fixes
This commit is contained in:
Go Johansson
parent
f0b5e51c8b
commit
2438394225
6 changed files with 307 additions and 251 deletions
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "uguu",
|
||||
"version": "1.6.4",
|
||||
"version": "1.6.5",
|
||||
"description": "Uguu is a simple lightweight temporary file host with support for drop, paste, click and API uploading.",
|
||||
"homepage": "https://uguu.se",
|
||||
"repository": {
|
||||
|
|
|
|||
|
|
@ -21,8 +21,10 @@
|
|||
|
||||
namespace Pomf\Uguu\Classes;
|
||||
|
||||
use DateTimeZone;
|
||||
use Exception;
|
||||
use PDO;
|
||||
use DateTime;
|
||||
|
||||
class Database
|
||||
{
|
||||
|
|
@ -43,16 +45,21 @@ class Database
|
|||
*
|
||||
* @param $name string The name of the file.
|
||||
*
|
||||
* @return int The number of rows that match the query.
|
||||
* @return bool The number of rows that match the query.
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function dbCheckNameExists(string $name): int
|
||||
public function dbCheckNameExists(string $name): bool
|
||||
{
|
||||
try {
|
||||
$q = $this->DB->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
|
||||
$q = $this->DB->prepare('SELECT * FROM files WHERE EXISTS
|
||||
(SELECT filename FROM files WHERE filename = (:name)) LIMIT 1');
|
||||
$q->bindValue(':name', $name);
|
||||
$q->execute();
|
||||
return $q->fetchColumn();
|
||||
$result = $q->fetch();
|
||||
if ($result) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
} catch (Exception) {
|
||||
throw new Exception('Cant check if name exists in DB.', 500);
|
||||
}
|
||||
|
|
@ -68,11 +75,12 @@ class Database
|
|||
public function checkFileBlacklist(array $FILE_INFO): void
|
||||
{
|
||||
try {
|
||||
$q = $this->DB->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
|
||||
$q = $this->DB->prepare('SELECT * FROM blacklist WHERE EXISTS
|
||||
(SELECT hash FROM blacklist WHERE hash = (:hash)) LIMIT 1');
|
||||
$q->bindValue(':hash', $FILE_INFO['SHA1']);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
if ($result) {
|
||||
throw new Exception('File blacklisted!', 415);
|
||||
}
|
||||
} catch (Exception) {
|
||||
|
|
@ -91,12 +99,13 @@ class Database
|
|||
{
|
||||
try {
|
||||
$q = $this->DB->prepare(
|
||||
'SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash)',
|
||||
'SELECT * FROM files WHERE EXISTS
|
||||
(SELECT filename FROM files WHERE hash = (:hash)) LIMIT 1',
|
||||
);
|
||||
$q->bindValue(':hash', $hash);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
if ($result['count'] > 0) {
|
||||
if ($result) {
|
||||
return [
|
||||
'result' => true,
|
||||
'name' => $result['filename'],
|
||||
|
|
@ -142,28 +151,37 @@ class Database
|
|||
* Creates a new row in the database with the information provided
|
||||
*
|
||||
* @param $fingerPrintInfo array
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function createRateLimit(array $fingerPrintInfo): void
|
||||
{
|
||||
try {
|
||||
$q = $this->DB->prepare(
|
||||
'INSERT INTO timestamp (iphash, files, time)' .
|
||||
'INSERT INTO ratelimit (iphash, files, time)' .
|
||||
'VALUES (:iphash, :files, :time)',
|
||||
);
|
||||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->bindValue(':files', $fingerPrintInfo['files_amount']);
|
||||
$q->bindValue(':time', $fingerPrintInfo['timestamp']);
|
||||
$q->execute();
|
||||
} catch (Exception $e) {
|
||||
throw new Exception(500, $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the rate limit table with the new file count and timestamp
|
||||
*
|
||||
* @param $fCount int The number of files uploaded by the user.
|
||||
* @param $iStamp boolean A boolean value that determines whether or not to update the timestamp.
|
||||
* @param $iStamp bool A boolean value that determines whether or not to update the timestamp.
