gitbot/uguu
1
0
Fork 1
mirror of https://github.com/nokonoko/Uguu.git synced 2024-01-06 13:35:15 +00:00
Code Issues Projects Releases Wiki Activity

1.7.0

Browse Source
This commit is contained in:
Go Johansson (neku) 2023-02-18 15:22:37 +01:00
parent 4246dedebe
commit 5205351911
16 changed files with 689 additions and 767 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -30,7 +30,7 @@ See the real world site at [uguu.se](https://uguu.se).
## Requirements ## Requirements
Tested and working with Nginx + PHP-8.1 + SQLite/MySQL. Tested and working with Nginx + PHP-8.1 + SQLite/MySQL/PostgreSQL.
Node is used to compile Uguu, after that it runs on PHP. Node is used to compile Uguu, after that it runs on PHP.
@ -57,7 +57,6 @@ tests.
## Upcoming Features ## Upcoming Features
* PostgreSQL Support
* S3 Bucket Support * S3 Bucket Support
* Azure File Storage Support * Azure File Storage Support
* Temporal/RR Support * Temporal/RR Support

2
docker/Dockerfile
View File

@ -12,7 +12,7 @@ RUN chmod a+x nodejssetup.sh
RUN ./nodejssetup.sh RUN ./nodejssetup.sh
RUN apt-get install -y nodejs gcc g++ make RUN apt-get install -y nodejs gcc g++ make
RUN apt-get install -y build-essential nginx-full php8.1-fpm php8.1 sqlite3 php8.1-sqlite3 \ RUN apt-get install -y build-essential nginx-full php8.1-fpm php8.1 sqlite3 php8.1-sqlite3 \
php8.1-curl php8.1-cli php8.1-lz4 \ php8.1-curl php8.1-cli php8.1-lz4 php8.1-pgsql \
php8.1-mcrypt php8.1-mysql php8.1-xdebug php8.1-zip \ php8.1-mcrypt php8.1-mysql php8.1-xdebug php8.1-zip \
php8.1-common php8.1-readline php8.1-bcmath php8.1-common php8.1-xml php8.1-common php8.1-readline php8.1-bcmath php8.1-common php8.1-xml

2
docker/nginx/nginx.conf
View File

@ -4,7 +4,7 @@ pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
worker_connections 1024; worker_connections 4096;
multi_accept on; multi_accept on;
} }

8
docker/nginx/uguu.conf
View File

@ -3,8 +3,8 @@ server {
server_name XMAINDOMAINX; server_name XMAINDOMAINX;
ssl on; ssl on;
ssl_certificate /root/.acme.sh/XMAINDOMAINX/fullchain.cer; ssl_certificate /root/.acme.sh/XMAINDOMAINX_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/XMAINDOMAINX/XMAINDOMAINX.key; ssl_certificate_key /root/.acme.sh/XMAINDOMAINX_ecc/XMAINDOMAINX.key;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ecdh_curve secp384r1; ssl_ecdh_curve secp384r1;
@ -39,8 +39,8 @@ server {
server_name XFILESDOMAINX; server_name XFILESDOMAINX;
ssl on; ssl on;
ssl_certificate /root/.acme.sh/XMAINDOMAINX/fullchain.cer; ssl_certificate /root/.acme.sh/XMAINDOMAINX_ecc/fullchain.cer;
ssl_certificate_key /root/.acme.sh/XMAINDOMAINX/XMAINDOMAINX.key; ssl_certificate_key /root/.acme.sh/XMAINDOMAINX_ecc/XMAINDOMAINX.key;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ecdh_curve secp384r1; ssl_ecdh_curve secp384r1;

8
docker/php/php.ini
View File

@ -427,7 +427,7 @@ max_input_time = 60
; Maximum amount of memory a script may consume ; Maximum amount of memory a script may consume
; http://php.net/memory-limit ; http://php.net/memory-limit
memory_limit = 128M memory_limit = 256M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ; ; Error handling and logging ;
@ -700,7 +700,7 @@ auto_globals_jit = On
; Its value may be 0 to disable the limit. It is ignored if POST data reading ; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading. ; is disabled through enable_post_data_reading.
; http://php.net/post-max-size ; http://php.net/post-max-size
post_max_size = 128M post_max_size = 256M
; Automatically add files before PHP document. ; Automatically add files before PHP document.
; http://php.net/auto-prepend-file ; http://php.net/auto-prepend-file
@ -852,10 +852,10 @@ file_uploads = On
; Maximum allowed size for uploaded files. ; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize ; http://php.net/upload-max-filesize
upload_max_filesize = 128M upload_max_filesize = 256M
; Maximum number of files that can be uploaded via a single request ; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20 max_file_uploads = 100
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
; Fopen wrappers ; ; Fopen wrappers ;

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "uguu", "name": "uguu",
"version": "1.6.7", "version": "1.7.0",
"description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.", "description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.",
"homepage": "https://uguu.se", "homepage": "https://uguu.se",
"repository": { "repository": {

