From 37c250d538893ff8178bd9c9e4dde225a991ce76 Mon Sep 17 00:00:00 2001 From: Alexander Kiryukhin Date: Thu, 18 Mar 2021 03:01:46 +0300 Subject: pevent access from messengers --- internal/storer/storer.go | 6 +++++- main.go | 23 +++++++++++++++++++++-- public/css/index.css | 4 ++-- templates/includes/layout.gohtml | 1 + templates/pages/memo.gohtml | 14 ++++++++++---- templates/pages/norfoundinline.gohtml | 2 ++ templates/pages/notfound.gohtml | 9 ++------- templates/pages/save.gohtml | 3 ++- templates/pages/secret.gohtml | 6 ++++++ 9 files changed, 51 insertions(+), 17 deletions(-) create mode 100644 templates/pages/norfoundinline.gohtml create mode 100644 templates/pages/secret.gohtml diff --git a/internal/storer/storer.go b/internal/storer/storer.go index b8b4ffd..99da8b8 100644 --- a/internal/storer/storer.go +++ b/internal/storer/storer.go @@ -65,7 +65,11 @@ func (s *Store) IsEncrypted(id string) (bool, error) { var encrypted bool return encrypted, s.db.View(func(txn *badger.Txn) error { - value, err := txn.Get([]byte(id)) + uid, err := xid.FromString(id) + if err != nil { + return err + } + value, err := txn.Get(uid.Bytes()) if err != nil { return err } diff --git a/main.go b/main.go index f3a9c22..0cf0827 100644 --- a/main.go +++ b/main.go @@ -102,18 +102,37 @@ func main() { r.Get("/s/{id}", func(rw http.ResponseWriter, r *http.Request) { id := chi.URLParam(r, "id") - secret, err := s.Get(id, "") if err != nil { log.Println(err) _ = tpl.Render("notfound.gohtml", nil, rw) return } - if err := tpl.Render("memo.gohtml", renderer.Map{"secret": secret}, rw); err != nil { + _, err := s.IsEncrypted(id) + if err != nil { + log.Println(err) + _ = tpl.Render("notfound.gohtml", nil, rw) + return + } + if err := tpl.Render("memo.gohtml", renderer.Map{"id": id}, rw); err != nil { log.Println(err) _ = tpl.Render("error.gohtml", nil, rw) } }) + r.Get("/api/s/{id}", func(rw http.ResponseWriter, r *http.Request) { + id := chi.URLParam(r, "id") + secret, err := s.Get(id, "") + if err != nil { + log.Println(err) + _ = tpl.Render("notfoundinline.gohtml", nil, rw) + return + } + if err := tpl.Render("secret.gohtml", renderer.Map{"secret": secret}, rw); err != nil { + log.Println(err) + _ = tpl.Render("notfoundinline.gohtml", nil, rw) + } + }) + filesDir := http.Dir(filepath.Join(workDir, "public")) r.Get("/*", func(w http.ResponseWriter, r *http.Request) { diff --git a/public/css/index.css b/public/css/index.css index db341af..a304ed4 100644 --- a/public/css/index.css +++ b/public/css/index.css @@ -141,7 +141,7 @@ form label { align-items: center; } -input, textarea { +input, textarea, button { background-color: var(--background-secondary); color: var(--text); border: 1px solid var(--border); @@ -158,7 +158,7 @@ label { padding: 8px; } -input:active { +input:active, textarea:active, button:active { background-color: rgb(33, 33, 38); } diff --git a/templates/includes/layout.gohtml b/templates/includes/layout.gohtml index adebd99..03cf430 100644 --- a/templates/includes/layout.gohtml +++ b/templates/includes/layout.gohtml @@ -8,6 +8,7 @@ SendSafe + diff --git a/templates/pages/memo.gohtml b/templates/pages/memo.gohtml index 804d7b7..e981266 100644 --- a/templates/pages/memo.gohtml +++ b/templates/pages/memo.gohtml @@ -3,10 +3,16 @@

Secret:

- Warning! This text already deleted from server! If you refresh or close page - secret will be completely lost! -
- 
{{.secret}}
-
+
+ + Loading... +
diff --git a/templates/pages/norfoundinline.gohtml b/templates/pages/norfoundinline.gohtml new file mode 100644 index 0000000..32c2f62 --- /dev/null +++ b/templates/pages/norfoundinline.gohtml @@ -0,0 +1,2 @@ +

Not found.

+

Link expired or already viewed.

diff --git a/templates/pages/notfound.gohtml b/templates/pages/notfound.gohtml index 911f8e1..d1b6e85 100644 --- a/templates/pages/notfound.gohtml +++ b/templates/pages/notfound.gohtml @@ -1,10 +1,5 @@ {{template "layout.gohtml" .}} {{define "content"}} -
-
-

Not found.

-

Link expired or already viewed.

- -
-
+

Not found.

+

Link expired or already viewed.

{{ end }} diff --git a/templates/pages/save.gohtml b/templates/pages/save.gohtml index f940502..2b427f6 100644 --- a/templates/pages/save.gohtml +++ b/templates/pages/save.gohtml @@ -5,7 +5,8 @@

Saved

Secret url:
- https://sendsafe.xyz/s/{{.id}} +

https://sendsafe.xyz/s/{{.id}}

+

Send this link to recepient. This link can be viewed only once!

diff --git a/templates/pages/secret.gohtml b/templates/pages/secret.gohtml new file mode 100644 index 0000000..94af286 --- /dev/null +++ b/templates/pages/secret.gohtml @@ -0,0 +1,6 @@ +Warning! This text already deleted from server! If you refresh or close page - secret will be completely lost! +
+
+    {{.secret}}
+
+
-- cgit v1.2.3