Fijxu
/
Uguu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes

This commit is contained in:
Go Johansson 2022-12-25 15:56:07 +01:00
parent f0b5e51c8b
commit 2438394225
6 changed files with 307 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "uguu",
"version": "1.6.4",
"version": "1.6.5",
"description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.",
"homepage": "https://uguu.se",
"repository": {

140
src/Classes/Database.php
View File

@ -21,8 +21,10 @@
namespace Pomf\Uguu\Classes;
use DateTimeZone;
use Exception;
use PDO;
use DateTime;
class Database
{
@ -43,16 +45,21 @@ class Database
*
* @param $name string The name of the file.
*
* @return int The number of rows that match the query.
* @return bool The number of rows that match the query.
* @throws \Exception
*/
public function dbCheckNameExists(string $name): int
public function dbCheckNameExists(string $name): bool
{
try {
$q = $this->DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
$q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
$q->bindValue(':name', $name);
$q->execute();
return $q->fetchColumn();
$result = $q->fetch();
if ($result) {
return true;
}
return false;
} catch (Exception) {
throw new Exception('Cant check if name exists in DB.', 500);
}
@ -68,11 +75,12 @@ class Database
public function checkFileBlacklist(array $FILE_INFO): void
{
try {
$q = $this->DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
(SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
$q->bindValue(':hash', $FILE_INFO['SHA1']);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
if ($result) {
throw new Exception('File blacklisted!', 415);
}
} catch (Exception) {
@ -91,12 +99,13 @@ class Database
{
try {
$q = $this->DB->prepare(
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)',
'SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
);
$q->bindValue(':hash', $hash);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
if ($result) {
return [
'result' => true,
'name' => $result['filename'],
@ -142,52 +151,81 @@ class Database
* Creates a new row in the database with the information provided
*
* @param $fingerPrintInfo array
*
* @throws \Exception
*/
public function createRateLimit(array $fingerPrintInfo): void
{
$q = $this->DB->prepare(
'INSERT INTO timestamp (iphash, files, time)' .
'VALUES (:iphash, :files, :time)',
);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->bindValue(':files', $fingerPrintInfo['files_amount']);
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q->execute();
try {
$q = $this->DB->prepare(
'INSERT INTO ratelimit (iphash, files, time)' .
'VALUES (:iphash, :files, :time)',
);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->bindValue(':files', $fingerPrintInfo['files_amount']);
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
}
}
/**
* Update the rate limit table with the new file count and timestamp
*
* @param $fCount int The number of files uploaded by the user.
* @param $iStamp boolean A boolean value that determines whether or not to update the timestamp.
* @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
* @param $fingerPrintInfo array An array containing the following keys:
*
* @throws \Exception
*/
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
{
if ($iStamp) {
$q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
);
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
} else {
$q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
);
try {
if ($iStamp) {
$q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
);
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
} else {
$q = $this->DB->prepare(
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
);
}
$q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
}
$q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
}
/**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file
* @throws \Exception
*/
public function compareTime(int $timestamp, int $seconds_d): bool
{
$dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
$dateTime_start = new DateTime();
$dateTime_start->setTimestamp($timestamp);
$diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
if ($diff > $seconds_d) {
return true;
}
return false;
}
/**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
* if not it updates the database with the new file
* count and timestamp
*
* @param $fingerPrintInfo array An array containing the following:
*
* @return bool A boolean value.
* @throws \Exception
*/
public function checkRateLimit(array $fingerPrintInfo): bool
public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
{
$q = $this->DB->prepare(
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
@ -195,24 +233,30 @@ class Database
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
$result = $q->fetch();
$nTime = $fingerPrintInfo['timestamp'] - (60);
switch (true) {
//If more then 100 files trigger rate-limit
case $result['files'] > 100:
return true;
//if timestamp is older than one minute, set new files count and timestamp
case $result['time'] < $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
break;
//if timestamp isn't older than one-minute update the files count
case $result['time'] > $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'] + $result['files'], false, $fingerPrintInfo);
break;
//If there is no other match a record does not exist, create one
default:
$this->createRateLimit($fingerPrintInfo);
break;
//If there is no other match a record does not exist, create one.
if (!$result['count'] > 0) {
$this->createRateLimit($fingerPrintInfo);
return false;
}
// Apply rate-limit when file count reached and timeout not reached.
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
return true;
}
// Update timestamp if timeout reached.
if ($this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
return false;
}
// Add filecount, timeout not reached.
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
return false;
}
return false;
}
}

