sus/main.go

// sus - a simple url shortener Copyright (C) 2022 Akbar Rahman (hi@alv.cx)
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"github.com/go-redis/redis/v8"
	"github.com/gorilla/mux"
	"golang.org/x/net/context"
)

var client = redis.NewClient(&redis.Options{
	Addr:     "redis:6379",
	Password: "",
	DB:       0,
})

var SECRET string
var INDEX_GET_REDIRECT = "http://alv.cx"

func main() {
	r := mux.NewRouter()
	r.HandleFunc("/{shortlink}", shortlinkHandler)
	r.HandleFunc("/", indexHandler)

	listenAddress := "0.0.0.0:80"

	if p, ok := os.LookupEnv("LISTEN_ADDRESS"); ok {
		listenAddress = p
	}

	if p, ok := os.LookupEnv("SECRET"); ok {
		SECRET = p
	}

	if p, ok := os.LookupEnv("INDEX_GET_REDIRECT"); ok {
		INDEX_GET_REDIRECT = p
	}

	log.Fatal(http.ListenAndServe(listenAddress, r))
}

func indexHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Println("indexHandler called")
	if r.Method != "POST" {
		http.Redirect(w, r, INDEX_GET_REDIRECT, 302)
		return
	}

	r.ParseForm()

	command := r.PostForm.Get("Command")
	shortlink := r.PostForm.Get("Shortlink")
	value := r.PostForm.Get("Value")
	fmt.Printf("command: %v, shortlink: %v, value: %v\n", command, shortlink, value)
	fmt.Println(shortlink)
	fmt.Println(value)

	signature := r.Header.Get("Signature")
	calculatedSignature := fmt.Sprintf(
		"SUS-SIGNATURE-%v",
		getSha256HMACSignature(
			[]byte(SECRET),
			command+":"+shortlink+":"+value,
		),
	)

	if signature != calculatedSignature {
		fmt.Println("signature do no match")
		fmt.Println(signature)
		fmt.Println(calculatedSignature)
		w.WriteHeader(401)
		w.Write([]byte("401 Unauthorized"))
		return
	}

	if command == "create" {

		ctx := context.Background()
		_, err := client.Get(ctx, shortlink).Result()
		if err == redis.Nil {
			err = client.Set(ctx, shortlink, value, 0).Err()

			if err != nil {
				fmt.Println(err)
				w.WriteHeader(500)
				w.Write([]byte("500 Internal Server Error"))
				return
			}

			w.WriteHeader(200)
			w.Write([]byte("200 Success"))

			return

		} else if err != nil {
			fmt.Println(err)
			w.WriteHeader(500)
			w.Write([]byte("500 Internal Server Error"))
			return
		}

		fmt.Println(err)
		w.WriteHeader(403)
		w.Write([]byte("403 Forbidden"))
		return
	}

	if command == "delete" {
		if value != "confirm" {
			w.WriteHeader(400)
			w.Write([]byte("400 Bad Request"))
		}

		ctx := context.Background()
		if err := client.Del(ctx, shortlink).Err(); err != nil {
			w.WriteHeader(500)
			w.Write([]byte("500 Internal Server Error"))
		}
	}

	if command == "list" {
		ctx := context.Background()
		keys, err := client.Keys(ctx, "*").Result()
		if err != nil {
			fmt.Println(err)
			w.WriteHeader(500)
			w.Write([]byte("500 Internal Server Error"))
			return
		}

		resp := ""
		for _, key := range keys {
			value, err = client.Get(ctx, key).Result()
			if err == redis.Nil {
				w.WriteHeader(500)
				w.Write([]byte("500 Internal Server Error"))
				return
			}
			resp += key + ":" + value + "\n"
		}

		w.WriteHeader(200)
		w.Write([]byte(resp))
	}

}

func shortlinkHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Println("shortlinkHandler called")
	shortlink := string(mux.Vars(r)["shortlink"])
	ctx := context.Background()
	redirect, err := client.Get(ctx, shortlink).Result()
	fmt.Printf("shortlink: %v, redirect: %v\n", shortlink, redirect)
	if err == redis.Nil {
		w.WriteHeader(404)
		w.Write([]byte("404 Not Found"))
		return
	} else if err != nil {
		fmt.Println(err)
		w.WriteHeader(500)
		w.Write([]byte("500 Internal Server Error"))
		return
	}

	http.Redirect(w, r, redirect, 302)
	return
}

func getSha256HMACSignature(secret []byte, data string) string {
	h := hmac.New(sha256.New, secret)
	io.WriteString(h, data)
	return hex.EncodeToString(h.Sum(nil))
}
add LICENSE 2022-05-28 14:16:54 +00:00			`// sus - a simple url shortener Copyright (C) 2022 Akbar Rahman (hi@alv.cx)`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU General Public License`
			`// along with this program. If not, see <https://www.gnu.org/licenses/>.`

initial commit 2022-05-26 01:08:50 +00:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/hex"`
			`"fmt"`
			`"io"`
			`"log"`
			`"net/http"`
			`"os"`

			`"github.com/go-redis/redis/v8"`
			`"github.com/gorilla/mux"`
			`"golang.org/x/net/context"`
			`)`

