First working prototype

Author: Forceu

internal/models/FileList.go

@@ -97,8 +97,8 @@ func (f *File) ToFileApiOutput(serverUrl string, useFilenameInUrl bool) (FileApi
 	if !f.IsFileRequest() {
 		result.UrlHotlink = getHotlinkUrl(result, serverUrl, useFilenameInUrl)
 		result.UrlDownload = getDownloadUrl(result, serverUrl, useFilenameInUrl)
+		result.UploaderId = f.UserId
 	}
-	result.UploaderId = f.UserId
 	result.IsPendingDeletion = f.IsPendingForDeletion()
 	result.FileRequestId = f.UploadRequestId
 	result.ExpireAtString = time.Unix(f.ExpireAt, 0).UTC().Format("2006-01-02 15:04:05")

internal/storage/FileServing.go

@@ -291,25 +291,26 @@ func encryptChunkFile(file *os.File, metadata *models.File) (*os.File, error) {
 	return tempFileEnc, nil
 }
 
-func createNewMetaData(hash string, fileHeader chunking.FileHeader, userId int, uploadRequest models.UploadParameters) models.File {
+func createNewMetaData(hash string, fileHeader chunking.FileHeader, userId int, params models.UploadParameters) models.File {
 	file := models.File{
 		Id:                 createNewId(),
 		Name:               fileHeader.Filename,
 		SHA1:               hash,
 		Size:               helper.ByteCountSI(fileHeader.Size),
 		SizeBytes:          fileHeader.Size,
 		ContentType:        fileHeader.ContentType,
-		ExpireAt:           uploadRequest.ExpiryTimestamp,
+		ExpireAt:           params.ExpiryTimestamp,
 		UploadDate:         time.Now().Unix(),
-		DownloadsRemaining: uploadRequest.AllowedDownloads,
-		UnlimitedTime:      uploadRequest.UnlimitedTime,
-		UnlimitedDownloads: uploadRequest.UnlimitedDownload,
-		PasswordHash:       configuration.HashPassword(uploadRequest.Password, true),
+		DownloadsRemaining: params.AllowedDownloads,
+		UnlimitedTime:      params.UnlimitedTime,
+		UnlimitedDownloads: params.UnlimitedDownload,
+		PasswordHash:       configuration.HashPassword(params.Password, true),
 		UserId:             userId,
+		UploadRequestId:    params.FileRequestId,
 	}
-	if uploadRequest.IsEndToEndEncrypted {
+	if params.IsEndToEndEncrypted {
 		file.Encryption = models.EncryptionInfo{IsEndToEndEncrypted: true, IsEncrypted: true}
-		file.Size = helper.ByteCountSI(uploadRequest.RealSize)
+		file.Size = helper.ByteCountSI(params.RealSize)
 	}
 	if isEncryptionRequested() {
 		file.Encryption.IsEncrypted = true

internal/webserver/Webserver.go

@@ -7,6 +7,7 @@ Handling of webserver and requests / uploads
 import (
 	"bytes"
 	"context"
+	"crypto/subtle"
 	"embed"
 	"encoding/base64"
 	"errors"
@@ -115,6 +116,7 @@ func Start() {
 	mux.HandleFunc("/login", showLogin)
 	mux.HandleFunc("/logs", requireLogin(showLogs, true, false))
 	mux.HandleFunc("/logout", doLogout)
+	mux.HandleFunc("/publicUpload", showPublicUpload)
 	mux.HandleFunc("/uploadChunk", requireLogin(uploadChunk, false, false))
 	mux.HandleFunc("/uploadStatus", requireLogin(sse.GetStatusSSE, false, false))
 	mux.HandleFunc("/users", requireLogin(showUserAdmin, true, false))
@@ -357,9 +359,12 @@ func validateNewPassword(newPassword string, user models.User) (string, string,
 
 // Handling of /error
 func showError(w http.ResponseWriter, r *http.Request) {
-	const invalidFile = 0
-	const noCipherSupplied = 1
-	const wrongCipher = 2
+	const (
+		invalidFile = iota
+		noCipherSupplied
+		wrongCipher
+		invalidFileRequest
+	)
 
 	errorReason := invalidFile
 	if r.URL.Query().Has("e2e") {
@@ -368,6 +373,9 @@ func showError(w http.ResponseWriter, r *http.Request) {
 	if r.URL.Query().Has("key") {
 		errorReason = wrongCipher
 	}
+	if r.URL.Query().Has("fr") {
+		errorReason = invalidFileRequest
+	}
 	err := templateFolder.ExecuteTemplate(w, "error", genericView{
 		ErrorId:       errorReason,
 		PublicName:    configuration.Get().PublicName,
@@ -523,7 +531,7 @@ type LoginView struct {
 // If it exists, a download form is shown, or a password needs to be entered.
 func showDownload(w http.ResponseWriter, r *http.Request) {
 	addNoCacheHeader(w)
-	keyId := queryUrl(w, r, "error")
+	keyId := queryUrl(w, r, "id", "error")
 	file, ok := storage.GetFile(keyId)
 	if !ok || file.IsFileRequest() {
 		redirect(w, "error")
@@ -597,8 +605,8 @@ func showHotlink(w http.ResponseWriter, r *http.Request) {
 