74
src/Classes/Connector.php
View File

@ -2,7 +2,7 @@
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -20,52 +20,58 @@
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
use Exception;
use PDO; use PDO;
class Connector extends Database class Connector extends Database
{ {
public PDO $DB; public PDO $DB;
public string $dbType;
public array $CONFIG; public array $CONFIG;
public Response $response;
public function errorHandler(int $errno, string $errstr):void
{
if ($this->CONFIG['DEBUG']) {
$this->response->error(500, 'Server error: ' . $errstr);
} else {
$this->response->error(500, 'Server error.');
}
}
public function fatalErrorHandler():void
{
if (!is_null($e = error_get_last())) {
if ($this->CONFIG['DEBUG']) {
$this->response->error(500, 'FATAL Server error: ' . print_r($e, true));
} else {
$this->response->error(500, 'Server error.');
}
}
}
/** /**
* Reads the config.json file and populates the CONFIG property with the settings * Reads the config.json file and populates the CONFIG property with the settings
* Also assembles the PDO DB connection and registers error handlers.
* *
* @throws \Exception
*/ */
public function __construct() public function __construct()
{ {
$this->response = new Response('json');
if (!file_exists(__DIR__ . '/../config.json')) { if (!file_exists(__DIR__ . '/../config.json')) {
throw new Exception('Cant read settings file.', 500); $this->response->error(500, 'Cant read settings file.');
}
try {
$this->CONFIG = json_decode(
file_get_contents(__DIR__ . '/../config.json'),
true,
);
$this->assemble();
}
catch (Exception $e) {
throw new Exception($e->getMessage(), 500);
} }
$this->CONFIG = json_decode(
file_get_contents(__DIR__ . '/../config.json'),
true,
);
ini_set('display_errors', 0);
set_error_handler([$this, "errorHandler"]);
register_shutdown_function([$this, "fatalErrorHandler"]);
$this->dbType = $this->CONFIG['DB_MODE'];
$this->DB = new PDO(
$this->CONFIG['DB_MODE'] . ':' . $this->CONFIG['DB_PATH'],
$this->CONFIG['DB_USER'],
$this->CONFIG['DB_PASS']
);
} }
}
/**
* > Tries to connect to the database
*
* @throws \Exception
*/
public function assemble()
{
try {
$this->DB = new PDO(
$this->CONFIG['DB_MODE'] . ':' . $this->CONFIG['DB_PATH'],
$this->CONFIG['DB_USER'],
$this->CONFIG['DB_PASS']
);
}
catch (Exception) {
throw new Exception('Cant connect to DB.', 500);
}
}
}

