x/safebin
1
0
Fork 0
mirror of https://github.com/skidoodle/safebin.git synced 2026-04-28 03:07:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: internals

Browse Source 
Signed-off-by: skidoodle <contact@albert.lol>
This commit is contained in:
albert
2026-01-17 22:58:38 +01:00
parent 5bc9497fa0
commit aca7267301
9 changed files with 476 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+1 -1
View File
@@ -1,4 +1,4 @@
FROM --platform=$BUILDPLATFORM golang:1.25.5 AS builder
FROM --platform=$BUILDPLATFORM golang:1.25.6 AS builder
WORKDIR /app
go.mod
+1 -1
View File
@@ -1,3 +1,3 @@
module github.com/skidoodle/safebin
go 1.25.5
go 1.25.6
internal/app/config.go
+39 -21
View File
@@ -21,36 +21,54 @@ type App struct {
Logger *slog.Logger
}
func LoadConfig() Config {
h := getEnv("SAFEBIN_HOST", "0.0.0.0")
p := getEnvInt("SAFEBIN_PORT", 8080)
s := getEnv("SAFEBIN_STORAGE", "./storage")
mDefault := int64(getEnvInt("SAFEBIN_MAX_MB", 512))
const (
defaultHost = "0.0.0.0"
defaultPort = 8080
defaultStorage = "./storage"
defaultMaxMB = 512
)
var m int64
flag.StringVar(&h, "h", h, "Bind address")
flag.IntVar(&p, "p", p, "Port")
flag.StringVar(&s, "s", s, "Storage directory")
flag.Int64Var(&m, "m", mDefault, "Max file size in MB")
func LoadConfig() Config {
hostEnv := getEnv("SAFEBIN_HOST", defaultHost)
portEnv := getEnvInt("SAFEBIN_PORT", defaultPort)
storageEnv := getEnv("SAFEBIN_STORAGE", defaultStorage)
maxMBEnv := int64(getEnvInt("SAFEBIN_MAX_MB", defaultMaxMB))
var host string
var port int
var storage string
var maxMB int64
flag.StringVar(&host, "h", hostEnv, "Bind address")
flag.IntVar(&port, "p", portEnv, "Port")
flag.StringVar(&storage, "s", storageEnv, "Storage directory")
flag.Int64Var(&maxMB, "m", maxMBEnv, "Max file size in MB")
flag.Parse()
return Config{Addr: fmt.Sprintf("%s:%d", h, p), StorageDir: s, MaxMB: m}
}
func getEnv(k, f string) string {
if v, ok := os.LookupEnv(k); ok {
return v
return Config{
Addr: fmt.Sprintf("%s:%d", host, port),
StorageDir: storage,
MaxMB: maxMB,
}
return f
}
func getEnvInt(k string, f int) int {
if v, ok := os.LookupEnv(k); ok {
if i, err := strconv.Atoi(v); err == nil {
func getEnv(key, fallback string) string {
if value, ok := os.LookupEnv(key); ok {
return value
}
return fallback
}
func getEnvInt(key string, fallback int) int {
if value, ok := os.LookupEnv(key); ok {
i, err := strconv.Atoi(value)
if err == nil {
return i
}
}
return f
return fallback
}
func ParseTemplates() *template.Template {
internal/app/handlers.go
+249 -139
View File
@@ -2,6 +2,7 @@ package app
import (
"encoding/base64"
"errors"
"fmt"
"io"
"mime"
@@ -14,187 +15,268 @@ import (
"github.com/skidoodle/safebin/internal/crypto"
)
const (
uploadChunkSize = 8 << 20
maxRequestOverhead = 10 << 20
permUserRWX = 0o700
slugLength = 22
keyLength = 16
megaByte = 1 << 20
chunkSafetyMargin = 2
)
var reUploadID = regexp.MustCompile(`^[a-zA-Z0-9]{10,50}$`)
func (app *App) HandleHome(w http.ResponseWriter, r *http.Request) {
err := app.Tmpl.ExecuteTemplate(w, "base", map[string]any{
func (app *App) HandleHome(writer http.ResponseWriter, request *http.Request) {
err := app.Tmpl.ExecuteTemplate(writer, "base", map[string]any{
"MaxMB": app.Conf.MaxMB,
"Host": r.Host,
"Host": request.Host,
})
if err != nil {
app.Logger.Error("Template error", "err", err)
}
}
func (app *App) HandleUpload(w http.ResponseWriter, r *http.Request) {
limit := (app.Conf.MaxMB << 20) + (1 << 20)
r.Body = http.MaxBytesReader(w, r.Body, limit)
func (app *App) HandleUpload(writer http.ResponseWriter, request *http.Request) {
limit := (app.Conf.MaxMB * megaByte) + megaByte
request.Body = http.MaxBytesReader(writer, request.Body, limit)
