forked from gitbot/uguu
Compare commits
14 Commits
Author | SHA1 | Date |
---|---|---|
nokonoko | 5d44b61c16 | |
nokonoko | 85d74c0d22 | |
nokonoko | e3b2d66ef3 | |
nokonoko | 8ea87bf207 | |
nokonoko | cf1d2267e3 | |
Eric Johansson (neku) | 7002081c5c | |
nokonoko | 8c2ebd4b8e | |
nokonoko | 8a32b18eae | |
nokonoko | c685ab1fc3 | |
nokonoko | 30bd416912 | |
nokonoko | 48233fb137 | |
nokonoko | 74d3554fa6 | |
nokonoko | 1d15881dee | |
nokonoko | b873b00865 |
|
@ -1,3 +1,7 @@
|
|||
|
||||
.DS_Store
|
||||
DS_Store
|
||||
dist
|
||||
node_modules
|
||||
build
|
||||
package.json
|
||||
package-lock.json
|
||||
.DS_Store
|
||||
|
|
105
README.md
105
README.md
|
@ -1,6 +1,6 @@
|
|||
# What is Uguu?
|
||||
|
||||
Uguu is a simple lightweight temporary file uploading and sharing platform where files get deleted after X amount of time.
|
||||
Uguu is a simple lightweight file uploading and sharing platform, with the option for files to expire.
|
||||
|
||||
## Features
|
||||
|
||||
|
@ -23,9 +23,110 @@ See the real world example at [uguu.se](https://uguu.se).
|
|||
Original development environment is Nginx + PHP5.3 + SQLite, but is confirmed to
|
||||
work with Apache 2.4 and newer PHP versions like PHP7.3.
|
||||
|
||||
Node is used to compile Uguu.
|
||||
|
||||
## Install
|
||||
|
||||
A detailed installation and configuration can be found at [Uguu/Pomf Documentation](https://blog.yeet.nu/blog/uguu-docs).
|
||||
**Detailed installation and configuration can be found at [Uguu Documentation](https://blog.yeet.nu/blog/uguu-docs).**
|
||||
|
||||
If you don't need a detailed one just follow the instructions below.
|
||||
|
||||
### Compiling
|
||||
|
||||
First you must get a copy of the uguu code. To do so, clone this git repo.
|
||||
```bash
|
||||
git clone https://github.com/nokonoko/uguu
|
||||
```
|
||||
|
||||
**Run the following commands to do so, please configure `dist.json` before you compile.**
|
||||
```bash
|
||||
cd uguu/
|
||||
make
|
||||
make install
|
||||
```
|
||||
OR
|
||||
```bash
|
||||
make install DESTDIR=/desired/path/for/site
|
||||
```
|
||||
After this, the uguu site is now compressed and set up inside `dist/`, or, if specified, `DESTDIR`.
|
||||
|
||||
## Configuring
|
||||
|
||||
Front-end related settings, such as the name of the site, and maximum allowable
|
||||
file size, are found in `dist.json`. Changes made here will
|
||||
only take effect after rebuilding the site pages. This may be done by running
|
||||
`make` from the root of the site directory.
|
||||
|
||||
**Back-end related settings, such as database configuration, and path for uploaded files, are found in `includes/settings.inc.php`. Changes made here take effect immediately. Change the following settings:**
|
||||
```php
|
||||
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
|
||||
define('UGUU_FILES_ROOT', '/path/to/file/');
|
||||
define('UGUU_URL', 'https://subdomainforyourfiles.your.site');
|
||||
```
|
||||
|
||||
**If you intend to allow uploading files larger than 2 MB, you may also need to
|
||||
increase POST size limits in `php.ini` and webserver configuration. For PHP,
|
||||
modify `upload_max_filesize` and `post_max_size` values. The configuration
|
||||
option for nginx webserver is `client_max_body_size`.**
|
||||
|
||||
**Edit checkdb.sh and checkfiles.sh to the proper paths:**
|
||||
```bash
|
||||
sqlite3 /path/to/db/uguu.sq3 "DELETE FROM files WHERE date <= strftime('%s', datetime('now', '-1 day'));"
|
||||
```
|
||||
```bash
|
||||
find /path/to/files/ -mmin +1440 -exec rm -f {} \;
|
||||
```
|
||||
**Then add them to your crontab:**
|
||||
```bash
|
||||
0,30 * * * * bash /path/to/checkfiles.sh
|
||||
0,30 * * * * bash /path/to/checkdb.sh
|
||||
```
|
||||
|
||||
These scripts check if DB entries and files are older then 24 hours and if they are deletes them.