2
src/Classes/CuteGrills.php
View File

@ -2,7 +2,7 @@
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by

297
src/Classes/Database.php
View File

@ -1,9 +1,8 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -18,245 +17,159 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
use DateTimeZone;
use Exception;
use PDO; use PDO;
use DateTime;
class Database
class Database
{
private PDO $DB;
/**
* Sets the value of the DB variable.
*
* @param $DB PDO The database connection.
*/
public function setDB(PDO $DB): void
{ {
$this->DB = $DB; public function dbCheckNameExists(string $name):bool
} {
$query = match ($this->dbType) {
/** 'pgsql' => 'SELECT EXISTS(SELECT id FROM files WHERE filename = (:name)), filename FROM files WHERE filename = (:name) LIMIT 1',
* Checks if a file name exists in the database default => 'SELECT filename FROM files WHERE filename = (:name) AND EXISTS (SELECT id FROM files WHERE filename = (:name)) LIMIT 1'
* };
* @param $name string The name of the file. $q = $this->DB->prepare($query);
*
* @return bool The number of rows that match the query.
* @throws \Exception
*/
public function dbCheckNameExists(string $name): bool
{
try {
$q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
$q->bindValue(':name', $name); $q->bindValue(':name', $name);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result) { $q->closeCursor();
if (isset($result['exists']) and $result['exists']) {
return true;
} elseif ($result) {
return true; return true;
} }
return false; return false;
} catch (Exception) {
throw new Exception('Cant check if name exists in DB.', 500);
} }
}
public function checkFileBlacklist(string $hash):void
/** {
* Checks if the file is blacklisted $query = match ($this->dbType) {
* 'pgsql' => 'SELECT EXISTS(SELECT id FROM blacklist WHERE hash = (:hash)), hash FROM blacklist WHERE hash = (:hash) LIMIT 1',
* @param $FILE_INFO array An array containing the following: default => 'SELECT id FROM blacklist WHERE EXISTS(SELECT id FROM blacklist WHERE hash = (:hash)) LIMIT 1'
* };
* @throws \Exception $q = $this->DB->prepare($query);
*/
public function checkFileBlacklist(array $FILE_INFO): void
{
try {
$q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
(SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
$q->bindValue(':hash', $FILE_INFO['SHA1']);
$q->execute();
$result = $q->fetch();
if ($result) {
throw new Exception('File blacklisted!', 415);
}
} catch (Exception) {
throw new Exception('Cant check blacklist DB.', 500);
}
}
/**
* Checks if the file already exists in the database
*
* @param $hash string The hash of the file you want to check for.
*
* @throws \Exception
*/
public function antiDupe(string $hash): array
{
try {
$q = $this->DB->prepare(
'SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
);
$q->bindValue(':hash', $hash); $q->bindValue(':hash', $hash);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result) { $q->closeCursor();
if (isset($result['exists']) and $result['exists']) {
$this->response->error(415, 'File blacklisted.');
} elseif ($result) {
$this->response->error(415, 'File blacklisted.');
}
}
public function antiDupe(string $hash):array
{
$query = match ($this->dbType) {
'pgsql' => 'SELECT EXISTS(SELECT id FROM files WHERE hash = (:hash)), filename FROM files WHERE hash = (:hash) LIMIT 1',
default => 'SELECT filename FROM files WHERE hash = (:hash) AND EXISTS (SELECT id FROM files WHERE hash = (:hash)) LIMIT 1'
};
$q = $this->DB->prepare($query);
$q->bindValue(':hash', $hash);
$q->execute();
$result = $q->fetch();
$q->closeCursor();
if (!$result) {
return [ return [
'result' => true, 'result' => false,
'name' => $result['filename'],
]; ];
} else { } else {
return [ return [
'result' => false 'result' => true,
'name' => $result['filename'],
]; ];
} }
} catch (Exception) {
throw new Exception('Cant check for dupes in DB.', 500);
} }
}
public function newIntoDB(array $FILE_INFO, array $fingerPrintInfo):void
/** {
* Inserts a new file into the database
*
* @param $FILE_INFO array
* @param $fingerPrintInfo array
*
* @throws \Exception
*/
public function newIntoDB(array $FILE_INFO, array $fingerPrintInfo): void
{
try {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'INSERT INTO files (hash, originalname, filename, size, date, ip)' . 'INSERT INTO files (hash, originalname, filename, size, date, ip)' .
'VALUES (:hash, :orig, :name, :size, :date, :ip)', 'VALUES (:hash, :orig, :name, :size, :date, :ip)',
); );
$q->bindValue(':hash', $FILE_INFO['SHA1']); $q->bindValue(':hash', $FILE_INFO['SHA1']);
$q->bindValue(':orig', $FILE_INFO['NAME']); $q->bindValue(':orig', $FILE_INFO['NAME']);
$q->bindValue(':name', $FILE_INFO['NEW_NAME']); $q->bindValue(':name', $FILE_INFO['FILENAME']);
$q->bindValue(':size', $FILE_INFO['SIZE'], PDO::PARAM_INT); $q->bindValue(':size', $FILE_INFO['SIZE'], PDO::PARAM_INT);
$q->bindValue(':date', $fingerPrintInfo['timestamp']); $q->bindValue(':date', $fingerPrintInfo['timestamp']);
$q->bindValue(':ip', $fingerPrintInfo['ip']); $q->bindValue(':ip', $fingerPrintInfo['ip']);
$q->execute(); $q->execute();
} catch (Exception) { $q->closeCursor();
throw new Exception('Cant insert into DB.', 500);
} }
}
public function createRateLimit(array $fingerPrintInfo):void
/** {
* Creates a new row in the database with the information provided
*
* @param $fingerPrintInfo array
*
* @throws \Exception
*/
public function createRateLimit(array $fingerPrintInfo): void
{
try {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'INSERT INTO ratelimit (iphash, files, time)' . 'INSERT INTO ratelimit (iphash, files, time)' .
'VALUES (:iphash, :files, :time)', 'VALUES (:iphash, :files, :time)',
); );
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->bindValue(':files', $fingerPrintInfo['files_amount']); $q->bindValue(':files', $fingerPrintInfo['files_amount']);
$q->bindValue(':time', $fingerPrintInfo['timestamp']); $q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q->execute(); $q->execute();
} catch (Exception $e) { $q->closeCursor();
throw new Exception(500, $e->getMessage());
} }
}
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo):void
/** {
* Update the rate limit table with the new file count and timestamp
*
* @param $fCount int The number of files uploaded by the user.
* @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
* @param $fingerPrintInfo array An array containing the following keys:
*
* @throws \Exception
*/
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
{
try {
if ($iStamp) { if ($iStamp) {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)', 'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
); );
$q->bindValue(':time', $fingerPrintInfo['timestamp']); $q->bindValue(':time', $fingerPrintInfo['timestamp']);
} else { } else {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)', 'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
); );
} }
$q->bindValue(':files', $fCount); $q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute(); $q->execute();
} catch (Exception $e) { $q->closeCursor();
throw new Exception(500, $e->getMessage());
} }
}
public function compareTime(int $timestamp, int $seconds_d):bool
/** {
* @throws \Exception $diff = time() - $timestamp;
*/ if ($diff > $seconds_d) {
public function compareTime(int $timestamp, int $seconds_d): bool return true;
{ }
$dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
$dateTime_start = new DateTime();
$dateTime_start->setTimestamp($timestamp);
$diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
if ($diff > $seconds_d) {
return true;
}
return false;
}
/**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
* if not it updates the database with the new file
* count and timestamp
*
* @param $fingerPrintInfo array An array containing the following:
*
* @return bool A boolean value.
* @throws \Exception
*/
public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
{
$q = $this->DB->prepare(
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
$result = $q->fetch();
//If there is no other match a record does not exist, create one.
if (!$result['count'] > 0) {
$this->createRateLimit($fingerPrintInfo);
return false; return false;
} }
// Apply rate-limit when file count reached and timeout not reached. public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit):bool
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) { {
return true; $query = match ($this->dbType) {
} 'pgsql' => 'SELECT EXISTS(SELECT id FROM ratelimit WHERE iphash = (:iphash)), id, iphash, files, time FROM ratelimit WHERE iphash = (:iphash) LIMIT 1',
default => 'SELECT * FROM ratelimit WHERE iphash = (:iphash) AND EXISTS (SELECT id FROM ratelimit WHERE iphash = (:iphash)) LIMIT 1'
// Update timestamp if timeout reached. };
if ($this->compareTime($result['time'], $rateTimeout)) { $q = $this->DB->prepare($query);
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
$result = $q->fetch();
$q->closeCursor();
//If there is no other match a record does not exist, create one.
if (!$result) {
$this->createRateLimit($fingerPrintInfo);
return false;
}
// Apply rate-limit when file count reached and timeout not reached.
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
return true;
}
// Update timestamp if timeout reached, reset file count and add the incoming file count.
if ($this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
return false;
}
// Add filecount, timeout not reached.
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
return false;
}
return false; return false;
} }
}
// Add filecount, timeout not reached.
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
return false;
}
return false;
}
}

