brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: brammie15:a7541b322b9e67f1738a45945dd996d9d86a33fb
Branches Tags
brammie15:master brammie15:important-tests brammie15:csrf-tokens
..
compare: brammie15:important-tests
Branches Tags
brammie15:master brammie15:important-tests brammie15:csrf-tokens

1 Commits
a7541b322b ... important-

Author SHA1 Message Date
root
7b1293bb6f Add tests for auth, rate limiting, security, and util 2026-03-24 13:46:44 +01:00
33 changed files with 602 additions and 2054 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -1,4 +1,3 @@
uploads/** uploads/**
data/** data/**
logs/** logs/**
tmp/**

1
.gitignore vendored
View File

@@ -2,5 +2,4 @@
data/** data/**
uploads/** uploads/**
tmp/**
.env .env

6
Dockerfile
View File

@@ -1,6 +1,5 @@
FROM golang:1.26-alpine AS builder FROM golang:1.26-alpine AS builder
ARG GIT_COMMIT=dev
WORKDIR /app WORKDIR /app
@@ -14,7 +13,7 @@ COPY . .
ENV CGO_ENABLED=1 ENV CGO_ENABLED=1
ENV GIN_MODE=release ENV GIN_MODE=release
RUN go build -ldflags "-X ResendIt/internal/buildinfo.Commit=${GIT_COMMIT}" -o app ./cmd/server RUN go build -o app ./cmd/server
FROM alpine:latest FROM alpine:latest
@@ -25,12 +24,11 @@ RUN apk add --no-cache ca-certificates tzdata
COPY --from=builder /app/app . COPY --from=builder /app/app .
COPY --from=builder /app/templates ./templates COPY --from=builder /app/templates ./templates
COPY --from=builder /app/static ./static COPY --from=builder /app/static ./static
COPY --from=builder /app/.env ./
RUN mkdir -p /app/uploads RUN mkdir -p /app/uploads
RUN mkdir -p /app/tmp
RUN adduser -D appuser RUN adduser -D appuser
RUN chown -R appuser:appuser /app
USER appuser USER appuser
ENV GIN_MODE=release ENV GIN_MODE=release

115
Jenkinsfile vendored
View File

@@ -1,115 +0,0 @@
pipeline {
agent any
options {
timestamps()
disableConcurrentBuilds()
}
environment {
REGISTRY = "git.brammie15.dev"
IMAGE_NAME = "brammie15/resendit"
REGISTRY_CREDS = "registry-creds"
IMAGE = "${REGISTRY}/${IMAGE_NAME}"
DD_URL = "https://DD.brammie15.dev"
DD_API_KEY = credentials('dd-api-key')
NVD_API_KEY = credentials("nvd-api-key")
}
stages {
stage('Debug') {
steps {
sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
}
}
stage('Checkout') {
steps {
checkout scm
}
}
// stage('SAST - Semgrep') {
// steps {
// sh """
// docker run --rm -v "\$(pwd):/src" \
// returntocorp/semgrep:latest \
// semgrep scan --config=auto --debug \
// --json --output /src/semgrep.json \
// /src/internal /src/cmd || true
//
// echo "After semgrep:"
// ls -la
// """
// }
// }
//
// stage('Upload to DefectDojo') {
// steps {
// sh """
// curl -X POST "${DD_URL}/api/v2/import-scan/" \
// -H "Authorization: Token ${DD_API_KEY}" \
// -F "scan_type=Semgrep JSON Report" \
// -F "file=@\$(pwd)/semgrep.json" \
// -F "product_name=Sendit" \
// -F "engagement_name=Jenkins-CI" \
// -F "auto_create_context=true" \
// -F "close_old_findings=true"
// """
// }
// }
stage('Build image') {
steps {
script {
def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
env.IMAGE_TAG_SHA = shortSha
sh """
docker build \
--build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
-t ${IMAGE}:${IMAGE_TAG_SHA} .
"""
}
}
}
stage('Login to registry') {
steps {
withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin'
}
}
}
stage('Push image') {
steps {
script {
sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
docker push ${IMAGE}:${safeBranch}
"""
if (branch == 'master') {
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
docker push ${IMAGE}:latest
"""
}
}
}
}
}
post {
always {
sh 'docker logout ${REGISTRY} || true'
sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
sh 'docker image prune -f || true'
// sh 'rm -f semgrep.sarif || true'
}
}
}

45
cmd/server/main.go
View File

@@ -3,7 +3,6 @@ package main
import ( import (
"ResendIt/internal/api/middleware" "ResendIt/internal/api/middleware"
"ResendIt/internal/auth" "ResendIt/internal/auth"
"ResendIt/internal/config"
"ResendIt/internal/db" "ResendIt/internal/db"
"ResendIt/internal/file" "ResendIt/internal/file"
"ResendIt/internal/user" "ResendIt/internal/user"
@@ -33,23 +32,12 @@ func main() {
panic(fmt.Errorf("failed to connect database: %w", err)) panic(fmt.Errorf("failed to connect database: %w", err))
} }
err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{}, &config.ConfigEntry{}) err = dbCon.AutoMigrate(&user.User{}, &file.FileRecord{})
if err != nil { if err != nil {
fmt.Printf("Error migrating database: %v\n", err) fmt.Printf("Error migrating database: %v\n", err)
return return
} }
// create temp folder
path := "./tmp"
if os.IsExist(os.Mkdir(path, os.ModePerm)) {
fmt.Printf("Temp folder already exists, skipping creation\n")
} else {
if err := os.MkdirAll(path, os.ModePerm); err != nil {
fmt.Printf("Error creating temp folder: %v\n", err)
return
}
}
r := gin.Default() r := gin.Default()
r.MaxMultipartMemory = 10 << 30 r.MaxMultipartMemory = 10 << 30
@@ -81,37 +69,22 @@ func main() {
userService := user.NewService(userRepo) userService := user.NewService(userRepo)
userHandler := user.NewHandler(userService) userHandler := user.NewHandler(userService)
configRepo := config.NewRepository(dbCon)
configService := config.NewService(configRepo)
if err := configService.EnsureDefaults(); err != nil {
panic(fmt.Errorf("failed to ensure config defaults: %w", err))
}
fileRepo := file.NewRepository(dbCon) fileRepo := file.NewRepository(dbCon)
fileService := file.NewService(fileRepo, "./uploads") fileService := file.NewService(fileRepo, "./uploads")
fileHandler := file.NewHandler(fileService, configService) fileHandler := file.NewHandler(fileService)
createAdminUser(userService) createAdminUser(userService)
apiRoute := r.Group("/api") apiRoute := r.Group("/api")
// General API rate limiting to reduce abuse/spam. // General API rate limiting to reduce abuse/spam.
apiRoute.Use(middleware.RateLimitByIPDynamic( // ~60 req/min per IP with some burst room.
func() int { apiRoute.Use(middleware.RateLimitByIP(60, time.Minute, 30, 5*time.Minute))
return configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute)
},
time.Minute,
func() int {
return configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst)
},
5*time.Minute,
))
auth.RegisterRoutes(apiRoute, authHandler, configService) auth.RegisterRoutes(apiRoute, authHandler)
user.RegisterRoutes(apiRoute, userHandler) user.RegisterRoutes(apiRoute, userHandler)
file.RegisterRoutes(apiRoute, fileHandler) file.RegisterRoutes(apiRoute, fileHandler)
webHandler := web.NewHandler(fileService, configService) webHandler := web.NewHandler(fileService)
web.RegisterRoutes(r, webHandler, userService) web.RegisterRoutes(r, webHandler, userService)
port := os.Getenv("PORT") port := os.Getenv("PORT")
@@ -119,12 +92,6 @@ func main() {
port = "8080" port = "8080"
} }
domain := os.Getenv("DOMAIN")
if domain == "" {
domain = "http://localhost:" + port + "/"
os.Setenv("DOMAIN", domain)
}
err = r.Run(":" + port) err = r.Run(":" + port)
if err != nil { if err != nil {
return return

35
internal/api/middleware/ratelimit.go
View File

@@ -48,8 +48,6 @@ func (b *tokenBucket) allow() bool {
type ipClient struct { type ipClient struct {
bucket *tokenBucket bucket *tokenBucket
max int
burst int
lastSeen time.Time lastSeen time.Time
} }
@@ -60,12 +58,6 @@ type ipClient struct {
// burst: optional burst capacity (defaults to max if <=0) // burst: optional burst capacity (defaults to max if <=0)
// ttl: how long to keep idle IP buckets around // ttl: how long to keep idle IP buckets around
func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin.HandlerFunc { func RateLimitByIP(max int, per time.Duration, burst int, ttl time.Duration) gin.HandlerFunc {
return RateLimitByIPDynamic(func() int { return max }, per, func() int { return burst }, ttl)
}
// RateLimitByIPDynamic is like RateLimitByIP but reads max/burst dynamically.
// This allows changing limits at runtime (e.g. from an admin config page).
func RateLimitByIPDynamic(maxFn func() int, per time.Duration, burstFn func() int, ttl time.Duration) gin.HandlerFunc {
var ( var (
mu sync.Mutex mu sync.Mutex
clients = make(map[string]*ipClient) clients = make(map[string]*ipClient)
@@ -94,46 +86,25 @@ func RateLimitByIPDynamic(maxFn func() int, per time.Duration, burstFn func() in
} }
} }
getClient := func(ip string, now time.Time, max int, burst int) *ipClient { getClient := func(ip string, now time.Time) *ipClient {
mu.Lock() mu.Lock()
defer mu.Unlock() defer mu.Unlock()
c, ok := clients[ip] c, ok := clients[ip]
if !ok { if !ok {
c = &ipClient{bucket: newTokenBucket(max, per, burst), max: max, burst: burst, lastSeen: now} c = &ipClient{bucket: newTokenBucket(max, per, burst), lastSeen: now}
clients[ip] = c clients[ip] = c
return c return c
} }
c.lastSeen = now c.lastSeen = now
// If settings changed, reset the bucket.
if c.max != max || c.burst != burst {
c.bucket = newTokenBucket(max, per, burst)
c.max = max
c.burst = burst
}
return c return c
} }
return func(c *gin.Context) { return func(c *gin.Context) {
// Kinda a shitty fix
if c.FullPath() == "/api/files/upload/chunk" || c.FullPath() == "/api/files/upload/init" || c.FullPath() == "/api/files/upload/complete" {
c.Next()
return
}
now := time.Now() now := time.Now()
cleanup(now) cleanup(now)
ip := c.ClientIP() ip := c.ClientIP()
max := maxFn() client := getClient(ip, now)
if max <= 0 {
max = 1
}
burst := burstFn()
if burst <= 0 {
burst = max
}
client := getClient(ip, now, max, burst)
if !client.bucket.allow() { if !client.bucket.allow() {
c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{ c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{

64
internal/api/middleware/ratelimit_test.go Normal file
View File

@@ -0,0 +1,64 @@
package middleware
import (
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/gin-gonic/gin"
)
func TestRateLimitByIP_BlocksAfterLimit(t *testing.T) {
gin.SetMode(gin.TestMode)
r := gin.New()
// 1 request per hour, burst 1 => second immediate request should 429.
r.Use(RateLimitByIP(1, time.Hour, 1, time.Minute))
r.GET("/", func(c *gin.Context) { c.String(200, "ok") })
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.RemoteAddr = "203.0.113.10:1234"
w1 := httptest.NewRecorder()
r.ServeHTTP(w1, req)
if w1.Code != http.StatusOK {
t.Fatalf("first request code = %d, want %d", w1.Code, http.StatusOK)
}
w2 := httptest.NewRecorder()
r.ServeHTTP(w2, req)
if w2.Code != http.StatusTooManyRequests {
t.Fatalf("second request code = %d, want %d", w2.Code, http.StatusTooManyRequests)
}
}
func TestRateLimitByIP_AllowsBurst(t *testing.T) {
gin.SetMode(gin.TestMode)
r := gin.New()
// 1 per hour, but burst 2 => first two immediate requests should pass.
r.Use(RateLimitByIP(1, time.Hour, 2, time.Minute))
r.GET("/", func(c *gin.Context) { c.String(200, "ok") })
req := httptest.NewRequest(http.MethodGet, "/", nil)
req.RemoteAddr = "203.0.113.11:1234"
w1 := httptest.NewRecorder()
r.ServeHTTP(w1, req)
if w1.Code != http.StatusOK {
t.Fatalf("first request code = %d, want %d", w1.Code, http.StatusOK)
}
w2 := httptest.NewRecorder()
r.ServeHTTP(w2, req)
if w2.Code != http.StatusOK {
t.Fatalf("second request code = %d, want %d", w2.Code, http.StatusOK)
}
w3 := httptest.NewRecorder()
r.ServeHTTP(w3, req)
if w3.Code != http.StatusTooManyRequests {
t.Fatalf("third request code = %d, want %d", w3.Code, http.StatusTooManyRequests)
}
}

