Replaced old perl publish with web-accessible publish

- basic auth for all web interfaces now at /lua/
- external docker httpd password directory for security (needs initialization)
- html form for submitting publishing patterns

diff --git a/.env b/.env
deleted file mode 100644 (file)
index f9b18d8..0000000
--- a/.env
+++ /dev/null
@@ -1,2 +0,0 @@
-LOCAL_STORAGE=/mnt/data2/purplebirdman/art
-IPV4_WAN=public.purplebirdman.com

diff --git a/.gitignore b/.gitignore
index 1377554ebea6f98a2c748183bc5a96852af12ac2..cba83f7e2bc952e47719fc56ff4aa91f898009e6 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+.env

 *.swp
 *.swp

diff --git a/Dockerfile b/Dockerfile
index 0624f6501230e7fb15dbbb200c07af063bc5e260..865963597a3a7d30545f9a5bce953768ef9243f0 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
 FROM httpd:2.4-alpine
 
 FROM httpd:2.4-alpine
 

+# open htdocs so scripts can write dynamically into there
+RUN  chmod 777 /usr/local/apache2/htdocs
+

 COPY /httpd.conf /usr/local/apache2/conf/httpd.conf
 COPY /httpd.conf /usr/local/apache2/conf/httpd.conf

-COPY /public /root/public
+COPY /lua        /usr/local/apache2/lua

diff --git a/docker-compose.yml b/docker-compose.yml
index 4fc3c44dbe7c7c41501e3488f259494c4d9ff33b..e0ed0d726b8b386c098b180814c497183fef50a4 100644 (file)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,16 +2,18 @@ version: '3'
 services:
     web:
         build: .
 services:
     web:
         build: .

-        image: cjpalmer/public:1.1.0
+        image: cjpalmer/public:1.2.0

         volumes:
         volumes:

-        - ${LOCAL_STORAGE}:/storage
+        - ${SHARE_ROOT}:/storage

         - public_data:/usr/local/apache2/htdocs
         - public_data:/usr/local/apache2/htdocs

+        - httpd_users:/usr/local/apache2/auth

         environment:
         - PUBLIC_ROOT_DIR=/storage
         - PUBLIC_LINK_DIR=/usr/local/apache2/htdocs
         environment:
         - PUBLIC_ROOT_DIR=/storage
         - PUBLIC_LINK_DIR=/usr/local/apache2/htdocs

-        - PUBLIC_HTTP_URI=https://${IPV4_WAN}

         ports:
         - 80:80
 volumes:
     public_data:
         driver: local
         ports:
         - 80:80
 volumes:
     public_data:
         driver: local

+    httpd_users:
+        driver: local

diff --git a/httpd.conf b/httpd.conf
index d7ce626802be4545428f0d1c3f4afaf0f29073b5..e2bb8fb3bb908529a9961648431ac181abf238ab 100644 (file)
--- a/httpd.conf
+++ b/httpd.conf
@@ -127,7 +127,7 @@ LoadModule log_config_module modules/mod_log_config.so
 #LoadModule log_debug_module modules/mod_log_debug.so\r
 #LoadModule log_forensic_module modules/mod_log_forensic.so\r
 #LoadModule logio_module modules/mod_logio.so\r
 #LoadModule log_debug_module modules/mod_log_debug.so\r
 #LoadModule log_forensic_module modules/mod_log_forensic.so\r
 #LoadModule logio_module modules/mod_logio.so\r

-#LoadModule lua_module modules/mod_lua.so\r
+LoadModule lua_module modules/mod_lua.so\r

 LoadModule env_module modules/mod_env.so\r
 #LoadModule mime_magic_module modules/mod_mime_magic.so\r
 #LoadModule cern_meta_module modules/mod_cern_meta.so\r
 LoadModule env_module modules/mod_env.so\r
 #LoadModule mime_magic_module modules/mod_mime_magic.so\r
 #LoadModule cern_meta_module modules/mod_cern_meta.so\r


@@ -229,7 +229,7 @@ Group daemon
 # e-mailed.  This address appears on some server-generated pages, such\r
 # as error documents.  e.g. admin@your-domain.com\r
 #\r
 # e-mailed.  This address appears on some server-generated pages, such\r
 # as error documents.  e.g. admin@your-domain.com\r
 #\r

