Sun Feb 16 11:30:00+0300 2025
0a22a74
Secure raw url handler
pastebin/data.scm
| 3 | 3 | (use-modules (srfi srfi-9) | |
| 4 | 4 | (srfi srfi-1) | |
| 5 | 5 | (ice-9 ftw) | |
| 6 | + | (ice-9 regex) | |
| 6 | 7 | (ice-9 textual-ports)) | |
| 7 | 8 | ||
| 8 | 9 | (export <pb-data> | |
| 9 | 10 | <pb-entry> | |
| 10 | 11 | pb-entry-id | |
| 12 | + | pb-entry-id-valid? | |
| 11 | 13 | pb-entry-text | |
| 12 | 14 | pb-data-open | |
| 13 | 15 | pb-data-close | |
… | |||
| 27 | 29 | (id pb-entry-id set-pb-entry-id!) | |
| 28 | 30 | (text pb-entry-text set-pb-entry-text!)) | |
| 29 | 31 | ||
| 32 | + | (define (pb-entry-id-valid? id) | |
| 33 | + | (and (= (string-length id) 5) | |
| 34 | + | (string-match "[0-9A-Za-z]{5}" id) | |
| 35 | + | #t)) | |
| 36 | + | ||
| 30 | 37 | ;; input: dir: string | |
| 31 | 38 | ;; output: <pb-data> | |
| 32 | 39 | (define (pb-data-open dir) | |
pastebin/httpserver.scm
| 108 | 108 | (values (build-response #:code 400) | |
| 109 | 109 | (lambda (port) 1)))) | |
| 110 | 110 | ||
| 111 | + | (define (raw-handler pb-data-path pb-id) | |
| 112 | + | (if (pb-entry-id-valid? pb-id) | |
| 113 | + | (values (build-response | |
| 114 | + | #:code 200 | |
| 115 | + | #:headers '((content-type . (text/plain)))) | |
| 116 | + | (lambda (port) | |
| 117 | + | (call-with-input-file | |
| 118 | + | ;; the file name | |
| 119 | + | (call-with-dir-as-pb-data | |
| 120 | + | pb-data-path | |
| 121 | + | (lambda (p) (pb-get-file-path p pb-id))) | |
| 122 | + | ;; the input port | |
| 123 | + | (lambda (inport) | |
| 124 | + | (let A ((inport' inport)) | |
| 125 | + | (let ((bv (get-bytevector-n inport' 4096))) | |
| 126 | + | (if (not (eof-object? bv)) | |
| 127 | + | (begin | |
| 128 | + | (put-bytevector port bv) | |
| 129 | + | (A inport'))))))))) | |
| 130 | + | (values (build-response #:code 404) | |
| 131 | + | (lambda (port) 1)))) | |
| 132 | + | ||
| 111 | 133 | (define (make-pastebin-handler data-path) | |
| 112 | 134 | (lambda (request request-body) | |
| 113 | 135 | (match (split-and-decode-uri-path (uri-path (request-uri request))) | |
… | |||
| 118 | 140 | ||
| 119 | 141 | ;; URI: /raw/<id> -- return raw content of the paste | |
| 120 | 142 | (("raw" pb-id) | |
| 121 | - | (values (build-response | |
| 122 | - | #:code 200 | |
| 123 | - | #:headers '((content-type . (text/plain)))) | |
| 124 | - | ||
| 125 | - | (lambda (port) | |
| 126 | - | (call-with-input-file | |
| 127 | - | ;; the file name | |
| 128 | - | (call-with-dir-as-pb-data | |
| 129 | - | data-path | |
| 130 | - | (lambda (p) (pb-get-file-path p pb-id))) | |
| 131 | - | ||
| 132 | - | ;; the input port | |
| 133 | - | (lambda (inport) | |
| 134 | - | (let A ((inport' inport)) | |
| 135 | - | (let ((bv (get-bytevector-n inport' 4096))) | |
| 136 | - | (if (not (eof-object? bv)) | |
| 137 | - | (begin | |
| 138 | - | (put-bytevector port bv) | |
| 139 | - | (A inport')))))))))) | |
| 143 | + | (raw-handler data-path pb-id)) | |
| 140 | 144 | ||
| 141 | 145 | ;; URI: * -- everything else -- show the top 5 paste list | |
| 142 | 146 | (_ | |