 // Checks if a file is associated with the GET parameter from the current URL
 // Stops for 500ms to limit brute forcing if invalid key and redirects to redirectUrl
-func queryUrl(w http.ResponseWriter, r *http.Request, redirectUrl string) string {
-	keys, ok := r.URL.Query()["id"]
+func queryUrl(w http.ResponseWriter, r *http.Request, keyword string, redirectUrl string) string {
+	keys, ok := r.URL.Query()[keyword]
 	if !ok || len(keys[0]) < configuration.Get().LengthId {
 		select {
 		case <-time.After(500 * time.Millisecond):
@@ -883,6 +891,35 @@ type userInfo struct {
 	User        models.User
 }
 
+// Handling of /publicUpload
+func showPublicUpload(w http.ResponseWriter, r *http.Request) {
+	addNoCacheHeader(w)
+	fileRequestId := queryUrl(w, r, "id", "error?fr")
+	request, ok := filerequest.Get(fileRequestId)
+	if !ok {
+		redirect(w, "error?fr")
+		return
+	}
+	apiKey := queryUrl(w, r, "key", "error?fr")
+	if subtle.ConstantTimeCompare([]byte(request.ApiKey), []byte(apiKey)) != 1 {
+		redirect(w, "error?fr")
+		return
+	}
+
+	config := configuration.Get()
+
+	view := filerequestView{
+		PublicName:    config.PublicName,
+		ApiKey:        apiKey,
+		FileRequestId: fileRequestId,
+		ChunkSize:     configuration.Get().ChunkSize,
+		CustomContent: customStaticInfo,
+	}
+
+	err := templateFolder.ExecuteTemplate(w, "publicUpload", view)
+	helper.CheckIgnoreTimeout(err)
+}
+
 // Handling of /uploadChunk
 // If the user is authenticated, this parses the uploaded chunk and stores it
 func uploadChunk(w http.ResponseWriter, r *http.Request) {
@@ -917,7 +954,7 @@ func downloadFileWithNameInUrl(w http.ResponseWriter, r *http.Request) {
 // Handling of /downloadFile
 // Outputs the file to the user and reduces the download remaining count for the file
 func downloadFile(w http.ResponseWriter, r *http.Request) {
-	id := queryUrl(w, r, "error")
+	id := queryUrl(w, r, "id", "error")
 	serveFile(id, true, w, r)
 }
 
@@ -1065,3 +1102,14 @@ type oauthErrorView struct {
 	ErrorProvidedMessage string
 	CustomContent        customStatic
 }
+
+// A view containing parameters for a generic template
+type filerequestView struct {
+	IsAdminView    bool
+	IsDownloadView bool
+	PublicName     string
+	ApiKey         string
+	FileRequestId  string
+	ChunkSize      int
+	CustomContent  customStatic
+}

internal/webserver/api/routing.go

@@ -92,7 +92,7 @@ var routes = []apiRoute{
 		Url:              "/chunk/uploadRequestComplete",
 		ApiPerm:          models.ApiPermNone,
 		IsFileRequestApi: true,
-		execution:        apiChunkAdd,
+		execution:        apiChunkUploadRequestComplete,
 		RequestParser:    &paramChunkUploadRequestComplete{},
 	},
 	{

internal/webserver/web/templates/html_error.tmpl

@@ -16,6 +16,9 @@
 {{ if eq .ErrorId 2 }}
 		    This file is encrypted and an incorrect key has been passed.<br><br>If this file is end-to-end encrypted, please contact the uploader to give you the correct link, including the value after the hash.
 {{ end }}
+{{ if eq .ErrorId 3 }}
+		    Unable to upload files.<br><br>Either the request has expired or an invalid request was submitted.
+{{ end }}
 <br>&nbsp;
 		    </p>
 		  </div>

