Changed from ip whitelist to token based auth

This commit is contained in:
kanadeko 2017-01-14 18:13:58 -03:00
parent 3afa24ddaf
commit b81cf72ac4
9 changed files with 45 additions and 44 deletions

3
.gitignore vendored
View File

@ -1,5 +1,6 @@
node_modules/
uploads/
logs/
database/db
config.js
db
start.json

View File

@ -5,9 +5,14 @@ Pomf-like image uploading service, written in NodeJS
---
1. Clone
2. Rename `config.sample.js` to `config.js`
3. Modify port and privacy options if desired
4. run `npm install` to install all dependencies
5. run `node lolisafe.js` to start the service
4. Modify port and token options if desired
3. run `npm install` to install all dependencies
5. run `pm2 start lolisafe.js` or `node lolisafe.js` to start the service
### Token
This service supports running both as public and private. The only difference is that one needs a token and the other one doesn't. If you want it to be public so anyone can upload files either from the website or API, just leave the token empty on the config file.
But if you want to run it privately, you need to specify a random string, which you'll need to provide in every API call as a header called `auth`.
---
## Using it
@ -18,4 +23,4 @@ A chrome extension to be able to right click images -> send to safe is in the wo
If you are using nginx, you should set inside your location block the following directive, replacing the number with the one you want set up `client_max_body_size 512M;`
If using apache, you should change the following directives on your config `memory_limit = 512M`
If using apache, you should change the following directives on your config `RLimitMEM 512M`

View File

@ -2,31 +2,27 @@ module.exports = {
/*
NOTES:
All folders specified on this file will be created automagically.
Most options shouldn't be touched, and the service should run straight up.
Ideally the only options you should change are port and basedomain.
*/
// Token to use on the api. Leave blank for public
TOKEN: 'YOURSUPERSECRETTOKEN',
// Port on which to run the server
port: 9999,
// Upload restrictions
privacy: {
// Is the service public? If so, anyone with the URL can upload files
public: false,
// If not, which IP's should be able to access?
IPs: [
'::1',
'127.0.0.1'
]
},
// Uploads config
uploads: {
// Where to serve the uploaded files.
basedomain: 'https://i.kanacchi.moe/',
// If prefix is set, it will be appended at the end of basedomain.
// Ex: https://i.kanacchi.moe/prefix/k4n4.png
// Leave blank to use the basedomain
prefix: '',
// Folder where images should be stored
folder: 'uploads',
@ -35,10 +31,6 @@ module.exports = {
// The length of the random generated name for the uploaded files
fileLength: 4,
// Prefix before linking an uploaded file. Ex: your-domain.com/prefix/k4n4.png
// Leave blank for no prefix
prefix: ''
},
// Folder where to store logs

View File

@ -5,8 +5,9 @@ let galleryController = {}
galleryController.list = function(req, res, next){
if(!config.privacy.public)
if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
if(config.TOKEN !== '')
if(req.headers.auth !== config.TOKEN)
return res.status(401).send('not-authorized')
db.table('gallery').select('id', 'name').then((data) => {
res.json({ data })
@ -15,8 +16,9 @@ galleryController.list = function(req, res, next){
galleryController.test = function(req, res, next){
if(!config.privacy.public)
if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
if(config.TOKEN !== '')
if(req.headers.auth !== config.TOKEN)
return res.status(401).send('not-authorized')
let testdata = [
{name: 'Test 1'},

View File

@ -22,10 +22,11 @@ const upload = multer({
uploadsController.upload = function(req, res, next){
let gallery = req.headers.gallery
if(config.TOKEN !== '')
if(req.headers.auth !== config.TOKEN)
return res.status(401).send('not-authorized')
if(!config.privacy.public)
if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
let gallery = req.headers.gallery
upload(req, res, function (err) {
if (err) {
@ -38,7 +39,7 @@ uploadsController.upload = function(req, res, next){
galleryid: gallery
}).then(() => {
return res.json({
'filename': req.file.filename
'url': config.uploads.basedomain + req.file.filename
})
})

View File

@ -31,3 +31,6 @@ safe.use(function (err, req, res, next) {
})
safe.listen(config.port, () => console.log(`loli-safe started on port ${config.port}`))
if(config.TOKEN !== '') console.log('Use the following token as the \'auth\' header in your requests to the API: ' + config.TOKEN)
else console.log('Running lolisafe in public mode. No token required.')

View File

@ -1,9 +1,8 @@
{
"name": "loli-safe",
"version": "1.0.0",
"description": "Pomf-like uploading service, written in NodeJS",
"description": "Pomf-like uploading service, written in node",
"author": "kanadeko",
"main": "lolibank.js",
"repository": {
"type": "git",
"url": "https://github.com/kanadeko/loli-safe"

View File

@ -1,5 +1,4 @@
var maxSize = '512';
var urlPrefix = '';
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
@ -10,8 +9,6 @@ xhr.onreadystatechange = function() {
}
if(xhr.responseText.maxFileSize)
maxSize = xhr.responseText.maxFileSize;
if(xhr.responseText.urlPrefix)
urlPrefix = xhr.responseText.urlPrefix + '/';
}
}
xhr.open('GET', '/api/info', true);
@ -45,7 +42,7 @@ window.onload = function () {
dropzone.on("success", function(file, response) {
// Handle the responseText here. For example, add the text to the preview element:
a = document.createElement('a');
a.href = window.location.origin + '/' + urlPrefix + response.filename;
a.href = response.url;
a.target = '_blank';
a.innerHTML = response.filename;

View File

@ -4,12 +4,13 @@ const uploadController = require('../controllers/uploadController')
const galleryController = require('../controllers/galleryController')
routes.get ('/info', (req, res, next) => {
if(!config.privacy.public)
if(!config.privacy.IPs.includes(req.ip)) return res.status(401).send('not-authorized')
if(config.TOKEN !== '')
if(req.headers.auth !== config.TOKEN)
return res.status(401).send('not-authorized')
return res.json({
maxFileSize: config.uploads.maxsize.slice(0, -2),
urlPrefix: config.uploads.prefix
maxFileSize: config.uploads.maxsize.slice(0, -2)
})
})