2
src/Classes/GrillLoader.php
View File

@ -2,7 +2,7 @@
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by

376
src/Classes/Response.php
View File

@ -1,9 +1,8 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -18,199 +17,200 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
class Response class Response
{
public string $type;
/**
* Takes a string as an argument and sets the header to the appropriate content type
*
* @param $response_type string The type of response you want to return.
* Valid options are: csv, html, json, text.
*/
public function __construct(string $response_type)
{ {
switch ($response_type) { public string $type;
case 'csv':
header('Content-Type: text/csv; charset=UTF-8'); /**
$this->type = $response_type; * Takes a string as an argument and sets the header to the appropriate content type
break; *
case 'html': * @param $response_type string The type of response you want to return.
header('Content-Type: text/html; charset=UTF-8'); * Valid options are: csv, html, json, text.
$this->type = $response_type; */
break; public function __construct(string $response_type)
case 'json': {
header('Content-Type: application/json; charset=UTF-8'); switch ($response_type) {
$this->type = $response_type; case 'csv':
break; header('Content-Type: text/csv; charset=UTF-8');
case 'gyazo': $this->type = $response_type;
header('Content-Type: text/plain; charset=UTF-8'); break;
$this->type = 'text'; case 'html':
break; header('Content-Type: text/html; charset=UTF-8');
case 'text': $this->type = $response_type;
header('Content-Type: text/plain; charset=UTF-8'); break;
$this->type = $response_type; case 'json':
break; header('Content-Type: application/json; charset=UTF-8');
default: $this->type = $response_type;
header('Content-Type: application/json; charset=UTF-8'); break;
$this->type = 'json'; case 'gyazo':
break; header('Content-Type: text/plain; charset=UTF-8');
$this->type = 'text';
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
break;
}
} }
}
/**
/** * Returns a string based on the type of response requested
* Returns a string based on the type of response requested *
* * @param $code mixed The HTTP status code to return.
* @param $code mixed The HTTP status code to return. * @param $desc string The description of the error.
* @param $desc string The description of the error. */
*/ public function error(int $code, string $desc):string
public function error(int $code, string $desc): void {
{ $response = match ($this->type) {
$response = match ($this->type) { 'csv' => $this->csvError($desc),
'csv' => $this->csvError($desc), 'html' => $this->htmlError($code, $desc),
'html' => $this->htmlError($code, $desc), 'json' => $this->jsonError($code, $desc),
'json' => $this->jsonError($code, $desc), 'text' => $this->textError($code, $desc),
'text' => $this->textError($code, $desc), };
};
http_response_code($code); http_response_code($code);
echo $response; echo $response;
} exit(1);
}
/* Returning a string that contains the error message. */
private static function csvError(string $description): string /* Returning a string that contains the error message. */
{ private static function csvError(string $description):string
return '"error"' . "\r\n" . "\"$description\"" . "\r\n"; {
} return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
}
/**
* Returns a string containing an HTML paragraph element with the error code and description /**
* * Returns a string containing an HTML paragraph element with the error code and description
* @param $code int|string The error code. *
* @param $description string The description of the error. * @param $code int|string The error code.
* * @param $description string The description of the error.
* @return string A string. *
*/ * @return string A string.
private static function htmlError(int|string $code, string $description): string */
{ private static function htmlError(int|string $code, string $description):string
return '<p>ERROR: (' . $code . ') ' . $description . '</p>'; {
} return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
}
/**
* Returns a JSON string with the error code and description /**
* * Returns a JSON string with the error code and description
* @param $code int|string The error code. *
* @param $description string The description of the error. * @param $code int|string The error code.
* * @param $description string The description of the error.
* @return bool|string A JSON string *
*/ * @return bool|string A JSON string
private static function jsonError(int|string $code, string $description): bool|string */
{ private static function jsonError(int|string $code, string $description):bool|string
return json_encode([ {
'success' => false, return json_encode([
'errorcode' => $code, 'success' => false,
'description' => $description, 'errorcode' => $code,
], JSON_PRETTY_PRINT); 'description' => $description,
} ], JSON_PRETTY_PRINT);
}
/**
* Returns a string that contains the error code and description /**
* * Returns a string that contains the error code and description
* @param $code int|string The error code. *
* @param $description string The description of the error. * @param $code int|string The error code.
* * @param $description string The description of the error.
* @return string A string with the error code and description. *
*/ * @return string A string with the error code and description.
private static function textError(int|string $code, string $description): string */
{ private static function textError(int|string $code, string $description):string
return 'ERROR: (' . $code . ') ' . $description; {
} return 'ERROR: (' . $code . ') ' . $description;
}
/**
* "If the type is csv, then call the csvSuccess function, /**
* if the type is html, then call the htmlSuccess function, etc." * "If the type is csv, then call the csvSuccess function,
* * if the type is html, then call the htmlSuccess function, etc."
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful *
* * The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
* @param $files array An array of file objects. *
*/ * @param $files array An array of file objects.
public function send(array $files): void */
{ public function send(array $files):void
$response = match ($this->type) { {
'csv' => $this->csvSuccess($files), $response = match ($this->type) {
'html' => $this->htmlSuccess($files), 'csv' => $this->csvSuccess($files),
'json' => $this->jsonSuccess($files), 'html' => $this->htmlSuccess($files),
'text' => $this->textSuccess($files), 'json' => $this->jsonSuccess($files),
}; 'text' => $this->textSuccess($files),
};
http_response_code(200); // "200 OK". Success. http_response_code(200); // "200 OK". Success.
echo $response; echo $response;
}
/**
* Takes an array of files and returns a CSV string
*
* @param $files array An array of files that have been uploaded.
*
* @return string A string of the files in the array.
*/
private static function csvSuccess(array $files): string
{
$result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) {
$result .= '"' . $file['name'] . '"' . ',' .
'"' . $file['url'] . '"' . ',' .
'"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
} }
return $result;
} /**
* Takes an array of files and returns a CSV string
/** *
* Takes an array of files and returns a string of HTML links * @param $files array An array of files that have been uploaded.
* *
* @param $files array An array of files to be uploaded. * @return string A string of the files in the array.
* */
* @return string the result of the foreach loop. private static function csvSuccess(array $files):string
*/ {
private static function htmlSuccess(array $files): string $result = '"name","url","hash","size"' . "\r\n";
{ foreach ($files as $file) {
$result = ''; $result .= '"' . $file['name'] . '"' . ',' .
foreach ($files as $file) { '"' . $file['url'] . '"' . ',' .
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>'; '"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
}
return $result;
} }
return $result;
} /**
* Takes an array of files and returns a string of HTML links
/** *
* Returns a JSON string that contains a success message and the files that were uploaded * @param $files array An array of files to be uploaded.
* *
* @param $files array The files to be uploaded. * @return string the result of the foreach loop.
* */
* @return bool|string A JSON string private static function htmlSuccess(array $files):string
*/ {
private static function jsonSuccess(array $files): bool|string $result = '';
{ foreach ($files as $file) {
return json_encode([ $result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
'success' => true, }
'files' => $files, return $result;
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files): string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
} }
return $result;
} /**
} * Returns a JSON string that contains a success message and the files that were uploaded
*
* @param $files array The files to be uploaded.
*
* @return bool|string A JSON string
*/
private static function jsonSuccess(array $files):bool|string
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files):string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
}
return $result;
}
}

