add password protected pastes
All checks were successful
Build and Deploy Website / build (push) Successful in 4m27s
All checks were successful
Build and Deploy Website / build (push) Successful in 4m27s
This commit is contained in:
@@ -3,3 +3,5 @@ module smpark.in
|
||||
go 1.26.0
|
||||
|
||||
require golang.org/x/time v0.14.0
|
||||
|
||||
require golang.org/x/crypto v0.48.0 // indirect
|
||||
|
||||
@@ -1,2 +1,4 @@
|
||||
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
|
||||
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
|
||||
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
|
||||
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
|
||||
|
||||
@@ -5,6 +5,8 @@ import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
type Handlers struct {
|
||||
@@ -20,6 +22,7 @@ type createRequest struct {
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
Expiry int `json:"expiry"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
func writeJSON(w http.ResponseWriter, status int, v any) {
|
||||
@@ -53,10 +56,26 @@ func (h *Handlers) Create(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
var passwordHash string
|
||||
if req.Password != "" {
|
||||
if len(req.Password) > 72 {
|
||||
writeError(w, http.StatusBadRequest, "password exceeds 72 characters")
|
||||
return
|
||||
}
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
writeError(w, http.StatusInternalServerError, "failed to process password")
|
||||
return
|
||||
}
|
||||
passwordHash = string(hash)
|
||||
}
|
||||
|
||||
p := &Paste{
|
||||
Title: req.Title,
|
||||
Content: req.Content,
|
||||
Language: req.Language,
|
||||
Title: req.Title,
|
||||
Content: req.Content,
|
||||
Language: req.Language,
|
||||
PasswordHash: passwordHash,
|
||||
Protected: passwordHash != "",
|
||||
}
|
||||
|
||||
if req.Expiry < 1 || req.Expiry > 10 {
|
||||
@@ -93,6 +112,13 @@ func (h *Handlers) Get(w http.ResponseWriter, r *http.Request) {
|
||||
writeError(w, http.StatusGone, "paste has expired")
|
||||
return
|
||||
}
|
||||
if p.Protected {
|
||||
pw := r.Header.Get("X-Paste-Password")
|
||||
if pw == "" || bcrypt.CompareHashAndPassword([]byte(p.PasswordHash), []byte(pw)) != nil {
|
||||
writeJSON(w, http.StatusForbidden, map[string]any{"protected": true, "error": "password required"})
|
||||
return
|
||||
}
|
||||
}
|
||||
writeJSON(w, http.StatusOK, p)
|
||||
}
|
||||
|
||||
@@ -112,6 +138,13 @@ func (h *Handlers) GetRaw(w http.ResponseWriter, r *http.Request) {
|
||||
http.Error(w, "paste has expired", http.StatusGone)
|
||||
return
|
||||
}
|
||||
if p.Protected {
|
||||
pw := r.Header.Get("X-Paste-Password")
|
||||
if pw == "" || bcrypt.CompareHashAndPassword([]byte(p.PasswordHash), []byte(pw)) != nil {
|
||||
http.Error(w, "password required", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
w.Write([]byte(p.Content))
|
||||
|
||||
@@ -10,12 +10,14 @@ import (
|
||||
var ErrNotFound = errors.New("paste not found")
|
||||
|
||||
type Paste struct {
|
||||
ID string `json:"id"`
|
||||
Title string `json:"title"`
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
ExpiresAt *time.Time `json:"expires_at"`
|
||||
ID string `json:"id"`
|
||||
Title string `json:"title"`
|
||||
Content string `json:"content"`
|
||||
Language string `json:"language"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
ExpiresAt *time.Time `json:"expires_at"`
|
||||
PasswordHash string `json:"-"`
|
||||
Protected bool `json:"protected"`
|
||||
}
|
||||
|
||||
type Store struct {
|
||||
|
||||
@@ -41,6 +41,7 @@ export default function Paste() {
|
||||
const [content, setContent] = useState("");
|
||||
const [language, setLanguage] = useState(LANGUAGE_OPTIONS[0]);
|
||||
const [expiry, setExpiry] = useState(5);
|
||||
const [password, setPassword] = useState("");
|
||||
const [loading, setLoading] = useState(false);
|
||||
const [error, setError] = useState<string | null>(null);
|
||||
|
||||
@@ -60,6 +61,7 @@ export default function Paste() {
|
||||
content,
|
||||
language: language.value,
|
||||
expiry,
|
||||
password: password || undefined,
|
||||
}),
|
||||
});
|
||||
const data = await res.json();
|
||||
@@ -109,6 +111,14 @@ export default function Paste() {
|
||||
options={LANGUAGE_OPTIONS}
|
||||
/>
|
||||
</FormField>
|
||||
<FormField label="Password" description="Optional. Leave blank for a public paste.">
|
||||
<Input
|
||||
type="password"
|
||||
value={password}
|
||||
onChange={(e) => setPassword(e.detail.value)}
|
||||
placeholder="Leave blank for no password"
|
||||
/>
|
||||
</FormField>
|
||||
<FormField label="Expires" description={`${expiry} minute${expiry === 1 ? "" : "s"}`}>
|
||||
