Fijxu
/
Uguu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes

This commit is contained in:
Go Johansson 2022-12-25 15:56:07 +01:00
parent f0b5e51c8b
commit 2438394225
6 changed files with 307 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "uguu", "name": "uguu",
"version": "1.6.4", "version": "1.6.5",
"description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.", "description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.",
"homepage": "https://uguu.se", "homepage": "https://uguu.se",
"repository": { "repository": {

140
src/Classes/Database.php
View File

@ -21,8 +21,10 @@
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
use DateTimeZone;
use Exception; use Exception;
use PDO; use PDO;
use DateTime;
class Database class Database
{ {
@ -43,16 +45,21 @@ class Database
* *
* @param $name string The name of the file. * @param $name string The name of the file.
* *
* @return int The number of rows that match the query. * @return bool The number of rows that match the query.
* @throws \Exception * @throws \Exception
*/ */
public function dbCheckNameExists(string $name): int public function dbCheckNameExists(string $name): bool
{ {
try { try {
$q = $this->DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); $q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
$q->bindValue(':name', $name); $q->bindValue(':name', $name);
$q->execute(); $q->execute();
return $q->fetchColumn(); $result = $q->fetch();
if ($result) {
return true;
}
return false;
} catch (Exception) { } catch (Exception) {
throw new Exception('Cant check if name exists in DB.', 500); throw new Exception('Cant check if name exists in DB.', 500);
} }
@ -68,11 +75,12 @@ class Database
public function checkFileBlacklist(array $FILE_INFO): void public function checkFileBlacklist(array $FILE_INFO): void
{ {
try { try {
$q = $this->DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); $q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
(SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
$q->bindValue(':hash', $FILE_INFO['SHA1']); $q->bindValue(':hash', $FILE_INFO['SHA1']);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result['count'] > 0) { if ($result) {
throw new Exception('File blacklisted!', 415); throw new Exception('File blacklisted!', 415);
} }
} catch (Exception) { } catch (Exception) {
@ -91,12 +99,13 @@ class Database
{ {
try { try {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)', 'SELECT * FROM files WHERE EXISTS
(SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
); );
$q->bindValue(':hash', $hash); $q->bindValue(':hash', $hash);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
if ($result['count'] > 0) { if ($result) {
return [ return [
'result' => true, 'result' => true,
'name' => $result['filename'], 'name' => $result['filename'],
@ -142,52 +151,81 @@ class Database
* Creates a new row in the database with the information provided * Creates a new row in the database with the information provided
* *
* @param $fingerPrintInfo array * @param $fingerPrintInfo array
*
* @throws \Exception
*/ */
public function createRateLimit(array $fingerPrintInfo): void public function createRateLimit(array $fingerPrintInfo): void
{ {
$q = $this->DB->prepare( try {
'INSERT INTO timestamp (iphash, files, time)' . $q = $this->DB->prepare(
'VALUES (:iphash, :files, :time)', 'INSERT INTO ratelimit (iphash, files, time)' .
); 'VALUES (:iphash, :files, :time)',
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); );
$q->bindValue(':files', $fingerPrintInfo['files_amount']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->bindValue(':time', $fingerPrintInfo['timestamp']); $q->bindValue(':files', $fingerPrintInfo['files_amount']);
$q->execute(); $q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
}
} }
/** /**
* Update the rate limit table with the new file count and timestamp * Update the rate limit table with the new file count and timestamp
* *
* @param $fCount int The number of files uploaded by the user. * @param $fCount int The number of files uploaded by the user.
* @param $iStamp boolean A boolean value that determines whether or not to update the timestamp. * @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
* @param $fingerPrintInfo array An array containing the following keys: * @param $fingerPrintInfo array An array containing the following keys:
*
* @throws \Exception
*/ */
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
{ {
if ($iStamp) { try {
$q = $this->DB->prepare( if ($iStamp) {
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)', $q = $this->DB->prepare(
); 'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
$q->bindValue(':time', $fingerPrintInfo['timestamp']); );
} else { $q->bindValue(':time', $fingerPrintInfo['timestamp']);
$q = $this->DB->prepare( } else {
'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)', $q = $this->DB->prepare(
); 'UPDATE ratelimit SET files = (:files) WHERE iphash = (:iphash)',
);
}
$q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
} catch (Exception $e) {
throw new Exception(500, $e->getMessage());
} }
$q->bindValue(':files', $fCount);
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute();
} }
/** /**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file * @throws \Exception
*/
public function compareTime(int $timestamp, int $seconds_d): bool
{
$dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
$dateTime_start = new DateTime();
$dateTime_start->setTimestamp($timestamp);
$diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
if ($diff > $seconds_d) {
return true;
}
return false;
}
/**
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
* if not it updates the database with the new file
* count and timestamp * count and timestamp
* *
* @param $fingerPrintInfo array An array containing the following: * @param $fingerPrintInfo array An array containing the following:
* *
* @return bool A boolean value. * @return bool A boolean value.
* @throws \Exception
*/ */
public function checkRateLimit(array $fingerPrintInfo): bool public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
{ {
$q = $this->DB->prepare( $q = $this->DB->prepare(
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)', 'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
@ -195,24 +233,30 @@ class Database
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']); $q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
$q->execute(); $q->execute();
$result = $q->fetch(); $result = $q->fetch();
$nTime = $fingerPrintInfo['timestamp'] - (60);
switch (true) { //If there is no other match a record does not exist, create one.
//If more then 100 files trigger rate-limit if (!$result['count'] > 0) {
case $result['files'] > 100: $this->createRateLimit($fingerPrintInfo);
return true; return false;
//if timestamp is older than one minute, set new files count and timestamp
case $result['time'] < $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
break;
//if timestamp isn't older than one-minute update the files count
case $result['time'] > $nTime:
$this->updateRateLimit($fingerPrintInfo['files_amount'] + $result['files'], false, $fingerPrintInfo);
break;
//If there is no other match a record does not exist, create one
default:
$this->createRateLimit($fingerPrintInfo);
break;
} }
// Apply rate-limit when file count reached and timeout not reached.
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
return true;
}
// Update timestamp if timeout reached.
if ($this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
return false;
}
// Add filecount, timeout not reached.
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
return false;
}
return false; return false;
} }
} }

