gitbot/uguu
1
0
Fork 1
mirror of https://github.com/nokonoko/Uguu.git synced 2024-01-06 13:35:15 +00:00
Code Issues Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Go Johansson 2022-12-25 15:56:07 +01:00
parent f0b5e51c8b
commit 2438394225
6 changed files with 307 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "uguu", "name": "uguu",
"version": "1.6.4", "version": "1.6.5",
"description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.", "description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.",
"homepage": "https://uguu.se", "homepage": "https://uguu.se",
"repository": { "repository": {

100
src/Classes/Database.php
View File

@ -21,8 +21,10 @@
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
use DateTimeZone;
use Exception; use Exception;
use PDO; use PDO;
use DateTime;
class Database class Database
{ {
@ -43,16 +45,21 @@ class Database
* *
* @param $name string The name of the file. * @param $name string The name of the file.
* *
* @return int The number of rows that match the query. * @return bool The number of rows that match the query.
* @throws \Exception * @throws \Exception
*/ */
public function dbCheckNameExists(string $name): int public function dbCheckNameExists(string $name): bool
{ {
try { try {
$q = $this->DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); $q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
$q->bindValue(':name', $name); $q->bindValue(':name', $name);
$q->execute(); $q->execute();
return $q->fetchColumn(); $result = $q->fetch();
if ($result) {
return true;
}
return false;
} catch (Exception) { } catch (Exception) {
throw new Exception('Cant check if name exists in DB.', 500); throw new Exception('Cant check if name exists in DB.', 500);
} }
@ -68,11 +75,12 @@ class Database
public function checkFileBlacklist(array $FILE_INFO): void public function checkFileBlacklist(array $FILE_INFO): void
{ {
try { try {
$q = $this->DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); $q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
(SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
$q->bindValue(':hash', $FILE_INFO['SHA1']); $q->bindValue(':hash', $FILE_INFO['SHA1']);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result['count'] > 0) { if ($result) {
throw new Exception('File blacklisted!', 415); throw new Exception('File blacklisted!', 415);
} }
} catch (Exception) { } catch (Exception) {
@ -91,12 +99,13 @@ class Database
{ {
try { try {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)', 'SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
); );
$q->bindValue(':hash', $hash); $q->bindValue(':hash', $hash);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result['count'] > 0) { if ($result) {
return [ return [
'result' => true, 'result' => true,
'name' => $result['filename'], 'name' => $result['filename'],
@ -142,28 +151,37 @@ class Database
* Creates a new row in the database with the information provided * Creates a new row in the database with the information provided
* *
* @param $fingerPrintInfo array * @param $fingerPrintInfo array
*
* @throws \Exception
*/ */
public function createRateLimit(array $fingerPrintInfo): void public function createRateLimit(array $fingerPrintInfo): void
{ {
try {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'INSERT INTO timestamp (iphash, files, time)' . 'INSERT INTO ratelimit (iphash, files, time)' .
'VALUES (:iphash, :files, :time)', 'VALUES (:iphash, :files, :time)',
); );
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->bindValue(':files', $fingerPrintInfo['files_amount']); $q->bindValue(':files', $fingerPrintInfo['files_amount']);
$q->bindValue(':time', $fingerPrintInfo['timestamp']); $q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q->execute(); $q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
}
} }
/** /**
* Update the rate limit table with the new file count and timestamp * Update the rate limit table with the new file count and timestamp
* *
* @param $fCount int The number of files uploaded by the user. * @param $fCount int The number of files uploaded by the user.
* @param $iStamp boolean A boolean value that determines whether or not to update the timestamp. * @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
* @param $fingerPrintInfo array An array containing the following keys: * @param $fingerPrintInfo array An array containing the following keys:
*
* @throws \Exception
*/ */
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
{ {
try {
if ($iStamp) { if ($iStamp) {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)', 'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
@ -177,17 +195,37 @@ class Database
$q->bindValue(':files', $fCount); $q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute(); $q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
}
} }
/** /**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file * @throws \Exception
*/
public function compareTime(int $timestamp, int $seconds_d): bool
{
$dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
$dateTime_start = new DateTime();
$dateTime_start->setTimestamp($timestamp);
$diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
if ($diff > $seconds_d) {
return true;
}
return false;
}
/**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
* if not it updates the database with the new file
* count and timestamp * count and timestamp
* *
* @param $fingerPrintInfo array An array containing the following: * @param $fingerPrintInfo array An array containing the following:
* *
* @return bool A boolean value. * @return bool A boolean value.
* @throws \Exception
*/ */
public function checkRateLimit(array $fingerPrintInfo): bool public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
{ {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)', 'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
@ -195,24 +233,30 @@ class Database
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
$nTime = $fingerPrintInfo['timestamp'] - (60);
switch (true) { //If there is no other match a record does not exist, create one.
//If more then 100 files trigger rate-limit if (!$result['count'] > 0) {
case $result['files'] > 100:
return true;
//if timestamp is older than one minute, set new files count and timestamp
case $result['time'] < $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
break;
//if timestamp isn't older than one-minute update the files count
case $result['time'] > $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'] + $result['files'], false, $fingerPrintInfo);
break;
//If there is no other match a record does not exist, create one
default:
$this->createRateLimit($fingerPrintInfo); $this->createRateLimit($fingerPrintInfo);
break; return false;
} }
// Apply rate-limit when file count reached and timeout not reached.
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
return true;
}
// Update timestamp if timeout reached.
if ($this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
return false;
}
// Add filecount, timeout not reached.
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
return false;
}
return false; return false;
} }
} }