file, header, err := request.FormFile("file")
file, header, err := r.FormFile("file")
if err != nil {
if err.Error() == "http: request body too large" {
app.SendError(w, r, http.StatusRequestEntityTooLarge)
app.SendError(writer, request, http.StatusRequestEntityTooLarge)
return
}
app.SendError(w, r, http.StatusBadRequest)
return
}
defer file.Close()
tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", fmt.Sprintf("up_%d", os.Getpid()))
tmp, err := os.Create(tmpPath)
app.SendError(writer, request, http.StatusBadRequest)
return
}
defer func() {
if closeErr := file.Close(); closeErr != nil {
app.Logger.Error("Failed to close upload file", "err", closeErr)
}
}()
tmp, err := os.CreateTemp(filepath.Join(app.Conf.StorageDir, "tmp"), "up_*")
if err != nil {
app.Logger.Error("Failed to create temp file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
defer os.Remove(tmpPath)
defer tmp.Close()
tmpPath := tmp.Name()
defer func() {
if removeErr := os.Remove(tmpPath); removeErr != nil && !os.IsNotExist(removeErr) {
app.Logger.Error("Failed to remove temp file", "err", removeErr)
}
}()
defer func() {
if closeErr := tmp.Close(); closeErr != nil {
app.Logger.Error("Failed to close temp file", "err", closeErr)
}
}()
if _, err := io.Copy(tmp, file); err != nil {
app.Logger.Error("Failed to write temp file", "err", err)
app.SendError(w, r, http.StatusRequestEntityTooLarge)
app.SendError(writer, request, http.StatusRequestEntityTooLarge)
return
}
app.FinalizeFile(w, r, tmp, header.Filename)
app.FinalizeFile(writer, request, tmp, header.Filename)
}
func (app *App) HandleChunk(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, 10<<20)
func (app *App) HandleChunk(writer http.ResponseWriter, request *http.Request) {
request.Body = http.MaxBytesReader(writer, request.Body, maxRequestOverhead)
uid := r.FormValue("upload_id")
idx, err := strconv.Atoi(r.FormValue("index"))
uid := request.FormValue("upload_id")
idx, err := strconv.Atoi(request.FormValue("index"))
if err != nil {
app.SendError(w, r, http.StatusBadRequest)
app.SendError(writer, request, http.StatusBadRequest)
return
}
const chunkSize = 8 << 20
maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
maxChunks := int((app.Conf.MaxMB*megaByte)/uploadChunkSize) + chunkSafetyMargin
if !reUploadID.MatchString(uid) || idx > maxChunks || idx < 0 {
app.SendError(w, r, http.StatusBadRequest)
app.SendError(writer, request, http.StatusBadRequest)
return
}
file, _, err := r.FormFile("chunk")
file, _, err := request.FormFile("chunk")
if err != nil {
if err.Error() == "http: request body too large" {
app.SendError(w, r, http.StatusRequestEntityTooLarge)
app.SendError(writer, request, http.StatusRequestEntityTooLarge)
return
}
app.SendError(w, r, http.StatusBadRequest)
return
}
defer file.Close()
dir := filepath.Join(app.Conf.StorageDir, "tmp", uid)
if err := os.MkdirAll(dir, 0700); err != nil {
app.Logger.Error("Failed to create chunk dir", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusBadRequest)
return
}
defer func() {
if closeErr := file.Close(); closeErr != nil {
app.Logger.Error("Failed to close chunk file", "err", closeErr)
}
}()
if err := app.saveChunk(uid, idx, file); err != nil {
app.Logger.Error("Failed to save chunk", "err", err)
app.SendError(writer, request, http.StatusInternalServerError)
}
}
func (app *App) saveChunk(uid string, idx int, src io.Reader) error {
dir := filepath.Join(app.Conf.StorageDir, "tmp", uid)
if err := os.MkdirAll(dir, permUserRWX); err != nil {
return fmt.Errorf("create chunk dir: %w", err)
}
dest, err := os.Create(filepath.Join(dir, strconv.Itoa(idx)))
if err != nil {
