Forceu
diff --git a/‎docs/setup.rst‎
Lines changed: 1 addition & 0 deletions b/‎docs/setup.rst‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎internal/configuration/database/Database.go‎
Lines changed: 17 additions & 0 deletions b/‎internal/configuration/database/Database.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎internal/configuration/database/dbabstraction/DbAbstraction.go‎
Lines changed: 7 additions & 0 deletions b/‎internal/configuration/database/dbabstraction/DbAbstraction.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎internal/configuration/database/provider/redis/presign.go‎
Lines changed: 34 additions & 0 deletions b/‎internal/configuration/database/provider/redis/presign.go‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎internal/configuration/database/provider/sqlite/Sqlite.go‎
Lines changed: 14 additions & 1 deletion b/‎internal/configuration/database/provider/sqlite/Sqlite.go‎
Lines changed: 14 additions & 1 deletion
diff --git a/‎internal/configuration/database/provider/sqlite/presign.go‎
Lines changed: 53 additions & 0 deletions b/‎internal/configuration/database/provider/sqlite/presign.go‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎internal/configuration/setup/ProtectedUrls.go‎
Lines changed: 1 addition & 1 deletion b/‎internal/configuration/setup/ProtectedUrls.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/models/Presign.go‎
Lines changed: 7 additions & 0 deletions b/‎internal/models/Presign.go‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎internal/storage/FileServing.go‎
Lines changed: 3 additions & 0 deletions b/‎internal/storage/FileServing.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎internal/webserver/Webserver.go‎
Lines changed: 28 additions & 0 deletions b/‎internal/webserver/Webserver.go‎
Lines changed: 28 additions & 0 deletions
@@ -285,6 +285,7 @@ This option disables Gokapis internal authentication completely, except for API
 - ``/apiKeys``
 - ``/auth/token``
 - ``/changePassword``
+- ``/downloadPresigned``
 - ``/e2eSetup``
 - ``/filerequests``
 - ``/logs``
 
@@ -342,3 +342,20 @@ func SaveFileRequest(request models.FileRequest) int {
 func DeleteFileRequest(request models.FileRequest) {
 	db.DeleteFileRequest(request)
 }
+
+// Presigned URLs
+
+// GetPresignedUrl returns the presigned url with the given ID or false if not a valid ID
+func GetPresignedUrl(id string) (models.Presign, bool) {
+	return db.GetPresignedUrl(id)
+}
+
+// DeletePresignedUrl deletes the presigned url with the given ID
+func DeletePresignedUrl(id string) {
+	db.DeletePresignedUrl(id)
+}
+
+// SavePresignedUrl saves the presigned url
+func SavePresignedUrl(presign models.Presign) {
+	db.SavePresignedUrl(presign)
+}
@@ -107,6 +107,13 @@ type Database interface {
 	SaveFileRequest(request models.FileRequest) int
 	// DeleteFileRequest deletes a file request with the given ID
 	DeleteFileRequest(request models.FileRequest)
+
+	// GetPresignedUrl returns the presigned url with the given ID or false if not a valid ID
+	GetPresignedUrl(id string) (models.Presign, bool)
+	// DeletePresignedUrl deletes the presigned url with the given ID
+	DeletePresignedUrl(id string)
+	// SavePresignedUrl saves the presigned url
+	SavePresignedUrl(presign models.Presign)
 }
 
 // GetNew connects to the given database and initialises it
 
@@ -0,0 +1,34 @@
+package redis
+
+import (
+	"github.com/forceu/gokapi/internal/helper"
+	"github.com/forceu/gokapi/internal/models"
+	redigo "github.com/gomodule/redigo/redis"
+)
+
+const (
+	prefixPresign = "ps:"
+)
+
+// GetPresignedUrl returns the presigned url with the given ID or false if not a valid ID
+func (p DatabaseProvider) GetPresignedUrl(id string) (models.Presign, bool) {
+	hashmapEntry, ok := p.getHashMap(prefixPresign + id)
+	if !ok {
+		return models.Presign{}, false
+	}
+	var result models.Presign
+	err := redigo.ScanStruct(hashmapEntry, &result)
+	helper.Check(err)
+	return result, true
+}
+
+// SavePresignedUrl saves the presigned url
+func (p DatabaseProvider) SavePresignedUrl(presign models.Presign) {
+	p.setHashMap(p.buildArgs(prefixPresign + presign.Id).AddFlat(presign))
+	p.setExpiryAt(prefixPresign+presign.Id, presign.Expiry)
+}
+
+// DeletePresignedUrl deletes the presigned url with the given ID
+func (p DatabaseProvider) DeletePresignedUrl(id string) {
+	p.deleteKey(prefixPresign + id)
+}
@@ -60,7 +60,13 @@ func (p DatabaseProvider) Upgrade(currentDbVersion int) {
 										"maxSize"	INTEGER NOT NULL,
 										"creation"	INTEGER NOT NULL,
 										PRIMARY KEY("id" AUTOINCREMENT)
-									 );`)
+									 );
+									CREATE TABLE "Presign" (
+										"id"	TEXT NOT NULL UNIQUE,
+										"fileId"	TEXT NOT NULL,
+										"expiry"	INTEGER NOT NULL,
+										PRIMARY KEY("id")
+									);`)
 		helper.Check(err)
 		if environment.New().PermRequestGrantedByDefault {
 			for _, user := range p.GetAllUsers() {
@@ -144,6 +150,7 @@ func (p DatabaseProvider) Close() {
 func (p DatabaseProvider) RunGarbageCollection() {
 	p.cleanExpiredSessions()
 	p.cleanApiKeys()
+	p.cleanPresignedUrls()
 }
 
 func (p DatabaseProvider) createNewDatabase() error {
@@ -219,6 +226,12 @@ func (p DatabaseProvider) createNewDatabase() error {
 			"creation"	INTEGER NOT NULL,
 			PRIMARY KEY("id" AUTOINCREMENT)
 		);
+		CREATE TABLE "Presign" (
+			"id"	TEXT NOT NULL UNIQUE,
+			"fileId"	TEXT NOT NULL,
+			"expiry"	INTEGER NOT NULL,
+			PRIMARY KEY("id")
+		);
 `
 	err := p.rawSqlite(sqlStmt)
 	if err != nil {
 
