diff --git a/handlers.go b/handlers.go index b7b7286..dcaf097 100644 --- a/handlers.go +++ b/handlers.go @@ -25,7 +25,7 @@ type response struct { Url string `json:"url"` } -func upload(baseDir, domain string) http.HandlerFunc { +func upload(baseDir, domain string, pubkeys []string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { r.Body = http.MaxBytesReader(w, r.Body, MAX_UPLOAD_SIZE) if err := r.ParseMultipartForm(MAX_UPLOAD_SIZE); err != nil { @@ -75,6 +75,11 @@ func upload(baseDir, domain string) http.HandlerFunc { signature := r.FormValue("signature") logrus.WithFields(logrus.Fields{"pubkey": pubkey, "signature": signature}).Debug("form values") + if len(pubkeys) > 0 && !pubkeyIsApproved(pubkey, pubkeys) { + http.Error(w, "pubkey not approved", http.StatusUnauthorized) + return + } + validSig, err := checkSignature(pubkey, signature, shasum[:]) if err != nil { logrus.WithError(err).Error("error checking the signature") @@ -155,3 +160,12 @@ func fileServer(r chi.Router, path string, root http.FileSystem) { fs.ServeHTTP(w, r) }) } + +func pubkeyIsApproved(pubkey string, pubkeys []string) bool { + for _, pk := range pubkeys { + if pk == pubkey { + return true + } + } + return false +} diff --git a/main.go b/main.go index 1a83d25..7799443 100644 --- a/main.go +++ b/main.go @@ -28,6 +28,7 @@ func main() { f.String("dir", "./uploads", "directory to upload and serve files from") f.String("domain", "", "domain files are served from") f.String("log-level", "info", "level of logs to output") + f.StringSlice("pubkey", []string{}, "pubkey to whitelist for uploading files") f.Parse(os.Args[1:]) config, err := getConfiguration(f) @@ -65,7 +66,7 @@ func main() { router.Use(middleware.CleanPath) router.Use(middleware.Logger) router.Use(middleware.Recoverer) - router.Post("/upload", upload(dir, domain)) + router.Post("/upload", upload(dir, domain, config.Strings("pubkey"))) fileServer(router, "/static", http.Dir(dir)) host := fmt.Sprintf("%s:%d", config.String("host"), config.Int("port"))