19
internal/auth/routes.go
View File

@@ -2,30 +2,17 @@ package auth
import ( import (
"ResendIt/internal/api/middleware" "ResendIt/internal/api/middleware"
"ResendIt/internal/config"
"time" "time"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
type ConfigService interface { func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
GetIntDefault(key string, def int) int
}
func RegisterRoutes(r *gin.RouterGroup, h *Handler, cfg ConfigService) {
auth := r.Group("/auth") auth := r.Group("/auth")
// Stricter rate limit on login to reduce brute-force / log spam. // Stricter rate limit on login to reduce brute-force / log spam.
auth.POST("/login", middleware.RateLimitByIPDynamic( // 5 attempts per minute per IP, burst 10.
func() int { auth.POST("/login", middleware.RateLimitByIP(5, time.Minute, 10, 15*time.Minute), h.Login)
return cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute)
},
time.Minute,
func() int {
return cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst)
},
15*time.Minute,
), h.Login)
protected := auth.Group("/") protected := auth.Group("/")
protected.Use(middleware.AuthMiddleware()) protected.Use(middleware.AuthMiddleware())

82
internal/auth/service_test.go Normal file
View File

@@ -0,0 +1,82 @@
package auth
import (
"ResendIt/internal/security"
"ResendIt/internal/user"
"testing"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
)
func TestServiceLogin_InvalidUserDoesNotEnumerate(t *testing.T) {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
if err != nil {
t.Fatalf("open sqlite: %v", err)
}
if err := db.AutoMigrate(&user.User{}); err != nil {
t.Fatalf("migrate: %v", err)
}
svc := NewService(NewRepository(db))
_, err = svc.Login("does-not-exist", "whatever")
if err != ErrInvalidCredentials {
t.Fatalf("expected ErrInvalidCredentials for missing user, got %v", err)
}
}
func TestServiceLogin_WrongPassword(t *testing.T) {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
if err != nil {
t.Fatalf("open sqlite: %v", err)
}
if err := db.AutoMigrate(&user.User{}); err != nil {
t.Fatalf("migrate: %v", err)
}
hash, err := security.HashPassword("right")
if err != nil {
t.Fatalf("hash: %v", err)
}
u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
if err := db.Create(&u).Error; err != nil {
t.Fatalf("create user: %v", err)
}
svc := NewService(NewRepository(db))
_, err = svc.Login("alice", "wrong")
if err != ErrInvalidCredentials {
t.Fatalf("expected ErrInvalidCredentials for wrong password, got %v", err)
}
}
func TestServiceLogin_SuccessReturnsJWT(t *testing.T) {
db, err := gorm.Open(sqlite.Open(":memory:"), &gorm.Config{})
if err != nil {
t.Fatalf("open sqlite: %v", err)
}
if err := db.AutoMigrate(&user.User{}); err != nil {
t.Fatalf("migrate: %v", err)
}
hash, err := security.HashPassword("right")
if err != nil {
t.Fatalf("hash: %v", err)
}
u := user.User{Username: "alice", PasswordHash: hash, Role: "user"}
if err := db.Create(&u).Error; err != nil {
t.Fatalf("create user: %v", err)
}
svc := NewService(NewRepository(db))
token, err := svc.Login("alice", "right")
if err != nil {
t.Fatalf("expected success, got error: %v", err)
}
if token == "" {
t.Fatalf("expected non-empty jwt token")
}
}

7
internal/buildinfo/buildinfo.go
View File

@@ -1,7 +0,0 @@
package buildinfo
// Commit is the git commit SHA the binary was built from.
//
// Set at build time via:
// -ldflags "-X ResendIt/internal/buildinfo.Commit=<sha>"
var Commit = "dev"

58
internal/config/defaults.go
View File

@@ -1,58 +0,0 @@
package config
import "strconv"
const (
KeyModtext = "modt"
KeyUploadMaxFileSizeBytes = "upload.max_file_size_bytes"
KeyUploadMultiMaxFiles = "upload.multi.max_files"
KeyUploadMaxHours = "upload.max_hours"
KeyRateLimitLoginPerMinute = "ratelimit.login.per_minute"
KeyRateLimitApiPerMinute = "ratelimit.api.per_minute"
KeyRateLimitApiBurst = "ratelimit.api.burst"
KeyRateLimitLoginBurst = "ratelimit.login.burst"
KeyUseNtfy = "use_ntfy"
KeyNtfyUrl = "ntfy.url"
KeyNtfyTopic = "ntfy.topic"
)
// Defaults (used when DB does not have an override)
const (
DefaultModt = "A_SERVICE_BY_BRAMMIE15"
DefaultUploadMaxFileSizeBytes int64 = 10 << 30 // 10 GiB (matches MaxMultipartMemory intent)
DefaultUploadMultiMaxFiles = 50
DefaultUploadMaxHours = 24 * 7 // 7 days
DefaultRateLimitLoginPerMinute = 5
DefaultRateLimitLoginBurst = 10
DefaultRateLimitApiPerMinute = 60
DefaultRateLimitApiBurst = 30
DefaultUseNtfy = 0
DefaultNtfyUrl = ""
DefaultNtfyTopic = ""
)
// DefaultKeyValues returns a map of config keys to their default string values, for use when initializing the database.
// Code duplication be dammed
func DefaultKeyValues() map[string]string {
return map[string]string{
KeyModtext: DefaultModt,
KeyUploadMaxFileSizeBytes: strconv.FormatInt(DefaultUploadMaxFileSizeBytes, 10),
KeyUploadMultiMaxFiles: strconv.Itoa(DefaultUploadMultiMaxFiles),
KeyUploadMaxHours: strconv.Itoa(DefaultUploadMaxHours),
KeyRateLimitLoginPerMinute: strconv.Itoa(DefaultRateLimitLoginPerMinute),
KeyRateLimitLoginBurst: strconv.Itoa(DefaultRateLimitLoginBurst),
KeyRateLimitApiPerMinute: strconv.Itoa(DefaultRateLimitApiPerMinute),
KeyRateLimitApiBurst: strconv.Itoa(DefaultRateLimitApiBurst),
KeyUseNtfy: strconv.Itoa(DefaultUseNtfy),
KeyNtfyUrl: DefaultNtfyUrl,
KeyNtfyTopic: DefaultNtfyTopic,
}
}

18
internal/config/model.go
View File

@@ -1,18 +0,0 @@
package config
import "time"
// ConfigEntry stores runtime-tunable configuration in the database.
// Values are stored as strings but helpers exist for ints/bools/durations.
//
// Example keys:
// - upload.max_file_size_bytes
// - upload.multi.max_files
// - upload.max_hours
// - ratelimit.login.per_minute
// - ratelimit.api.per_minute
type ConfigEntry struct {
Key string `gorm:"primaryKey;size:128"`
Value string `gorm:"size:2048"`
UpdatedAt time.Time
}

55
internal/config/repository.go
View File

@@ -1,55 +0,0 @@
package config
import (
"errors"
"gorm.io/gorm"
)
type Repository struct {
db *gorm.DB
}
func NewRepository(db *gorm.DB) *Repository {
return &Repository{db: db}
}
func (r *Repository) Get(key string) (*ConfigEntry, error) {
var e ConfigEntry
if err := r.db.First(&e, "key = ?", key).Error; err != nil {
return nil, err
}
return &e, nil
}
func (r *Repository) Upsert(key, value string) error {
// Try update first, then insert if nothing updated.
res := r.db.Model(&ConfigEntry{}).Where("key = ?", key).Update("value", value)
if res.Error != nil {
return res.Error
}
if res.RowsAffected > 0 {
return nil
}
return r.db.Create(&ConfigEntry{Key: key, Value: value}).Error
}
func (r *Repository) List() ([]ConfigEntry, error) {
var entries []ConfigEntry
if err := r.db.Order("key asc").Find(&entries).Error; err != nil {
return nil, err
}
return entries, nil
}
func (r *Repository) CreateIfMissing(key, value string) error {
var e ConfigEntry
err := r.db.First(&e, "key = ?", key).Error
if err == nil {
return nil
}
if errors.Is(err, gorm.ErrRecordNotFound) {
return r.db.Create(&ConfigEntry{Key: key, Value: value}).Error
}
return err
}

134
internal/config/service.go
View File

@@ -1,134 +0,0 @@
package config
import (
"errors"
"strconv"
"sync"
"time"
"gorm.io/gorm"
)
type Service struct {
repo *Repository
// Small in-memory cache to avoid hitting the DB on every request.
// Updated on SetString; lazy-filled on first Get.
mu sync.RWMutex
cache map[string]string
}
func NewService(r *Repository) *Service {
return &Service{repo: r, cache: make(map[string]string)}
}
func (s *Service) EnsureDefaults() error {
for k, v := range DefaultKeyValues() {
if err := s.repo.CreateIfMissing(k, v); err != nil {
return err
}
}
return nil
}
func (s *Service) List() ([]ConfigEntry, error) {
entries, err := s.repo.List()
if err != nil {
return nil, err
}
// refresh cache snapshot
s.mu.Lock()
for _, e := range entries {
s.cache[e.Key] = e.Value
}
s.mu.Unlock()
return entries, nil
}
func (s *Service) SetString(key, value string) error {
if err := s.repo.Upsert(key, value); err != nil {
return err
}
s.mu.Lock()
s.cache[key] = value
s.mu.Unlock()
return nil
}
func (s *Service) GetStringDefault(key, def string) string {
s.mu.RLock()
v, ok := s.cache[key]
s.mu.RUnlock()
if ok {
if v == "" {
return def
}
return v
}
e, err := s.repo.Get(key)
if err != nil {
return def
}
s.mu.Lock()
s.cache[key] = e.Value
s.mu.Unlock()
if e.Value == "" {
return def
}
return e.Value
}
func (s *Service) GetIntDefault(key string, def int) int {
v := s.GetStringDefault(key, "")
if v == "" {
return def
}
n, err := strconv.Atoi(v)
if err != nil {
return def
}
return n
}
func (s *Service) GetInt64Default(key string, def int64) int64 {
v := s.GetStringDefault(key, "")
if v == "" {
return def
}
n, err := strconv.ParseInt(v, 10, 64)
if err != nil {
return def
}
return n
}
func (s *Service) GetBoolDefault(key string, def bool) bool {
v := s.GetStringDefault(key, "")
if v == "" {
return def
}
b, err := strconv.ParseBool(v)
if err != nil {
return def
}
return b
}
func (s *Service) GetDurationSecondsDefault(key string, def time.Duration) time.Duration {
v := s.GetStringDefault(key, "")
if v == "" {
return def
}
n, err := strconv.Atoi(v)
if err != nil {
return def
}
return time.Duration(n) * time.Second
}
func IsNotFound(err error) bool {
return errors.Is(err, gorm.ErrRecordNotFound)
}