@@ -0,0 +1,53 @@
+package sqlite
+
+import (
+	"database/sql"
+	"errors"
+
+	"github.com/forceu/gokapi/internal/helper"
+	"github.com/forceu/gokapi/internal/models"
+)
+
+type schemaPresign struct {
+	Id     string
+	FileId string
+	Expiry int64
+}
+
+// GetPresignedUrl returns the presigned url with the given ID or false if not a valid ID
+func (p DatabaseProvider) GetPresignedUrl(id string) (models.Presign, bool) {
+	var rowResult schemaPresign
+	row := p.sqliteDb.QueryRow("SELECT * FROM Presign WHERE Id = ?", id)
+	err := row.Scan(&rowResult.Id, &rowResult.FileId, &rowResult.Expiry)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return models.Presign{}, false
+		}
+		helper.Check(err)
+		return models.Presign{}, false
+	}
+	result := models.Presign{
+		Id:     rowResult.Id,
+		FileId: rowResult.FileId,
+		Expiry: rowResult.Expiry,
+	}
+	return result, true
+}
+
+// SavePresignedUrl saves the presigned url
+func (p DatabaseProvider) SavePresignedUrl(presign models.Presign) {
+	_, err := p.sqliteDb.Exec("INSERT OR REPLACE INTO Presign (Id, FileId,Expiry) VALUES (?, ?, ?)",
+		presign.Id, presign.FileId, presign.Expiry)
+	helper.Check(err)
+}
+
+// DeletePresignedUrl deletes the presigned url with the given ID
+func (p DatabaseProvider) DeletePresignedUrl(id string) {
+	_, err := p.sqliteDb.Exec("DELETE FROM Presign WHERE id = ?", id)
+	helper.Check(err)
+}
+
+func (p DatabaseProvider) cleanPresignedUrls() {
+	_, err := p.sqliteDb.Exec("DELETE FROM Presign WHERE expiry < ?", currentTime().Unix())
+	helper.Check(err)
+}
@@ -0,0 +1,7 @@
+package models
+
+type Presign struct {
+	Id     string
+	FileId string
+	Expiry int64
+}
@@ -46,6 +46,9 @@ var ErrorReplaceE2EFile = errors.New("end-to-end encrypted files cannot be repla
 // ErrorFileNotFound is raised when an invalid ID is passed or the file has expired
 var ErrorFileNotFound = errors.New("file not found")
 
+// ErrorInvalidPresign is raised when an invalid presign key has been passed or it has expired
+var ErrorInvalidPresign = errors.New("invalid presign")
+
 // NewFile creates a new file in the system. Called after an upload from the API has been completed. If a file with the same sha1 hash
 // already exists, it is deduplicated. This function gathers information about the file, creates an ID and saves
 // it into the global configuration. It is now only used by the API, the web UI uses NewFileFromChunk
 
@@ -100,6 +100,7 @@ func Start() {
 	mux.HandleFunc("/changePassword", requireLogin(changePassword, true, true))
 	mux.HandleFunc("/d", showDownload)
 	mux.HandleFunc("/downloadFile", downloadFile)
+	mux.HandleFunc("/downloadPresigned", requireLogin(downloadPresigned, false, false))
 	mux.HandleFunc("/e2eSetup", requireLogin(showE2ESetup, true, false))
 	mux.HandleFunc("/error", showError)
 	mux.HandleFunc("/error-auth", showErrorAuth)
@@ -909,6 +910,33 @@ func downloadFile(w http.ResponseWriter, r *http.Request) {
 	serveFile(id, true, w, r)
 }
 
+// Handling of /downloadPresigned
+// Outputs the file to the user and reduces the download remaining count for the file, if requested
+func downloadPresigned(w http.ResponseWriter, r *http.Request) {
+	id, ok := r.URL.Query()["id"]
+	if !ok || len(id[0]) < configuration.Get().LengthId {
+		responseError(w, storage.ErrorFileNotFound)
+		return
+	}
+	presignKey, ok := r.URL.Query()["key"]
+	if !ok {
+		responseError(w, storage.ErrorInvalidPresign)
+		return
+	}
+	presign, ok := database.GetPresignedUrl(presignKey[0])
+	if !ok || presign.Expiry < time.Now().Unix() || presign.FileId != id[0] {
+		responseError(w, storage.ErrorInvalidPresign)
+		return
+	}
+	savedFile, ok := storage.GetFile(presign.FileId)
+	if !ok {
+		responseError(w, storage.ErrorFileNotFound)
+		return
+	}
+	database.DeletePresignedUrl(presign.Id)
+	storage.ServeFile(savedFile, w, r, true, false)
+}
+
 func serveFile(id string, isRootUrl bool, w http.ResponseWriter, r *http.Request) {
 	addNoCacheHeader(w)
 	savedFile, ok := storage.GetFile(id)