|
||||
|
||||
## MIME/EXT Blocking
|
||||
|
||||
**Blocking certain filetypes from being uploaded can be changed by editing the following settings in `includes/settings.inc.php`:**
|
||||
```php
|
||||
define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg']));
|
||||
define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));
|
||||
```
|
||||
By default the most common malicious filetypes are blocked.
|
||||
|
||||
## IP logging
|
||||
This is turned off by default, but you can enable it by changing:
|
||||
```php
|
||||
define('LOG_IP', 'false');
|
||||
```
|
||||
|
||||
## Anti dupe
|
||||
This is turned off by default, if a user uploads a file already uploaded the link to the already existing file will be returned instead.
|
||||
```php
|
||||
define('ANTI_DUPE', 'false');
|
||||
```
|
||||
|
||||
## Using SQLite as DB engine
|
||||
|
||||
We need to create the SQLite database before it may be used by uguu.
|
||||
Fortunately, this is incredibly simple.
|
||||
|
||||
First create a directory for the database, e.g. `mkdir /var/db/uguu`.
|
||||
Then, create a new SQLite database from the schema, e.g. `sqlite3 /var/db/uguu/uguu.sq3 -init /home/uguu/sqlite_schema.sql`.
|
||||
Then, finally, ensure the permissions are correct, e.g.
|
||||
```bash
|
||||
chown www-data:www-data /var/db/uguu
|
||||
chmod 0750 /var/db/uguu
|
||||
chmod 0640 /var/db/uguu/uguu.sq3
|
||||
```
|
||||
|
||||
Finally, edit `includes/settings.inc.php` to indicate this is the database engine you would like to use. Make the changes outlined below
|
||||
```php
|
||||
define('UGUU_DB_CONN', '[stuff]'); ---> define('UGUU_DB_CONN', 'sqlite:/var/db/uguu/uguu.sq3');
|
||||
define('UGUU_DB_USER', '[stuff]'); ---> define('UGUU_DB_USER', null);
|
||||
define('UGUU_DB_PASS', '[stuff]'); ---> define('UGUU_DB_PASS', null);
|
||||
```
|
||||
|
||||
*NOTE: The directory where the SQLite database is stored, must be writable by the web server user*
|
||||
|
||||
## API
|
||||
To upload using curl or make a tool you can post using:
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
"max_upload_size": 128,
|
||||
"production": false,
|
||||
"siteName": "SITENAME",
|
||||
"siteUrl": "https://yoursite.com",
|
||||
"siteUrl": "http://localhost",
|
||||
"abuseContact": "abuse@example.com",
|
||||
"infoContact": "info@example.com",
|
||||
"ServerCountryLocation": "Sweden",
|
||||
|
@ -27,4 +27,4 @@
|
|||
"paypalUrl": "",
|
||||
"bitcoinAddress": "",
|
||||
"flattrUrl": ""
|
||||
}
|
||||
}
|
||||
|
|
27
package.json
27
package.json
|
@ -1,27 +0,0 @@
|
|||
{
|
||||
"name": "uguu",
|
||||
"version": "1.0.0",
|
||||
"description": "Kawaii file host",
|
||||
"homepage": "https://uguu.se/",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/nokonoko/pomf"
|
||||
},
|
||||
"author": "Eric Johansson <neku@pomf.se>",
|
||||
"contributors": [
|
||||
"Pomf Community <github.com/pomf/pomf>"
|
||||
],
|
||||
"license": "MIT",
|
||||
"bugs": {
|
||||
"url": "https://github.com/nokonoko/uguu/issues"
|
||||
},
|
||||
"devDependencies": {
|
||||
"clean-css": "^4.2.1",
|
||||
"clean-css-cli": "^4.3.0",
|
||||
"uglify-js": "^2.6.2",
|
||||
"swig": "^1.4.2"
|
||||
},
|
||||
"dependencies": {
|
||||
"htmlmin": "0.0.6"
|
||||
}
|
||||
}
|
|
@ -4,29 +4,27 @@ class UploadedFile
|
|||
{
|
||||
/* Public attributes */
|
||||
public $name;
|
||||
public $mime;
|
||||
public $size;
|
||||
public $tempfile;
|
||||
public $error;
|
||||
|
||||
/**
|
||||
* SHA-1 checksum
|
||||
*
|
||||
* @var string 40 digit hexadecimal hash (160 bits)
|
||||
*/
|
||||
private $sha1;
|
||||
|
||||
/**
|
||||
* Generates the SHA-1 or returns the cached SHA-1 hash for the file.