224
internal/file/handlers.go
View File

@@ -1,14 +1,9 @@
package file package file
import ( import (
"ResendIt/internal/config"
"ResendIt/internal/notify"
"ResendIt/internal/util" "ResendIt/internal/util"
"fmt" "fmt"
"io"
"log"
"net/http" "net/http"
"os"
"path/filepath" "path/filepath"
"strconv" "strconv"
"time" "time"
@@ -18,19 +13,10 @@ import (
type Handler struct { type Handler struct {
service *Service service *Service
configService ConfigService
} }
// ConfigService is the small interface we need from the config package. func NewHandler(s *Service) *Handler {
// Keeping it as an interface avoids import cycles and keeps file.Handler easy to test. return &Handler{service: s}
type ConfigService interface {
GetIntDefault(key string, def int) int
GetInt64Default(key string, def int64) int64
GetStringDefault(key string, def string) string
}
func NewHandler(s *Service, cfg ConfigService) *Handler {
return &Handler{service: s, configService: cfg}
} }
func (h *Handler) Upload(c *gin.Context) { func (h *Handler) Upload(c *gin.Context) {
@@ -46,12 +32,6 @@ func (h *Handler) Upload(c *gin.Context) {
return return
} }
maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
if file.Size > maxSize {
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
return
}
f, err := file.Open() f, err := file.Open()
if err != nil { if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "cannot open file"}) c.JSON(http.StatusInternalServerError, gin.H{"error": "cannot open file"})
@@ -66,10 +46,6 @@ func (h *Handler) Upload(c *gin.Context) {
if err != nil || hours <= 0 { if err != nil || hours <= 0 {
hours = 24 // default hours = 24 // default
} }
maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
if hours > maxHours {
hours = maxHours
}
duration := time.Duration(hours) * time.Hour duration := time.Duration(hours) * time.Hour
@@ -84,21 +60,6 @@ func (h *Handler) Upload(c *gin.Context) {
return return
} }
enabled := h.configService.GetIntDefault(config.KeyUseNtfy, config.DefaultUseNtfy)
if enabled == 1 {
ntfyURL := h.configService.GetStringDefault(config.KeyNtfyUrl, "")
topic := h.configService.GetStringDefault(config.KeyNtfyTopic, config.DefaultNtfyTopic)
go func() {
title := "ReSendit: new upload"
msg := fmt.Sprintf("%s (%s)\nID: %s", record.Filename, util.HumanSize(record.Size), record.ID)
clickUrl := fmt.Sprintf("f/%s", record.ViewID)
if err := notify.Publish(ntfyURL, topic, title, msg, clickUrl); err != nil {
log.Printf("ntfy publish failed: %v", err)
}
}()
}
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"id": record.ID, "id": record.ID,
"deletion_id": record.DeletionID, "deletion_id": record.DeletionID,
@@ -114,7 +75,7 @@ func (h *Handler) View(c *gin.Context) {
record, err := h.service.DownloadFile(id) record, err := h.service.DownloadFile(id)
if err != nil { if err != nil {
c.HTML(http.StatusOK, "error.html", nil) c.HTML(http.StatusOK, "fileNotFound.html", nil)
return return
} }
name := util.SafeFilename(record.Filename) name := util.SafeFilename(record.Filename)
@@ -138,7 +99,7 @@ func (h *Handler) Download(c *gin.Context) {
record, err := h.service.DownloadFile(id) record, err := h.service.DownloadFile(id)
if err != nil { if err != nil {
c.HTML(http.StatusOK, "error.html", nil) c.HTML(http.StatusOK, "fileNotFound.html", nil)
return return
} }
name := util.SafeFilename(record.Filename) name := util.SafeFilename(record.Filename)
@@ -154,7 +115,7 @@ func (h *Handler) Delete(c *gin.Context) {
_, err := h.service.DeleteFileByDeletionID(id) _, err := h.service.DeleteFileByDeletionID(id)
if err != nil { if err != nil {
c.HTML(http.StatusOK, "error.html", nil) c.HTML(http.StatusOK, "fileNotFound.html", nil)
return return
} }
@@ -213,23 +174,6 @@ func (h *Handler) AdminForceDelete(c *gin.Context) {
c.Redirect(301, "/admin") c.Redirect(301, "/admin")
} }
func (h *Handler) AdminReinstate(c *gin.Context) {
id := c.Param("id")
_, err := h.service.GetFileByID(id)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "file not found"})
return
}
if _, err := h.service.ReinstateFile(id); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.Redirect(301, "/admin")
}
func (h *Handler) Import(c *gin.Context) { func (h *Handler) Import(c *gin.Context) {
var records []ImportFileRecord var records []ImportFileRecord
@@ -257,161 +201,3 @@ func (h *Handler) Export(c *gin.Context) {
c.JSON(http.StatusOK, records) c.JSON(http.StatusOK, records)
} }
// Chunked stuff
func (h *Handler) UploadInit(c *gin.Context) {
var req struct {
Filename string `json:"filename"`
TotalChunks int `json:"totalChunks"`
Size int64 `json:"size"`
}
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(400, gin.H{"error": "invalid request"})
return
}
fileID := util.RandomString(32)
// create temp folder
path := filepath.Join("tmp", fileID)
if err := os.MkdirAll(path, os.ModePerm); err != nil {
c.JSON(500, gin.H{"error": "failed to create temp dir"})
return
}
c.JSON(200, gin.H{
"fileId": fileID,
})
}
func (h *Handler) UploadChunk(c *gin.Context) {
fileID := c.GetHeader("fileId")
chunkIndex := c.GetHeader("chunkIndex")
if fileID == "" || chunkIndex == "" {
c.JSON(400, gin.H{"error": "missing headers"})
return
}
idx, err := strconv.Atoi(chunkIndex)
if err != nil {
c.JSON(400, gin.H{"error": "invalid chunkIndex"})
return
}
file, err := c.FormFile("chunk")
if err != nil {
c.JSON(400, gin.H{"error": "missing chunk"})
return
}
src, err := file.Open()
if err != nil {
c.JSON(500, gin.H{"error": "cannot open chunk"})
return
}
defer src.Close()
chunkPath := filepath.Join("tmp", fileID, fmt.Sprintf("chunk_%d", idx))
dst, err := os.Create(chunkPath)
if err != nil {
c.JSON(500, gin.H{"error": "cannot save chunk"})
return
}
defer dst.Close()
if _, err := io.Copy(dst, src); err != nil {
c.JSON(500, gin.H{"error": "write failed"})
return
}
c.JSON(200, gin.H{"status": "ok"})
}
func (h *Handler) UploadComplete(c *gin.Context) {
var req struct {
FileID string `json:"fileId"`
Filename string `json:"filename"`
TotalChunks int `json:"totalChunks"`
}
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(400, gin.H{"error": "invalid request"})
return
}
tmpDir := filepath.Join("tmp", req.FileID)
// create pipe to stream into your existing service
pr, pw := io.Pipe()
go func() {
defer pw.Close()
for i := 0; i < req.TotalChunks; i++ {
chunkPath := filepath.Join(tmpDir, fmt.Sprintf("chunk_%d", i))
f, err := os.Open(chunkPath)
if err != nil {
pw.CloseWithError(err)
return
}
if _, err := io.Copy(pw, f); err != nil {
f.Close()
pw.CloseWithError(err)
return
}
f.Close()
}
}()
// reuse your existing upload logic 👇
record, err := h.service.UploadFile(
req.Filename,
pr,
false,
24*time.Hour,
)
if err != nil {
c.JSON(500, gin.H{"error": err.Error()})
return
}
// cleanup temp
_ = os.RemoveAll(tmpDir)
c.JSON(200, gin.H{
"id": record.ID,
"view_key": record.ViewID,
})
}
func (h *Handler) UploadStatus(c *gin.Context) {
fileID := c.Param("fileId")
dir := filepath.Join("tmp", fileID)
files, err := os.ReadDir(dir)
if err != nil {
c.JSON(404, gin.H{"error": "not found"})
return
}
var uploaded []int
for _, f := range files {
var idx int
_, err := fmt.Sscanf(f.Name(), "chunk_%d", &idx)
if err == nil {
uploaded = append(uploaded, idx)
}
}
c.JSON(200, gin.H{
"uploadedChunks": uploaded,
})
}

6
internal/file/repository.go
View File

@@ -95,12 +95,6 @@ func (r *Repository) MarkDeleted(f *FileRecord) error {
return r.db.Save(f).Error return r.db.Save(f).Error
} }
// MarkNotDeleted Restore a deleted record by setting Deleted to false
func (r *Repository) MarkNotDeleted(f *FileRecord) error {
f.Deleted = false
return r.db.Save(f).Error
}
// Delete Permanently delete the record from the database // Delete Permanently delete the record from the database
func (r *Repository) Delete(f *FileRecord) error { func (r *Repository) Delete(f *FileRecord) error {
return r.db.Delete(f).Error return r.db.Delete(f).Error

7
internal/file/routes.go
View File

@@ -16,12 +16,6 @@ func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
files.GET("/view/:id", h.View) files.GET("/view/:id", h.View)
files.GET("/delete/:del_id", h.Delete) files.GET("/delete/:del_id", h.Delete)
// Chunked upload endpoints
files.POST("/upload/init", h.UploadInit)
files.POST("/upload/chunk", h.UploadChunk)
files.POST("/upload/complete", h.UploadComplete)
files.GET("/upload/status/:fileId", h.UploadStatus)
adminRoutes := files.Group("/admin") adminRoutes := files.Group("/admin")
adminRoutes.Use(middleware.AuthMiddleware()) adminRoutes.Use(middleware.AuthMiddleware())
adminRoutes.Use(middleware.RequireRole("admin")) adminRoutes.Use(middleware.RequireRole("admin"))
@@ -33,7 +27,6 @@ func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
adminRoutes.GET("/delete/:id", h.AdminDelete) adminRoutes.GET("/delete/:id", h.AdminDelete)
adminRoutes.GET("/delete/fr/:id", h.AdminForceDelete) adminRoutes.GET("/delete/fr/:id", h.AdminForceDelete)
adminRoutes.GET("/reinstate/:id", h.AdminReinstate)
adminRoutes.POST("/import", h.Import) adminRoutes.POST("/import", h.Import)
adminRoutes.GET("/export", h.Export) adminRoutes.GET("/export", h.Export)

23
internal/file/service.go
View File

@@ -134,29 +134,6 @@ func (s *Service) ForceDelete(id string) (*FileRecord, error) {
return f, nil return f, nil
} }
func (s *Service) ReinstateFile(id string) (*FileRecord, error) {
f, err := s.repo.GetByID(id)
if err != nil {
return nil, err
}
if !f.Deleted {
return nil, ErrFileNotFound // or just return f, nil maybe?
}
// Check if file actually exists on disk
path := s.storageDir + "/" + f.ID
if _, err := os.Stat(path); os.IsNotExist(err) {
return nil, ErrFileNotFound
}
if err := s.repo.MarkNotDeleted(f); err != nil {
return nil, err
}
return f, nil
}
func (s *Service) GetPaginatedFiles(limit, offset int) ([]FileRecord, int, error) { func (s *Service) GetPaginatedFiles(limit, offset int) ([]FileRecord, int, error) {
return s.repo.GetPaginated(limit, offset) return s.repo.GetPaginated(limit, offset)
} }

25
internal/file/upload_multi.go
View File

@@ -1,7 +1,6 @@
package file package file
import ( import (
"ResendIt/internal/config"
"net/http" "net/http"
"strconv" "strconv"
"time" "time"
@@ -27,27 +26,11 @@ func (h *Handler) UploadMulti(c *gin.Context) {
c.JSON(http.StatusBadRequest, gin.H{"error": "missing files"}) c.JSON(http.StatusBadRequest, gin.H{"error": "missing files"})
return return
} }
maxFiles := h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles) if len(files) > 50 {
if len(files) > maxFiles { c.JSON(http.StatusBadRequest, gin.H{"error": "too many files (max 50)"})
c.JSON(http.StatusBadRequest, gin.H{"error": "too many files"})
return return
} }
maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
var total int64
for _, fh := range files {
if fh.Size > maxSize {
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
return
}
total += fh.Size
if total > maxSize {
// crude guard against huge bundles; you can add a separate config later.
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "bundle too large"})
return
}
}
once := c.PostForm("once") == "true" once := c.PostForm("once") == "true"
durationStr := c.PostForm("duration") durationStr := c.PostForm("duration")
@@ -55,10 +38,6 @@ func (h *Handler) UploadMulti(c *gin.Context) {
if err != nil || hours <= 0 { if err != nil || hours <= 0 {
hours = 24 hours = 24
} }
maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
if hours > maxHours {
hours = maxHours
}
duration := time.Duration(hours) * time.Hour duration := time.Duration(hours) * time.Hour
record, err := h.service.UploadBundle(files, once, duration) record, err := h.service.UploadBundle(files, once, duration)