-ServerAdmin purplebirdman@mail.purplebirdman.online\r
+ServerAdmin purplebirdman@purplebirdman.com\r

 \r
 #\r
 # ServerName gives the name and port that the server uses to identify itself.\r
 \r
 #\r
 # ServerName gives the name and port that the server uses to identify itself.\r


@@ -307,6 +307,11 @@ DocumentRoot "/usr/local/apache2/htdocs"
     Require all denied\r
 </Files>\r
 \r
     Require all denied\r
 </Files>\r
 \r

+# run lua scripts using ".lua" extension\r
+<Files "*.lua">\r
+    SetHandler lua-script\r
+</Files>\r
+\r

 #\r
 # ErrorLog: The location of the error log file.\r
 # If you do not specify an ErrorLog directive within a <VirtualHost>\r
 #\r
 # ErrorLog: The location of the error log file.\r
 # If you do not specify an ErrorLog directive within a <VirtualHost>\r


@@ -380,6 +385,7 @@ LogLevel warn
     # directives as to Alias.\r
     #\r
     ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"\r
     # directives as to Alias.\r
     #\r
     ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"\r

+    ScriptAlias /lua/     "/usr/local/apache2/lua/"\r

 \r
 </IfModule>\r
 \r
 \r
 </IfModule>\r
 \r


@@ -401,6 +407,16 @@ LogLevel warn
     Require all granted\r
 </Directory>\r
 \r
     Require all granted\r
 </Directory>\r
 \r

+# more lua stuff\r
+<Directory "/usr/local/apache2/lua">\r
+    AuthType Basic\r
+    AuthName "Restricted Files"\r
+    AuthUserFile "/usr/local/apache2/auth/passwords"\r
+    AllowOverride None\r
+    Options None\r
+    Require valid-user\r
+</Directory>\r
+\r

 <IfModule headers_module>\r
     #\r
     # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied\r
 <IfModule headers_module>\r
     #\r
     # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied\r

diff --git a/lua/dump_files.lua b/lua/dump_files.lua
new file mode 100644 (file)
index 0000000..4f98bcb
--- /dev/null
+++ b/lua/dump_files.lua
@@ -0,0 +1,42 @@
+require "apache2"
+
+--[[
+    Dumps all the published links
+--]]
+function dump_files(t, r, dir)
+       for _, f in ipairs(r:get_direntries(dir)) do
+        if f ~= "." and f ~= ".." then
+            local filepath = dir .. "/" .. f
+            local info = r:stat(filepath)
+            if info then
+                -- if this is a file, then add it to the table!
+                if info.filetype == 1 then
+                    t[filepath] = info
+                end
+
+                -- if this is a dir, then descend into it
+                if info.filetype == 2 then
+                    dump_files(t, r, filepath)
+                end
+            end
+        end
+       end
+end
+
+function handle(r)
+    r.content_type = "text/plain"
+
+    if r.method == 'GET' then
+        local links = {}
+        dump_files(links, r, r.document_root)
+
+        for filepath, info in pairs(links) do
+            r:puts( ("%s\n"):format(
+                filepath:gsub(r.document_root, r.server_name .. ":" ..r.port)
+            ))
+        end
+    else
+        return 501
+    end
+    return apache2.OK
+end

diff --git a/lua/publish.lua b/lua/publish.lua
new file mode 100644 (file)
index 0000000..5fa18c0
--- /dev/null
+++ b/lua/publish.lua
@@ -0,0 +1,38 @@
+require "apache2"
+
+function publish(dir, pattern)
+    local cmd = ("%s/publish.sh %s"):format(dir, pattern)
+    local handle = io.popen(cmd)
+    local output = handle:read('*a')
+    handle:close()
+
+    return output
+end
+
+function get_form(dir)
+    local handle = io.open(dir .. '/submit.html')
+    local output = handle:read('*a')
+    handle:close()
+
+    return output;
+end
+
+function handle(r)
+    r.content_type = "text/html"
+
+    local args = r:parseargs()
+    local pattern = args.pattern 
+
+    if pattern then
+        local nonce = publish(r.context_document_root, pattern)
+        local uri = ("%s://%s:%s/%s"):format(
+            r.is_https and "https" or "http", 
+            r.server_name, r.port, nonce)
+        r:puts( ([[<a href="%s">%s</a>]]):format(uri, uri) )
+    else
+        local template = get_form(r.context_document_root)
+        r:puts( template )
+    end
+
+    return apache2.OK
+end