33
src/Classes/Response.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
@ -20,14 +21,15 @@
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
class Response class Response
{ {
public string $type; public string $type;
/** /**
* Takes a string as an argument and sets the header to the appropriate content type * Takes a string as an argument and sets the header to the appropriate content type
* *
* @param $response_type string The type of response you want to return. Valid options are: csv, html, json, text. * @param $response_type string The type of response you want to return.
* Valid options are: csv, html, json, text.
*/ */
public function __construct(string $response_type) public function __construct(string $response_type)
{ {
@ -65,7 +67,7 @@
* @param $code mixed The HTTP status code to return. * @param $code mixed The HTTP status code to return.
* @param $desc string The description of the error. * @param $desc string The description of the error.
*/ */
public function error(mixed $code, string $desc):void public function error(int $code, string $desc): void
{ {
$response = match ($this->type) { $response = match ($this->type) {
'csv' => $this->csvError($desc), 'csv' => $this->csvError($desc),
@ -78,7 +80,7 @@
} }
/* Returning a string that contains the error message. */ /* Returning a string that contains the error message. */
private static function csvError(string $description):string private static function csvError(string $description): string
{ {
return '"error"' . "\r\n" . "\"$description\"" . "\r\n"; return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
} }
@ -91,7 +93,7 @@
* *
* @return string A string. * @return string A string.
*/ */
private static function htmlError(int|string $code, string $description):string private static function htmlError(int|string $code, string $description): string
{ {
return '<p>ERROR: (' . $code . ') ' . $description . '</p>'; return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
} }
@ -104,7 +106,7 @@
* *
* @return bool|string A JSON string * @return bool|string A JSON string
*/ */
private static function jsonError(int|string $code, string $description):bool|string private static function jsonError(int|string $code, string $description): bool|string
{ {
return json_encode([ return json_encode([
'success' => false, 'success' => false,
@ -121,19 +123,20 @@
* *
* @return string A string with the error code and description. * @return string A string with the error code and description.
*/ */
private static function textError(int|string $code, string $description):string private static function textError(int|string $code, string $description): string
{ {
return 'ERROR: (' . $code . ') ' . $description; return 'ERROR: (' . $code . ') ' . $description;
} }
/** /**
* "If the type is csv, then call the csvSuccess function, if the type is html, then call the htmlSuccess function, etc." * "If the type is csv, then call the csvSuccess function,
* if the type is html, then call the htmlSuccess function, etc."
* *
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful * The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
* *
* @param $files array An array of file objects. * @param $files array An array of file objects.
*/ */
public function send(array $files):void public function send(array $files): void
{ {
$response = match ($this->type) { $response = match ($this->type) {
'csv' => $this->csvSuccess($files), 'csv' => $this->csvSuccess($files),
@ -152,7 +155,7 @@
* *
* @return string A string of the files in the array. * @return string A string of the files in the array.
*/ */
private static function csvSuccess(array $files):string private static function csvSuccess(array $files): string
{ {
$result = '"name","url","hash","size"' . "\r\n"; $result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) { foreach ($files as $file) {
@ -171,7 +174,7 @@
* *
* @return string the result of the foreach loop. * @return string the result of the foreach loop.
*/ */
private static function htmlSuccess(array $files):string private static function htmlSuccess(array $files): string
{ {
$result = ''; $result = '';
foreach ($files as $file) { foreach ($files as $file) {
@ -187,7 +190,7 @@
* *
* @return bool|string A JSON string * @return bool|string A JSON string
*/ */
private static function jsonSuccess(array $files):bool|string private static function jsonSuccess(array $files): bool|string
{ {
return json_encode([ return json_encode([
'success' => true, 'success' => true,
@ -202,7 +205,7 @@
* *
* @return string the url of the file. * @return string the url of the file.
*/ */
private static function textSuccess(array $files):string private static function textSuccess(array $files): string
{ {
$result = ''; $result = '';
foreach ($files as $file) { foreach ($files as $file) {
@ -210,4 +213,4 @@
} }
return $result; return $result;
} }
} }