app.Logger.Error("Failed to create chunk file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return fmt.Errorf("create chunk file: %w", err)
}
defer func() {
if closeErr := dest.Close(); closeErr != nil {
app.Logger.Error("Failed to close chunk dest", "err", closeErr)
}
}()
if _, err := io.Copy(dest, src); err != nil {
return fmt.Errorf("copy chunk: %w", err)
}
return nil
}
func (app *App) HandleFinish(writer http.ResponseWriter, request *http.Request) {
uid := request.FormValue("upload_id")
total, err := strconv.Atoi(request.FormValue("total"))
if err != nil {
app.SendError(writer, request, http.StatusBadRequest)
return
}
defer dest.Close()
if _, err := io.Copy(dest, file); err != nil {
app.Logger.Error("Failed to save chunk", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
maxChunks := int((app.Conf.MaxMB*megaByte)/uploadChunkSize) + chunkSafetyMargin
if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
app.SendError(writer, request, http.StatusBadRequest)
return
}
mergedPath, err := app.mergeChunks(uid, total)
if err != nil {
app.Logger.Error("Merge failed", "err", err)
if errors.Is(err, io.ErrShortWrite) {
app.SendError(writer, request, http.StatusRequestEntityTooLarge)
} else {
app.SendError(writer, request, http.StatusInternalServerError)
}
return
}
defer func() {
if removeErr := os.Remove(mergedPath); removeErr != nil && !os.IsNotExist(removeErr) {
app.Logger.Error("Failed to remove merged file", "err", removeErr)
}
}()
mergedRead, err := os.Open(mergedPath)
if err != nil {
app.Logger.Error("Failed to open merged file", "err", err)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
defer func() {
if closeErr := mergedRead.Close(); closeErr != nil {
app.Logger.Error("Failed to close merged reader", "err", closeErr)
}
}()
app.FinalizeFile(writer, request, mergedRead, request.FormValue("filename"))
if err := os.RemoveAll(filepath.Join(app.Conf.StorageDir, "tmp", uid)); err != nil {
app.Logger.Error("Failed to remove chunk dir", "err", err)
}
}
func (app *App) HandleFinish(w http.ResponseWriter, r *http.Request) {
uid := r.FormValue("upload_id")
total, err := strconv.Atoi(r.FormValue("total"))
if err != nil {
app.SendError(w, r, http.StatusBadRequest)
return
}
const chunkSize = 8 << 20
maxChunks := int((app.Conf.MaxMB<<20)/chunkSize) + 2
if !reUploadID.MatchString(uid) || total > maxChunks || total <= 0 {
app.SendError(w, r, http.StatusBadRequest)
return
}
func (app *App) mergeChunks(uid string, total int) (string, error) {
tmpPath := filepath.Join(app.Conf.StorageDir, "tmp", "m_"+uid)
merged, err := os.Create(tmpPath)
if err != nil {
app.Logger.Error("Failed to create merge file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return "", fmt.Errorf("create merge file: %w", err)
}
defer os.Remove(tmpPath)
defer merged.Close()
limit := app.Conf.MaxMB << 20
defer func() {
if closeErr := merged.Close(); closeErr != nil {
app.Logger.Error("Failed to close merged file", "err", closeErr)
}
}()
limit := app.Conf.MaxMB * megaByte
var written int64
for i := range total {
partPath := filepath.Join(app.Conf.StorageDir, "tmp", uid, strconv.Itoa(i))
part, err := os.Open(partPath)
if err != nil {
app.Logger.Error("Missing chunk during merge", "uid", uid, "index", i, "err", err)
app.SendError(w, r, http.StatusBadRequest)
return
return "", fmt.Errorf("open chunk %d: %w", i, err)
}
n, err := io.Copy(merged, part)
part.Close()
if closeErr := part.Close(); closeErr != nil {
app.Logger.Error("Failed to close chunk part", "err", closeErr)
}
if err != nil {
app.Logger.Error("Failed to append chunk", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return "", fmt.Errorf("append chunk %d: %w", i, err)