383
src/Classes/Response.php
View File

@ -1,4 +1,5 @@
<?php
/**
* Uguu
*
@ -17,197 +18,199 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Pomf\Uguu\Classes;
class Response
class Response
{
public string $type;
/**
* Takes a string as an argument and sets the header to the appropriate content type
*
* @param $response_type string The type of response you want to return.
* Valid options are: csv, html, json, text.
*/
public function __construct(string $response_type)
{
public string $type;
/**
* Takes a string as an argument and sets the header to the appropriate content type
*
* @param $response_type string The type of response you want to return. Valid options are: csv, html, json, text.
*/
public function __construct(string $response_type)
{
switch ($response_type) {
case 'csv':
header('Content-Type: text/csv; charset=UTF-8');
$this->type = $response_type;
break;
case 'html':
header('Content-Type: text/html; charset=UTF-8');
$this->type = $response_type;
break;
case 'json':
header('Content-Type: application/json; charset=UTF-8');
$this->type = $response_type;
break;
case 'gyazo':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = 'text';
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
break;
}
}
/**
* Returns a string based on the type of response requested
*
* @param $code mixed The HTTP status code to return.
* @param $desc string The description of the error.
*/
public function error(mixed $code, string $desc):void
{
$response = match ($this->type) {
'csv' => $this->csvError($desc),
'html' => $this->htmlError($code, $desc),
'json' => $this->jsonError($code, $desc),
'text' => $this->textError($code, $desc),
};
http_response_code($code);
echo $response;
}
/* Returning a string that contains the error message. */
private static function csvError(string $description):string
{
return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
}
/**
* Returns a string containing an HTML paragraph element with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string.
*/
private static function htmlError(int|string $code, string $description):string
{
return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
}
/**
* Returns a JSON string with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return bool|string A JSON string
*/
private static function jsonError(int|string $code, string $description):bool|string
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Returns a string that contains the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string with the error code and description.
*/
private static function textError(int|string $code, string $description):string
{
return 'ERROR: (' . $code . ') ' . $description;
}
/**
* "If the type is csv, then call the csvSuccess function, if the type is html, then call the htmlSuccess function, etc."
*
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
*
* @param $files array An array of file objects.
*/
public function send(array $files):void
{
$response = match ($this->type) {
'csv' => $this->csvSuccess($files),
'html' => $this->htmlSuccess($files),
'json' => $this->jsonSuccess($files),
'text' => $this->textSuccess($files),
};
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Takes an array of files and returns a CSV string
*
* @param $files array An array of files that have been uploaded.
*
* @return string A string of the files in the array.
*/
private static function csvSuccess(array $files):string
{
$result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) {
$result .= '"' . $file['name'] . '"' . ',' .
'"' . $file['url'] . '"' . ',' .
'"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
}
return $result;
}
/**
* Takes an array of files and returns a string of HTML links
*
* @param $files array An array of files to be uploaded.
*
* @return string the result of the foreach loop.
*/
private static function htmlSuccess(array $files):string
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
}
return $result;
}
/**
* Returns a JSON string that contains a success message and the files that were uploaded
*
* @param $files array The files to be uploaded.
*
* @return bool|string A JSON string
*/
private static function jsonSuccess(array $files):bool|string
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files):string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
}
return $result;
switch ($response_type) {
case 'csv':
header('Content-Type: text/csv; charset=UTF-8');
$this->type = $response_type;
break;
case 'html':
header('Content-Type: text/html; charset=UTF-8');
$this->type = $response_type;
break;
case 'json':
header('Content-Type: application/json; charset=UTF-8');
$this->type = $response_type;
break;
case 'gyazo':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = 'text';
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
break;
}
}
/**
* Returns a string based on the type of response requested
*
* @param $code mixed The HTTP status code to return.
* @param $desc string The description of the error.
*/
public function error(int $code, string $desc): void
{
$response = match ($this->type) {
'csv' => $this->csvError($desc),
'html' => $this->htmlError($code, $desc),
'json' => $this->jsonError($code, $desc),
'text' => $this->textError($code, $desc),
};
http_response_code($code);
echo $response;
}
/* Returning a string that contains the error message. */
private static function csvError(string $description): string
{
return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
}
/**
* Returns a string containing an HTML paragraph element with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string.
*/
private static function htmlError(int|string $code, string $description): string
{
return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
}
/**
* Returns a JSON string with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return bool|string A JSON string
*/
private static function jsonError(int|string $code, string $description): bool|string
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Returns a string that contains the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string with the error code and description.
*/
private static function textError(int|string $code, string $description): string
{
return 'ERROR: (' . $code . ') ' . $description;
}
/**
* "If the type is csv, then call the csvSuccess function,
* if the type is html, then call the htmlSuccess function, etc."
*
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
*
* @param $files array An array of file objects.
*/
public function send(array $files): void
{
$response = match ($this->type) {
'csv' => $this->csvSuccess($files),
'html' => $this->htmlSuccess($files),
'json' => $this->jsonSuccess($files),
'text' => $this->textSuccess($files),
};
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Takes an array of files and returns a CSV string
*
* @param $files array An array of files that have been uploaded.
*
* @return string A string of the files in the array.
*/
private static function csvSuccess(array $files): string
{
$result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) {
$result .= '"' . $file['name'] . '"' . ',' .
'"' . $file['url'] . '"' . ',' .
'"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
}
return $result;
}
/**
* Takes an array of files and returns a string of HTML links
*
* @param $files array An array of files to be uploaded.
*
* @return string the result of the foreach loop.
*/
private static function htmlSuccess(array $files): string
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
}
return $result;
}
/**
* Returns a JSON string that contains a success message and the files that were uploaded
*
* @param $files array The files to be uploaded.
*
* @return bool|string A JSON string
*/
private static function jsonSuccess(array $files): bool|string
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files): string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
}
return $result;
}
}

