From 6617efc9fe67a21f8502b01cabcba14b0b62c43c Mon Sep 17 00:00:00 2001 From: blek Date: Fri, 27 Oct 2023 00:41:43 +1000 Subject: [PATCH 1/5] add upload_pass config option --- filed/config/filed.toml.example | 5 +++++ filed/src/config/types.rs | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/filed/config/filed.toml.example b/filed/config/filed.toml.example index 9c73491..dd3d161 100644 --- a/filed/config/filed.toml.example +++ b/filed/config/filed.toml.example @@ -21,6 +21,11 @@ allow_pass_protection=true # This is shown only if allow_uploads = false # upload_disable_reason="File uploads were disabled because of an ongoing attack." +# If you want to restrict the uploads +# To only the people who have a password, +# uncomment this field +# upload_pass=super_secret_pass + # Timeout for deleting a user uploaded file file_del_timeout=1800 diff --git a/filed/src/config/types.rs b/filed/src/config/types.rs index dbe8bd4..878230d 100644 --- a/filed/src/config/types.rs +++ b/filed/src/config/types.rs @@ -22,6 +22,10 @@ pub struct FilesPolicy { #[serde(default)] pub upload_disable_reason: Option, + /// Upload password + #[serde(default)] + pub upload_pass: Option, + /// Default time for file to be deleted #[serde(default)] pub file_del_timeout: usize, @@ -42,6 +46,7 @@ impl Default for FilesPolicy { allow_custom_names: true, allow_pass_protection: true, upload_disable_reason: None, + upload_pass: None, file_del_timeout: 1800, type_whitelist: None, type_blacklist: None, From 5fc980a0b67b89689342b184ba1f8bb68f4533f0 Mon Sep 17 00:00:00 2001 From: blek Date: Fri, 27 Oct 2023 00:50:02 +1000 Subject: [PATCH 2/5] add password request on upload page --- filed/static/assets/alert.css | 4 ++++ filed/templates/index.html | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/filed/static/assets/alert.css b/filed/static/assets/alert.css index 6228e95..55bc69d 100644 --- a/filed/static/assets/alert.css +++ b/filed/static/assets/alert.css @@ -20,4 +20,8 @@ .alert.danger .alert-title { background: #602020; +} + +.alert.blue .alert-title { + background: #203050; } \ No newline at end of file diff --git a/filed/templates/index.html b/filed/templates/index.html index 794e74f..bba9521 100644 --- a/filed/templates/index.html +++ b/filed/templates/index.html @@ -114,6 +114,24 @@

{%- else -%} + + {%- if let Some(pass) = conf.files.upload_pass -%} +
+

+ Upload password +

+
+

This instance requires a password to upload a file.

+

+ +

+
+
+ {%- endif -%} +

From 04a40e26c46d9857daad29b9c5590d84a518aa2f Mon Sep 17 00:00:00 2001 From: blek Date: Fri, 27 Oct 2023 01:13:46 +1000 Subject: [PATCH 4/5] add js UX for pass entry --- filed/templates/index.html | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/filed/templates/index.html b/filed/templates/index.html index f9e56dd..359ecbb 100644 --- a/filed/templates/index.html +++ b/filed/templates/index.html @@ -9,6 +9,31 @@ {% endblock %} +{% block scripts %} + +{%- if conf.files.upload_pass.is_some() -%} + + {#- Script to disable button when password is not entered -#} +{#- -#} + +{%- endif -%} + +{% endblock %} + {% block body %}
@@ -125,7 +150,7 @@

@@ -160,7 +185,7 @@

-

From 6852536f395cc19a609f903d00194a5ca8f6d9f0 Mon Sep 17 00:00:00 2001 From: blek Date: Fri, 27 Oct 2023 01:17:03 +1000 Subject: [PATCH 5/5] add password field to /api/files/upload method --- filed/docs/file_api.swagger.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/filed/docs/file_api.swagger.yml b/filed/docs/file_api.swagger.yml index 4cdab6c..8f0818d 100644 --- a/filed/docs/file_api.swagger.yml +++ b/filed/docs/file_api.swagger.yml @@ -111,6 +111,10 @@ paths: type: string example: binary file data description: binary file data + instance_pass: + type: string + example: super_secret_pass + description: Instance-specific password needed to upload files metadata: type: object description: file info