--- a/once.pl Fri Dec 25 22:31:06 2015 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,356 +0,0 @@
-#! /usr/bin/perl -T
-# FIXME: UPDATE {{
-# Example .htaccess
-# | Options -Indexes
-# | <Files once.pl>
-# | AuthType Basic
-# | AuthName upload
-# | Require valid-user
-# | AuthUserFile /home/heiko/public_html/.passwd
-# | </Files>
-#
-# Je nach Permission-Lage kann es gut sein, daß das upload.d-Verzeichnis
-# mit der Hand angelegt werden muß und dem Webserver-Nutzer „geschenkt“
-# werden muß.
-#
-# Das Upload-Verzeichnis sollte natuerlich vor der Indizierung geschuetzt
-# werden - siehe Beispiel .htaccess.
-#
-# Eventuell in der Apache-Config sowas wie
-# ScriptAlias /ud /home/ud/XXX/once.pl
-# Alias /d /home/ud/XXX/d/
-# gesetzt werden.
-#
-# }}
-#
-
-# TODO: Security review!
-
-use 5.018;
-use strict;
-use warnings;
-use IO::File;
-use CGI qw(param upload);
-use CGI::Carp qw(fatalsToBrowser);
-use FindBin qw($RealBin);
-use File::Basename;
-use File::Path qw(remove_tree make_path);
-use File::Spec::Functions;
-use File::MimeInfo qw(mimetype);
-use Cwd qw(getcwd realpath);
-use Digest::MD5 qw(md5_hex md5);
-use Template;
-use experimental qw(smartmatch lexical_topic);
-
-sub humanize; # convert numbers to human readable format
-sub deletedir; # safely delete directories
-sub confirm; # ask for user confirmation (HTML)
-sub deslash; # cleanup a path name
-sub gen_uuid; # create a uniq identifier
-sub base62;
-sub md5_base62 { ... }
-sub untaint;
-
-my $rxVIEW = qr/[a-z\d]{6}-[a-z\d]+/i; # date-userhash
-my $rxFILE = qr/[a-z\d]{6}-[a-z\d]+-./i; # date-filehash-deletemode
-
-my $TT_CONFIG =
- { INCLUDE_PATH =>
- [map { catfile($RealBin, $_) } qw(var templates.override templates)] };
-
-umask 077;
-
-# The working (var) directory gets passed to us via ONCE_VAR environment
-# FIXME: Should we allow the current directory as an alternative?
-
-die "Environment ONCE_VAR needs to be defined\n"
- if not defined $ENV{ONCE_VAR};
-my $VAR = untaint($ENV{ONCE_VAR}, qr((^/.*)));
-
-exit main() if not caller;
-
-sub main {
-
- # Handle the UPLOAD / VIEW request
- # per view (user) we have an own directory
-
- # pre condition checks
- -d $VAR
- or mkdir $VAR => 0777
- or die "Can't mkdir $VAR: $! (your admin should have created it)\n";
-
- -x -w $VAR
- or die "Can't write to $VAR: $!\n";
-
- # Download?
