function filter_url(string $url): bool {
$pattern = '/' .
'jenniferhot\.?1' .
'/';

return preg_match($pattern, $url) === 1;
}



public static function jump_key_exists(string $key): bool {
$dyclient = awsHelper::dydb_client();

Expand Down Expand Up @@ -447,7 +462,8 @@ class jump_api {
}

public static function genURL($input): array {
try {

try {
$input = api_validator::validate($input);
} catch (ValidationException $ve) {
return self::error((string) $ve, 400);
Expand All @@ -463,6 +479,12 @@ class jump_api {

$balance = ['success' => false, 'custom-urls' => 0];

if( self::filter_url($input['input-url']) ){ // bad URL
error_log(
"got spam URL '".$input['input-url']."' from IP " . $_SERVER['REMOTE_ADDR']);
return self::error("Internal exception.");
}

if (!empty($input['promo-code'])) {
$balance = self::getBalance(
['action' => 'getBalance', 'promo-code' => $input['promo-code']],
Expand Down Expand Up @@ -738,7 +760,13 @@ class jump_api {
if ($cached !== FALSE) {
// cache hit

//$url = $cached;
foreach(banned_terms() as $term){
if(strpos(self::$cache->get($key)['url'], $term) !== false){
error_log("got spam URL at key $key");
return self::error("Internal exception", 500);
}
}


return self::success(self::$cache->get($key));

Expand Down Expand Up @@ -817,76 +845,27 @@ class jump_api {
$url = $item['url']['S'];
}

/* if (!$isPrivate && self::$cache !== NULL) {
self::$cache->add($key, $url);
}
*/
$promise = null;
if($isPrivate){

$kill_str = '';

// remove stupid deprecated attributes from DynamoDB
{
$kill_list = [];

if (isset($item['active'])) {
array_push($kill_list, 'active');
}

if (isset($item['isPrivate'])) {
array_push($kill_list, 'isPrivate');
}

if (isset($item['isFile'])) {
array_push($kill_list, 'isFile');
}

if (isset($item['Checksum'])) {
array_push($kill_list, 'Checksum');
}

if (isset($item['origname'])) {
array_push($kill_list, 'origname');
}

if (isset($item['hits'])) {
array_push($kill_list, 'hits');
}

if (count($kill_list) > 0) {
$kill_str = 'REMOVE '.implode(', ', $kill_list);
}
}

// TODO: only do updateItem if we need to change clicks or active
// for now, I want to replace the dumb is* keys with booleans
try {
$dyclient->updateItem(
[
'TableName' => aws_config::LINK_TABLE,
'Key' => ['Object ID' => ['S' => $key]],
'ExpressionAttributeValues' => [
':a' => [
'BOOL' => ($isActive && (!$isPrivate || $clicks >= 1)),
],
':c' => ['N' => strval(($isPrivate ? ($clicks - 1) : 0))],
':f' => ['BOOL' => (bool) $isFile],
':p' => ['BOOL' => (bool) $isPrivate],
],
// 'ExpressionAttributeNames' => [
// '#u' => 'url'
// ],
// 'ConditionExpression' => '((attribute_exists(active) AND active = 1) OR (attribute_exists(active_b) AND active_b = true)) AND ' .
// '((((attribute_exists(isPrivate) AND isPrivate == 1) OR (attribute_exists(private_b) AND private_b == true)) AND ' .
// 'clicks >= 1) OR ((attribute_exists(isPrivate) AND isPrivate == 0) or (attribute_exists(private_b) AND private_b == false)))',
'UpdateExpression' =>
'SET active_b = :a, clicks = :c, file_b = :f, private_b = :p '.
$kill_str,
],
);
try {
$dyclient->updateItem(
[
'TableName' => aws_config::LINK_TABLE,
'Key' => ['Object ID' => ['S' => $key]],
'ExpressionAttributeValues' => [
':a' => [
'BOOL' => ($isActive && (!$isPrivate || $clicks > 1)),
],
':c' => ['N' => strval(($isPrivate ? ($clicks - 1) : 0))],
],
'UpdateExpression' =>
'SET active_b = :a, clicks = :c '
],
);

} catch (DynamoDbException $dde) {
error_log('updateItem('.$key.') failed');
} catch (DynamoDbException $dde) {
error_log('updateItem('.$key.') failed');
}
}

}
Expand All @@ -899,14 +878,21 @@ class jump_api {
$ret = [ 'url' => $url, 'is-file' => $isFile];
}

if (!$isPrivate && self::$cache !== NULL) {
//self::$cache->add($key, $url);
self::$cache->add($key, $ret);
}
foreach(banned_terms() as $term){
if(strpos($url, $term) !== false){
error_log("got spam URL at key $key");
return self::error("Internal exception", 500);
}
}

if (!$isPrivate && self::$cache !== NULL) {
//self::$cache->add($key, $url);
self::$cache->add($key, $ret);
}


//if (isset($expires)) {
return self::success($ret);
return self::success($ret);
/*[
'url' => $url,
'is-file' => $isFile,
Expand All @@ -915,45 +901,45 @@ class jump_api {
);
} else {
return self::success(['url' => $url, 'is-file' => $isFile]);
}*/
}*/
}

public static function getBalance($input): array {

try {
$input = api_validator::validate($input);
} catch (ValidationException $ve) {
return self::error((string) $ve);
}
try {
$input = api_validator::validate($input);
} catch (ValidationException $ve) {
return self::error((string) $ve);
}

$dyclient = awsHelper::dydb_client();
$dyclient = awsHelper::dydb_client();

try {
$res = $dyclient->getItem(
[
'TableName' => aws_config::PROMO_TABLE,
'ConsistentRead' => true,
'Key' => ['code' => ['S' => $input['promo-code']]],
],
);
} catch (DynamoDbException $dydbe) {
return self::error('Promo code not found', 404);
}
try {
$res = $dyclient->getItem(
[
'TableName' => aws_config::PROMO_TABLE,
'ConsistentRead' => true,
'Key' => ['code' => ['S' => $input['promo-code']]],
],
);
} catch (DynamoDbException $dydbe) {
return self::error('Promo code not found', 404);
}

if (!isset($res['Item'])) {
return self::error("Promo code lookup failed", 404);
}
if (!isset($res['Item'])) {
return self::error("Promo code lookup failed", 404);
}

$large_files = intval($res['Item']['large-files']['N']);
$custom_urls = intval($res['Item']['custom-urls']['N']);
$large_files = intval($res['Item']['large-files']['N']);
$custom_urls = intval($res['Item']['custom-urls']['N']);

return self::success(
[
'large-files' => $large_files,
'large-file-size' => jump_config::PROMO_MAX_FILE_SIZE,
'custom-urls' => $custom_urls,
],
);
return self::success(
[
'large-files' => $large_files,
'large-file-size' => jump_config::PROMO_MAX_FILE_SIZE,
'custom-urls' => $custom_urls,
],
);
}

}
Expand Down

0 comments on commit f70038c

Please sign in to comment.