}
written += n
if written > limit {
app.SendError(w, r, http.StatusRequestEntityTooLarge)
return
return "", io.ErrShortWrite
}
}
if err := merged.Close(); err != nil {
app.Logger.Error("Failed to close merged file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
}
mergedRead, err := os.Open(tmpPath)
if err != nil {
app.Logger.Error("Failed to open merged file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
}
defer mergedRead.Close()
app.FinalizeFile(w, r, mergedRead, r.FormValue("filename"))
os.RemoveAll(filepath.Join(app.Conf.StorageDir, "tmp", uid))
return tmpPath, nil
}
func (app *App) HandleGetFile(w http.ResponseWriter, r *http.Request) {
slug := r.PathValue("slug")
if len(slug) < 22 {
app.SendError(w, r, http.StatusBadRequest)
func (app *App) HandleGetFile(writer http.ResponseWriter, request *http.Request) {
slug := request.PathValue("slug")
if len(slug) < slugLength {
app.SendError(writer, request, http.StatusBadRequest)
return
}
keyBase64 := slug[:22]
ext := slug[22:]
keyBase64 := slug[:slugLength]
ext := slug[slugLength:]
key, err := base64.RawURLEncoding.DecodeString(keyBase64)
if err != nil || len(key) != 16 {
app.SendError(w, r, http.StatusUnauthorized)
if err != nil || len(key) != keyLength {
app.SendError(writer, request, http.StatusUnauthorized)
return
}
@@ -203,105 +285,133 @@ func (app *App) HandleGetFile(w http.ResponseWriter, r *http.Request) {
info, err := os.Stat(path)
if err != nil {
app.SendError(w, r, http.StatusNotFound)
app.SendError(writer, request, http.StatusNotFound)
return
}
f, err := os.Open(path)
file, err := os.Open(path)
if err != nil {
app.Logger.Error("Failed to open file", "path", path, "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
defer f.Close()
defer func() {
if closeErr := file.Close(); closeErr != nil {
app.Logger.Error("Failed to close file", "err", closeErr)
}
}()
streamer, err := crypto.NewGCMStreamer(key)
if err != nil {
app.Logger.Error("Failed to create crypto streamer", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
decryptor := crypto.NewDecryptor(f, streamer.AEAD, info.Size())
decryptor := crypto.NewDecryptor(file, streamer.AEAD, info.Size())
contentType := mime.TypeByExtension(ext)
if contentType == "" {
contentType = "application/octet-stream"
}
w.Header().Set("Content-Type", contentType)
w.Header().Set("Content-Security-Policy", "default-src 'none'; img-src 'self' data:; media-src 'self' data:; style-src 'unsafe-inline'; sandbox allow-forms allow-scripts allow-downloads allow-same-origin")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=%q", slug))
csp := "default-src 'none'; img-src 'self' data:; media-src 'self' data:; " +
"style-src 'unsafe-inline'; sandbox allow-forms allow-scripts allow-downloads allow-same-origin"
http.ServeContent(w, r, slug, info.ModTime(), decryptor)
writer.Header().Set("Content-Type", contentType)
writer.Header().Set("Content-Security-Policy", csp)
writer.Header().Set("X-Content-Type-Options", "nosniff")
writer.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename=%q", slug))
http.ServeContent(writer, request, slug, info.ModTime(), decryptor)
}
func (app *App) FinalizeFile(w http.ResponseWriter, r *http.Request, src *os.File, filename string) {
func (app *App) FinalizeFile(writer http.ResponseWriter, request *http.Request, src *os.File, filename string) {
if _, err := src.Seek(0, 0); err != nil {
app.Logger.Error("Seek failed", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
key, err := crypto.DeriveKey(src)
if err != nil {
app.Logger.Error("Key derivation failed", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