39
internal/notify/ntfy.go
View File

@@ -1,39 +0,0 @@
package notify
import (
"fmt"
"net/http"
"os"
"strings"
"time"
)
func Publish(ntfyURL, topic, title, message string, clickUrl string) error {
ntfyURL = strings.TrimRight(ntfyURL, "/")
if ntfyURL == "" || topic == "" {
return nil // nothing configured
}
req, err := http.NewRequest("POST", ntfyURL+"/"+topic, strings.NewReader(message))
if err != nil {
return err
}
if title != "" {
req.Header.Set("Title", title)
}
req.Header.Set("Content-Type", "text/plain; charset=utf-8")
domain := os.Getenv("DOMAIN")
req.Header.Set("Click", fmt.Sprintf("%s%s", domain, clickUrl))
client := &http.Client{Timeout: 3 * time.Second}
res, err := client.Do(req)
if err != nil {
return err
}
defer res.Body.Close()
if res.StatusCode >= 300 {
return fmt.Errorf("ntfy returned %s", res.Status)
}
return nil
}

22
internal/security/password_test.go Normal file
View File

@@ -0,0 +1,22 @@
package security
import "testing"
func TestHashAndCheckPassword(t *testing.T) {
pw := "correct horse battery staple"
hash, err := HashPassword(pw)
if err != nil {
t.Fatalf("HashPassword returned error: %v", err)
}
if hash == "" {
t.Fatalf("expected non-empty hash")
}
if !CheckPassword(pw, hash) {
t.Fatalf("expected CheckPassword to succeed for correct password")
}
if CheckPassword("wrong", hash) {
t.Fatalf("expected CheckPassword to fail for wrong password")
}
}

10
internal/util/util.go
View File

@@ -2,7 +2,6 @@ package util
import ( import (
"fmt" "fmt"
"math/rand"
"strings" "strings"
) )
@@ -42,12 +41,3 @@ func SafeFilename(name string) string {
} }
return string(out) return string(out)
} }
func RandomString(n int) string {
const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
b := make([]byte, n)
for i := range b {
b[i] = letters[rand.Intn(len(letters))]
}
return string(b)
}

40
internal/util/util_test.go Normal file
View File

@@ -0,0 +1,40 @@
package util
import "testing"
func TestHumanSize(t *testing.T) {
tests := []struct {
in int64
want string
}{
{0, "0 B"},
{1, "1 B"},
{1023, "1023 B"},
{1024, "1.0 KB"},
{1024 * 1024, "1.0 MB"},
}
for _, tt := range tests {
if got := HumanSize(tt.in); got != tt.want {
t.Fatalf("HumanSize(%d) = %q, want %q", tt.in, got, tt.want)
}
}
}
func TestSafeFilename(t *testing.T) {
if got := SafeFilename(" hello.txt "); got != "hello.txt" {
t.Fatalf("expected trimmed filename, got %q", got)
}
// Strips control characters, quotes, and backslashes.
in := "a\n\rb\t\"c\\d"
got := SafeFilename(in)
if got != "abcd" {
t.Fatalf("SafeFilename(%q) = %q, want %q", in, got, "abcd")
}
// Empty after sanitization becomes default.
if got := SafeFilename("\n\r\t"); got != "file" {
t.Fatalf("expected default filename, got %q", got)
}
}

186
internal/web/config.go
View File

@@ -1,186 +0,0 @@
package web
import (
"ResendIt/internal/config"
"net/http"
"strconv"
"github.com/gin-gonic/gin"
)
type ConfigPageData struct {
Success bool
Error string
MODT string
UploadMaxFileSizeMB int64
UploadMultiMaxFiles int
UploadMaxHours int
RateLimitLoginPerMinute int
RateLimitLoginBurst int
RateLimitApiPerMinute int
RateLimitApiBurst int
NtfyUse bool
NtfyUrl string
NtfyTopic string
}
// ConfigPage renders a modular admin config screen.
func (h *Handler) ConfigPage(c *gin.Context) {
cfg := h.configService
maxBytes := cfg.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
data := ConfigPageData{
Success: c.Query("saved") == "1",
MODT: cfg.GetStringDefault(config.KeyModtext, config.DefaultModt),
UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
UploadMultiMaxFiles: cfg.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
UploadMaxHours: cfg.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
RateLimitLoginPerMinute: cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
RateLimitLoginBurst: cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
RateLimitApiPerMinute: cfg.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
RateLimitApiBurst: cfg.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
NtfyUse: cfg.GetIntDefault(config.KeyUseNtfy, 0) != 0,
NtfyUrl: cfg.GetStringDefault(config.KeyNtfyUrl, config.DefaultNtfyUrl),
NtfyTopic: cfg.GetStringDefault(config.KeyNtfyTopic, config.DefaultNtfyTopic),
}
c.HTML(http.StatusOK, "config.html", data)
}
func (h *Handler) ConfigSave(c *gin.Context) {
cfg := h.configService
// Parse + validate.
parseInt := func(name string, min, max int) (int, error) {
v := c.PostForm(name)
n, err := strconv.Atoi(v)
if err != nil {
return 0, err
}
if n < min {
n = min
}
if max > 0 && n > max {
n = max
}
return n, nil
}
parseInt64 := func(name string, min int64, max int64) (int64, error) {
v := c.PostForm(name)
n, err := strconv.ParseInt(v, 10, 64)
if err != nil {
return 0, err
}
if n < min {
n = min
}
if max > 0 && n > max {
n = max
}
return n, nil
}
newMODT, err := strconv.Unquote(`"` + c.PostForm("site_modt") + `"`)
if err != nil {
h.renderConfigError(c, "invalid modtext")
return
}
maxMB, err := parseInt64("upload_max_file_size_mb", 1, 1024*1024)
if err != nil {
h.renderConfigError(c, "invalid max file size")
return
}
maxFiles, err := parseInt("upload_multi_max_files", 1, 500)
if err != nil {
h.renderConfigError(c, "invalid max files")
return
}
maxHours, err := parseInt("upload_max_hours", 1, 24*365)
if err != nil {
h.renderConfigError(c, "invalid max hours")
return
}
// Rate limits: stored, but not applied dynamically yet.
loginPerMin, err := parseInt("ratelimit_login_per_minute", 1, 10000)
if err != nil {
h.renderConfigError(c, "invalid login rate")
return
}
loginBurst, err := parseInt("ratelimit_login_burst", 1, 10000)
if err != nil {
h.renderConfigError(c, "invalid login burst")
return
}
apiPerMin, err := parseInt("ratelimit_api_per_minute", 1, 100000)
if err != nil {
h.renderConfigError(c, "invalid api rate")
return
}
apiBurst, err := parseInt("ratelimit_api_burst", 1, 100000)
if err != nil {
h.renderConfigError(c, "invalid api burst")
return
}
useNTFY, err := strconv.ParseBool(c.PostForm("ntfy_use"))
if err != nil {
h.renderConfigError(c, "invalid ntfy use value")
return
}
ntfyUrl := c.PostForm("ntfy_url")
ntfyTopic := c.PostForm("ntfy_topic")
// Persist.
if err := cfg.SetString(config.KeyUploadMaxFileSizeBytes, strconv.FormatInt(maxMB*1024*1024, 10)); err != nil {
h.renderConfigError(c, err.Error())
return
}
if err := cfg.SetString(config.KeyUploadMultiMaxFiles, strconv.Itoa(maxFiles)); err != nil {
h.renderConfigError(c, err.Error())
return
}
if err := cfg.SetString(config.KeyUploadMaxHours, strconv.Itoa(maxHours)); err != nil {
h.renderConfigError(c, err.Error())
return
}
_ = cfg.SetString(config.KeyModtext, newMODT)
_ = cfg.SetString(config.KeyRateLimitLoginPerMinute, strconv.Itoa(loginPerMin))
_ = cfg.SetString(config.KeyRateLimitLoginBurst, strconv.Itoa(loginBurst))
_ = cfg.SetString(config.KeyRateLimitApiPerMinute, strconv.Itoa(apiPerMin))
_ = cfg.SetString(config.KeyRateLimitApiBurst, strconv.Itoa(apiBurst))
// shitty ah fix
actualBool := 0
if useNTFY {
actualBool = 1
}
_ = cfg.SetString(config.KeyUseNtfy, strconv.Itoa(actualBool))
_ = cfg.SetString(config.KeyNtfyUrl, ntfyUrl)
_ = cfg.SetString(config.KeyNtfyTopic, ntfyTopic)
c.Redirect(http.StatusFound, "/config?saved=1")
}
func (h *Handler) renderConfigError(c *gin.Context, msg string) {
maxBytes := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
data := ConfigPageData{
Error: msg,
UploadMaxFileSizeMB: maxBytes / (1024 * 1024),
UploadMultiMaxFiles: h.configService.GetIntDefault(config.KeyUploadMultiMaxFiles, config.DefaultUploadMultiMaxFiles),
UploadMaxHours: h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours),
RateLimitLoginPerMinute: h.configService.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute),
RateLimitLoginBurst: h.configService.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst),
RateLimitApiPerMinute: h.configService.GetIntDefault(config.KeyRateLimitApiPerMinute, config.DefaultRateLimitApiPerMinute),
RateLimitApiBurst: h.configService.GetIntDefault(config.KeyRateLimitApiBurst, config.DefaultRateLimitApiBurst),
}
c.HTML(http.StatusBadRequest, "config.html", data)
}

24
internal/web/handler.go
View File

@@ -1,8 +1,6 @@
package web package web
import ( import (
"ResendIt/internal/buildinfo"
"ResendIt/internal/config"
"ResendIt/internal/file" "ResendIt/internal/file"
"os" "os"
"strconv" "strconv"
@@ -12,24 +10,11 @@ import (
type Handler struct { type Handler struct {
fileService *file.Service fileService *file.Service
configService ConfigService
} }
type ConfigService interface { func NewHandler(fileService *file.Service) *Handler {
GetIntDefault(key string, def int) int
GetInt64Default(key string, def int64) int64
GetStringDefault(key string, def string) string
//SetInt(key string, value int) error
//SetInt64(key string, value int64) error
//SetBool(key string, value bool) error
SetString(key string, value string) error
}
func NewHandler(fileService *file.Service, cfg ConfigService) *Handler {
return &Handler{ return &Handler{
fileService: fileService, fileService: fileService,
configService: cfg,
} }
} }
@@ -37,7 +22,6 @@ func NewHandler(fileService *file.Service, cfg ConfigService) *Handler {
func (h *Handler) Index(c *gin.Context) { func (h *Handler) Index(c *gin.Context) {
c.HTML(200, "index.html", gin.H{ c.HTML(200, "index.html", gin.H{
"title": "Home", "title": "Home",
"MODT": h.configService.GetStringDefault(config.KeyModtext, config.DefaultModt),
}) })
} }
@@ -55,9 +39,7 @@ func (h *Handler) FileView(c *gin.Context) {
fileRecord, err := h.fileService.GetFileByViewID(id) fileRecord, err := h.fileService.GetFileByViewID(id)
if err != nil { if err != nil {
c.HTML(404, "error.html", gin.H{ c.HTML(404, "fileNotFound.html", nil)
"MODT": h.configService.GetStringDefault(config.KeyModtext, config.DefaultModt),
})
return return
} }
@@ -65,7 +47,6 @@ func (h *Handler) FileView(c *gin.Context) {
deleteKey := fileRecord.DeletionID deleteKey := fileRecord.DeletionID
c.HTML(200, "complete.html", gin.H{ c.HTML(200, "complete.html", gin.H{
"MODT": h.configService.GetStringDefault(config.KeyModtext, config.DefaultModt),
"Filename": fileRecord.Filename, "Filename": fileRecord.Filename,
"DownloadID": downloadKey, "DownloadID": downloadKey,
"DeleteID": deleteKey, "DeleteID": deleteKey,
@@ -121,7 +102,6 @@ func (h *Handler) AdminPage(c *gin.Context) {
"Files": adminFiles, "Files": adminFiles,
"Page": page, "Page": page,
"TotalPages": totalPages, "TotalPages": totalPages,
"BuildCommit": buildinfo.Commit,
}) })
} }

2
internal/web/routes.go
View File

@@ -20,8 +20,6 @@ func RegisterRoutes(r *gin.Engine, h *Handler, userService *user.Service) {
adminRoutes.Use(user.ForcePasswordChangeMiddleware(userService)) adminRoutes.Use(user.ForcePasswordChangeMiddleware(userService))
adminRoutes.GET("/admin", h.AdminPage) adminRoutes.GET("/admin", h.AdminPage)
adminRoutes.GET("/config", h.ConfigPage)
adminRoutes.POST("/config", h.ConfigSave)
adminRoutes.GET("/logout", h.Logout) adminRoutes.GET("/logout", h.Logout)
adminRoutes.GET("/change-password", h.ChangePasswordPage) adminRoutes.GET("/change-password", h.ChangePasswordPage)
} }

