Permalink
Browse files

Option to test entry name against regular expression

  • Loading branch information...
dsamarin committed May 27, 2018
1 parent 2373e8c commit 7eb3d43b46568b24582bef3c87e14090926f7444
Showing with 26 additions and 4 deletions.
  1. +11 −3 admin.go
  2. +2 −0 config.yml
  3. +13 −1 zerodrop.go
@@ -401,6 +401,14 @@ func (a *AdminHandler) ServeNew(w http.ResponseWriter, r *http.Request) {
entry.Name = id.String()
}
if a.App.Config.disallowRegexp != nil {
// Check entry name against Disallow configuration
if a.App.Config.disallowRegexp.MatchString(entry.Name) {
http.Error(w, "Entry name has been disallowed", 500)
return
}
}
// Source information
switch form.Source {
case EntrySourceURL:
@@ -466,7 +474,7 @@ func (a *AdminHandler) ServeNew(w http.ResponseWriter, r *http.Request) {
if err := a.App.DB.Update(entry, claims); err != nil {
log.Printf("Error creating entry %s: %s", entry.Name, err)
} else {
log.Printf("Created entry %s", entry)
log.Printf("Created entry %s with %s", entry, RealRemoteIP(r))
}
redirectPage := a.App.Config.Base + "admin/my"
@@ -533,7 +541,7 @@ func (a *AdminHandler) ServeList(w http.ResponseWriter, r *http.Request) {
if err != nil {
log.Println(err)
} else {
log.Printf("Removed entry: %s", form.Name)
log.Printf("Removed entry %q with IP %s", form.Name, RealRemoteIP(r))
}
}
@@ -542,7 +550,7 @@ func (a *AdminHandler) ServeList(w http.ResponseWriter, r *http.Request) {
if err != nil {
log.Println(err)
} else {
log.Printf("Cleared all entries with token %q", form.Token)
log.Printf("Cleared all entries with token %q from %s", form.Token, RealRemoteIP(r))
}
}
@@ -26,6 +26,8 @@ uploadmaxsize: 1000000
# Boolean value inidicating whether everyone has can manage their own entries
public: false
# Regular expression to match entry name against to disallow
disallow: ^(admin|.well-known|sitemap.xml)
selfdestruct:
# Whether to allow self-destruct
@@ -2,9 +2,11 @@ package main
import (
"context"
"fmt"
"log"
"net/http"
"os"
"regexp"
"github.com/oftn-oswg/socket"
)
@@ -25,7 +27,9 @@ type ZerodropConfig struct {
UploadPermissions uint32 `default:"0600"`
UploadMaxSize uint64 `default:"1000000"`
Public bool `default:"false"`
Public bool `default:"false"`
Disallow string `default:""`
disallowRegexp *regexp.Regexp
SelfDestruct struct {
Enable bool `default:"false"`
@@ -63,6 +67,14 @@ func NewZerodropApp(config *ZerodropConfig) (app *ZerodropApp, err error) {
DB: &ZerodropDB{},
}
if config.Disallow != "" {
disallowRegexp, err := regexp.Compile(config.Disallow)
if err != nil {
return nil, fmt.Errorf("parsing Disallow field: %s", err)
}
config.disallowRegexp = disallowRegexp
}
app.AdminHandler, err = NewAdminHandler(app)
if err != nil {
return nil, err

0 comments on commit 7eb3d43

Please sign in to comment.