383
src/Classes/Response.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Uguu * Uguu
* *
@ -17,197 +18,199 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
namespace Pomf\Uguu\Classes; namespace Pomf\Uguu\Classes;
class Response class Response
{
public string $type;
/**
* Takes a string as an argument and sets the header to the appropriate content type
*
* @param $response_type string The type of response you want to return.
* Valid options are: csv, html, json, text.
*/
public function __construct(string $response_type)
{ {
public string $type; switch ($response_type) {
case 'csv':
/** header('Content-Type: text/csv; charset=UTF-8');
* Takes a string as an argument and sets the header to the appropriate content type $this->type = $response_type;
* break;
* @param $response_type string The type of response you want to return. Valid options are: csv, html, json, text. case 'html':
*/ header('Content-Type: text/html; charset=UTF-8');
public function __construct(string $response_type) $this->type = $response_type;
{ break;
switch ($response_type) { case 'json':
case 'csv': header('Content-Type: application/json; charset=UTF-8');
header('Content-Type: text/csv; charset=UTF-8'); $this->type = $response_type;
$this->type = $response_type; break;
break; case 'gyazo':
case 'html': header('Content-Type: text/plain; charset=UTF-8');
header('Content-Type: text/html; charset=UTF-8'); $this->type = 'text';
$this->type = $response_type; break;
break; case 'text':
case 'json': header('Content-Type: text/plain; charset=UTF-8');
header('Content-Type: application/json; charset=UTF-8'); $this->type = $response_type;
$this->type = $response_type; break;
break; default:
case 'gyazo': header('Content-Type: application/json; charset=UTF-8');
header('Content-Type: text/plain; charset=UTF-8'); $this->type = 'json';
$this->type = 'text'; break;
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
break;
}
}
/**
* Returns a string based on the type of response requested
*
* @param $code mixed The HTTP status code to return.
* @param $desc string The description of the error.
*/
public function error(mixed $code, string $desc):void
{
$response = match ($this->type) {
'csv' => $this->csvError($desc),
'html' => $this->htmlError($code, $desc),
'json' => $this->jsonError($code, $desc),
'text' => $this->textError($code, $desc),
};
http_response_code($code);
echo $response;
}
/* Returning a string that contains the error message. */
private static function csvError(string $description):string
{
return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
}
/**
* Returns a string containing an HTML paragraph element with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string.
*/
private static function htmlError(int|string $code, string $description):string
{
return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
}
/**
* Returns a JSON string with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return bool|string A JSON string
*/
private static function jsonError(int|string $code, string $description):bool|string
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Returns a string that contains the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string with the error code and description.
*/
private static function textError(int|string $code, string $description):string
{
return 'ERROR: (' . $code . ') ' . $description;
}
/**
* "If the type is csv, then call the csvSuccess function, if the type is html, then call the htmlSuccess function, etc."
*
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
*
* @param $files array An array of file objects.
*/
public function send(array $files):void
{
$response = match ($this->type) {
'csv' => $this->csvSuccess($files),
'html' => $this->htmlSuccess($files),
'json' => $this->jsonSuccess($files),
'text' => $this->textSuccess($files),
};
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Takes an array of files and returns a CSV string
*
* @param $files array An array of files that have been uploaded.
*
* @return string A string of the files in the array.
*/
private static function csvSuccess(array $files):string
{
$result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) {
$result .= '"' . $file['name'] . '"' . ',' .
'"' . $file['url'] . '"' . ',' .