331
static/js/upload.js
View File

@@ -1,331 +0,0 @@
const zone = document.getElementById('drop-zone');
const input = document.getElementById('fileInput');
const uploadBtn = document.getElementById('uploadBtn');
const cancelBtn = document.getElementById('cancelBtn');
const progressText = document.getElementById("progress-text");
const speedText = document.getElementById("speed-text");
const etaText = document.getElementById("eta-text");
const progressBar = document.getElementById("progress-bar");
const progressContainer = document.getElementById("progress-container");
let currentXhr = null;
const CHUNK_THRESHOLD = 1024 * 1024 * 1024;
const CHUNK_SIZE = 10 * 1024 * 1024;
const MAX_PARALLEL_UPLOADS = 4;
const MAX_RETRIES = 3;
function formatBytes(bytes) {
if (bytes === 0) return '0 Bytes';
const k = 1024;
const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB'];
const i = Math.floor(Math.log(bytes) / Math.log(k));
return (bytes / Math.pow(k, i)).toFixed(2) + ' ' + sizes[i];
}
function formatTime(seconds) {
if (!isFinite(seconds) || seconds < 0) return "--:--";
const h = Math.floor(seconds / 3600);
const m = Math.floor((seconds % 3600) / 60);
const s = Math.floor(seconds % 60);
return [
h > 0 ? h : null,
(h > 0 ? m.toString().padStart(2, '0') : m),
s.toString().padStart(2, '0')
].filter(Boolean).join(':');
}
function startUI() {
uploadBtn.disabled = true;
uploadBtn.innerText = "UPLOADING...";
cancelBtn.classList.remove('hidden');
progressContainer.classList.remove("hidden");
progressText.classList.remove("hidden");
document.getElementById("stats-text").classList.remove("hidden");
}
function updateProgress(loaded, total, startTime) {
const percent = Math.round((loaded / total) * 100);
progressBar.style.width = percent + "%";
progressText.innerText = percent + "%";
const elapsed = (Date.now() - startTime) / 1000;
if (elapsed <= 0) return;
const speed = loaded / elapsed;
const remaining = total - loaded;
speedText.innerText = formatBytes(speed) + "/S";
etaText.innerText = formatTime(remaining / speed);
}
function redirect(data) {
const key = data.view_key;
if (!key) {
alert("Invalid server response");
return;
}
window.location.href = "/f/" + key;
}
zone.onclick = () => input.click();
zone.ondragover = e => {
e.preventDefault();
zone.classList.add('active');
};
zone.ondragleave = () => zone.classList.remove('active');
zone.ondrop = e => {
e.preventDefault();
zone.classList.remove('active');
if (e.dataTransfer.files.length) {
input.files = e.dataTransfer.files;
input.dispatchEvent(new Event('change'));
}
};
input.onchange = () => {
const files = Array.from(input.files || []);
if (!files.length) {
uploadBtn.disabled = true;
return;
}
const total = files.reduce((a, f) => a + f.size, 0);
document.getElementById('dz-text').innerText =
files.length === 1
? `${files[0].name} [${formatBytes(files[0].size)}]`
: `${files.length} FILES [${formatBytes(total)}]`;
uploadBtn.disabled = false;
};
uploadBtn.onclick = () => {
const files = input.files;
if (!files.length) return;
if (files.length === 1 && files[0].size > CHUNK_THRESHOLD) {
uploadChunked(files[0]);
} else if (files.length === 1) {
uploadSingle(files[0]);
} else {
uploadMulti(files);
}
};
cancelBtn.onclick = e => {
e.stopPropagation();
if (currentXhr) currentXhr.abort();
localStorage.clear();
location.reload();
};
function commonFormData() {
const fd = new FormData();
fd.append("once", document.getElementById("once").checked ? "true" : "false");
fd.append("duration", parseInt(document.getElementById("duration").value, 10));
return fd;
}
function uploadSingle(file) {
startUI();
const fd = commonFormData();
fd.append("file", file);
const xhr = new XMLHttpRequest();
currentXhr = xhr;
const startTime = Date.now();
xhr.upload.onprogress = e => {
if (e.lengthComputable) updateProgress(e.loaded, file.size, startTime);
};
xhr.onload = () => {
try {
if (xhr.status < 200 || xhr.status >= 300) throw new Error();
redirect(JSON.parse(xhr.responseText));
} catch {
alert("Server error");
}
};
xhr.onerror = () => {
if (xhr.statusText !== "abort") {
alert("Upload failed");
location.reload();
}
};
xhr.open("POST", "/api/files/upload");
xhr.send(fd);
}
function uploadMulti(files) {
startUI();
const fd = commonFormData();
const list = Array.from(files);
list.forEach(f => fd.append("files", f));
const total = list.reduce((a, f) => a + f.size, 0);
const xhr = new XMLHttpRequest();
currentXhr = xhr;
const startTime = Date.now();
xhr.upload.onprogress = e => {
if (e.lengthComputable) updateProgress(e.loaded, total, startTime);
};
xhr.onload = () => {
try {
if (xhr.status < 200 || xhr.status >= 300) throw new Error();
redirect(JSON.parse(xhr.responseText));
} catch {
alert("Server error");
}
};
xhr.onerror = () => {
if (xhr.statusText !== "abort") {
alert("Upload failed");
location.reload();
}
};
xhr.open("POST", "/api/files/upload-multi");
xhr.send(fd);
}
async function uploadChunked(file) {
startUI();
const totalChunks = Math.ceil(file.size / CHUNK_SIZE);
const initRes = await fetch("/api/files/upload/init", {
method: "POST",
headers: {"Content-Type": "application/json"},
body: JSON.stringify({
filename: file.name,
totalChunks,
size: file.size
})
});
const { fileId } = await initRes.json();
let uploadedBytes = 0;
const startTime = Date.now();
const chunks = Array.from({ length: totalChunks }, (_, i) => ({
index: i,
start: i * CHUNK_SIZE,
end: Math.min((i + 1) * CHUNK_SIZE, file.size),
retries: 0,
uploading: false,
done: false
}));
let active = 0;
let completed = 0;
function uploadChunk(chunk) {
return new Promise((res, rej) => {
const blob = file.slice(chunk.start, chunk.end);
const fd = new FormData();
fd.append("chunk", blob);
const xhr = new XMLHttpRequest();
currentXhr = xhr;
let last = 0;
xhr.upload.onprogress = e => {
if (!e.lengthComputable) return;
const delta = e.loaded - last;
last = e.loaded;
uploadedBytes += delta;
updateProgress(uploadedBytes, file.size, startTime);
};
xhr.onload = () => {
if (xhr.status >= 200 && xhr.status < 300) {
chunk.done = true;
completed++;
res();
} else {
rej();
}
};
xhr.onerror = rej;
xhr.open("POST", "/api/files/upload/chunk");
xhr.setRequestHeader("fileId", fileId);
xhr.setRequestHeader("chunkIndex", chunk.index);
xhr.send(fd);
});
}
return new Promise((resolve, reject) => {
function next() {
if (completed === totalChunks) return finish();
while (active < MAX_PARALLEL_UPLOADS) {
const chunk = chunks.find(c => !c.done && !c.uploading);
if (!chunk) break;
chunk.uploading = true;
active++;
uploadChunk(chunk)
.then(() => {
active--;
next();
})
.catch(() => {
active--;
if (chunk.retries++ < MAX_RETRIES) {
chunk.uploading = false;
} else {
reject();
}
next();
});
}
}
async function finish() {
try {
const res = await fetch("/api/files/upload/complete", {
method: "POST",
headers: {"Content-Type": "application/json"},
body: JSON.stringify({
fileId,
filename: file.name,
totalChunks
})
});
redirect(await res.json());
resolve();
} catch {
reject();
}
}
next();
});
}
function copy(id) {
const el = document.getElementById(id);
el.select();
document.execCommand('copy');
}

20
templates/admin.html
View File

@@ -53,13 +53,6 @@
text-decoration: none; text-decoration: none;
text-transform: uppercase; text-transform: uppercase;
box-shadow: 3px 3px 0px #000; box-shadow: 3px 3px 0px #000;
display: inline-flex;
align-items: center;
justify-content: center;
}
button {
line-height: 1;
} }
button:hover, .button:hover { background: #000; color: #fff; box-shadow: none; transform: translate(2px, 2px); } button:hover, .button:hover { background: #000; color: #fff; box-shadow: none; transform: translate(2px, 2px); }
button:active { background: #ff0000; color: #fff; } button:active { background: #ff0000; color: #fff; }
@@ -120,7 +113,6 @@
</div> </div>
<div class="flex flex-col items-end gap-2"> <div class="flex flex-col items-end gap-2">
<a href="/" class="nav-link">← BACK_TO_UPLOADER</a> <a href="/" class="nav-link">← BACK_TO_UPLOADER</a>
<a href="/config" class="nav-link">CONFIG_MODULE</a>
<a href="/logout" class="nav-link text-red-600">LOGOUT_SESSION</a> <a href="/logout" class="nav-link text-red-600">LOGOUT_SESSION</a>
</div> </div>
</header> </header>
@@ -187,17 +179,12 @@
<td> <td>
<div class="btn-group"> <div class="btn-group">
{{if not .Deleted}} {{if not .Deleted}}
<a href="/f/{{.ViewID}}" target="_blank" class="button" title="Open download page">Link</a>
<form action="/api/files/admin/delete/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'TERMINATE', 'Kill this file? It will be removed from active storage.')"> <form action="/api/files/admin/delete/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'TERMINATE', 'Kill this file? It will be removed from active storage.')">
<button type="submit" class="button" style="background: #ffcccc;">Terminate</button> <button type="submit" style="background: #ffcccc;">Terminate</button>
</form>
{{else}}
<form action="/api/files/admin/reinstate/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'REINSTATE', 'Restore this file to active status?')">
<button type="submit" class="button" style="background: #ccffcc;">Reinstate</button>
</form> </form>
{{end}} {{end}}
<form action="/api/files/admin/delete/fr/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'FULL_WIPE', 'Wiping file and purging record? This is a permanent database scrub.')"> <form action="/api/files/admin/delete/fr/{{.ID}}" method="GET" onsubmit="return openConfirm(event, 'FULL_WIPE', 'Wiping file and purging record? This is a permanent database scrub.')">
<button class="button" type="submit">Full_Wipe</button> <button type="submit">Full_Wipe</button>
</form> </form>
</div> </div>
</td> </td>
@@ -221,9 +208,6 @@
<div class="text-[12px] font-black uppercase"> <div class="text-[12px] font-black uppercase">
Data_Density: {{len .Files}} records | Page: {{.Page}}/{{.TotalPages}} Data_Density: {{len .Files}} records | Page: {{.Page}}/{{.TotalPages}}
</div> </div>
<div class="text-[11px] font-black uppercase text-gray-600">
Build_Commit: {{.BuildCommit}}
</div>
</footer> </footer>
</div> </div>
</div> </div>

