Implement deletion token toggle & master

2023-08-10 21:13:09 +03:00 · 2021-04-20 16:38:00 +02:00
parent f9fc232afe
commit 542bb5b17d
7 changed files with 72 additions and 36 deletions
--- a/internal/web/controllers/v1/hastebin_support.go
+++ b/internal/web/controllers/v1/hastebin_support.go
@@ -36,19 +36,22 @@ func HastebinSupportHandler(ctx *fasthttp.RequestCtx) {

 	// Create the paste object
 	paste := &shared.Paste{
-		ID:            id,
-		Content:       content,
-		DeletionToken: utils.RandomString(config.Current.DeletionTokenLength),
-		Created:       time.Now().Unix(),
-		AutoDelete:    config.Current.AutoDelete.Enabled,
+		ID:         id,
+		Content:    content,
+		Created:    time.Now().Unix(),
+		AutoDelete: config.Current.AutoDelete.Enabled,
 	}

-	// Hash the deletion token
-	err = paste.HashDeletionToken()
-	if err != nil {
-		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
-		ctx.SetBodyString(err.Error())
-		return
+	// Set a deletion token
+	if config.Current.DeletionTokens {
+		paste.DeletionToken = utils.RandomString(config.Current.DeletionTokenLength)
+
+		err = paste.HashDeletionToken()
+		if err != nil {
+			ctx.SetStatusCode(fasthttp.StatusInternalServerError)
+			ctx.SetBodyString(err.Error())
+			return
+		}
 	}

 	// Save the paste
--- a/internal/web/controllers/v1/pastes.go
+++ b/internal/web/controllers/v1/pastes.go
@@ -77,20 +77,24 @@ func v1PostPaste(ctx *fasthttp.RequestCtx) {

 	// Create the paste object
 	paste := &shared.Paste{
-		ID:            id,
-		Content:       values["content"],
-		DeletionToken: utils.RandomString(config.Current.DeletionTokenLength),
-		Created:       time.Now().Unix(),
-		AutoDelete:    config.Current.AutoDelete.Enabled,
+		ID:         id,
+		Content:    values["content"],
+		Created:    time.Now().Unix(),
+		AutoDelete: config.Current.AutoDelete.Enabled,
 	}

-	// Hash the deletion token
-	pasteCopy := *paste
-	err = paste.HashDeletionToken()
-	if err != nil {
-		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
-		ctx.SetBodyString(err.Error())
-		return
+	// Set a deletion token
+	deletionToken := ""
+	if config.Current.DeletionTokens {
+		deletionToken = utils.RandomString(config.Current.DeletionTokenLength)
+		paste.DeletionToken = deletionToken
+
+		err = paste.HashDeletionToken()
+		if err != nil {
+			ctx.SetStatusCode(fasthttp.StatusInternalServerError)
+			ctx.SetBodyString(err.Error())
+			return
+		}
 	}

 	// Save the paste
@@ -102,6 +106,8 @@ func v1PostPaste(ctx *fasthttp.RequestCtx) {
 	}

 	// Respond with the paste
+	pasteCopy := *paste
+	pasteCopy.DeletionToken = deletionToken
 	jsonData, err := json.Marshal(pasteCopy)
 	if err != nil {
 		ctx.SetStatusCode(fasthttp.StatusInternalServerError)
@@ -126,7 +132,8 @@ func v1DeletePaste(ctx *fasthttp.RequestCtx) {
 	}

 	// Validate the deletion token of the paste
-	if values["deletionToken"] == "" {
+	deletionToken := values["deletionToken"]
+	if deletionToken == "" {
 		ctx.SetStatusCode(fasthttp.StatusBadRequest)
 		ctx.SetBodyString("missing 'deletionToken' field")
 		return
@@ -146,7 +153,7 @@ func v1DeletePaste(ctx *fasthttp.RequestCtx) {
 	}

 	// Check if the deletion token is correct
-	if !paste.CheckDeletionToken(values["deletionToken"]) {
+	if (config.Current.DeletionTokenMaster == "" || deletionToken != config.Current.DeletionTokenMaster) && !paste.CheckDeletionToken(deletionToken) {
 		ctx.SetStatusCode(fasthttp.StatusForbidden)
 		ctx.SetBodyString("invalid deletion token")
 		return
--- a/internal/web/web.go
+++ b/internal/web/web.go
@@ -51,8 +51,9 @@ func Serve() error {
 		v1Route := apiRoute.Group("/v1")
 		{
 			v1Route.GET("/info", func(ctx *fasthttp.RequestCtx) {
-				jsonData, _ := json.Marshal(map[string]string{
-					"version": static.Version,
+				jsonData, _ := json.Marshal(map[string]interface{}{
+					"version":        static.Version,
+					"deletionTokens": config.Current.DeletionTokens,
 				})
 				ctx.SetBody(jsonData)
 			})