internal/webserver/web/templates/html_public_upload.tmpl

@@ -0,0 +1,106 @@
+{{define "publicUpload"}}{{template "header" .}}
+
+<input type="file" id="fileInput" multiple />
+<br><br>
+<button onclick="startUpload()">Upload</button>
+
+<div id="status"></div>
+
+<script>
+const CHUNK_SIZE = {{ .ChunkSize }} * 1024 * 1024;
+const UPLOAD_URL = "./api/chunk/uploadRequestAdd";
+const COMPLETE_URL = "./api/chunk/uploadRequestComplete";
+
+const FILE_REQUEST_ID = "{{ .FileRequestId }}";
+const API_KEY = "{{ .ApiKey }}";
+
+function generateUUID() {
+  return crypto.randomUUID();
+}
+
+async function startUpload() {
+  const files = document.getElementById("fileInput").files;
+  const status = document.getElementById("status");
+  status.innerHTML = "";
+
+  for (const file of files) {
+    const fileDiv = document.createElement("div");
+    fileDiv.className = "file";
+    fileDiv.innerHTML = `
+      <strong>${file.name}</strong><br>
+      <progress value="0" max="${file.size}"></progress>
+      <span class="progressText">0%</span>
+    `;
+    status.appendChild(fileDiv);
+
+    const progressBar = fileDiv.querySelector("progress");
+    const progressText = fileDiv.querySelector(".progressText");
+
+    const uuid = generateUUID();
+    let offset = 0;
+
+    while (offset < file.size) {
+      const chunk = file.slice(offset, offset + CHUNK_SIZE);
+
+      const formData = new FormData();
+      formData.append("file", chunk);
+      formData.append("uuid", uuid);
+      formData.append("filesize", file.size);
+      formData.append("offset", offset);
+
+      const response = await fetch(UPLOAD_URL, {
+        method: "POST",
+        body: formData,
+        headers: {
+        'apikey': API_KEY,
+        "fileRequestId": FILE_REQUEST_ID
+        }
+      });
+
+      if (!response.ok) {
+        throw new Error(`Chunk upload failed: ${response.status}`);
+      }
+
+      offset += chunk.size;
+      progressBar.value = offset;
+      progressText.textContent = Math.floor((offset / file.size) * 100) + "%";
+    }
+
+    // Finalize upload
+    await finalizeUpload(file, uuid);
+    progressText.textContent = "✔ Completed";
+  }
+}
+
+async function finalizeUpload(file, uuid) {
+  const headers = {
+    "uuid": uuid,
+    "fileRequestId": FILE_REQUEST_ID,
+    "filename": encodeFilename(file.name),
+    "filesize": file.size,
+        'apikey': API_KEY,
+    "contenttype": file.type || "application/octet-stream"
+  };
+
+  const response = await fetch(COMPLETE_URL, {
+    method: "POST",
+    headers: headers
+  });
+
+  if (!response.ok) {
+    throw new Error(`Finalize failed: ${response.status}`);
+  }
+
+  return response;
+}
+
+function encodeFilename(name) {
+  return "base64:" + btoa(unescape(encodeURIComponent(name)));
+}
+</script>
+
+{{ template "pagename" "PublicUpload"}}
+{{ template "customjs" .}}
+        
+{{template "footer"}}    
+{{end}}

internal/webserver/web/templates/html_uploadrequest.tmpl

@@ -11,7 +11,7 @@
 		      <h3 class="card-title mb-0">File Requests</h3>
 		    </div>
 		    <div class="col text-end">
-		      <button id="button-newapi" class="btn btn-outline-light" onclick="newFileRequest()">
+		      <button id="button-newfr" class="btn btn-outline-light" onclick="newFileRequest()">
                     <i class="bi bi-plus-circle-fill"></i>
                 </button>
 		    </div>
@@ -38,7 +38,7 @@
 
 {{ range .FileRequests }}
                             <tr id="row-{{ .Id }}" class="no-bottom-border">
-		                    <td>{{ .Name }}</td>
+		                    <td><a href="{{ $.ServerUrl }}publicUpload?id={{ .Id }}&key={{ .ApiKey }}" target="_blank">{{ .Name }}</a></td>
 				    {{ template "uRFileCell" . }}
 		                    <td>{{ .GetReadableTotalSize }}</td>
             			    <td><span id="cell-lastupdate-{{ .Id }}"></span></td>
@@ -53,6 +53,9 @@
 		                    	<div class="btn-group" role="group">
                                 {{ template "uRDownloadbutton" . }}
 
+                                
+                                <button id="copy-{{ .Id }}" type="button" data-clipboard-text="{{ $.ServerUrl }}publicUpload?id={{ .Id }}&key={{ .ApiKey }}" class="copyurl btn btn-outline-light btn-sm" onclick="showToast(1000);" title="Copy URL"><i class="bi bi-copy"></i></button>
+                                
 		                        <button id="edit-{{ .Id }}" type="button" title="Edit request" class="btn btn-outline-light btn-sm" onclick="editFileRequest('{{ .Id }}', '{{ .Name }}', {{ .MaxFiles }}, {{ .MaxSize }}, {{ .Expiry }})">
 		                        	<i class="bi bi-pencil"></i></button>
 
@@ -100,7 +103,7 @@
                 </div>
             </div>
         </div>
-	<div id="toastnotification" class="toastnotification" data-default="API key copied to clipboard">Toast Text</div>
+	<div id="toastnotification" class="toastnotification" data-default="URL copied to clipboard">Toast Text</div>
     </div>
 </div>
 <script src="./js/min/admin.min.{{ template "js_admin_version"}}.js"></script>