'"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
}
return $result;
}
/**
* Takes an array of files and returns a string of HTML links
*
* @param $files array An array of files to be uploaded.
*
* @return string the result of the foreach loop.
*/
private static function htmlSuccess(array $files):string
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
}
return $result;
}
/**
* Returns a JSON string that contains a success message and the files that were uploaded
*
* @param $files array The files to be uploaded.
*
* @return bool|string A JSON string
*/
private static function jsonSuccess(array $files):bool|string
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files):string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
}
return $result;
} }
} }
/**
* Returns a string based on the type of response requested
*
* @param $code mixed The HTTP status code to return.
* @param $desc string The description of the error.
*/
public function error(int $code, string $desc): void
{
$response = match ($this->type) {
'csv' => $this->csvError($desc),
'html' => $this->htmlError($code, $desc),
'json' => $this->jsonError($code, $desc),
'text' => $this->textError($code, $desc),
};
http_response_code($code);
echo $response;
}
/* Returning a string that contains the error message. */
private static function csvError(string $description): string
{
return '"error"' . "\r\n" . "\"$description\"" . "\r\n";
}
/**
* Returns a string containing an HTML paragraph element with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string.
*/
private static function htmlError(int|string $code, string $description): string
{
return '<p>ERROR: (' . $code . ') ' . $description . '</p>';
}
/**
* Returns a JSON string with the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return bool|string A JSON string
*/
private static function jsonError(int|string $code, string $description): bool|string
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Returns a string that contains the error code and description
*
* @param $code int|string The error code.
* @param $description string The description of the error.
*
* @return string A string with the error code and description.
*/
private static function textError(int|string $code, string $description): string
{
return 'ERROR: (' . $code . ') ' . $description;
}
/**
* "If the type is csv, then call the csvSuccess function,
* if the type is html, then call the htmlSuccess function, etc."
*
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
*
* @param $files array An array of file objects.
*/
public function send(array $files): void
{
$response = match ($this->type) {
'csv' => $this->csvSuccess($files),
'html' => $this->htmlSuccess($files),
'json' => $this->jsonSuccess($files),
'text' => $this->textSuccess($files),
};
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Takes an array of files and returns a CSV string
*
* @param $files array An array of files that have been uploaded.
*
* @return string A string of the files in the array.
*/
private static function csvSuccess(array $files): string
{
$result = '"name","url","hash","size"' . "\r\n";
foreach ($files as $file) {
$result .= '"' . $file['name'] . '"' . ',' .
'"' . $file['url'] . '"' . ',' .
'"' . $file['hash'] . '"' . ',' .
'"' . $file['size'] . '"' . "\r\n";
}
return $result;
}
/**
* Takes an array of files and returns a string of HTML links
*
* @param $files array An array of files to be uploaded.
*
* @return string the result of the foreach loop.
*/
private static function htmlSuccess(array $files): string
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="' . $file['url'] . '">' . $file['url'] . '</a><br>';
}
return $result;
}
/**
* Returns a JSON string that contains a success message and the files that were uploaded
*
* @param $files array The files to be uploaded.
*
* @return bool|string A JSON string
*/
private static function jsonSuccess(array $files): bool|string
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Takes an array of files and returns a string of URLs
*
* @param $files array The files to be uploaded.
*
* @return string the url of the file.
*/
private static function textSuccess(array $files): string
{
$result = '';
foreach ($files as $file) {
$result .= $file['url'] . "\n";
}
return $result;
}
}