|
||||
*
|
||||
* @return string|false $sha1
|
||||
*/
|
||||
public function getSha1()
|
||||
{
|
||||
if (!$this->sha1) {
|
||||
$this->sha1 = sha1_file($this->tempfile);
|
||||
}
|
||||
|
||||
return $this->sha1;
|
||||
}
|
||||
|
||||
private $mime;
|
||||
public function getMime()
|
||||
{
|
||||
if (!$this->mime) {
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$this->mime = finfo_file($finfo, $this->tempfile);
|
||||
finfo_close($finfo);
|
||||
}
|
||||
return $this->mime;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,10 @@ define('UGUU_DB_USER', 'NULL');
|
|||
define('UGUU_DB_PASS', 'NULL');
|
||||
|
||||
/** Log IP of uploads */
|
||||
define('LOG_IP', 'no');
|
||||
define('LOG_IP', 'false');
|
||||
|
||||
/** Dont upload a file already in the DB */
|
||||
define('ANTI_DUPE', 'false');
|
||||
|
||||
/*
|
||||
* File system location where to store uploaded files
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
* Handles POST uploads, generates filenames, moves files around and commits
|
||||
* uploaded metadata to database.
|
||||
*/
|
||||
|
||||
require_once 'classes/Response.class.php';
|
||||
require_once 'classes/UploadException.class.php';
|
||||
require_once 'classes/UploadedFile.class.php';
|
||||
|
@ -24,12 +23,9 @@ function generateName($file)
|
|||
// We start at N retries, and --N until we give up
|
||||
$tries = UGUU_FILES_RETRIES;
|
||||
$length = UGUU_FILES_LENGTH;
|
||||
|
||||
//Get EXT
|
||||
$ext = pathinfo($file->name, PATHINFO_EXTENSION);
|
||||
//Get mime
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$type_mime = finfo_file($finfo, $file->tempfile);
|
||||
finfo_close($finfo);
|
||||
|
||||
// Check if extension is a double-dot extension and, if true, override $ext
|
||||
$revname = strrev($file->name);
|
||||
|
@ -42,8 +38,8 @@ function generateName($file)
|
|||
do {
|
||||
// Iterate until we reach the maximum number of retries
|
||||
if ($tries-- === 0) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Gave up trying to find an unused name',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
|
@ -60,17 +56,16 @@ function generateName($file)
|
|||
$name .= '.'.$ext;
|
||||
}
|
||||
|
||||
//Check if mime is blacklisted
|
||||
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
|
||||
http_response_code(415);
|
||||
throw new Exception ('Extension type not allowed.');
|
||||
//Check if MIME is blacklisted
|
||||
if (in_array($file->getMime(), unserialize(CONFIG_BLOCKED_MIME))) {
|
||||
http_response_code(415);
|
||||
throw new UploadException(UPLOAD_ERR_EXTENSION);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
}
|
||||
//Check if EXT is blacklisted
|
||||
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
|
||||
http_response_code(415);
|
||||
throw new Exception ('Extension type not allowed.');
|
||||
http_response_code(415);
|
||||
throw new UploadException(UPLOAD_ERR_EXTENSION);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
@ -80,9 +75,10 @@ function generateName($file)
|
|||
$q->execute();
|
||||
$result = $q->fetchColumn();
|
||||
// If it does, generate a new name
|
||||
} while ($result > 0);
|
||||
return $name;
|
||||
}
|
||||
} while ($result > 0);
|
||||
|
||||
return $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the uploading and db entry for a file.
