datatrash/src/main.rs

mod config;
mod db;
mod deleter;
mod download;
mod file_info;
mod mime_relations;
mod multipart;
mod rate_limit;
mod script_nonce;
mod template;
mod upload;

use crate::rate_limit::ForwardedPeerIpKeyExtractor;
use actix_files::Files;
use actix_governor::{Governor, GovernorConfigBuilder};
use actix_web::{
    http::header::{
        HeaderName, CROSS_ORIGIN_OPENER_POLICY, PERMISSIONS_POLICY, REFERRER_POLICY,
        X_CONTENT_TYPE_OPTIONS, X_FRAME_OPTIONS, X_XSS_PROTECTION,
    },
    middleware::{self, Condition, DefaultHeaders},
    web::{self, Data},
    App, Error, HttpResponse, HttpServer,
};
use actix_web_lab::middleware::from_fn;
use env_logger::Env;
use sqlx::postgres::PgPool;
use std::env;
use tokio::sync::mpsc::channel;

static DEFAULT_PERMISSIONS: (HeaderName, &str) = (
    PERMISSIONS_POLICY,
    "accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=(), web-share=()"
);
static DEFAULT_CONTENT_TYPE_OPTIONS: (HeaderName, &str) = (X_CONTENT_TYPE_OPTIONS, "nosniff");
static DEFAULT_FRAME_OPTIONS: (HeaderName, &str) = (X_FRAME_OPTIONS, "deny");
static DEFAULT_XSS_PROTECTION: (HeaderName, &str) = (X_XSS_PROTECTION, "1; mode=block");
static DEFAULT_REFERRER_POLICY: (HeaderName, &str) = (REFERRER_POLICY, "no-referrer");
static DEFAULT_CROSS_ORIGIN_OPENER_POLICY: (HeaderName, &str) =
    (CROSS_ORIGIN_OPENER_POLICY, "same-origin");

async fn not_found() -> Result<HttpResponse, Error> {
    Ok(HttpResponse::NotFound()
        .content_type("text/plain")
        .body("not found"))
}

#[tokio::main]
async fn main() -> std::io::Result<()> {
    env_logger::Builder::from_env(Env::default().default_filter_or("info,sqlx=warn")).init();

    let pool: PgPool = db::setup().await;
    let config = config::from_env().await;
    let (sender, receiver) = channel(8);

    let db = web::Data::new(pool.clone());
    let expiry_watch_sender = web::Data::new(sender);
    let bind_address = env::var("BIND_ADDRESS").unwrap_or_else(|_| "0.0.0.0:8000".to_owned());

    let deleter = tokio::spawn(deleter::delete_old_files(
        receiver,
        pool,
        config.files_dir.clone(),
    ));

    template::write_prefillable_templates(&config).await;
    let config = Data::new(config);

    let governor_conf = GovernorConfigBuilder::default()
        .per_second(config.rate_limit_replenish_seconds)
        .burst_size(config.rate_limit_burst)
        .key_extractor(ForwardedPeerIpKeyExtractor {
            proxied: config.proxied,
        })
        .use_headers()
        .finish()
        .unwrap();

    log::info!("Listening on {bind_address}");
    log::info!("omnomnom");

    let http_server = HttpServer::new({
        move || {
            App::new()
                .wrap(
                    DefaultHeaders::new()
                        .add(DEFAULT_PERMISSIONS.clone())
                        .add(DEFAULT_CONTENT_TYPE_OPTIONS.clone())
                        .add(DEFAULT_FRAME_OPTIONS.clone())
                        .add(DEFAULT_XSS_PROTECTION.clone())
                        .add(DEFAULT_REFERRER_POLICY.clone())
                        .add(DEFAULT_CROSS_ORIGIN_OPENER_POLICY.clone()),
                )
                .wrap(middleware::Compress::default())
                .wrap(middleware::NormalizePath::trim())
                .wrap(from_fn(script_nonce::insert_script_nonce))
                .app_data(db.clone())
                .app_data(expiry_watch_sender.clone())
                .app_data(config.clone())
                .service(
                    web::resource("/")
                        .route(web::get().to(upload::index))
                        .route(web::head().to(upload::index)),
                )
                .service(web::resource("/upload").route(web::post().to(upload::upload)))
                .service(
                    web::resource(["/upload/{id}", "/upload/{id}/{name}"])
                        .route(web::get().to(upload::uploaded))
                        .route(web::head().to(upload::uploaded)),
                )
                .service(Files::new("/static", "static").disable_content_disposition())
                .default_service(web::route().to(not_found))
                .service(
                    web::resource(["/{id:[a-z0-9]{5}}", "/{id:[a-z0-9]{5}}/{name}"])
                        .wrap(Condition::new(
                            config.enable_rate_limit,
                            Governor::new(&governor_conf),
                        ))
                        .route(web::get().to(download::download))
                        .route(web::head().to(download::download)),
                )
        }
    })
    .bind(bind_address)?
    .run();