14
src/Classes/Upload.php
View File

@ -126,7 +126,16 @@ class Upload extends Response
{ {
switch (true) { switch (true) {
case $this->Connector->CONFIG['RATE_LIMIT']: case $this->Connector->CONFIG['RATE_LIMIT']:
$this->Connector->checkRateLimit($this->fingerPrintInfo); if (
$this->Connector->checkRateLimit(
$this->fingerPrintInfo,
(int) $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
(int) $this->Connector->CONFIG['RATE_LIMIT_FILES']
)
) {
throw new Exception('Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
' seconds before uploading again.', 500);
}
// Continue // Continue
case $this->Connector->CONFIG['BLACKLIST_DB']: case $this->Connector->CONFIG['BLACKLIST_DB']:
$this->Connector->checkFileBlacklist($this->FILE_INFO); $this->Connector->checkFileBlacklist($this->FILE_INFO);
@ -274,7 +283,6 @@ class Upload extends Response
* and if it does, it generates another one * and if it does, it generates another one
* *
* @param $extension string The file extension. * @param $extension string The file extension.
* @param $hash string The hash of the file.
* *
* @return string A string * @return string A string
* @throws \Exception * @throws \Exception
@ -293,7 +301,7 @@ class Upload extends Response
if (!empty($extension)) { if (!empty($extension)) {
$NEW_NAME .= '.' . $extension; $NEW_NAME .= '.' . $extension;
} }
} while ($this->Connector->dbCheckNameExists($NEW_NAME) > 0); } while ($this->Connector->dbCheckNameExists($NEW_NAME));
return $NEW_NAME; return $NEW_NAME;
} }
} }

4
src/config.json
View File

@ -3,7 +3,7 @@
"allowErrors": false "allowErrors": false
}, },
"dest": "dist", "dest": "dist",
"pkgVersion": "1.6.4", "pkgVersion": "1.6.5",
"pages": [ "pages": [
"index.ejs", "index.ejs",
"faq.ejs", "faq.ejs",
@ -34,6 +34,8 @@
"BLACKLIST_DB": true, "BLACKLIST_DB": true,
"FILTER_MODE": true, "FILTER_MODE": true,
"RATE_LIMIT": false, "RATE_LIMIT": false,
"RATE_LIMIT_TIMEOUT": 60,
"RATE_LIMIT_FILES": 100,
"FILES_ROOT": "/var/www/files/", "FILES_ROOT": "/var/www/files/",
"FILES_RETRIES": 15, "FILES_RETRIES": 15,
"FILES_URL": "https://files.domain.com", "FILES_URL": "https://files.domain.com",

15
src/static/php/upload.php
View File

@ -1,8 +1,5 @@
<?php <?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
/** /**
* Uguu * Uguu
* *
@ -21,8 +18,9 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>. * along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
require_once __DIR__ . '/../vendor/autoload.php'; require_once __DIR__ . '/../vendor/autoload.php';
use Pomf\Uguu\Classes\Upload; use Pomf\Uguu\Classes\Upload;
use Pomf\Uguu\Classes\Response; use Pomf\Uguu\Classes\Response;
@ -40,10 +38,11 @@
*/ */
function handleFile(string $outputFormat, array $files): void function handleFile(string $outputFormat, array $files): void
{ {
$fCount = count($files['size']);
$upload = new Upload($outputFormat); $upload = new Upload($outputFormat);
$files = $upload->reFiles($files); $files = $upload->reFiles($files);
try { try {
$upload->fingerPrint(count($files)); $upload->fingerPrint($fCount);
$res = []; $res = [];
foreach ($files as $ignored) { foreach ($files as $ignored) {
$res[] = $upload->uploadFile(); $res[] = $upload->uploadFile();
@ -52,10 +51,10 @@ function handleFile(string $outputFormat, array $files): void
$upload->send($res); $upload->send($res);
} }
} catch (Exception $e) { } catch (Exception $e) {
$upload->error($e->getCode(), $e->getMessage()); $upload->error(500, $e->getMessage());
} }
} }
$response = new Response('json'); $response = new Response('json');
if (!isset($_FILES['files']) or empty($_FILES['files'])) { if (!isset($_FILES['files']) or empty($_FILES['files'])) {