587
src/Classes/Upload.php
View File

@ -1,9 +1,8 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -18,300 +17,302 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
namespace Pomf\Uguu\Classes;
use Exception;
class Upload extends Response
{
public array $FILE_INFO;
public array $fingerPrintInfo;
private mixed $Connector;
/**
* Takes an array of files, and returns an array of arrays containing the file's temporary name,
* name, size, SHA1 hash, extension, and MIME type
*
* @param $files array The files array from the $_FILES superglobal.
*
* @return array An array of arrays.
* @throws \Exception
*/
public function reFiles(array $files): array
{
$this->Connector = new Connector();
$this->Connector->setDB($this->Connector->DB);
$result = [];
$files = $this->diverseArray($files);
foreach ($files as $file) {
$hash = sha1_file($file['tmp_name']);
$this->FILE_INFO = [
'TEMP_NAME' => $file['tmp_name'],
'NAME' => strip_tags($this->checkNameLength($file['name'])),
'SIZE' => $file['size'],
'SHA1' => $hash,
'EXTENSION' => $this->fileExtension($file),
'MIME' => $this->fileMIME($file),
];
if ($this->Connector->CONFIG['ANTI_DUPE']) {
$dupeResult = $this->Connector->antiDupe($hash);
if ($dupeResult['result']) {
$this->FILE_INFO['NEW_NAME'] = $dupeResult['name'];
}
}
if (!isset($this->FILE_INFO['NEW_NAME'])) {
$this->FILE_INFO['NEW_NAME'] = $this->generateName($this->FILE_INFO['EXTENSION']);
}
$result[] = [
$this->FILE_INFO['TEMP_NAME'],
$this->FILE_INFO['NAME'],
$this->FILE_INFO['SIZE'],
$this->FILE_INFO['SHA1'],
$this->FILE_INFO['EXTENSION'],
$this->FILE_INFO['MIME'],
];
}
return $result;
}
/**
* Takes an array of arrays and returns an array of arrays with the keys and values swapped
*
* @param $files array an array of arrays
*
* @return array ```
* array:2 [
* 0 => array:2 [
* 'TEMP_NAME' => 'example'
* 'NAME' => 'example'
* 'SIZE' => 'example'
* 'SHA1' => 'example'
* 'EXTENSION' => 'example'
* 'MIME' => 'example'
*
* ]
* 1 => array:2 [
* 'TEMP_NAME' => 'example'
* 'NAME' => 'example'
* 'SIZE' => 'example'
* 'SHA1' => 'example'
* 'EXTENSION' => 'example'
* 'MIME' => 'example'
* ]
* ]
* ```
*/
public function diverseArray(array $files): array
{
$result = [];
foreach ($files as $key1 => $value1) {
foreach ($value1 as $key2 => $value2) {
$result[$key2][$key1] = $value2;
}
}
return $result;
}
/**
* Takes a file, checks if it's blacklisted, moves it to the file storage, and then logs it to the database
*
* @return array An array containing the hash, name, url, and size of the file.
* @throws \Exception
*/
public function uploadFile(): array
{
switch (true) {
case $this->Connector->CONFIG['RATE_LIMIT']:
if (
$this->Connector->checkRateLimit(
$this->fingerPrintInfo,
(int) $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
(int) $this->Connector->CONFIG['RATE_LIMIT_FILES']
)
) {
throw new Exception('Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
' seconds before uploading again.', 500);
}
// Continue
case $this->Connector->CONFIG['BLACKLIST_DB']:
$this->Connector->checkFileBlacklist($this->FILE_INFO);
// Continue
case $this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION']):
$this->checkMimeBlacklist();
// Continue
case $this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION']):
$this->checkMimeBlacklist();
$this->checkExtensionBlacklist();
// Continue
}
if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) {
throw new Exception('File storage path not accessible.', 500);
}
if (
!move_uploaded_file(
$this->FILE_INFO['TEMP_NAME'],
$this->Connector->CONFIG['FILES_ROOT'] .
$this->FILE_INFO['NEW_NAME'],
)
) {
throw new Exception('Failed to move file to destination', 500);
}
if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['NEW_NAME'], 0644)) {
throw new Exception('Failed to change file permissions', 500);
}
$this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo);
return [
'hash' => $this->FILE_INFO['SHA1'],
'name' => $this->FILE_INFO['NAME'],
'url' => 'https://' . $this->Connector->CONFIG['FILE_DOMAIN'] . '/' . $this->FILE_INFO['NEW_NAME'],
'size' => $this->FILE_INFO['SIZE'],
];
}
/**
* Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address,
* user agent, and the amount of files being
* uploaded
*
* @param $files_amount int The amount of files that are being uploaded.
*
* @throws \Exception
*/
public function fingerPrint(int $files_amount): void
{
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$USER_AGENT = filter_var($_SERVER['HTTP_USER_AGENT'], FILTER_SANITIZE_ENCODED);
$ip = null;
if ($this->Connector->CONFIG['LOG_IP']) {
$ip = $_SERVER['REMOTE_ADDR'];
}
$this->fingerPrintInfo = [
'timestamp' => time(),
'useragent' => $USER_AGENT,
'ip' => $ip,
'ip_hash' => hash('sha1', $_SERVER['REMOTE_ADDR'] . $USER_AGENT),
'files_amount' => $files_amount,
];
} else {
throw new Exception('Invalid user agent.', 500);
}
}
/**
* Returns the MIME type of a file
*
* @param $file array The file to be checked.
*
* @return string The MIME type of the file.
*/
public function fileMIME(array $file): string
{
$FILE_INFO = finfo_open(FILEINFO_MIME_TYPE);
return finfo_file($FILE_INFO, $file['tmp_name']);
}
/**
* It takes an array of strings, and returns the last two strings joined by a dot,
* unless the last two strings are in the array of strings in the