147
templates/complete.html
View File

@@ -6,147 +6,105 @@
<title>Send.it - File Ready</title> <title>Send.it - File Ready</title>
<script src="https://cdn.tailwindcss.com"></script> <script src="https://cdn.tailwindcss.com"></script>
<link rel="icon" type="image/x-icon" href="/static/favicon.ico"> <link rel="icon" type="image/x-icon" href="/static/favicon.ico">
<script src="https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js"></script>
<style> <style>
/* No-design brutalist style */
* { * {
border-radius: 0 !important; border-radius: 0 !important;
transition: none !important; transition: none !important;
} }
body { body {
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace; font-family: sans-serif;
background: #fff; background: #fff;
color: #000; color: #000;
} }
.box { .box {
border: 3px solid #000; border: 2px solid #000;
padding: 20px;
background: #fff; background: #fff;
width: 100%; width: 100%;
} }
.input-text { .input-text {
border: 2px solid #000; border: 1px solid #000;
padding: 6px 10px; padding: 4px 8px;
background: #fff; background: #fff;
width: 100%; width: 100%;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
font-size: 12px;
font-weight: 600;
} }
button { button {
border: 2px solid #000; border: 2px solid #000;
background: #fff; background: #eee;
padding: 6px 14px; padding: 4px 12px;
font-weight: 900; font-weight: bold;
font-size: 12px;
cursor: pointer; cursor: pointer;
text-transform: uppercase;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
box-shadow: 3px 3px 0px #000;
white-space: nowrap;
} }
button:hover { button:hover {
background: #000; background: #ccc;
color: #fff;
box-shadow: none;
transform: translate(2px, 2px);
} }
button:active { button:active {
background: #ffff00;
color: #000;
}
.section-label {
font-size: 11px;
font-weight: 900;
text-transform: uppercase;
letter-spacing: 0.05em;
}
.nav-link {
font-weight: 900;
text-decoration: underline;
text-transform: uppercase;
font-size: 11px;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
}
.nav-link:hover {
background: #000; background: #000;
color: #fff; color: #fff;
} }
</style> </style>
</head> </head>
<body class="min-h-screen flex flex-col items-center justify-center p-4"> <body class="min-h-screen flex items-center justify-center p-4">
<div class="w-full max-w-[520px] flex flex-col items-center"> <div class="w-full max-w-[493px] flex flex-col items-center">
<!-- Header --> <img src="/static/logo.png" alt="Send.it logo" style="width:50%;" class="mb-2 border-black">
<header class="w-full mb-0 border-b-8 border-black pb-3 flex justify-between items-end">
<div> <div class="box">
<img src="/static/logo.png" alt="Send.it logo" style="height:36px;" class="mb-1">
<h1 class="text-3xl font-black uppercase tracking-tighter leading-none">Send_It</h1> <header class="mb-6 border-b-2 border-black pb-2 text-center">
</div> <h1 class="text-xl font-bold uppercase">FILE READY</h1>
</header> </header>
<!-- Main Box --> <div class="space-y-4">
<div class="box">
<div class="p-5 space-y-4">
<!-- Status Banner --> <div class="bg-black text-white p-2 text-xs font-bold">
<div class="border-2 border-black p-3" style="background:#00ff00;"> UPLOAD COMPLETE
<span class="font-black text-sm uppercase">✓ File_Uploaded</span>
</div> </div>
<!-- Download Link --> <!-- &lt;!&ndash; File info &ndash;&gt;-->
<!-- <div class="text-[10px] uppercase font-bold">-->
<!-- example_file.png (2.4 MB)-->
<!-- </div>-->
<!-- Download -->
<div> <div>
<div class="section-label mb-1">Download_Link:</div> <label class="text-[10px] font-bold block">DOWNLOAD LINK</label>
<div class="flex"> <div class="flex">
<input id="res-url" readonly class="input-text"> <input id="res-url" readonly class="input-text text-sm">
<button onclick="copy('res-url')" class="border-l-0 pl-1 pr-1">COPY</button> <button onclick="copy('res-url')" class="border-l-0">COPY</button>
</div> </div>
</div> </div>
<!-- Delete Link --> <!-- Delete -->
<div> <div>
<div class="section-label mb-1 text-red-600">Deletion_Link <span class="text-gray-400 normal-case">(private)</span>:</div> <label class="text-[10px] font-bold block">DELETION LINK (PRIVATE)</label>
<div class="flex"> <div class="flex">
<input id="res-del" readonly class="input-text" style="color:#cc0000;"> <input id="res-del" readonly class="input-text text-sm text-red-600">
<button onclick="copy('res-del')" class="border-l-0 pl-1 pr-1">COPY</button> <button onclick="copy('res-del')" class="border-l-0">COPY</button>
</div>
</div>
<div>
<button id="qr-btn" onclick="toggleQR()" class="pl-1 pr-1">Show_QR</button>
<div id="qr-container" class="mt-3 hidden border-2 border-black p-4 flex justify-center">
<div id="qr-code"></div>
</div> </div>
</div> </div>
<!-- Actions --> <!-- Actions -->
<div class="border-t-2 border-black pt-4"> <div class="pt-4 flex justify-between">
<a href="/" class="nav-link">← New_Upload</a> <a href="/" class="text-xs underline">NEW UPLOAD</a>
</div> </div>
</div> </div>
</div> </div>
<!-- Footer --> <p class="mt-1 text-[10px] uppercase font-bold text-gray-400">
<div class="w-full mt-3 flex justify-between items-center"> A service by Brammie15
<span class="text-[10px] font-black text-gray-400">{{ .MODT }}</span> </p>
<div class="flex gap-4">
<a href="/static/TOS.txt" class="nav-link">TOS</a>
<a href="/admin" class="nav-link">SUDO</a>
</div>
</div>
</div> </div>
@@ -154,36 +112,21 @@
function copy(id) { function copy(id) {
const el = document.getElementById(id); const el = document.getElementById(id);
el.select(); el.select();
el.setSelectionRange(0, 99999); el.setSelectionRange(0, 99999); // mobile support
document.execCommand('copy'); document.execCommand('copy');
} }
const downloadKey = "{{.DownloadID}}"; const downloadKey = "{{.DownloadID}}";
const deleteKey = "{{.DeleteID}}"; const deleteKey = "{{.DeleteID}}";
const base = window.location.origin; const base = window.location.origin;
document.getElementById("res-url").value = `${base}/api/files/view/${downloadKey}`; document.getElementById("res-url").value = `${base}/api/files/view/${downloadKey}`;
document.getElementById("res-del").value = `${base}/api/files/delete/${deleteKey}`; document.getElementById("res-del").value = `${base}/api/files/delete/${deleteKey}`;
const downloadURL = `${base}/api/files/view/${downloadKey}`;
// Generate QR code
new QRCode(document.getElementById("qr-code"), {
text: downloadURL,
width: 160,
height: 160
});
function toggleQR() {
const container = document.getElementById("qr-container");
const btn = document.getElementById("qr-btn");
const isHidden = container.classList.contains("hidden");
container.classList.toggle("hidden");
btn.textContent = isHidden ? "Hide_QR" : "Show_QR";
}
</script> </script>
<a href="/admin" class="fixed bottom-1 right-1 text-[10px] underline">SUDO</a>
<a href="/static/TOS.txt" class="fixed bottom-1 left-1 text-[10px] underline">TOS</a>
</body> </body>
</html> </html>

295
templates/config.html
View File

@@ -1,295 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Config Module</title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="icon" type="image/x-icon" href="/static/favicon.ico">
<style>
* { border-radius: 0 !important; }
body {
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
background: #fff;
color: #000;
padding: 20px;
}
.box { border: 3px solid #000; background: #fff; padding: 20px; }
.section-title {
font-size: 18px;
font-weight: 900;
text-transform: uppercase;
border-bottom: 3px solid #000;
margin-bottom: 16px;
padding-bottom: 4px;
}
.row {
display: grid;
grid-template-columns: 300px 1fr;
gap: 10px;
margin-bottom: 12px;
align-items: center;
}
label {
font-weight: 900;
text-transform: uppercase;
font-size: 12px;
}
input {
border: 2px solid #000;
padding: 6px 8px;
font-size: 13px;
width: 100%;
}
.hint {
font-size: 11px;
font-style: italic;
margin-top: 4px;
border-left: 4px solid #000;
padding-left: 6px;
}
button, .button {
border: 2px solid #000;
background: #fff;
padding: 6px 12px;
cursor: pointer;
font-size: 11px;
font-weight: 900;
text-transform: uppercase;
box-shadow: 3px 3px 0px #000;
}
button:hover, .button:hover {
background: #000;
color: #fff;
box-shadow: none;
transform: translate(2px, 2px);
}
button:active {
background: #ff0000;
color: #fff;
}
.nav-link {
font-weight: 900;
text-decoration: underline;
text-transform: uppercase;
font-size: 12px;
}
.nav-link:hover {
background: #000;
color: #fff;
}
.ok {
border: 3px solid #000;
background: #00ff00;
padding: 10px;
font-weight: 900;
text-transform: uppercase;
}
.err {
border: 3px solid #000;
background: #ff0000;
color: #fff;
padding: 10px;
font-weight: 900;
text-transform: uppercase;
}
</style>
</head>
<body>
<div class="max-w-4xl mx-auto">
<!-- HEADER -->
<header class="mb-6 border-b-8 border-black pb-4 flex justify-between items-start">
<h1 class="text-4xl font-black uppercase tracking-tighter leading-none">
Config_Settings
</h1>
<div class="flex flex-col items-end gap-2">
<a href="/admin" class="nav-link">Admin_Panel</a>
<a href="/config" class="nav-link">Reload_Config</a>
<a href="/logout" class="nav-link text-red-600">Logout</a>
</div>
</header>
<!-- STATUS -->
{{if .Success}}
<div class="ok mb-4">CONFIG_SAVED_SUCCESSFULLY</div>
{{end}}
{{if .Error}}
<div class="err mb-4">{{.Error}}</div>
{{end}}
<form method="POST" action="/config">
<div class="box mb-6">
<div class="section-title">General_Settings</div>
<div class="row">
<label>Site_MODT</label>
<input type="text" name="site_modt" value="{{.MODT}}">
</div>
</div>
<!-- UPLOAD SETTINGS -->
<div class="box mb-6">
<div class="section-title">Upload_Control</div>
<div class="row">
<label>Max_File_Size_MB</label>
<div class="flex flex-col gap-1">
<div class="flex gap-2 items-center">
<input id="fileSizeMB" type="number" min="1" name="upload_max_file_size_mb" value="{{.UploadMaxFileSizeMB}}">
<input id="fileSizeGB" type="text" readonly placeholder="GB"
class="w-24 bg-gray-100 cursor-not-allowed">
</div>
<div class="hint">Hard limit enforced by upload endpoints</div>
</div>
</div>
<div class="row">
<label>Multi_Upload_Limit</label>
<div>
<input type="number" min="1" name="upload_multi_max_files" value="{{.UploadMultiMaxFiles}}">
<div class="hint">Max files per multi-upload request</div>
</div>
</div>
<div class="row">
<label>Max_Expiry_Hours</label>
<div class="flex flex-col gap-1">
<div class="flex gap-2 items-center">
<input id="hoursInput" type="number" min="1" name="upload_max_hours" value="{{.UploadMaxHours}}">
<input id="daysOutput" type="text" readonly placeholder="Days" class="w-24 bg-gray-100 cursor-not-allowed">
</div>
<div class="hint">User duration capped to this value</div>
</div>
</div>
</div>
<!-- RATE LIMITS -->
<div class="box mb-6">
<div class="section-title">Rate_Limits_(Static)</div>
<div class="hint mb-4">
Changes require server restart to take effect
</div>
<div class="row">
<label>Login_Per_Minute</label>
<input type="number" min="1" name="ratelimit_login_per_minute" value="{{.RateLimitLoginPerMinute}}">
</div>
<div class="row">
<label>Login_Burst</label>
<input type="number" min="1" name="ratelimit_login_burst" value="{{.RateLimitLoginBurst}}">
</div>
<div class="row">
<label>API_Per_Minute</label>
<input type="number" min="1" name="ratelimit_api_per_minute" value="{{.RateLimitApiPerMinute}}">
</div>
<div class="row">
<label>API_Burst</label>
<input type="number" min="1" name="ratelimit_api_burst" value="{{.RateLimitApiBurst}}">
</div>
</div>
<div class="box mb-6">
<div class="section-title">NTFY_Settings</div>
<div class="row">
<label>Use_NTFY</label>
<input type="checkbox" id="ntfy_use_seen" {{if .NtfyUse}}checked{{end}}>
<input type="hidden" name="ntfy_use" id="ntfy_use_hidden" value="{{if .NtfyUse}}true{{else}}false{{end}}">
</div>
<div class="row">
<label>NTFY_Url</label>
<input type="text" name="ntfy_url" value="{{.NtfyUrl}}">
</div>
<div class="row">
<label>NTFY_Topic</label>
<input type="text" name="ntfy_topic" value="{{.NtfyTopic}}">
</div>
</div>
<!-- ACTIONS -->
<div class="flex justify-between items-center border-t-8 border-black pt-4">
<button type="submit">SAVE</button>
</div>
</form>
</div>
<a href="/change-password" class="fixed bottom-1 left-1 text-[10px] underline">
CHANGE_PASSWORD
</a>
<script>
function formatNumber(num) {
return parseFloat(num.toFixed(2));
}
function updateConversions() {
const mb = parseFloat(document.getElementById('fileSizeMB')?.value);
const gbField = document.getElementById('fileSizeGB');
if (!isNaN(mb) && gbField) {
gbField.value = formatNumber(mb / 1024) + " GB";
} else if (gbField) {
gbField.value = "";
}
const hours = parseFloat(document.getElementById('hoursInput')?.value);
const daysField = document.getElementById('daysOutput');
if (!isNaN(hours) && daysField) {
daysField.value = formatNumber(hours / 24) + " days";
} else if (daysField) {
daysField.value = "";
}
}
// Run on load
window.addEventListener('DOMContentLoaded', updateConversions);
// Listen for changes
document.addEventListener('input', updateConversions);
const checkbox = document.getElementById('ntfy_use_seen');
const hidden = document.getElementById('ntfy_use_hidden');
if (checkbox && hidden) {
// Update hidden input whenever checkbox changes
checkbox.addEventListener('change', () => {
hidden.value = checkbox.checked ? "true" : "false";
});
}
</script>
</body>
</html>