- # PATH_INFO is something like
- # /once/hDOPzMJMY0p/3fLjYmbYlGk-1450284310-d/boot.dot
- # |-VIEW-----| |-BASE-|
- # |-STORE----------------------------|
- # … |-PATH--------------------------------------|
- if ($ENV{PATH_INFO} =~
- m{/(?<path>(?<store>(?<view>$rxVIEW)/$rxFILE)/(?<base>.*))})
- {
- # use Data::Dumper;
- # die Dumper \%+;
- my $view = deslash realpath catfile $VAR, $+{view};
- my $store = deslash realpath catfile $VAR, $+{store};
- my $file = deslash realpath catfile $VAR, $+{path};
- my $base = $+{base};
-
- unless (-f $file) {
- print header('text/plain', '404 Not found'), 'Not found';
- exit 0;
- }
-
- my $mimetype = mimetype($file);
- confirm $base, $mimetype
- if $store =~ /-d$/ and not defined param('confirmed');
-
- open my $f, '<', $file or die "Can't open <`$file`: $!\n";
- remove_tree $1 if $store =~ m(^(/.*-d)$);
- rmdir $1 if $view =~ m(^(/.*));
-
- print header(-type => $mimetype, -charset => 'UTF-8');
- if (request_method() ~~ [qw(GET POST)]) {
- local $/ = \do { 1 * 2**20 }; # 1 MB Buffer
- print while <$f>;
- }
- exit 0;
-
- }
-
- # Setup the essentials: view and user_dir
- my ($view, $user_dir) = do {
-
- # view: display name
- # anonymous | hans | …
- # user_dir: the directory name, becomes part of the
- # link, later
- # /var/lib/once/1AaIF9-1KF
- # `--> base62 of a random value, may
- # be shorter than 3 digits
- # `-----> base62 of a unix time stamp,
- # number of digits will be 6 for the
- # forseeable future
- # NOTE: if you change the generated user_dir string here, you may need
- # to adapt the patterns $rxVIEW and $rxFILE at the beginning of
- # the script.
- #
- my ($v, $d);
- if ($ENV{REMOTE_USER} =~ /^\s*(.+)\s*$/) {
-
- # Known users get a directory name based user name.
- # Yes, if somebody can guess the user names, they can guess
- # the directory names too. But they can't guess the
- # completly randomly named files in there.
- $d = join '-' => base62(time), md5_base62($1);
- $v = $1;
- }
- else {
- # Anonymous get an timestamp()-rand(1000) directory
- $d = join '-' => base62(time), base62(rand(10_000));
- $v = 'anonymous';
- }
- $v, deslash catfile($VAR, $d);
- };
-
- # Handle the removal request and we're done
- if (param('delete') =~ m{(?<store>(?<view>$rxVIEW)/$rxFILE/?)}) {
-
- # FIXME: sanitization
- my $store = deslash catfile $VAR, $+{store};
- my $view = deslash catfile $VAR, $+{view};
- remove_tree $1 if $store =~ m(^(/.*));
- rmdir $1 if $view =~ m(^(/.*));
- print redirect(-uri => url(-path_info => 1));
- exit 0;
- }
-
- # save the uploaded file
-
- if (length(my $file = param('upload'))) {
- my $upload_fh = upload('upload');
- my $uuid = gen_uuid();
- my ($delete, $expires, $days) = do {
- my ($d, $e);
- my $days = param('expires') // 0;
-
- # sanitize expires
- $days =~ /.*?([+-]?\d+).*/;
- $days = $1 // 10;
- $e = base62 time + $days * 86400;
-
- if ($days == 0) { $d = 'd' } # at first [d]ownload
- elsif ($days < 0) { $d = 'm' } # only [m]anually
- else { $d = 'e' } # if expired
- ($d, $e, $days);
- };
-
- # sanitize the filename
- my $filename = do {
- $file =~ tr /\\/\//;
- $file =~ /(.*)/;
- $1;
- };
-
- my $dir = catfile($user_dir, "$expires-$uuid-$delete");
- make_path($dir);
- {
- my $outfh = new IO::File "$dir/$filename", 'w'