|
||||
* @param $fingerPrintInfo array An array containing the following keys:
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function updateRateLimit(int $fCount, bool $iStamp, array $fingerPrintInfo): void
|
||||
{
|
||||
try {
|
||||
if ($iStamp) {
|
||||
$q = $this->DB->prepare(
|
||||
'UPDATE ratelimit SET files = (:files), time = (:time) WHERE iphash = (:iphash)',
|
||||
|
|
@ -177,17 +195,37 @@ class Database
|
|||
$q->bindValue(':files', $fCount);
|
||||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->execute();
|
||||
} catch (Exception $e) {
|
||||
throw new Exception(500, $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true, if not it updates the database with the new file
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function compareTime(int $timestamp, int $seconds_d): bool
|
||||
{
|
||||
$dateTime_end = new DateTime('now', new DateTimeZone('Europe/Stockholm'));
|
||||
$dateTime_start = new DateTime();
|
||||
$dateTime_start->setTimestamp($timestamp);
|
||||
$diff = strtotime($dateTime_end->format('Y-m-d H:i:s')) - strtotime($dateTime_start->format('Y-m-d H:i:s'));
|
||||
if ($diff > $seconds_d) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user has uploaded more than 100 files in the last minute, if so it returns true,
|
||||
* if not it updates the database with the new file
|
||||
* count and timestamp
|
||||
*
|
||||
* @param $fingerPrintInfo array An array containing the following:
|
||||
*
|
||||
* @return bool A boolean value.
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function checkRateLimit(array $fingerPrintInfo): bool
|
||||
public function checkRateLimit(array $fingerPrintInfo, int $rateTimeout, int $fileLimit): bool
|
||||
{
|
||||
$q = $this->DB->prepare(
|
||||
'SELECT files, time, iphash, COUNT(*) AS count FROM ratelimit WHERE iphash = (:iphash)',
|
||||
|
|
@ -195,24 +233,30 @@ class Database
|
|||
$q->bindValue(':iphash', $fingerPrintInfo['ip_hash']);
|
||||
$q->execute();
|
||||
$result = $q->fetch();
|
||||
$nTime = $fingerPrintInfo['timestamp'] - (60);
|
||||
switch (true) {
|
||||
//If more then 100 files trigger rate-limit
|
||||
case $result['files'] > 100:
|
||||
return true;
|
||||
//if timestamp is older than one minute, set new files count and timestamp
|
||||
case $result['time'] < $nTime:
|
||||
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
|
||||
break;
|
||||
//if timestamp isn't older than one-minute update the files count
|
||||
case $result['time'] > $nTime:
|
||||
$this->updateRateLimit($fingerPrintInfo['files_amount'] + $result['files'], false, $fingerPrintInfo);
|
||||
break;
|
||||
//If there is no other match a record does not exist, create one
|
||||
default:
|
||||
|
||||
//If there is no other match a record does not exist, create one.
|
||||
if (!$result['count'] > 0) {
|
||||
$this->createRateLimit($fingerPrintInfo);
|
||||
break;
|
||||
return false;
|
||||
}
|
||||
|
||||
// Apply rate-limit when file count reached and timeout not reached.
|
||||
if ($result['files'] === $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Update timestamp if timeout reached.
|
||||
if ($this->compareTime($result['time'], $rateTimeout)) {
|
||||
$this->updateRateLimit($fingerPrintInfo['files_amount'], true, $fingerPrintInfo);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Add filecount, timeout not reached.
|
||||
if ($result['files'] < $fileLimit and !$this->compareTime($result['time'], $rateTimeout)) {
|
||||
$this->updateRateLimit($result['files'] + $fingerPrintInfo['files_amount'], false, $fingerPrintInfo);
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
|
@ -27,7 +28,8 @@
|
|||
/**
|
||||
* Takes a string as an argument and sets the header to the appropriate content type
|
||||
*
|
||||
* @param $response_type string The type of response you want to return. Valid options are: csv, html, json, text.
|
||||
* @param $response_type string The type of response you want to return.
|
||||
* Valid options are: csv, html, json, text.
|
||||
*/
|
||||
public function __construct(string $response_type)
|
||||
{
|
||||
|
|
@ -65,7 +67,7 @@
|
|||
* @param $code mixed The HTTP status code to return.
|
||||
* @param $desc string The description of the error.