ext := filepath.Ext(filename)
id := crypto.GetID(key, ext)
if _, err := src.Seek(0, 0); err != nil {
app.Logger.Error("Seek failed", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
}
finalPath := filepath.Join(app.Conf.StorageDir, id)
if _, err := os.Stat(finalPath); err == nil {
app.RespondWithLink(w, r, key, filename)
app.RespondWithLink(writer, request, key, filename)
return
}
out, err := os.Create(finalPath + ".tmp")
if err != nil {
app.Logger.Error("Failed to create final file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
if _, err := src.Seek(0, 0); err != nil {
app.Logger.Error("Seek failed", "err", err)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
if err := app.encryptAndSave(src, key, finalPath); err != nil {
app.Logger.Error("Encryption failed", "err", err)
app.SendError(writer, request, http.StatusInternalServerError)
return
}
app.RespondWithLink(writer, request, key, filename)
}
func (app *App) encryptAndSave(src io.Reader, key []byte, finalPath string) error {
out, err := os.Create(finalPath + ".tmp")
if err != nil {
return fmt.Errorf("create final file: %w", err)
}
var closed bool
defer func() {
out.Close()
os.Remove(finalPath + ".tmp")
if !closed {
if closeErr := out.Close(); closeErr != nil {
app.Logger.Error("Failed to close final file", "err", closeErr)
}
}
if removeErr := os.Remove(finalPath + ".tmp"); removeErr != nil && !os.IsNotExist(removeErr) {
app.Logger.Error("Failed to remove temp final file", "err", removeErr)
}
}()
streamer, err := crypto.NewGCMStreamer(key)
if err != nil {
app.Logger.Error("Failed to create streamer", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return fmt.Errorf("create streamer: %w", err)
}
if err := streamer.EncryptStream(out, src); err != nil {
app.Logger.Error("Encryption failed", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return fmt.Errorf("encrypt stream: %w", err)
}
if err := out.Close(); err != nil {
app.Logger.Error("Failed to close final file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return fmt.Errorf("close final file: %w", err)
}
closed = true
if err := os.Rename(finalPath+".tmp", finalPath); err != nil {
app.Logger.Error("Failed to rename final file", "err", err)
app.SendError(w, r, http.StatusInternalServerError)
return
return fmt.Errorf("rename final file: %w", err)
}
app.RespondWithLink(w, r, key, filename)
return nil
}
internal/app/server.go
+35 -15
View File
@@ -9,22 +9,25 @@ import (
func (app *App) Routes() *http.ServeMux {
mux := http.NewServeMux()
fs := http.FileServer(http.Dir("./web/static"))
mux.Handle("GET /static/", http.StripPrefix("/static/", fs))
fileServer := http.FileServer(http.Dir("./web/static"))
mux.Handle("GET /static/", http.StripPrefix("/static/", fileServer))
mux.HandleFunc("GET /{$}", app.HandleHome)
mux.HandleFunc("POST /{$}", app.HandleUpload)
mux.HandleFunc("POST /upload/chunk", app.HandleChunk)
mux.HandleFunc("POST /upload/finish", app.HandleFinish)
mux.HandleFunc("GET /{slug}", app.HandleGetFile)
return mux
}
func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []byte, originalName string) {
func (app *App) RespondWithLink(writer http.ResponseWriter, request *http.Request, key []byte, originalName string) {
keySlug := base64.RawURLEncoding.EncodeToString(key)
ext := filepath.Ext(originalName)
link := fmt.Sprintf("%s/%s%s", r.Host, keySlug, ext)
if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
fmt.Fprintf(w, `
link := fmt.Sprintf("%s/%s%s", request.Host, keySlug, ext)
if request.Header.Get("X-Requested-With") == "XMLHttpRequest" {
html := `
<div class="result-container">
<div class="dim result-label">Upload Complete:</div>
<div class="copy-box">