64
templates/error.html
View File

@@ -6,6 +6,7 @@
<title>Nothing to see here</title> <title>Nothing to see here</title>
<script src="https://cdn.tailwindcss.com"></script> <script src="https://cdn.tailwindcss.com"></script>
<link rel="icon" type="image/x-icon" href="/static/favicon.ico"> <link rel="icon" type="image/x-icon" href="/static/favicon.ico">
<style> <style>
* { * {
border-radius: 0 !important; border-radius: 0 !important;
@@ -13,56 +14,48 @@
} }
body { body {
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace; font-family: sans-serif;
background: #fff; background: #fff;
color: #000; color: #000;
} }
.box { .box {
border: 3px solid #000; border: 2px solid #000;
padding: 20px; padding: 20px;
background: #fff; background: #fff;
width: 100%; width: 100%;
} }
a.button { .button {
border: 2px solid #000; border: 2px solid #000;
background: #fff; background: #eee;
padding: 6px 14px; padding: 4px 12px;
font-weight: 900; font-weight: bold;
font-size: 12px;
cursor: pointer; cursor: pointer;
text-transform: uppercase;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
box-shadow: 3px 3px 0px #000;
text-decoration: none; text-decoration: none;
display: inline-block; display: inline-block;
} }
a.button:hover { .button:hover {
background: #000; background: #ccc;
color: #fff;
box-shadow: none;
transform: translate(2px, 2px);
} }
a.button:active { .button:active {
background: #ffff00; background: #000;
color: #000; color: #fff;
} }
.title { .title {
font-size: 28px; font-size: 28px;
font-weight: 900; font-weight: 900;
border-bottom: 3px solid #000; border-bottom: 2px solid #000;
margin-bottom: 10px; margin-bottom: 10px;
padding-bottom: 4px; padding-bottom: 4px;
text-transform: uppercase;
} }
.subtitle { .subtitle {
font-size: 12px; font-size: 12px;
font-weight: 900; font-weight: bold;
text-transform: uppercase; text-transform: uppercase;
margin-bottom: 16px; margin-bottom: 16px;
} }
@@ -70,35 +63,14 @@
.text { .text {
font-size: 12px; font-size: 12px;
text-transform: uppercase; text-transform: uppercase;
font-weight: 700;
margin-bottom: 20px; margin-bottom: 20px;
} }
.nav-link {
font-weight: 900;
text-decoration: underline;
text-transform: uppercase;
font-size: 11px;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
}
.nav-link:hover {
background: #000;
color: #fff;
}
</style> </style>
</head> </head>
<body class="min-h-screen flex items-center justify-center p-4"> <body class="min-h-screen flex items-center justify-center p-4">
<div class="w-full max-w-[493px] flex flex-col items-center"> <div class="w-full max-w-[493px] flex flex-col items-center">
<header class="w-full mb-0 border-b-8 border-black pb-3 flex justify-between items-end">
<div>
<img src="/static/logo.png" alt="Send.it logo" style="height:36px;" class="mb-1">
<h1 class="text-3xl font-black uppercase tracking-tighter leading-none">Send_It</h1>
</div>
</header>
<div class="box text-center"> <div class="box text-center">
<div class="title"> <div class="title">
@@ -121,14 +93,6 @@
</div> </div>
<div class="w-full mt-3 flex justify-between items-center">
<span class="text-[10px] font-black text-gray-400">{{.MODT}}</span>
<div class="flex gap-4">
<a href="/static/TOS.txt" class="nav-link">TOS</a>
<a href="/admin" class="nav-link">SUDO</a>
</div>
</div>
</div> </div>
</body> </body>