14
src/Classes/Upload.php
View File

@ -126,7 +126,16 @@ class Upload extends Response
{
switch (true) {
case $this->Connector->CONFIG['RATE_LIMIT']:
$this->Connector->checkRateLimit($this->fingerPrintInfo);
if (
$this->Connector->checkRateLimit(
$this->fingerPrintInfo,
(int) $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
(int) $this->Connector->CONFIG['RATE_LIMIT_FILES']
)
) {
throw new Exception('Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
' seconds before uploading again.', 500);
}
// Continue
case $this->Connector->CONFIG['BLACKLIST_DB']:
$this->Connector->checkFileBlacklist($this->FILE_INFO);
@ -274,7 +283,6 @@ class Upload extends Response
* and if it does, it generates another one
*
* @param $extension string The file extension.
* @param $hash string The hash of the file.
*
* @return string A string
* @throws \Exception
@ -293,7 +301,7 @@ class Upload extends Response
if (!empty($extension)) {
$NEW_NAME .= '.' . $extension;
}
} while ($this->Connector->dbCheckNameExists($NEW_NAME) > 0);
} while ($this->Connector->dbCheckNameExists($NEW_NAME));
return $NEW_NAME;
}
}

4
src/config.json
View File

@ -3,7 +3,7 @@
"allowErrors": false
},
"dest": "dist",
"pkgVersion": "1.6.4",
"pkgVersion": "1.6.5",
"pages": [
"index.ejs",
"faq.ejs",
@ -34,6 +34,8 @@
"BLACKLIST_DB": true,
"FILTER_MODE": true,
"RATE_LIMIT": false,
"RATE_LIMIT_TIMEOUT": 60,
"RATE_LIMIT_FILES": 100,
"FILES_ROOT": "/var/www/files/",
"FILES_RETRIES": 15,
"FILES_URL": "https://files.domain.com",

15
src/static/php/upload.php
View File

@ -1,8 +1,5 @@
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
/**
* Uguu
*
@ -21,8 +18,9 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once __DIR__ . '/../vendor/autoload.php';
use Pomf\Uguu\Classes\Upload;
use Pomf\Uguu\Classes\Response;
@ -40,10 +38,11 @@
*/
function handleFile(string $outputFormat, array $files): void
{
$fCount = count($files['size']);
$upload = new Upload($outputFormat);
$files = $upload->reFiles($files);
try {
$upload->fingerPrint(count($files));
$upload->fingerPrint($fCount);
$res = [];
foreach ($files as $ignored) {
$res[] = $upload->uploadFile();
@ -52,10 +51,10 @@ function handleFile(string $outputFormat, array $files): void
$upload->send($res);
}
} catch (Exception $e) {
$upload->error($e->getCode(), $e->getMessage());
$upload->error(500, $e->getMessage());
}
}
$response = new Response('json');
if (!isset($_FILES['files']) or empty($_FILES['files'])) {