@@ -34,27 +37,44 @@ func (app *App) RespondWithLink(w http.ResponseWriter, r *http.Request, key []by
<div class="reset-wrapper">
<button class="reset-btn" onclick="resetUI()">Upload another</button>
</div>
</div>`, link)
</div>`
if _, err := fmt.Fprintf(writer, html, link); err != nil {
app.Logger.Error("Failed to write response", "err", err)
}
return
}
scheme := "https"
if r.TLS == nil {
if request.TLS == nil {
scheme = "http"
}
fmt.Fprintf(w, "%s://%s\n", scheme, link)
if _, err := fmt.Fprintf(writer, "%s://%s\n", scheme, link); err != nil {
app.Logger.Error("Failed to write response", "err", err)
}
}
func (app *App) SendError(w http.ResponseWriter, r *http.Request, code int) {
if r.Header.Get("X-Requested-With") == "XMLHttpRequest" {
w.WriteHeader(code)
fmt.Fprintf(w, `
func (app *App) SendError(writer http.ResponseWriter, request *http.Request, code int) {
if request.Header.Get("X-Requested-With") == "XMLHttpRequest" {
writer.WriteHeader(code)
html := `
<div class="result-container">
<div class="error-text">Error %d</div>
<div class="reset-wrapper">
<button class="reset-btn" onclick="resetUI()">Try again</button>
</div>
</div>`, code)
</div>`
if _, err := fmt.Fprintf(writer, html, code); err != nil {
app.Logger.Error("Failed to write error response", "err", err)
}
return
}
http.Error(w, http.StatusText(code), code)
http.Error(writer, http.StatusText(code), code)
}
internal/app/storage.go
+59 -20
View File
@@ -8,43 +8,82 @@ import (
"time"
)
const (
cleanupInterval = 1 * time.Hour
tempExpiry = 4 * time.Hour
minRetention = 24 * time.Hour
maxRetention = 365 * 24 * time.Hour
bytesInMB = 1 << 20
)
func (app *App) StartCleanupTask(ctx context.Context) {
ticker := time.NewTicker(1 * time.Hour)
ticker := time.NewTicker(cleanupInterval)
for {
select {
case <-ctx.Done():
ticker.Stop()
return
case <-ticker.C:
app.CleanDir(app.Conf.StorageDir, false)
app.CleanDir(filepath.Join(app.Conf.StorageDir, "tmp"), true)
app.CleanStorage(app.Conf.StorageDir)
app.CleanTemp(filepath.Join(app.Conf.StorageDir, "tmp"))
}
}
}
func (app *App) CleanDir(path string, isTmp bool) {
entries, _ := os.ReadDir(path)
for _, entry := range entries {
info, _ := entry.Info()
expiry := 4 * time.Hour
if !isTmp {
expiry = CalculateRetention(info.Size(), app.Conf.MaxMB)
func (app *App) CleanStorage(path string) {
entries, err := os.ReadDir(path)
if err != nil {
app.Logger.Error("Failed to read storage dir", "err", err)
return
}
for _, entry := range entries {
info, err := entry.Info()
if err != nil {
continue
}
expiry := CalculateRetention(info.Size(), app.Conf.MaxMB)
if time.Since(info.ModTime()) > expiry {
os.RemoveAll(filepath.Join(path, entry.Name()))
if err := os.RemoveAll(filepath.Join(path, entry.Name())); err != nil {
app.Logger.Error("Failed to remove expired file", "path", entry.Name(), "err", err)
}
}
}
}
func CalculateRetention(fileSize int64, maxMB int64) time.Duration {
const (
minAge = 24 * time.Hour
maxAge = 365 * 24 * time.Hour
)
ratio := math.Max(0, math.Min(1, float64(fileSize)/float64(maxMB<<20)))
retention := float64(maxAge) * math.Pow(1.0-ratio, 3)
if retention < float64(minAge) {
return minAge
func (app *App) CleanTemp(path string) {
entries, err := os.ReadDir(path)
if err != nil {
app.Logger.Error("Failed to read temp dir", "err", err)
return
}
for _, entry := range entries {
info, err := entry.Info()
if err != nil {
continue
}
if time.Since(info.ModTime()) > tempExpiry {
if err := os.RemoveAll(filepath.Join(path, entry.Name())); err != nil {
app.Logger.Error("Failed to remove expired temp file", "path", entry.Name(), "err", err)
}
}
}
}
func CalculateRetention(fileSize, maxMB int64) time.Duration {