* `DOUBLE_DOTS_EXTENSIONS` config variable, in which case it returns the last string
*
* @param $extension array The extension of the file.
*
* @return string The last two elements of the array are joined together and returned.
*/
public function doubleDotExtension(array $extension): string
{
$doubleDotArray = array_slice($extension, -2, 2);
$doubleDot = strtolower(preg_replace('/[^a-zA-Z.]/', '', join('.', $doubleDotArray)));
if (in_array($doubleDot, $this->Connector->CONFIG['DOUBLE_DOTS_EXTENSIONS'])) {
return $doubleDot;
} else {
return end($extension);
}
}
/**
* Takes a file and returns the file extension
*
* @param $file array The file you want to get the extension from.
*
* @return string The file extension of the file.
*/
public function fileExtension(array $file): string
{
$extension = explode('.', $file['name']);
$dotCount = substr_count($file['name'], '.');
return match ($dotCount) {
0 => null,
1 => end($extension),
2 => $this->doubleDotExtension($extension),
default => end($extension)
};
}
/**
* > Check if the file's MIME type is in the blacklist
*
* @throws \Exception
*/
public function checkMimeBlacklist(): void
{
if (in_array($this->FILE_INFO['MIME'], $this->Connector->CONFIG['BLOCKED_MIME'])) {
throw new Exception('Filetype not allowed.', 415);
}
}
/**
* > Check if the file extension is in the blacklist
*
* @throws \Exception
*/
public function checkExtensionBlacklist(): void
{
if (in_array($this->FILE_INFO['EXTENSION'], $this->Connector->CONFIG['BLOCKED_EXTENSIONS'])) {
throw new Exception('Filetype not allowed.', 415);
}
}
public function checkNameLength(string $fileName): string { namespace Pomf\Uguu\Classes;
if (strlen($fileName) > 250) {
return substr($fileName, 0, 250); class Upload extends Response
} else {
return $fileName;
}
}
/**
* Generates a random string of characters, checks if it exists in the database,
* and if it does, it generates another one
*
* @param $extension string The file extension.
*
* @return string A string
* @throws \Exception
*/
public function generateName(string $extension): string
{ {
do { public array $FILE_INFO;
if ($this->Connector->CONFIG['FILES_RETRIES'] === 0) { public array $fingerPrintInfo;
throw new Exception('Gave up trying to find an unused name!', 500); private mixed $Connector;
/**
* Takes an array of files, and returns an array of arrays containing the file's temporary name,
* name, size, SHA1 hash, extension, and MIME type
*
* @param $files array The files array from the $_FILES superglobal.
*
* @return array An array of arrays.
*/
public function reFiles(array $files):array
{
$this->Connector = new Connector();
$result = [];
$files = $this->diverseArray($files);
foreach ($files as $file) {
$this->FILE_INFO = [
'TEMP_NAME' => $file['tmp_name'],
'NAME' => strip_tags($this->checkNameLength($file['name'])),
'SIZE' => $file['size'],
'SHA1' => sha1_file($file['tmp_name']),
'EXTENSION' => $this->fileExtension($file),
'MIME' => $this->fileMIME($file),
'DUPE' => false,
'FILENAME' => null,
];
// Check if anti dupe is enabled
if ($this->Connector->CONFIG['ANTI_DUPE']) {
// Check if hash exists in DB, if it does return the name of the file
$dupeResult = $this->Connector->antiDupe($this->FILE_INFO['SHA1']);
if ($dupeResult['result']) {
$this->FILE_INFO['FILENAME'] = $dupeResult['name'];
$this->FILE_INFO['DUPE'] = true;
}
}
// If its not a dupe then generate a new name
if (!$this->FILE_INFO['DUPE']) {
$this->FILE_INFO['FILENAME'] = $this->generateName($this->FILE_INFO['EXTENSION']);
}
$result[] = [
$this->FILE_INFO['TEMP_NAME'],
$this->FILE_INFO['NAME'],
$this->FILE_INFO['SIZE'],
$this->FILE_INFO['SHA1'],
$this->FILE_INFO['EXTENSION'],
$this->FILE_INFO['MIME'],
$this->FILE_INFO['DUPE'],
$this->FILE_INFO['FILENAME'],
];
} }
$NEW_NAME = ''; return $result;
$count = strlen($this->Connector->CONFIG['ID_CHARSET']); }
while ($this->Connector->CONFIG['NAME_LENGTH']--) {
$NEW_NAME .= $this->Connector->CONFIG['ID_CHARSET'][mt_rand(0, $count - 1)]; /**
* Takes an array of arrays and returns an array of arrays with the keys and values swapped
*
* @param $files array an array of arrays
*
* @return array ```
* array:2 [
* 0 => array:2 [
* 'TEMP_NAME' => 'example'
* 'NAME' => 'example'
* 'SIZE' => 'example'
* 'SHA1' => 'example'
* 'EXTENSION' => 'example'
* 'MIME' => 'example'
*
* ]
* 1 => array:2 [
* 'TEMP_NAME' => 'example'
* 'NAME' => 'example'
* 'SIZE' => 'example'
* 'SHA1' => 'example'
* 'EXTENSION' => 'example'
* 'MIME' => 'example'
* ]
* ]
* ```
*/
public function diverseArray(array $files):array
{
$result = [];
foreach ($files as $key1 => $value1) {
foreach ($value1 as $key2 => $value2) {
$result[$key2][$key1] = $value2;
}
} }
if (!empty($extension)) { return $result;
$NEW_NAME .= '.' . $extension; }
/**
* Takes a file, checks if it's blacklisted, moves it to the file storage, and then logs it to the database
*
* @return array An array containing the hash, name, url, and size of the file.
*/
public function uploadFile():array
{
switch (true) {
case $this->Connector->CONFIG['RATE_LIMIT']:
if (
$this->Connector->checkRateLimit(
$this->fingerPrintInfo,
$this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
$this->Connector->CONFIG['RATE_LIMIT_FILES'],
)
) {
$this->Connector->response->error(
500,
'Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
