forked from jhaals/yopass
/
yopass.go
176 lines (152 loc) · 4.9 KB
/
yopass.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package main
import (
"crypto/tls"
"encoding/json"
"log"
"net/http"
"os"
"github.com/bradfitz/gomemcache/memcache"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
"github.com/pborman/uuid"
)
// Database interface
type Database interface {
Get(key string) (string, error)
Set(key, value string, expiration int32) error
Delete(key string) error
}
type memcached struct {
Client *memcache.Client
}
// Get key in memcache
func (m memcached) Get(key string) (string, error) {
r, err := m.Client.Get(key)
if err != nil {
return "", err
}
return string(r.Value), nil
}
// Store key in memcache
func (m memcached) Set(key, value string, expiration int32) error {
return m.Client.Set(&memcache.Item{
Key: key,
Value: []byte(value),
Expiration: expiration})
}
func (m memcached) Delete(key string) error {
return m.Client.Delete(key)
}
// validExpiration validates that expiration is ether
// 3600(1hour), 86400(1day) or 604800(1week)
func validExpiration(expiration int32) bool {
for _, ttl := range []int32{3600, 86400, 604800} {
if ttl == expiration {
return true
}
}
return false
}
// Handle requests for saving secrets
func saveHandler(response http.ResponseWriter, request *http.Request,
db Database) {
response.Header().Set("Content-type", "application/json")
if request.Method != "POST" {
http.Error(response,
`{"message": "Bad Request, see https://github.com/jhaals/yopass for more info"}`,
http.StatusBadRequest)
return
}
decoder := json.NewDecoder(request.Body)
var secret struct {
Message string `json:"secret"`
Expiration int32 `json:"expiration"`
}
err := decoder.Decode(&secret)
if err != nil {
http.Error(response, `{"message": "Unable to parse json"}`, http.StatusBadRequest)
return
}
if validExpiration(secret.Expiration) == false {
http.Error(response, `{"message": "Invalid expiration specified"}`, http.StatusBadRequest)
return
}
if len(secret.Message) > 10000 {
http.Error(response, `{"message": "Message is too long"}`, http.StatusBadRequest)
return
}
// Generate new UUID and store secret in memcache with specified expiration
uuid := uuid.NewUUID()
err = db.Set(uuid.String(), secret.Message, secret.Expiration)
if err != nil {
http.Error(response, `{"message": "Failed to store secret in database"}`, http.StatusInternalServerError)
return
}
resp := map[string]string{"key": uuid.String(), "message": "secret stored"}
jsonData, _ := json.Marshal(resp)
response.Write(jsonData)
}
// Handle GET requests
func getHandler(response http.ResponseWriter, request *http.Request, db Database) {
response.Header().Set("Content-type", "application/json")
secret, err := db.Get(mux.Vars(request)["uuid"])
if err != nil {
if err.Error() == "memcache: cache miss" {
http.Error(response, `{"message": "Secret not found"}`, http.StatusNotFound)
return
}
log.Println(err)
http.Error(response, `{"message": "Unable to receive secret from database"}`, http.StatusInternalServerError)
return
}
// Delete secret from memcached
db.Delete(mux.Vars(request)["uuid"])
resp := map[string]string{"secret": string(secret), "message": "OK"}
jsonData, _ := json.Marshal(resp)
response.Write(jsonData)
}
// Handle HEAD requests for message status.
// return 200 if message exist in memcache or 404 if not
func messageStatus(response http.ResponseWriter, request *http.Request, db Database) {
_, err := db.Get(mux.Vars(request)["uuid"])
response.Header().Set("Connection", "close")
if err != nil {
log.Println(err)
response.WriteHeader(http.StatusNotFound)
return
}
}
func main() {
if os.Getenv("MEMCACHED") == "" {
log.Println("MEMCACHED environment variable must be specified")
os.Exit(1)
}
mc := memcached{memcache.New(os.Getenv("MEMCACHED"))}
mx := mux.NewRouter()
// GET secret
mx.HandleFunc("/secret/{uuid:([0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})}",
func(response http.ResponseWriter, request *http.Request) {
getHandler(response, request, mc)
}).Methods("GET")
// Check secret status
mx.HandleFunc("/secret/{uuid:([0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12})}",
func(response http.ResponseWriter, request *http.Request) {
messageStatus(response, request, mc)
}).Methods("HEAD")
// Save secret
mx.HandleFunc("/secret", func(response http.ResponseWriter, request *http.Request) {
saveHandler(response, request, mc)
}).Methods("POST")
// Serve static files
mx.PathPrefix("/").Handler(http.FileServer(http.Dir("public")))
log.Println("Starting yopass. Listening on port 1337")
if os.Getenv("TLS_CERT") != "" && os.Getenv("TLS_KEY") != "" {
// Configure TLS with sane ciphers
config := &tls.Config{MinVersion: tls.VersionTLS12}
server := &http.Server{Addr: ":1337",
Handler: handlers.LoggingHandler(os.Stdout, mx), TLSConfig: config}
log.Fatal(server.ListenAndServeTLS(os.Getenv("TLS_CERT"), os.Getenv("TLS_KEY")))
} else {
log.Fatal(http.ListenAndServe(":1337", handlers.LoggingHandler(os.Stdout, mx)))
}
}