|
||||
|
@ -102,19 +98,41 @@ function uploadFile($file)
|
|||
throw new UploadException($file->error);
|
||||
}
|
||||
|
||||
// Generate a name for the file
|
||||
$newname = generateName($file);
|
||||
//fixes a bug
|
||||
$lol = $file->getSha1();
|
||||
|
||||
// Check if a file with the same hash and size (a file which is the same)
|
||||
// does already exist in the database; if it does, return the proper link
|
||||
// and data. PHP deletes the temporary file just uploaded automatically.
|
||||
if(ANTI_DUPE == 'true'){
|
||||
$q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)');
|
||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
return [
|
||||
'hash' => $file->getSha1(),
|
||||
'name' => $file->name,
|
||||
'url' => UGUU_URL.rawurlencode($result['filename']),
|
||||
'size' => $file->size,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
// Get IP
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
// Generate a name for the file
|
||||
$newname = generateName($file);
|
||||
|
||||
// Store the file's full file path in memory
|
||||
$uploadFile = UGUU_FILES_ROOT . $newname;
|
||||
$uploadFile = UGUU_FILES_ROOT.$newname;
|
||||
|
||||
// Attempt to move it to the static directory
|
||||
if (!move_uploaded_file($file->tempfile, $uploadFile)) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Failed to move file to destination',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
|
@ -122,47 +140,46 @@ function uploadFile($file)
|
|||
|
||||
// Need to change permissions for the new file to make it world readable
|
||||
if (!chmod($uploadFile, 0644)) {
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
http_response_code(500);
|
||||
throw new Exception(
|
||||
'Failed to change file permissions',
|
||||
500
|
||||
); // HTTP status code "500 Internal Server Error"
|
||||
}
|
||||
|
||||
// Add it to the database
|
||||
if(LOG_IP == 'yes'){
|
||||
if(LOG_IP == 'true'){
|
||||
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
|
||||
}else{
|
||||
} else {
|
||||
$ip = '0';
|
||||
$q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)');
|
||||
}
|
||||
}
|
||||
|
||||
// Common parameters binding
|
||||
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
|
||||
$q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR);
|
||||
$q->bindValue(':name', $newname, PDO::PARAM_STR);
|
||||
$q->bindValue(':size', $file->size, PDO::PARAM_INT);
|
||||
$q->bindValue(':date', time(), PDO::PARAM_INT);
|
||||
$q->bindValue(':date', time(), PDO::PARAM_STR);
|
||||
$q->bindValue(':ip', $ip, PDO::PARAM_STR);
|
||||
$q->execute();
|
||||
|
||||
return array(
|
||||
return [
|
||||
'hash' => $file->getSha1(),
|
||||
'name' => $file->name,
|
||||
'url' => UGUU_URL.rawurlencode($newname),
|
||||
'size' => $file->size,
|
||||
);
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Reorder files array by file.
|
||||
*
|
||||
* @param $_FILES
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function diverseArray($files)
|
||||
{
|
||||
$result = array();
|
||||
$result = [];
|
||||
|
||||
foreach ($files as $key1 => $value1) {
|
||||
foreach ($value1 as $key2 => $value2) {
|
||||
|
@ -176,19 +193,16 @@ function diverseArray($files)
|
|||
/**
|
||||
* Reorganize the $_FILES array into something saner.
|
||||
*
|
||||
* @param $_FILES
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function refiles($files)
|
||||
{
|
||||
$result = array();
|
||||
$result = [];
|
||||
$files = diverseArray($files);
|
||||
|
||||
foreach ($files as $file) {
|
||||
$f = new UploadedFile();
|
||||
$f->name = $file['name'];
|
||||
$f->mime = $file['type'];
|
||||
$f->size = $file['size'];
|
||||
$f->tempfile = $file['tmp_name'];
|
||||
$f->error = $file['error'];
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
<ul>
|
||||
<li><a href="/">{{siteName}}</a></li>
|
||||
<li><a href="tools.html">Tools</a></li>
|
||||
<li><a href="https://github.com/nokonoko/uguu">Github</a></li>
|
||||
<li><a href="https://github.com/nokonoko/uguu">GitHub</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
|
|
@ -37,4 +37,3 @@ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|||
}
|
||||
|
||||
}
|
||||
Use
|
||||
|
|
Loading…
Reference in New Issue