|
||||
*/
|
||||
public function error(mixed $code, string $desc):void
|
||||
public function error(int $code, string $desc): void
|
||||
{
|
||||
$response = match ($this->type) {
|
||||
'csv' => $this->csvError($desc),
|
||||
|
|
@ -127,7 +129,8 @@
|
|||
}
|
||||
|
||||
/**
|
||||
* "If the type is csv, then call the csvSuccess function, if the type is html, then call the htmlSuccess function, etc."
|
||||
* "If the type is csv, then call the csvSuccess function,
|
||||
* if the type is html, then call the htmlSuccess function, etc."
|
||||
*
|
||||
* The `match` keyword is a new feature in PHP 8. It's a lot like a switch statement, but it's more powerful
|
||||
*
|
||||
|
|
|
|||
|
|
@ -126,7 +126,16 @@ class Upload extends Response
|
|||
{
|
||||
switch (true) {
|
||||
case $this->Connector->CONFIG['RATE_LIMIT']:
|
||||
$this->Connector->checkRateLimit($this->fingerPrintInfo);
|
||||
if (
|
||||
$this->Connector->checkRateLimit(
|
||||
$this->fingerPrintInfo,
|
||||
(int) $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'],
|
||||
(int) $this->Connector->CONFIG['RATE_LIMIT_FILES']
|
||||
)
|
||||
) {
|
||||
throw new Exception('Rate limit, please wait ' . $this->Connector->CONFIG['RATE_LIMIT_TIMEOUT'] .
|
||||
' seconds before uploading again.', 500);
|
||||
}
|
||||
// Continue
|
||||
case $this->Connector->CONFIG['BLACKLIST_DB']:
|
||||
$this->Connector->checkFileBlacklist($this->FILE_INFO);
|
||||
|
|
@ -274,7 +283,6 @@ class Upload extends Response
|
|||
* and if it does, it generates another one
|
||||
*
|
||||
* @param $extension string The file extension.
|
||||
* @param $hash string The hash of the file.
|
||||
*
|
||||
* @return string A string
|
||||
* @throws \Exception
|
||||
|
|
@ -293,7 +301,7 @@ class Upload extends Response
|
|||
if (!empty($extension)) {
|
||||
$NEW_NAME .= '.' . $extension;
|
||||
}
|
||||
} while ($this->Connector->dbCheckNameExists($NEW_NAME) > 0);
|
||||
} while ($this->Connector->dbCheckNameExists($NEW_NAME));
|
||||
return $NEW_NAME;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
"allowErrors": false
|
||||
},
|
||||
"dest": "dist",
|
||||
"pkgVersion": "1.6.4",
|
||||
"pkgVersion": "1.6.5",
|
||||
"pages": [
|
||||
"index.ejs",
|
||||
"faq.ejs",
|
||||
|
|
@ -34,6 +34,8 @@
|
|||
"BLACKLIST_DB": true,
|
||||
"FILTER_MODE": true,
|
||||
"RATE_LIMIT": false,
|
||||
"RATE_LIMIT_TIMEOUT": 60,
|
||||
"RATE_LIMIT_FILES": 100,
|
||||
"FILES_ROOT": "/var/www/files/",
|
||||
"FILES_RETRIES": 15,
|
||||
"FILES_URL": "https://files.domain.com",
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
<?php
|
||||
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
/**
|
||||
* Uguu
|
||||
*
|
||||
|
|
@ -21,6 +18,7 @@
|
|||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
require_once __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
use Pomf\Uguu\Classes\Upload;
|
||||
|
|
@ -40,10 +38,11 @@
|
|||
*/
|
||||
function handleFile(string $outputFormat, array $files): void
|
||||
{
|
||||
$fCount = count($files['size']);
|
||||
$upload = new Upload($outputFormat);
|
||||
$files = $upload->reFiles($files);
|
||||
try {
|
||||
$upload->fingerPrint(count($files));
|
||||
$upload->fingerPrint($fCount);
|
||||
$res = [];
|
||||
foreach ($files as $ignored) {
|
||||
$res[] = $upload->uploadFile();
|
||||
|
|
@ -52,7 +51,7 @@ function handleFile(string $outputFormat, array $files): void
|
|||
$upload->send($res);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$upload->error($e->getCode(), $e->getMessage());
|
||||
$upload->error(500, $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue