add password protected pastes
All checks were successful
Build and Deploy Website / build (push) Successful in 4m27s
All checks were successful
Build and Deploy Website / build (push) Successful in 4m27s
This commit is contained in:
@@ -3,3 +3,5 @@ module smpark.in
|
||||
go 1.26.0
|
||||
|
||||
require golang.org/x/time v0.14.0
|
||||
|
||||
require golang.org/x/crypto v0.48.0 // indirect
|
||||
|
||||
@@ -1,2 +1,4 @@
|
||||
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
|
||||
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
|
||||
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
|
||||
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
|
||||
|
||||
@@ -5,6 +5,8 @@ import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type Handlers struct {
|
||||
@@ -20,6 +22,7 @@ type createRequest struct {
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
Expiry int `json:"expiry"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
func writeJSON(w http.ResponseWriter, status int, v any) {
|
||||
@@ -53,10 +56,26 @@ func (h *Handlers) Create(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
var passwordHash string
|
||||
if req.Password != "" {
|
||||
if len(req.Password) > 72 {
|
||||
writeError(w, http.StatusBadRequest, "password exceeds 72 characters")
|
||||
return
|
||||
}
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
writeError(w, http.StatusInternalServerError, "failed to process password")
|
||||
return
|
||||
}
|
||||
passwordHash = string(hash)
|
||||
}
|
||||
|
||||
p := &Paste{
|
||||
Title: req.Title,
|
||||
Content: req.Content,
|
||||
Language: req.Language,
|
||||
Title: req.Title,
|
||||
Content: req.Content,
|
||||
Language: req.Language,
|
||||
PasswordHash: passwordHash,
|
||||
Protected: passwordHash != "",
|
||||
}
|
||||
|
||||
if req.Expiry < 1 || req.Expiry > 10 {
|
||||
@@ -93,6 +112,13 @@ func (h *Handlers) Get(w http.ResponseWriter, r *http.Request) {
|
||||
writeError(w, http.StatusGone, "paste has expired")
|
||||
return
|
||||
}
|
||||
if p.Protected {
|
||||
pw := r.Header.Get("X-Paste-Password")
|
||||
if pw == "" || bcrypt.CompareHashAndPassword([]byte(p.PasswordHash), []byte(pw)) != nil {
|
||||
writeJSON(w, http.StatusForbidden, map[string]any{"protected": true, "error": "password required"})
|
||||
return
|
||||
}
|
||||
}
|
||||
writeJSON(w, http.StatusOK, p)
|
||||
}
|
||||
|
||||
@@ -112,6 +138,13 @@ func (h *Handlers) GetRaw(w http.ResponseWriter, r *http.Request) {
|
||||
http.Error(w, "paste has expired", http.StatusGone)
|
||||
return
|
||||
}
|
||||
if p.Protected {
|
||||
pw := r.Header.Get("X-Paste-Password")
|
||||
if pw == "" || bcrypt.CompareHashAndPassword([]byte(p.PasswordHash), []byte(pw)) != nil {
|
||||
http.Error(w, "password required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
w.Write([]byte(p.Content))
|
||||
|
||||
@@ -10,12 +10,14 @@ import (
|
||||
var ErrNotFound = errors.New("paste not found")
|
||||
|
||||
type Paste struct {
|
||||
ID string `json:"id"`
|
||||
Title string `json:"title"`
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
ExpiresAt *time.Time `json:"expires_at"`
|
||||
ID string `json:"id"`
|
||||
Title string `json:"title"`
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
ExpiresAt *time.Time `json:"expires_at"`
|
||||
PasswordHash string `json:"-"`
|
||||
Protected bool `json:"protected"`
|
||||
}
|
||||
|
||||
type Store struct {
|
||||
|
||||
Reference in New Issue
Block a user