			`var client = redis.NewClient(&redis.Options{`
			`Addr: "redis:6379",`
			`Password: "",`
			`DB: 0,`
			`})`

			`var SECRET string`
index redirect now can be overriden by environment variable 2022-05-28 14:07:34 +00:00			`var INDEX_GET_REDIRECT = "http://alv.cx"`
initial commit 2022-05-26 01:08:50 +00:00
			`func main() {`
			`r := mux.NewRouter()`
			`r.HandleFunc("/{shortlink}", shortlinkHandler)`
			`r.HandleFunc("/", indexHandler)`

			`listenAddress := "0.0.0.0:80"`

			`if p, ok := os.LookupEnv("LISTEN_ADDRESS"); ok {`
			`listenAddress = p`
			`}`

			`if p, ok := os.LookupEnv("SECRET"); ok {`
			`SECRET = p`
			`}`

index redirect now can be overriden by environment variable 2022-05-28 14:07:34 +00:00			`if p, ok := os.LookupEnv("INDEX_GET_REDIRECT"); ok {`
			`INDEX_GET_REDIRECT = p`
			`}`

initial commit 2022-05-26 01:08:50 +00:00			`log.Fatal(http.ListenAndServe(listenAddress, r))`
			`}`

			`func indexHandler(w http.ResponseWriter, r *http.Request) {`
			`fmt.Println("indexHandler called")`
			`if r.Method != "POST" {`
index redirect now can be overriden by environment variable 2022-05-28 14:07:34 +00:00			`http.Redirect(w, r, INDEX_GET_REDIRECT, 302)`
initial commit 2022-05-26 01:08:50 +00:00			`return`
			`}`

			`r.ParseForm()`

			`command := r.PostForm.Get("Command")`
			`shortlink := r.PostForm.Get("Shortlink")`
			`value := r.PostForm.Get("Value")`
newline in indexHandler log and log all commands 2022-05-26 01:13:59 +00:00			`fmt.Printf("command: %v, shortlink: %v, value: %v\n", command, shortlink, value)`
initial commit 2022-05-26 01:08:50 +00:00			`fmt.Println(shortlink)`
			`fmt.Println(value)`

			`signature := r.Header.Get("Signature")`
			`calculatedSignature := fmt.Sprintf(`
			`"SUS-SIGNATURE-%v",`
			`getSha256HMACSignature(`
			`[]byte(SECRET),`
			`command+":"+shortlink+":"+value,`
			`),`
			`)`

			`if signature != calculatedSignature {`
			`fmt.Println("signature do no match")`
			`fmt.Println(signature)`
			`fmt.Println(calculatedSignature)`
			`w.WriteHeader(401)`
			`w.Write([]byte("401 Unauthorized"))`
			`return`
			`}`

			`if command == "create" {`

			`ctx := context.Background()`
			`_, err := client.Get(ctx, shortlink).Result()`
			`if err == redis.Nil {`
			`err = client.Set(ctx, shortlink, value, 0).Err()`

			`if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`w.WriteHeader(200)`
			`w.Write([]byte("200 Success"))`

			`return`

			`} else if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`fmt.Println(err)`
			`w.WriteHeader(403)`
			`w.Write([]byte("403 Forbidden"))`
			`return`
			`}`

			`if command == "delete" {`
			`if value != "confirm" {`
			`w.WriteHeader(400)`
			`w.Write([]byte("400 Bad Request"))`
			`}`

			`ctx := context.Background()`
			`if err := client.Del(ctx, shortlink).Err(); err != nil {`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`}`
			`}`
add list command to list all shortlinks 2022-06-26 05:53:26 +00:00
			`if command == "list" {`
			`ctx := context.Background()`
			`keys, err := client.Keys(ctx, "*").Result()`
			`if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`resp := ""`
			`for _, key := range keys {`
			`value, err = client.Get(ctx, key).Result()`
			`if err == redis.Nil {`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`
			`resp += key + ":" + value + "\n"`
			`}`

			`w.WriteHeader(200)`
			`w.Write([]byte(resp))`
			`}`

initial commit 2022-05-26 01:08:50 +00:00			`}`

			`func shortlinkHandler(w http.ResponseWriter, r *http.Request) {`
			`fmt.Println("shortlinkHandler called")`
			`shortlink := string(mux.Vars(r)["shortlink"])`
			`ctx := context.Background()`
			`redirect, err := client.Get(ctx, shortlink).Result()`
			`fmt.Printf("shortlink: %v, redirect: %v\n", shortlink, redirect)`
			`if err == redis.Nil {`
			`w.WriteHeader(404)`
			`w.Write([]byte("404 Not Found"))`
			`return`
			`} else if err != nil {`
			`fmt.Println(err)`
			`w.WriteHeader(500)`
			`w.Write([]byte("500 Internal Server Error"))`
			`return`
			`}`

			`http.Redirect(w, r, redirect, 302)`
			`return`
			`}`

			`func getSha256HMACSignature(secret []byte, data string) string {`
			`h := hmac.New(sha256.New, secret)`
			`io.WriteString(h, data)`
			`return hex.EncodeToString(h.Sum(nil))`
			`}`