ratio := math.Max(0, math.Min(1, float64(fileSize)/float64(maxMB*bytesInMB)))
invRatio := 1.0 - ratio
retention := float64(maxRetention) * (invRatio * invRatio * invRatio)
if retention < float64(minRetention) {
return minRetention
}
return time.Duration(retention)
}
internal/crypto/crypto.go
+37 -21
View File
@@ -6,27 +6,34 @@ import (
"crypto/sha256"
"encoding/base64"
"encoding/binary"
"errors"
"fmt"
"io"
)
const (
GCMChunkSize = 64 * 1024
NonceSize = 12
KeySize = 16
IDSize = 9
)
func DeriveKey(r io.Reader) ([]byte, error) {
h := sha256.New()
if _, err := io.Copy(h, r); err != nil {
return nil, err
func DeriveKey(reader io.Reader) ([]byte, error) {
hasher := sha256.New()
if _, err := io.Copy(hasher, reader); err != nil {
return nil, fmt.Errorf("failed to copy to hasher: %w", err)
}
return h.Sum(nil)[:16], nil
return hasher.Sum(nil)[:KeySize], nil
}
func GetID(key []byte, ext string) string {
h := sha256.New()
h.Write(key)
h.Write([]byte(ext))
return base64.RawURLEncoding.EncodeToString(h.Sum(nil)[:9])
hasher := sha256.New()
hasher.Write(key)
hasher.Write([]byte(ext))
return base64.RawURLEncoding.EncodeToString(hasher.Sum(nil)[:IDSize])
}
type GCMStreamer struct {
@@ -34,37 +41,46 @@ type GCMStreamer struct {
}
func NewGCMStreamer(key []byte) (*GCMStreamer, error) {
b, err := aes.NewCipher(key)
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create cipher: %w", err)
}
g, err := cipher.NewGCM(b)
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create GCM: %w", err)
}
return &GCMStreamer{AEAD: g}, nil
return &GCMStreamer{AEAD: gcm}, nil
}
func (g *GCMStreamer) EncryptStream(dst io.Writer, src io.Reader) error {
buf := make([]byte, GCMChunkSize)
var chunkIdx uint64 = 0
var chunkIdx uint64
for {
n, err := io.ReadFull(src, buf)
if n > 0 {
bytesRead, err := io.ReadFull(src, buf)
if bytesRead > 0 {
nonce := make([]byte, NonceSize)
binary.BigEndian.PutUint64(nonce[4:], chunkIdx)
ciphertext := g.AEAD.Seal(nil, nonce, buf[:n], nil)
ciphertext := g.AEAD.Seal(nil, nonce, buf[:bytesRead], nil)
if _, werr := dst.Write(ciphertext); werr != nil {
return werr
return fmt.Errorf("failed to write ciphertext: %w", werr)
}
chunkIdx++
}
if err == io.EOF || err == io.ErrUnexpectedEOF {
if errors.Is(err, io.EOF) || errors.Is(err, io.ErrUnexpectedEOF) {
break
}
if err != nil {
return err
return fmt.Errorf("failed to read source: %w", err)
}
}
return nil
}
internal/crypto/reader.go
+33 -18
View File
@@ -4,34 +4,41 @@ import (
"crypto/cipher"
"encoding/binary"
"errors"
"fmt"
"io"
)
var ErrInvalidWhence = errors.New("invalid whence")
var ErrNegativeBias = errors.New("negative bias")
type Decryptor struct {
rs io.ReadSeeker
readSeeker io.ReadSeeker
aead cipher.AEAD
size int64
offset int64
}
func NewDecryptor(rs io.ReadSeeker, aead cipher.AEAD, encryptedSize int64) *Decryptor {
func NewDecryptor(readSeeker io.ReadSeeker, aead cipher.AEAD, encryptedSize int64) *Decryptor {
overhead := int64(aead.Overhead())
fullBlocks := encryptedSize / (GCMChunkSize + overhead)
remainder := encryptedSize % (GCMChunkSize + overhead)
chunkWithOverhead := int64(GCMChunkSize) + overhead
plainSize := (fullBlocks * GCMChunkSize)
fullBlocks := encryptedSize / chunkWithOverhead
remainder := encryptedSize % chunkWithOverhead
plainSize := fullBlocks * GCMChunkSize
if remainder > overhead {
plainSize += (remainder - overhead)
}
return &Decryptor{
rs: rs,
readSeeker: readSeeker,
aead: aead,
size: plainSize,
offset: 0,
}
}
func (d *Decryptor) Read(p []byte) (int, error) {
func (d *Decryptor) Read(buf []byte) (int, error) {
if d.offset >= d.size {
return 0, io.EOF
}
@@ -40,25 +47,29 @@ func (d *Decryptor) Read(p []byte) (int, error) {