- or die "Can't create $dir/$filename: $!\n";
- print {$outfh} <$upload_fh>;
- }
-
- if (not $delete ~~ [qw(d m)]
- and my $atfh = new IO::File("|at now + $days days"))
- {
- print {$atfh}
- "rm -f \"$dir/$filename\"\n",
- "rmdir \"$dir\"\n";
- close $atfh;
- }
-
- }
-
- # create the view
- my %tt = (view => $view);
- my $tt = Template->new($TT_CONFIG)
- or die $Template::ERROR;
-
- # List the current content
- if (my @files = map { deslash $_ } glob "$user_dir/*-*/*") {
-
- foreach (map { /(.*)/ } sort { -M $a <=> -M $b } @files) {
-
- my %file;
-
- my ($file, $dir) = fileparse($_);
- $dir = substr $dir,
- length $VAR; # make it relative to $VAR
-
- # FIXME: use the rx* patterns from above
- $dir =~ m{/(?<expires>[a-z\d]{6})-(?<hash>[a-z\d]+)-(?<delete>.)}i
- or next;
- my ($hash, $expires, $delete) = @{+}{qw/hash expires delete/};
- if (${expires} <= time and $delete eq 'e') {
- /(.*)/;
- unlink $_ or die "Can't unlik $_: $!\n";
- rmdir $dir or die "Can't rmdir $dir: $!\n";
- next;
- }
-
- my $d;
- if ($delete eq 'e') {
- $d = localtime ${expires};
- }
- elsif ($delete eq 'd') {
- $d = 'unmittelbar nach Download';
- }
- else {
- $d = 'nur manuell';
- }
-
- $file{name} = $file;
- $file{link} = "$ENV{PATH_INFO}/$dir$file";
- $file{size} = humanize -s $_;
- $file{uploaded} = (stat _)[9];
- $file{removal}{type} = $d;
- $file{removal}{link} = "?delete=$dir";
-
- push @{ $tt{files} }, \%file;
- }
-
- }
- $tt->process('inventory.html', \%tt) or die $tt->error();
- return 0;
-}
-
-sub deletedir {
- remove_tree
- map { /^(\/.*)/ }
- grep { /^\Q$VAR\E/ } @_;
-}
-
-sub humanize {
- my $_ = shift;
- my @units = qw(B K M G T);
- while (length int > 3 and @units) {
- $_ = sprintf "%.1f" => $_ / 1024;
- shift @units;
- }
- croak "filesize is too big (can't convert to human readable number)"
- if !@units;
- return "$_$units[0]";
-}
-
-sub deslash { $_[0] =~ s{/+}{/}gr }
-
-sub confirm {
- my ($base, $mimetype) = @_;
- my %tt = (
- file => {
- name => $base,
- mimetype => $mimetype
- }
- );
- my $tt = Template->new($TT_CONFIG)
- or die $Template::ERROR;
- $tt->process('confirm.html' => \%tt);
- exit 0;
-}
-
-sub unbase62 {
- my @digits = reverse split '', shift;
- state $value = do {
- my %value;
- for (
- my ($symbol, $value) = (base62(0), 0) ;
- length($symbol) == 1 ;
- $symbol = base62 ++$value
- )
- {
- $value{$symbol} = $value;
- }
- \%value;
- };
- state $base = scalar keys %$value;
-
- my $unbase62 = 0;
- while (my ($p, $symbol) = each @digits) {
- $unbase62 += $value->{$symbol} * $base**$p;
- }
- return $unbase62;
-}
-
-sub base62 {
- my $n = shift // $_;
- die 'input is >MAXINT' if $n == $n - 1 or $n == $n + 1;
- state $digits = [0 .. 9, 'a' .. 'z', 'A' .. 'Z'];
- state $base = @$digits;
- my @result;
-
- for (; $n >= $base ; $n = int($n / $base)) {
- my $mod = $n % $base;
- unshift @result, $digits->[$mod];
- }
- unshift @result, $digits->[$n];
- join '', @result;
-}
-
-sub untaint {
- my ($_, $rx) = (@_, qr((\w+)));
- /$rx/;
- die sprintf("%s:%s:%d: untaint('%s', %s): not defined\n", caller, $_, $rx)
- if not defined $1;
- return $1;
-}
-
-sub gen_uuid {
-
- #open my $f, '/dev/urandom' or croak;
- #read $f, my($_), 128/8;
- #/^(.*)$/;
- #die join '-', map { base62 $_ } unpack 'Q*', $1;
- return base62 int rand(2**64);
-}