440
templates/index.html
View File

@@ -7,65 +7,47 @@
<script src="https://cdn.tailwindcss.com"></script> <script src="https://cdn.tailwindcss.com"></script>
<link rel="icon" type="image/x-icon" href="/static/favicon.ico"> <link rel="icon" type="image/x-icon" href="/static/favicon.ico">
<style> <style>
/* The "No-Design" Design */
* { * {
border-radius: 0 !important; border-radius: 0 !important;
transition: none !important; transition: none !important;
} }
body { body {
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace; font-family: sans-serif;
background: #fff; background: #fff;
color: #000; color: #000;
} }
.box { .box {
border: 3px solid #000; border: 2px solid #000;
padding: 20px;
background: #fff; background: #fff;
width: 100%; width: 100%;
} }
.input-text { .input-text {
border: 2px solid #000; border: 1px solid #000;
padding: 6px 10px; padding: 4px 8px;
background: #fff; background: #fff;
width: 100%; width: 100%;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
font-size: 12px;
font-weight: 600;
}
select {
border: 2px solid #000;
padding: 5px 8px;
background: #fff;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
font-size: 11px;
font-weight: 700;
text-transform: uppercase;
} }
button { button {
border: 2px solid #000; border: 2px solid #000;
background: #fff; background: #eee;
padding: 6px 14px; padding: 4px 12px;
font-weight: 900; font-weight: bold;
font-size: 12px;
cursor: pointer; cursor: pointer;
text-transform: uppercase;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
box-shadow: 3px 3px 0px #000;
} }
button:hover { button:hover {
background: #000; background: #ccc;
color: #fff;
box-shadow: none;
transform: translate(2px, 2px);
} }
button:active { button:active {
background: #ffff00; background: #000;
color: #000; color: #fff;
} }
button:disabled { button:disabled {
@@ -73,150 +55,66 @@
color: #999; color: #999;
border-color: #ccc; border-color: #ccc;
cursor: not-allowed; cursor: not-allowed;
box-shadow: none;
}
button:disabled:hover {
transform: none;
background: #f0f0f0;
color: #999;
} }
.btn-cancel { .btn-cancel {
background: #fff; background: #fff;
color: #cc0000; color: #cc0000;
border-color: #cc0000; border-color: #cc0000;
box-shadow: 3px 3px 0px #cc0000;
margin-top: 8px; margin-top: 8px;
width: 100%; width: 100%;
font-size: 11px; font-size: 10px;
} }
.btn-cancel:hover { .btn-cancel:hover {
background: #cc0000; background: #fee2e2;
color: #fff;
box-shadow: none;
} }
.drop-zone { .drop-zone {
border: 3px dashed #000; border: 2px dashed #000;
padding: 60px 40px; padding: 80px;
text-align: center; text-align: center;
background: #f9f9f9; background: #f9f9f9;
cursor: pointer; cursor: pointer;
} }
.drop-zone.active { .drop-zone.active {
background: #ffff00; background: #eee;
border-style: solid; border-style: solid;
} }
.drop-zone:hover { .burn-option {
background: #f0f0f0;
}
.burn-label {
color: #cc0000; color: #cc0000;
font-weight: 900; font-weight: bold;
font-size: 11px;
text-transform: uppercase;
}
.section-label {
font-size: 11px;
font-weight: 900;
text-transform: uppercase;
letter-spacing: 0.05em;
}
.status-tag {
font-weight: 900;
font-size: 11px;
padding: 3px 8px;
border: 2px solid #000;
display: inline-block;
text-transform: uppercase;
}
.status-success {
background: #00ff00;
color: #000;
}
.nav-link {
font-weight: 900;
text-decoration: underline;
text-transform: uppercase;
font-size: 11px;
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace;
}
.nav-link:hover {
background: #000;
color: #fff;
}
input[type="checkbox"] {
width: 16px;
height: 16px;
border: 2px solid #000;
appearance: none;
background: #fff;
cursor: pointer;
position: relative;
flex-shrink: 0;
}
input[type="checkbox"]:checked {
background: #ff00ff;
}
input[type="checkbox"]:checked::after {
content: '✕';
position: absolute;
top: -2px;
left: 1px;
font-size: 12px; font-size: 12px;
font-weight: 900;
color: #fff;
} }
</style> </style>
</head> </head>
<body class="min-h-screen flex flex-col items-center justify-center p-4"> <body class="min-h-screen flex items-center justify-center p-4">
<div class="w-full max-w-[520px] flex flex-col items-center"> <!--<div class="w-full max-w-[493px] flex flex-col items-end">-->
<div class="w-full max-w-[493px] flex flex-col items-center">
<!-- Header --> <img src="/static/logo.png" alt="Send.it logo" style="width:50%;" class="mb-2 border-black">
<header class="w-full mb-0 border-b-8 border-black pb-3 flex justify-between items-end"> <div class="box">
<div> <header class="mb-6 border-b-2 border-black pb-2 text-center">
<img src="/static/logo.png" alt="Send.it logo" style="height:36px;" class="mb-1"> <h1 class="text-xl font-bold uppercase">Send it</h1>
<h1 class="text-3xl font-black uppercase tracking-tighter leading-none">Send_It</h1>
</div>
</header> </header>
<!-- Main Box --> <div id="upload-ui">
<div class="box"> <div id="drop-zone" class="drop-zone mb-4">
<!-- Upload UI -->
<div id="upload-ui" class="p-5 space-y-4">
<!-- Drop Zone -->
<div id="drop-zone" class="drop-zone">
<input type="file" id="fileInput" class="hidden" multiple> <input type="file" id="fileInput" class="hidden" multiple>
<div id="dz-content"> <div id="dz-content">
<div class="text-2xl mb-2"></div> <span id="dz-text" class="text-sm">Click to select or drop file</span>
<span id="dz-text" class="section-label text-gray-500">Click to select or drop file(s)</span>
</div> </div>
<!-- Progress Bar --> <div id="progress-container" class="hidden mt-3 border border-black h-4">
<div id="progress-container" class="hidden mt-4 border-2 border-black h-5 bg-white">
<div id="progress-bar" class="h-full bg-black" style="width:0%"></div> <div id="progress-bar" class="h-full bg-black" style="width:0%"></div>
</div> </div>
<div class="flex justify-between items-center mt-1"> <div class="flex justify-between items-center mt-1">
<div id="progress-text" class="text-[10px] font-black hidden">0%</div> <div id="progress-text" class="text-[10px] font-bold hidden">0%</div>
<div id="stats-text" class="text-[10px] font-black hidden uppercase"> <div id="stats-text" class="text-[10px] font-bold hidden uppercase">
<span id="speed-text">0 KB/S</span> <span id="speed-text">0 KB/S</span>
<span class="mx-1 opacity-30">|</span> <span class="mx-1 opacity-30">|</span>
<span id="eta-text">--:--</span> <span id="eta-text">--:--</span>
@@ -224,71 +122,259 @@
</div> </div>
</div> </div>
<!-- Config Row --> <div class="space-y-4">
<div class="border-t-2 border-b-2 border-black py-3 space-y-3"> <div class="flex items-center justify-between border-b border-black pb-2">
<div class="flex items-center justify-between"> <label class="text-xs font-bold uppercase">Expire In:</label>
<span class="section-label">Expire_In:</span> <select id="duration" class="border border-black text-xs p-1">
<select id="duration"> <option value="1">1 Hour</option>
<option value="1">1_Hour</option> <option value="24">24 Hours</option>
<option value="24">24_Hours</option> <option value="168">7 Days</option>
<option value="168">7_Days</option> <option value="730" selected>1 Month</option>
<option value="730" selected>1_Month</option>
</select> </select>
</div> </div>
<div class="flex items-center gap-3"> <div class="flex items-center gap-2">
<input type="checkbox" id="once"> <input type="checkbox" id="once" class="w-4 h-4 border-black">
<label for="once" class="burn-label">Burn_After_Download</label> <label for="once" class="burn-option uppercase">Burn after</label>
</div>
<button id="uploadBtn" class="w-full" disabled>UPLOAD</button>
<button id="cancelBtn" class="btn-cancel hidden">CANCEL UPLOAD</button>
</div> </div>
</div> </div>
<!-- Actions --> <div id="success-ui" class="hidden space-y-4">
<div> <div class="bg-black text-white p-2 text-xs font-bold">
<button id="uploadBtn" class="w-full py-3 text-sm" disabled>UPLOAD_FILE</button> UPLOAD COMPLETE
<button id="cancelBtn" class="btn-cancel hidden">✕ CANCEL_UPLOAD</button>
</div>
</div>
<!-- Success UI -->
<div id="success-ui" class="hidden p-5 space-y-4">
<div class="border-2 border-black p-3" style="background:#00ff00;">
<span class="font-black text-sm uppercase">✓ Upload_Complete</span>
</div> </div>
<div> <div>
<div class="section-label mb-1">Download_Link:</div> <label class="text-[10px] font-bold block">DOWNLOAD LINK</label>
<div class="flex"> <div class="flex">
<input id="res-url" readonly class="input-text"> <input id="res-url" readonly class="input-text text-sm">
<button onclick="copy('res-url')" class="border-l-0 whitespace-nowrap">COPY</button> <button onclick="copy('res-url')" class="border-l-0">COPY</button>
</div> </div>
</div> </div>
<div> <div>
<div class="section-label mb-1 text-red-600">Deletion_Link <span class="text-gray-400">(private)</span>:</div> <label class="text-[10px] font-bold block">DELETION LINK (PRIVATE)</label>
<div class="flex"> <div class="flex">
<input id="res-del" readonly class="input-text" style="color:#cc0000;"> <input id="res-del" readonly class="input-text text-sm text-red-600">
<button onclick="copy('res-del')" class="border-l-0 whitespace-nowrap">COPY</button> <button onclick="copy('res-del')" class="border-l-0">COPY</button>
</div> </div>
</div> </div>
<div class="border-t-2 border-black pt-3"> <div class="pt-4 flex justify-between">
<button onclick="location.reload()" class="text-xs">← New_Upload</button> <button onclick="location.reload()" class="text-xs">NEW UPLOAD</button>
</div>
</div> </div>
</div> </div>
</div> <p class="mt-1 text-[10px] uppercase font-bold text-gray-400">A service by Brammie15</p>
<!-- Footer -->
<div class="w-full mt-3 flex justify-between items-center">
<span class="text-[10px] font-black text-gray-400">{{.MODT}}</span>
<div class="flex gap-4">
<a href="/static/TOS.txt" class="nav-link">TOS</a>
<a href="/admin" class="nav-link">SUDO</a>
</div>
</div>
</div> </div>
<script src="/static/js/upload.js"></script>
<script>
const zone = document.getElementById('drop-zone');
const input = document.getElementById('fileInput');
const uploadBtn = document.getElementById('uploadBtn');
const cancelBtn = document.getElementById('cancelBtn');
const progressText = document.getElementById("progress-text");
const statsText = document.getElementById("stats-text");
const speedText = document.getElementById("speed-text");
const etaText = document.getElementById("eta-text");
const progressBar = document.getElementById("progress-bar");
const progressContainer = document.getElementById("progress-container");
let currentXhr = null;
// Helper: Human Readable Size
function formatBytes(bytes, decimals = 2) {
if (bytes === 0) return '0 Bytes';
const k = 1024;
const dm = decimals < 0 ? 0 : decimals;
const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB'];
const i = Math.floor(Math.log(bytes) / Math.log(k));
return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
}
// Helper: Human Readable Time
function formatTime(seconds) {
if (!isFinite(seconds) || seconds < 0) return "--:--";
const h = Math.floor(seconds / 3600);
const m = Math.floor((seconds % 3600) / 60);
const s = Math.floor(seconds % 60);
return [
h > 0 ? h : null,
(h > 0 ? m.toString().padStart(2, '0') : m),
s.toString().padStart(2, '0')
].filter(x => x !== null).join(':');
}
zone.onclick = () => input.click();
zone.ondragover = (e) => {
e.preventDefault();
zone.classList.add('active');
};
zone.ondragleave = () => zone.classList.remove('active');
zone.ondrop = (e) => {
e.preventDefault();
zone.classList.remove('active');
if (e.dataTransfer.files.length) {
input.files = e.dataTransfer.files;
input.dispatchEvent(new Event('change'));
}
};
input.onchange = () => {
if (input.files.length) {
showFiles(input.files);
uploadBtn.disabled = false;
} else {
uploadBtn.disabled = true;
}
};
function showFiles(fileList) {
const files = Array.from(fileList || []);
if (files.length === 0) return;
const total = files.reduce((acc, f) => acc + f.size, 0);
if (files.length === 1) {
document.getElementById('dz-text').innerText =
`${files[0].name} (${formatBytes(files[0].size)})`;
return;
}
document.getElementById('dz-text').innerText =
`${files.length} FILES (${formatBytes(total)}) — will be zipped`;
}
uploadBtn.onclick = () => {
if (!input.files.length) return;
if (input.files.length === 1) {
handleUploadSingle(input.files[0]);
} else {
handleUploadMulti(input.files);
}
};
cancelBtn.onclick = (e) => {
e.stopPropagation();
if (currentXhr) {
currentXhr.abort();
alert("Upload cancelled.");
location.reload();
}
};
function commonFormData() {
const fd = new FormData();
fd.append("once", document.getElementById("once").checked ? "true" : "false");
const hours = parseInt(document.getElementById("duration").value, 10);
fd.append("duration", hours);
return fd;
}
function startUploadUI() {
uploadBtn.disabled = true;
uploadBtn.innerText = "UPLOADING...";
cancelBtn.classList.remove('hidden');
progressContainer.classList.remove("hidden");
progressText.classList.remove("hidden");
statsText.classList.remove("hidden");
}
function setupXHRHandlers(xhr) {
let startTime = Date.now();
xhr.upload.onprogress = (e) => {
if (e.lengthComputable) {
const percent = Math.round((e.loaded / e.total) * 100);
progressBar.style.width = percent + "%";
progressText.innerText = percent + "%";
const elapsedSeconds = (Date.now() - startTime) / 1000;
if (elapsedSeconds > 0) {
const bytesPerSecond = e.loaded / elapsedSeconds;
const remainingBytes = e.total - e.loaded;
const secondsRemaining = remainingBytes / bytesPerSecond;
speedText.innerText = formatBytes(bytesPerSecond) + "/S";
etaText.innerText = formatTime(secondsRemaining);
}
}
};
xhr.onload = () => {
if (xhr.status >= 200 && xhr.status < 300) {
try {
const data = JSON.parse(xhr.responseText);
if (data.error) throw new Error(data.error);
window.location.href = "/f/" + data.view_key;
} catch (err) {
console.error("Invalid response:", xhr.responseText);
alert("Server error");
}
} else {
alert("Upload failed");
}
};
xhr.onerror = () => {
if (xhr.statusText !== "abort") {
alert("Upload failed");
location.reload();
}
};
}
function handleUploadSingle(file) {
startUploadUI();
const fd = commonFormData();
fd.append("file", file);
const xhr = new XMLHttpRequest();
currentXhr = xhr;
setupXHRHandlers(xhr);
xhr.open("POST", "/api/files/upload");
xhr.send(fd);
}
function handleUploadMulti(fileList) {
startUploadUI();
const fd = commonFormData();
Array.from(fileList).forEach(f => fd.append("files", f));
const xhr = new XMLHttpRequest();
currentXhr = xhr;
setupXHRHandlers(xhr);
xhr.open("POST", "/api/files/upload-multi");
xhr.send(fd);
}
function copy(id) {
const el = document.getElementById(id);
el.select();
document.execCommand('copy');
}
</script>
<a href="/admin" class="fixed bottom-1 right-1 text-[10px] underline">SUDO</a>
<a href="/static/TOS.txt" class="fixed bottom-1 left-1 text-[10px] underline">TOS</a>
</body> </body>
</html> </html>

75
templates/login.html
View File

@@ -10,83 +10,64 @@
* { border-radius: 0 !important; } * { border-radius: 0 !important; }
body { body {
font-family: ui-monospace, 'Cascadia Code', 'Source Code Pro', monospace; font-family: sans-serif;
background: #fff; background: #fff;
color: #000; color: #000;
padding: 20px; padding: 20px;
} }
.box { .box {
border: 3px solid #000; border: 2px solid #000;
background: #fff; background: #fff;
} }
input { input {
border: 2px solid #000; border: 1px solid #000;
padding: 8px; padding: 6px;
font-size: 13px; font-size: 13px;
width: 100%; width: 100%;
background: #fff; background: #fff;
font-weight: bold;
} }
input:focus { input:focus {
outline: none; outline: none;
background: #ffff00; background: #f9f9f9;
} }
/* Chunky button style */
button { button {
border: 2px solid #000; border: 1px solid #000;
background: #fff; background: #eee;
padding: 6px 12px; padding: 4px 10px;
cursor: pointer; cursor: pointer;
font-size: 12px; font-size: 12px;
font-weight: 900; font-weight: bold;
text-transform: uppercase;
box-shadow: 3px 3px 0px #000;
} }
button:hover { button:hover {
background: #000; background: #000;
color: #fff; color: #fff;
box-shadow: none;
transform: translate(2px, 2px);
}
button:active {
background: #ff0000;
color: #fff;
} }
.nav-link { .nav-link {
font-weight: 900; font-weight: bold;
text-decoration: underline; text-decoration: underline;
text-transform: uppercase; font-size: 11px;
font-size: 12px;
}
.nav-link:hover {
background: #000;
color: #fff;
} }
.label { .label {
font-size: 10px; font-size: 10px;
font-weight: 900; font-weight: bold;
text-transform: uppercase; text-transform: uppercase;
margin-bottom: 4px; margin-bottom: 2px;
} }
.error { .error {
border: 3px solid #000; border: 1px solid #000;
background: #ff0000; background: #ffcccc;
color: #fff;
font-size: 11px; font-size: 11px;
padding: 6px; padding: 4px;
margin-bottom: 12px; margin-bottom: 10px;
font-weight: 900; font-weight: bold;
text-transform: uppercase;
} }
</style> </style>
</head> </head>
@@ -94,25 +75,26 @@
<div class="max-w-md mx-auto"> <div class="max-w-md mx-auto">
<header class="mb-8 border-b-8 border-black pb-4 flex justify-between items-start"> <header class="mb-8 border-b-4 border-black pb-2 flex justify-between items-end">
<h1 class="text-4xl font-black uppercase tracking-tighter leading-none"> <h1 class="text-3xl font-black uppercase tracking-tighter">
System_Access System Access
</h1> </h1>
<a href="/" class="nav-link"> <a href="/" class="nav-link">
← Back ← BACK
</a> </a>
</header> </header>
<div class="box p-6">
<div class="box p-4">
{{if .Error}} {{if .Error}}
<div class="error"> <div class="error">
ACCESS_DENIED ACCESS DENIED
</div> </div>
{{end}} {{end}}
<form id="login-form" class="space-y-4"> <form id="login-form" class="space-y-3">
<div> <div>
<div class="label">Username</div> <div class="label">Username</div>
@@ -126,7 +108,7 @@
<div class="pt-2"> <div class="pt-2">
<button type="submit"> <button type="submit">
Authenticate AUTHENTICATE
</button> </button>
</div> </div>
@@ -163,6 +145,7 @@
return; return;
} }
// Redirect to admin
window.location.href = "/admin"; window.location.href = "/admin";
} catch (err) { } catch (err) {
@@ -176,7 +159,7 @@
err = document.createElement("div"); err = document.createElement("div");
err.id = "error-box"; err.id = "error-box";
err.className = "error"; err.className = "error";
err.innerText = "ACCESS_DENIED"; err.innerText = "ACCESS DENIED";
form.prepend(err); form.prepend(err);
} }
} }