14
src/Classes/Upload.php
View File

@ -126,7 +126,16 @@ class Upload extends Response
{ {
switch (true) { switch (true) {
case $this->Connector->CONFIG['RATE_LIMIT']: case $this->Connector->CONFIG['RATE_LIMIT']:
$this->Connector->checkRateLimit($this->fingerPrintInfo); if (
$this->Connector->checkRateLimit(
$this->fingerPrintInfo,
(int) $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
(int) $this->Connector->CONFIG['RATE_LIMIT_FILES']
)
) {
throw new Exception('Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
' seconds before uploading again.', 500);
}
// Continue // Continue
case $this->Connector->CONFIG['BLACKLIST_DB']: case $this->Connector->CONFIG['BLACKLIST_DB']:
$this->Connector->checkFileBlacklist($this->FILE_INFO); $this->Connector->checkFileBlacklist($this->FILE_INFO);
@ -274,7 +283,6 @@ class Upload extends Response
* and if it does, it generates another one * and if it does, it generates another one
* *
* @param $extension string The file extension. * @param $extension string The file extension.
* @param $hash string The hash of the file.
* *
* @return string A string * @return string A string
* @throws \Exception * @throws \Exception
@ -293,7 +301,7 @@ class Upload extends Response
if (!empty($extension)) { if (!empty($extension)) {
$NEW_NAME .= '.' . $extension; $NEW_NAME .= '.' . $extension;
} }
} while ($this->Connector->dbCheckNameExists($NEW_NAME) > 0); } while ($this->Connector->dbCheckNameExists($NEW_NAME));
return $NEW_NAME; return $NEW_NAME;
} }
} }

4
src/config.json
View File

@ -3,7 +3,7 @@
"allowErrors": false "allowErrors": false
}, },
"dest": "dist", "dest": "dist",
"pkgVersion": "1.6.4", "pkgVersion": "1.6.5",
"pages": [ "pages": [
"index.ejs", "index.ejs",
"faq.ejs", "faq.ejs",
@ -34,6 +34,8 @@
"BLACKLIST_DB": true, "BLACKLIST_DB": true,
"FILTER_MODE": true, "FILTER_MODE": true,
"RATE_LIMIT": false, "RATE_LIMIT": false,
"RATE_LIMIT_TIMEOUT": 60,
"RATE_LIMIT_FILES": 100,
"FILES_ROOT": "/var/www/files/", "FILES_ROOT": "/var/www/files/",
"FILES_RETRIES": 15, "FILES_RETRIES": 15,
"FILES_URL": "https://files.domain.com", "FILES_URL": "https://files.domain.com",

9
src/static/php/upload.php
View File

@ -1,8 +1,5 @@
<?php <?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
/** /**
* Uguu * Uguu
* *
@ -21,6 +18,7 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
require_once __DIR__ . '/../vendor/autoload.php'; require_once __DIR__ . '/../vendor/autoload.php';
use Pomf\Uguu\Classes\Upload; use Pomf\Uguu\Classes\Upload;
@ -40,10 +38,11 @@
*/ */
function handleFile(string $outputFormat, array $files): void function handleFile(string $outputFormat, array $files): void
{ {
$fCount = count($files['size']);
$upload = new Upload($outputFormat); $upload = new Upload($outputFormat);
$files = $upload->reFiles($files); $files = $upload->reFiles($files);
try { try {
$upload->fingerPrint(count($files)); $upload->fingerPrint($fCount);
$res = []; $res = [];
foreach ($files as $ignored) { foreach ($files as $ignored) {
$res[] = $upload->uploadFile(); $res[] = $upload->uploadFile();
@ -52,7 +51,7 @@ function handleFile(string $outputFormat, array $files): void
$upload->send($res); $upload->send($res);
} }
} catch (Exception $e) { } catch (Exception $e) {
$upload->error($e->getCode(), $e->getMessage()); $upload->error(500, $e->getMessage());
} }
} }