<Slider
|
||||
value={expiry}
|
||||
|
||||
@@ -9,6 +9,8 @@ import SpaceBetween from "@cloudscape-design/components/space-between";
|
||||
import Spinner from "@cloudscape-design/components/spinner";
|
||||
import Alert from "@cloudscape-design/components/alert";
|
||||
import ColumnLayout from "@cloudscape-design/components/column-layout";
|
||||
import FormField from "@cloudscape-design/components/form-field";
|
||||
import Input from "@cloudscape-design/components/input";
|
||||
import { CodeView } from "@cloudscape-design/code-view";
|
||||
|
||||
interface Paste {
|
||||
@@ -18,6 +20,7 @@ interface Paste {
|
||||
language: string;
|
||||
created_at: string;
|
||||
expires_at: string | null;
|
||||
protected: boolean;
|
||||
}
|
||||
|
||||
function formatDate(iso: string) {
|
||||
@@ -27,10 +30,13 @@ function formatDate(iso: string) {
|
||||
export default function PasteView() {
|
||||
const { id } = useParams<{ id: string }>();
|
||||
const [paste, setPaste] = useState<Paste | null>(null);
|
||||
const [status, setStatus] = useState<"loading" | "ok" | "notfound" | "expired" | "error">(
|
||||
"loading",
|
||||
);
|
||||
const [status, setStatus] = useState<
|
||||
"loading" | "ok" | "notfound" | "expired" | "error" | "locked"
|
||||
>("loading");
|
||||
const [copied, setCopied] = useState(false);
|
||||
const [passwordInput, setPasswordInput] = useState("");
|
||||
const [passwordError, setPasswordError] = useState<string | null>(null);
|
||||
const [unlocking, setUnlocking] = useState(false);
|
||||
|
||||
useEffect(() => {
|
||||
if (!id) return;
|
||||
@@ -44,6 +50,10 @@ export default function PasteView() {
|
||||
setStatus("expired");
|
||||
return null;
|
||||
}
|
||||
if (res.status === 403) {
|
||||
setStatus("locked");
|
||||
return null;
|
||||
}
|
||||
if (!res.ok) {
|
||||
setStatus("error");
|
||||
return null;
|
||||
@@ -59,6 +69,40 @@ export default function PasteView() {
|
||||
.catch(() => setStatus("error"));
|
||||
}, [id]);
|
||||
|
||||
async function handleUnlock() {
|
||||
if (!id || !passwordInput) return;
|
||||
setUnlocking(true);
|
||||
setPasswordError(null);
|
||||
try {
|
||||
const res = await fetch(`/api/paste/${id}`, {
|
||||
headers: { "X-Paste-Password": passwordInput },
|
||||
});
|
||||
if (res.status === 403) {
|
||||
setPasswordError("Incorrect password.");
|
||||
return;
|
||||
}
|
||||
if (res.status === 404) {
|
||||
setStatus("notfound");
|
||||
return;
|
||||
}
|
||||
if (res.status === 410) {
|
||||
setStatus("expired");
|
||||
return;
|
||||
}
|
||||
if (!res.ok) {
|
||||
setStatus("error");
|
||||
return;
|
||||
}
|
||||
const data = await res.json();
|
||||
setPaste(data);
|
||||
setStatus("ok");
|
||||
} catch {
|
||||
setPasswordError("Network error. Please try again.");
|
||||
} finally {
|
||||
setUnlocking(false);
|
||||
}
|
||||
}
|
||||
|
||||
function handleCopy() {
|
||||
if (!paste) return;
|
||||
navigator.clipboard.writeText(paste.content).then(() => {
|
||||
@@ -103,6 +147,36 @@ export default function PasteView() {
|
||||
);
|
||||
}
|
||||
|
||||
if (status === "locked") {
|
||||
return (
|
||||
<ContentLayout header={<Header variant="h1">Password Required</Header>}>
|
||||
<Container>
|
||||
<SpaceBetween size="m">
|
||||
{passwordError && (
|
||||
<Alert type="error" onDismiss={() => setPasswordError(null)} dismissible>
|
||||
{passwordError}
|
||||
</Alert>
|
||||
)}
|
||||
<FormField label="Password" description="This paste is password-protected.">
|
||||
<Input
|
||||
type="password"
|
||||
value={passwordInput}
|
||||
onChange={(e) => setPasswordInput(e.detail.value)}
|
||||
onKeyDown={(e) => {
|
||||
if (e.detail.key === "Enter") handleUnlock();
|
||||
}}
|
||||
placeholder="Enter password"
|
||||
/>
|
||||
</FormField>
|
||||
<Button variant="primary" onClick={handleUnlock} loading={unlocking}>
|
||||
Unlock
|
||||
</Button>
|
||||
</SpaceBetween>
|
||||
</Container>
|
||||
</ContentLayout>
|
||||
);
|
||||
}
|
||||
|
||||
if (status === "error" || !paste) {
|
||||
return (
|
||||
<ContentLayout header={<Header variant="h1">Error</Header>}>
|
||||
@@ -123,9 +197,11 @@ export default function PasteView() {
|
||||
<Button onClick={handleCopy} iconName={copied ? "status-positive" : "copy"}>
|
||||
{copied ? "Copied!" : "Copy"}
|
||||
</Button>
|
||||
<Button href={`/api/paste/${id}/raw`} target="_blank" iconName="external">
|
||||
Raw
|
||||
</Button>
|
||||
{!paste.protected && (
|
||||
<Button href={`/api/paste/${id}/raw`} target="_blank" iconName="external">
|
||||
Raw
|
||||
</Button>
|
||||
)}
|
||||
</SpaceBetween>
|
||||
}
|
||||
>
|
||||
|
||||
Reference in New Issue
Block a user