    // exit when http_server exits OR when deleter errors
    tokio::select! {
        result = http_server => result,
        result = deleter => {
            result?.map(|_| unreachable!("deletion runs infinitely")).expect("deletion may not fail")
        },
    }
}
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`mod config;`
			`mod db;`
finish it i guess 2020-07-09 17:27:24 +00:00			`mod deleter;`
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`mod download;`
fix: non utf-8 text files, refactor db model type 2024-06-09 20:33:13 +00:00			`mod file_info;`
load mime parents to determine text display 2022-10-07 10:18:23 +00:00			`mod mime_relations;`
Initial commit 2020-07-08 19:26:46 +00:00			`mod multipart;`
add rate limiting for download 2022-08-21 16:44:12 +00:00			`mod rate_limit;`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`mod script_nonce;`
cache index.html and auth-hide.js in static directory 2021-12-08 17:54:55 +00:00			`mod template;`
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`mod upload;`
Initial commit 2020-07-08 19:26:46 +00:00
add rate limiting for download 2022-08-21 16:44:12 +00:00			`use crate::rate_limit::ForwardedPeerIpKeyExtractor;`
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`use actix_files::Files;`
add rate limiting for download 2022-08-21 16:44:12 +00:00			`use actix_governor::{Governor, GovernorConfigBuilder};`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`use actix_web::{`
feat: add security headers 2023-04-20 19:46:56 +00:00			`http::header::{`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`HeaderName, CROSS_ORIGIN_OPENER_POLICY, PERMISSIONS_POLICY, REFERRER_POLICY,`
feat: add security headers 2023-04-20 19:46:56 +00:00			`X_CONTENT_TYPE_OPTIONS, X_FRAME_OPTIONS, X_XSS_PROTECTION,`
			`},`
feat: disable request logging, don't log ip 2024-01-26 13:18:27 +00:00			`middleware::{self, Condition, DefaultHeaders},`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`web::{self, Data},`
			`App, Error, HttpResponse, HttpServer,`
			`};`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`use actix_web_lab::middleware::from_fn;`
implement delete on download, better logging and multipart parsing a new database column was introduced for delete on download. the model should be migrated automatically. Fixes #4 2021-04-04 01:38:29 +00:00			`use env_logger::Env;`
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`use sqlx::postgres::PgPool;`
Initial commit 2020-07-08 19:26:46 +00:00			`use std::env;`
fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`use tokio::sync::mpsc::channel;`
Initial commit 2020-07-08 19:26:46 +00:00
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`static DEFAULT_PERMISSIONS: (HeaderName, &str) = (`
feat: add security headers 2023-04-20 19:46:56 +00:00			`PERMISSIONS_POLICY,`
			`"accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=(), usb=(), web-share=()"`
			`);`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`static DEFAULT_CONTENT_TYPE_OPTIONS: (HeaderName, &str) = (X_CONTENT_TYPE_OPTIONS, "nosniff");`
			`static DEFAULT_FRAME_OPTIONS: (HeaderName, &str) = (X_FRAME_OPTIONS, "deny");`
			`static DEFAULT_XSS_PROTECTION: (HeaderName, &str) = (X_XSS_PROTECTION, "1; mode=block");`
			`static DEFAULT_REFERRER_POLICY: (HeaderName, &str) = (REFERRER_POLICY, "no-referrer");`
			`static DEFAULT_CROSS_ORIGIN_OPENER_POLICY: (HeaderName, &str) =`
			`(CROSS_ORIGIN_OPENER_POLICY, "same-origin");`
return correct mime types, improve web security 2022-08-18 21:20:56 +00:00
add 404 page 2020-08-19 14:24:42 +00:00			`async fn not_found() -> Result<HttpResponse, Error> {`
			`Ok(HttpResponse::NotFound()`
			`.content_type("text/plain")`
			`.body("not found"))`
			`}`

update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`#[tokio::main]`
Initial commit 2020-07-08 19:26:46 +00:00			`async fn main() -> std::io::Result<()> {`
implement delete on download, better logging and multipart parsing a new database column was introduced for delete on download. the model should be migrated automatically. Fixes #4 2021-04-04 01:38:29 +00:00			`env_logger::Builder::from_env(Env::default().default_filter_or("info,sqlx=warn")).init();`
Initial commit 2020-07-08 19:26:46 +00:00
refactor: fix clippy warnings 2022-11-04 10:37:10 +00:00			`let pool: PgPool = db::setup().await;`
			`let config = config::from_env().await;`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`let (sender, receiver) = channel(8);`
db timeout, dont leak inner workings, auto create files dir, fix script injection 2020-07-13 13:22:33 +00:00
show limits explicitly, improve code 2021-08-18 21:22:50 +00:00			`let db = web::Data::new(pool.clone());`
			`let expiry_watch_sender = web::Data::new(sender);`
			`let bind_address = env::var("BIND_ADDRESS").unwrap_or_else(\|_\| "0.0.0.0:8000".to_owned());`

fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`let deleter = tokio::spawn(deleter::delete_old_files(`
do some code cleanup 2020-07-14 15:53:43 +00:00			`receiver,`
show limits explicitly, improve code 2021-08-18 21:22:50 +00:00			`pool,`
add environment variable configuration 2020-07-11 21:27:15 +00:00			`config.files_dir.clone(),`
			`));`
finish it i guess 2020-07-09 17:27:24 +00:00
cache index.html and auth-hide.js in static directory 2021-12-08 17:54:55 +00:00			`template::write_prefillable_templates(&config).await;`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`let config = Data::new(config);`
cache index.html and auth-hide.js in static directory 2021-12-08 17:54:55 +00:00
add rate limiting for download 2022-08-21 16:44:12 +00:00			`let governor_conf = GovernorConfigBuilder::default()`
update/fix rate limit environment variables 2022-10-15 12:31:54 +00:00			`.per_second(config.rate_limit_replenish_seconds)`
add rate limiting for download 2022-08-21 16:44:12 +00:00			`.burst_size(config.rate_limit_burst)`
			`.key_extractor(ForwardedPeerIpKeyExtractor {`
			`proxied: config.proxied,`
			`})`
			`.use_headers()`
			`.finish()`
			`.unwrap();`

fix: non utf-8 text files, refactor db model type 2024-06-09 20:33:13 +00:00			`log::info!("Listening on {bind_address}");`
			`log::info!("omnomnom");`

fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`let http_server = HttpServer::new({`
add environment variable configuration 2020-07-11 21:27:15 +00:00			`move \|\| {`
refactor: simplify actix app config 2023-03-15 08:44:31 +00:00			`App::new()`
always add X-Content-Type-Options: nosniff header 2022-08-24 08:32:51 +00:00			`.wrap(`
			`DefaultHeaders::new()`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`.add(DEFAULT_PERMISSIONS.clone())`
			`.add(DEFAULT_CONTENT_TYPE_OPTIONS.clone())`
			`.add(DEFAULT_FRAME_OPTIONS.clone())`
			`.add(DEFAULT_XSS_PROTECTION.clone())`
			`.add(DEFAULT_REFERRER_POLICY.clone())`
			`.add(DEFAULT_CROSS_ORIGIN_OPENER_POLICY.clone()),`
always add X-Content-Type-Options: nosniff header 2022-08-24 08:32:51 +00:00			`)`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`.wrap(middleware::Compress::default())`
refactor: simplify actix app config 2023-03-15 08:44:31 +00:00			`.wrap(middleware::NormalizePath::trim())`
feat: better security with <script nonce=""> 2024-07-26 00:09:34 +00:00			`.wrap(from_fn(script_nonce::insert_script_nonce))`
add environment variable configuration 2020-07-11 21:27:15 +00:00			`.app_data(db.clone())`
improve error handling 2020-12-03 22:30:37 +00:00			`.app_data(expiry_watch_sender.clone())`
update actix and migrate to tokio 2022-02-26 23:34:57 +00:00			`.app_data(config.clone())`
feat: allow http head requests 2023-04-14 08:00:44 +00:00			`.service(`
			`web::resource("/")`
			`.route(web::get().to(upload::index))`
			`.route(web::head().to(upload::index)),`
			`)`
extract more modules, fix FileKind enum names 2021-04-04 12:30:31 +00:00			`.service(web::resource("/upload").route(web::post().to(upload::upload)))`
apply formatter 2020-08-02 23:12:42 +00:00			`.service(`
append original file name to urls 2020-08-03 00:42:27 +00:00			`web::resource(["/upload/{id}", "/upload/{id}/{name}"])`
feat: allow http head requests 2023-04-14 08:00:44 +00:00			`.route(web::get().to(upload::uploaded))`
			`.route(web::head().to(upload::uploaded)),`
append original file name to urls 2020-08-03 00:42:27 +00:00			`)`
shorter id generation, shorten file url 2021-03-09 21:19:06 +00:00			`.service(Files::new("/static", "static").disable_content_disposition())`
refactor: simplify actix app config 2023-03-15 08:44:31 +00:00			`.default_service(web::route().to(not_found))`
			`.service(`
feat: allow http head requests 2023-04-14 08:00:44 +00:00			`web::resource(["/{id:[a-z0-9]{5}}", "/{id:[a-z0-9]{5}}/{name}"])`
			`.wrap(Condition::new(`
			`config.enable_rate_limit,`
			`Governor::new(&governor_conf),`
			`))`
			`.route(web::get().to(download::download))`
			`.route(web::head().to(download::download)),`
apply formatter 2020-08-02 23:12:42 +00:00			`)`
add environment variable configuration 2020-07-11 21:27:15 +00:00			`}`
Initial commit 2020-07-08 19:26:46 +00:00			`})`
add environment variable configuration 2020-07-11 21:27:15 +00:00			`.bind(bind_address)?`
fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`.run();`

refactor: use results for deletion failures 2023-05-24 08:53:07 +00:00			`// exit when http_server exits OR when deleter errors`
fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`tokio::select! {`
			`result = http_server => result,`
refactor: use results for deletion failures 2023-05-24 08:53:07 +00:00			`result = deleter => {`
			`result?.map(\|_\| unreachable!("deletion runs infinitely")).expect("deletion may not fail")`
			`},`
fix: quit the server should the deleter ever panic 2023-02-10 22:01:56 +00:00			`}`
Initial commit 2020-07-08 19:26:46 +00:00			`}`