' seconds before uploading again.',
);
}
// Continue
case $this->Connector->CONFIG['BLACKLIST_DB']:
$this->Connector->checkFileBlacklist($this->FILE_INFO['SHA1']);
// Continue
case $this->Connector->CONFIG['FILTER_MODE'] && empty($this->FILE_INFO['EXTENSION']):
$this->checkMimeBlacklist();
// Continue
case $this->Connector->CONFIG['FILTER_MODE'] && !empty($this->FILE_INFO['EXTENSION']):
$this->checkMimeBlacklist();
$this->checkExtensionBlacklist();
// Continue
} }
} while ($this->Connector->dbCheckNameExists($NEW_NAME)); // If its not a dupe then skip checking if file can be written and
// skip inserting it into the DB.
if (!$this->FILE_INFO['DUPE']) {
if (!is_dir($this->Connector->CONFIG['FILES_ROOT'])) {
$this->Connector->response->error(500, 'File storage path not accessible.');
}
if (
!move_uploaded_file(
$this->FILE_INFO['TEMP_NAME'],
$this->Connector->CONFIG['FILES_ROOT'] .
$this->FILE_INFO['FILENAME'],
)
) {
$this->Connector->response->error(500, 'Failed to move file to destination.');
}
if (!chmod($this->Connector->CONFIG['FILES_ROOT'] . $this->FILE_INFO['FILENAME'], 0644)) {
$this->Connector->response->error(500, 'Failed to change file permissions.');
}
$this->Connector->newIntoDB($this->FILE_INFO, $this->fingerPrintInfo);
}
return [
'hash' => $this->FILE_INFO['SHA1'],
'name' => $this->FILE_INFO['NAME'],
'filename' => $this->FILE_INFO['FILENAME'],
'url' => 'https://' . $this->Connector->CONFIG['FILE_DOMAIN'] . '/' . $this->FILE_INFO['FILENAME'],
'size' => $this->FILE_INFO['SIZE'],
'dupe' => $this->FILE_INFO['DUPE'],
];
}
/**
* Takes the amount of files that are being uploaded, and creates a fingerprint of the user's IP address,
* user agent, and the amount of files being
* uploaded
*
* @param $files_amount int The amount of files that are being uploaded.
*
*/
public function fingerPrint(int $files_amount):void
{
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$USER_AGENT = filter_var($_SERVER['HTTP_USER_AGENT'], FILTER_SANITIZE_ENCODED);
$ip = null;
if ($this->Connector->CONFIG['LOG_IP']) {
$ip = $_SERVER['REMOTE_ADDR'];
}
$this->fingerPrintInfo = [
'timestamp' => time(),
'useragent' => $USER_AGENT,
'ip' => $ip,
'ip_hash' => hash('sha1', $_SERVER['REMOTE_ADDR'] . $USER_AGENT),
'files_amount' => $files_amount,
];
} else {
$this->Connector->response->error(500, 'Invalid user agent.');
}
}
/**
* Returns the MIME type of a file
*
* @param $file array The file to be checked.
*
* @return string The MIME type of the file.
*/
public function fileMIME(array $file):string
{
$FILE_INFO = finfo_open(FILEINFO_MIME_TYPE);
return finfo_file($FILE_INFO, $file['tmp_name']);
}
/**
* It takes an array of strings, and returns the last two strings joined by a dot,
* unless the last two strings are in the array of strings in the
* `DOUBLE_DOTS_EXTENSIONS` config variable, in which case it returns the last string
*
* @param $extension array The extension of the file.
*
* @return string The last two elements of the array are joined together and returned.
*/
public function doubleDotExtension(array $extension):string
{
$doubleDotArray = array_slice($extension, -2, 2);
$doubleDot = strtolower(preg_replace('/[^a-zA-Z.]/', '', join('.', $doubleDotArray)));
if (in_array($doubleDot, $this->Connector->CONFIG['DOUBLE_DOTS_EXTENSIONS'])) {
return $doubleDot;
} else {
return end($extension);
}
}
/**
* Takes a file and returns the file extension
*
* @param $file array The file you want to get the extension from.
*
* @return string The file extension of the file.
*/
public function fileExtension(array $file):string
{
$extension = explode('.', $file['name']);
$dotCount = substr_count($file['name'], '.');
return match ($dotCount) {
0 => null,
1 => end($extension),
2 => $this->doubleDotExtension($extension),
default => end($extension)
};
}
/**
* > Check if the file's MIME type is in the blacklist
*
*/
public function checkMimeBlacklist():void
{
if (in_array($this->FILE_INFO['MIME'], $this->Connector->CONFIG['BLOCKED_MIME'])) {
$this->Connector->response->error(415, 'Filetype not allowed');
}
}
/**
* > Check if the file extension is in the blacklist
*
*/
public function checkExtensionBlacklist():void
{
if (in_array($this->FILE_INFO['EXTENSION'], $this->Connector->CONFIG['BLOCKED_EXTENSIONS'])) {
$this->Connector->response->error(415, 'Filetype not allowed');
}
}
public function checkNameLength(string $fileName):string
{
if (strlen($fileName) > 250) {
return substr($fileName, 0, 250);
} else {
return $fileName;
}
}
/**
* Generates a random string of characters, checks if it exists in the database,
* and if it does, it generates another one
*
* @param $extension string The file extension.
*
* @return string A string
*/
public function generateName(string $extension):string
{
do {
if ($this->Connector->CONFIG['FILES_RETRIES'] === 0) {
$this->Connector->response->error(500, 'Gave up trying to find an unused name!');
}
$NEW_NAME = '';
for ($i = 0; $i < $this->Connector->CONFIG['NAME_LENGTH']; $i++) {
$index = rand(0, strlen($this->Connector->CONFIG['ID_CHARSET']) - 1);
$NEW_NAME .= $this->Connector->CONFIG['ID_CHARSET'][$index];
}
if (!empty($extension)) {
$NEW_NAME .= '.' . $extension;
}
} while ($this->Connector->dbCheckNameExists($NEW_NAME));
return $NEW_NAME; return $NEW_NAME;
} }
} }