overhang := d.offset % GCMChunkSize
overhead := int64(d.aead.Overhead())
actualChunkSize := int64(GCMChunkSize + overhead)
actualChunkSize := int64(GCMChunkSize) + overhead
_, err := d.rs.Seek(chunkIdx*actualChunkSize, io.SeekStart)
_, err := d.readSeeker.Seek(chunkIdx*actualChunkSize, io.SeekStart)
if err != nil {
return 0, err
return 0, fmt.Errorf("failed to seek: %w", err)
}
encrypted := make([]byte, actualChunkSize)
n, err := io.ReadFull(d.rs, encrypted)
if err != nil && err != io.ErrUnexpectedEOF {
return 0, err
bytesRead, err := io.ReadFull(d.readSeeker, encrypted)
if err != nil && !errors.Is(err, io.ErrUnexpectedEOF) {
return 0, fmt.Errorf("failed to read encrypted data: %w", err)
}
nonce := make([]byte, NonceSize)
if chunkIdx < 0 {
return 0, fmt.Errorf("invalid chunk index")
}
binary.BigEndian.PutUint64(nonce[4:], uint64(chunkIdx))
plaintext, err := d.aead.Open(nil, nonce, encrypted[:n], nil)
plaintext, err := d.aead.Open(nil, nonce, encrypted[:bytesRead], nil)
if err != nil {
return 0, err
return 0, fmt.Errorf("failed to decrypt: %w", err)
}
if overhang >= int64(len(plaintext)) {
@@ -66,7 +77,7 @@ func (d *Decryptor) Read(p []byte) (int, error) {
}
available := plaintext[overhang:]
nCopied := copy(p, available)
nCopied := copy(buf, available)
d.offset += int64(nCopied)
return nCopied, nil
@@ -74,6 +85,7 @@ func (d *Decryptor) Read(p []byte) (int, error) {
func (d *Decryptor) Seek(offset int64, whence int) (int64, error) {
var abs int64
switch whence {
case io.SeekStart:
abs = offset
@@ -82,11 +94,14 @@ func (d *Decryptor) Seek(offset int64, whence int) (int64, error) {
case io.SeekEnd:
abs = d.size + offset
default:
return 0, errors.New("invalid whence")
return 0, ErrInvalidWhence
}
if abs < 0 {
return 0, errors.New("negative bias")
return 0, ErrNegativeBias
}
d.offset = abs
return abs, nil
}
main.go
+22 -6
View File
@@ -2,27 +2,39 @@ package main
import (
"context"
"errors"
"fmt"
"log/slog"
"net/http"
"os"
"os/signal"
"path/filepath"
"syscall"
"time"
"github.com/skidoodle/safebin/internal/app"
)
const (
permUserRWX = 0o700
serverTimeout = 10 * time.Minute
shutdownTimeout = 10 * time.Second
)
func main() {
cfg := app.LoadConfig()
logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelDebug}))
logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
Level: slog.LevelDebug,
AddSource: true,
}))
logger.Info("Initializing Safebin Server",
"storage_dir", cfg.StorageDir,
"max_file_size", fmt.Sprintf("%dMB", cfg.MaxMB),
)
if err := os.MkdirAll(fmt.Sprintf("%s/tmp", cfg.StorageDir), 0700); err != nil {
tmpDir := filepath.Join(cfg.StorageDir, "tmp")
if err := os.MkdirAll(tmpDir, permUserRWX); err != nil {
logger.Error("Failed to initialize storage directory", "err", err)
os.Exit(1)
}
@@ -41,13 +53,15 @@ func main() {
srv := &http.Server{
Addr: cfg.Addr,
Handler: application.Routes(),
ReadTimeout: 10 * time.Minute,
WriteTimeout: 10 * time.Minute,
ReadTimeout: serverTimeout,
WriteTimeout: serverTimeout,
IdleTimeout: serverTimeout,
}
go func() {
application.Logger.Info("Server is ready and listening", "addr", cfg.Addr)
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
application.Logger.Error("Server failed to start", "err", err)
os.Exit(1)
}
@@ -56,10 +70,12 @@ func main() {
<-ctx.Done()
application.Logger.Info("Shutting down gracefully...")
shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
shutdownCtx, cancel := context.WithTimeout(context.Background(), shutdownTimeout)
defer cancel()
if err := srv.Shutdown(shutdownCtx); err != nil {
application.Logger.Error("Forced shutdown", "err", err)
}
application.Logger.Info("Server stopped")
}