fix: relax chunk limits, support proxies, optimize reads

Signed-off-by: skidoodle <contact@albert.lol>
2026-04-28 03:07:41 +02:00 · 2026-01-19 00:33:09 +01:00
parent 722dbaa6aa
commit 2df37e9002
4 changed files with 22 additions and 8 deletions
@@ -22,6 +22,7 @@ const (
 	ShutdownTimeout = 10 * time.Second

 	UploadChunkSize    = 8 << 20
+	MinChunkSize       = 1 << 20
 	MaxRequestOverhead = 10 << 20
 	PermUserRWX        = 0o700
 	MegaByte           = 1 << 20
@@ -72,9 +72,12 @@ func (app *App) RespondWithLink(writer http.ResponseWriter, request *http.Reques
 		return
 	}

-	scheme := "https"
-	if request.TLS == nil {
-		scheme = "http"
+	scheme := request.Header.Get("X-Forwarded-Proto")
+	if scheme == "" {
+		scheme = "https"
+		if request.TLS == nil {
+			scheme = "http"
+		}
 	}

 	if _, err := fmt.Fprintf(writer, "%s://%s\n", scheme, link); err != nil {
@@ -112,7 +112,7 @@ func (app *App) HandleChunk(writer http.ResponseWriter, request *http.Request) {
 		return
 	}

-	maxChunks := int((app.Conf.MaxMB*MegaByte)/UploadChunkSize) + ChunkSafetyMargin
+	maxChunks := int((app.Conf.MaxMB*MegaByte)/MinChunkSize) + ChunkSafetyMargin

 	if !reUploadID.MatchString(uid) || idx > maxChunks || idx < 0 {
 		app.SendError(writer, request, http.StatusBadRequest)
@@ -148,7 +148,7 @@ func (app *App) HandleFinish(writer http.ResponseWriter, request *http.Request)
 		return
 	}

-	maxChunks := int((app.Conf.MaxMB*MegaByte)/UploadChunkSize) + ChunkSafetyMargin
+	maxChunks := int((app.Conf.MaxMB*MegaByte)/MinChunkSize) + ChunkSafetyMargin

 	if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
 		app.SendError(writer, request, http.StatusBadRequest)
@@ -16,6 +16,7 @@ type Decryptor struct {
 	aead       cipher.AEAD
 	size       int64
 	offset     int64
+	phyOffset  int64
 }

 func NewDecryptor(readSeeker io.ReadSeeker, aead cipher.AEAD, encryptedSize int64) *Decryptor {
@@ -35,6 +36,7 @@ func NewDecryptor(readSeeker io.ReadSeeker, aead cipher.AEAD, encryptedSize int6
 		aead:       aead,
 		size:       plainSize,
 		offset:     0,
+		phyOffset:  -1,
 	}
 }

@@ -49,14 +51,22 @@ func (d *Decryptor) Read(buf []byte) (int, error) {
 	overhead := int64(d.aead.Overhead())
 	actualChunkSize := int64(GCMChunkSize) + overhead

-	_, err := d.readSeeker.Seek(chunkIdx*actualChunkSize, io.SeekStart)
-	if err != nil {
-		return 0, fmt.Errorf("failed to seek: %w", err)
+	targetOffset := chunkIdx * actualChunkSize
+
+	if d.phyOffset != targetOffset {
+		if _, err := d.readSeeker.Seek(targetOffset, io.SeekStart); err != nil {
+			return 0, fmt.Errorf("failed to seek: %w", err)
+		}
+		d.phyOffset = targetOffset
 	}

 	encrypted := make([]byte, actualChunkSize)

 	bytesRead, err := io.ReadFull(d.readSeeker, encrypted)
+	if bytesRead > 0 {
+		d.phyOffset += int64(bytesRead)
+	}
+
 	if err != nil && !errors.Is(err, io.ErrUnexpectedEOF) {
 		return 0, fmt.Errorf("failed to read encrypted data: %w", err)
 	}