3
src/config.json
View File

@ -3,12 +3,13 @@
"allowErrors": false "allowErrors": false
}, },
"dest": "dist", "dest": "dist",
"pkgVersion": "1.6.7", "pkgVersion": "1.7.0",
"pages": [ "pages": [
"index.ejs", "index.ejs",
"faq.ejs", "faq.ejs",
"tools.ejs" "tools.ejs"
], ],
"DEBUG": false,
"max_upload_size": 128, "max_upload_size": 128,
"expireTime": "48", "expireTime": "48",
"siteName": "Uguu", "siteName": "Uguu",

27
src/static/dbSchemas/postgres_schema.sql Normal file
View File

@ -0,0 +1,27 @@
CREATE TABLE files
(
id serial PRIMARY KEY,
hash text NOT NULL,
originalname text NOT NULL,
filename text NOT NULL,
size integer not null,
date integer not null,
ip text null
);
CREATE TABLE blacklist
(
id serial PRIMARY KEY,
hash text NOT NULL,
originalname text NOT NULL,
time integer not null,
ip text null
);
CREATE TABLE ratelimit
(
id serial PRIMARY KEY,
iphash text NOT NULL,
files integer not null,
time integer not null
);

2
src/static/php/grill.php
View File

@ -3,7 +3,7 @@
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by

61
src/static/php/upload.php
View File

@ -1,9 +1,9 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
* @copyright Copyright (c) 2022 Go Johansson (nokonoko) <neku@pomf.se> * @copyright Copyright (c) 2022-2023 Go Johansson (nokonoko) <neku@pomf.se>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -18,56 +18,31 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
require_once __DIR__ . '/../vendor/autoload.php'; require_once __DIR__ . '/../vendor/autoload.php';
use Pomf\Uguu\Classes\Upload; use Pomf\Uguu\Classes\Upload;
use Pomf\Uguu\Classes\Response; use Pomf\Uguu\Classes\Response;
/** function handleFiles(string $outputFormat, array $files):void
* It takes a string and an array as arguments, creates a new Upload object, {
* calls the reFiles method on the Upload object, calls the fingerPrint method on $upload = new Upload($outputFormat);
* the Upload object, calls the uploadFile method on the Upload object, $files = $upload->reFiles($files);
* calls the send method on the Upload object, and calls the error method on the $fCount = count($files);
* Upload object
*
* @param $outputFormat string The format of the output, json or xml
* @param $files array The file to be uploaded, which is an array.
*
* @throws \Exception
*/
function handleFile(string $outputFormat, array $files): void
{
$fCount = count($files['size']);
$upload = new Upload($outputFormat);
$files = $upload->reFiles($files);
try {
$upload->fingerPrint($fCount); $upload->fingerPrint($fCount);
$res = []; $res = [];
foreach ($files as $ignored) { $i = 0;
while ($i < $fCount) {
$res[] = $upload->uploadFile(); $res[] = $upload->uploadFile();
$i++;
} }
if (!empty($res)) { if (!empty($res)) {
$upload->send($res); $upload->send($res);
} }
} catch (Exception $e) {
$upload->error(500, $e->getMessage());
} }
}
$response = new Response('json'); $response = new Response('json');
$resType = (isset($_GET['output']) and !empty($_GET['output'])) ? strtolower(preg_replace('/[^a-zA-Z]/', '', $_GET['output'])) : 'json';
if (!isset($_FILES['files']) or empty($_FILES['files'])) { if (!isset($_FILES['files']) or empty($_FILES['files'])) {
$response->error(400, 'No input file(s)'); $response->error(400, 'No input file(s)');
} }
if (isset($_GET['output']) and !empty($_GET['output'])) { handleFiles($resType, $_FILES['files']);
$resType = strtolower(preg_replace('/[^a-zA-Z]/', '', $_GET['output']));
} else {
$resType = 'json';
}
try {
handleFile($resType, $_FILES['files']);
} catch (Exception $e) {
$response->error($e->getCode(), $e->getMessage());
}