diff --git a/lua/publish.sh b/lua/publish.sh
new file mode 100755 (executable)
index 0000000..bf88fbd
--- /dev/null
+++ b/lua/publish.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# make sure public root and link dirs are declared
+[[ -z "$PUBLIC_ROOT_DIR" ]] && echo Expected PUBLIC_ROOT_DIR && exit 1
+[[ -z "$PUBLIC_LINK_DIR" ]] && echo Expected PUBLIC_LINK_DIR && exit 1
+
+[[ -z "$1" ]] && echo Expected pattern && exit 1
+
+# if pattern matches files from storage,
+# create nonce directory
+# create symlinks to matching files
+nonce=$(head /dev/urandom | sha1sum -b | awk '{print $1}')
+symlink_dir=$PUBLIC_LINK_DIR/$nonce
+
+find $PUBLIC_ROOT_DIR -type f -name "*$1*" | while read fname
+do
+    [[ -d $symlink_dir ]] || mkdir -p $symlink_dir
+    ln -s $fname $symlink_dir/$(echo $fname | sed 's|^.*/||')
+done
+
+# print nonce directory
+echo $nonce

diff --git a/lua/submit.html b/lua/submit.html
new file mode 100644 (file)
index 0000000..18314c9
--- /dev/null
+++ b/lua/submit.html
@@ -0,0 +1,24 @@
+<html>
+<head>
+<title>Public</title>
+<script>
+function validate() {
+    return( true );
+}
+</script>
+</head>
+<body>
+<form name="get-search-pattern" onsubmit="return(validate());">
+
+<p>
+<h3>What do you want me to publish?</h3>
+<input type="text" name="pattern" />
+</p>
+
+<p>
+<input type="submit" value="submit" />
+</p>
+
+</form>
+</body>
+</html>

diff --git a/public b/public
deleted file mode 100755 (executable)
index 2dd2481..0000000
--- a/public
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/usr/bin/perl
-use strict;
-use warnings;
-
-use File::Spec;
-use File::Path qw/ make_path /;
-
-my $root_dir = $ENV{PUBLIC_ROOT_DIR}
-       or die "Need PUBLIC_ROOT_DIR\n";
-my $link_dir = $ENV{PUBLIC_LINK_DIR}
-       or die "Need PUBLIC_LINK_DIR\n";
-my $http_uri = $ENV{PUBLIC_HTTP_URI}
-       or die "Need PUBLIC_HTTP_URI\n";
-
-
-sub nonce {
-       my $n = shift;
-       $n = 10 unless $n > 0;
-
-       my @chars = ( 'a' .. 'z', 'A' .. 'Z', '0' .. '9' );
-       my @path = ();
-       push @path, $chars[ rand @chars ] for 1 .. $n;
-
-       return join '', @path;
-}
-
-sub makeNonceDir {
-       my $nonce = shift;
-       my $path  = File::Spec->catdir($link_dir, $nonce);
-       make_path($path, { chmod => 0777 });
-       return $path, ;
-}
-
-sub addFiles {
-       # get list of files matching name from root directory
-       my $name = shift
-               or die "Need filename!\n";
-
-       opendir DIR, $root_dir
-        or die $!;
-       my @files = grep /$name/i, readdir(DIR);
-       closedir DIR;
-
-       # exit if no files found
-       die "No match: $name\n" unless @files;
-
-       # create nonce dir and add symbolic links
-       my $nonce = nonce(20);
-       my $nonce_dir = makeNonceDir($nonce);
-
-       for my $file (@files) {
-               my $root_filepath = File::Spec->catfile($root_dir,  $file);
-               my $link_filepath = File::Spec->catfile($nonce_dir, $file);
-
-               symlink $root_filepath, $link_filepath
-                       or die "Unable to create symlink: $root_filepath -> $link_filepath";
-
-               my $uri_link = join '/', $http_uri, $nonce, $file;
-               print "$uri_link\n";
-       }
-}
-
-sub listFiles {
-       opendir DIR, $link_dir;
-       my @nonces = readdir(DIR);
-       closedir DIR;
-
-       for my $nonce (@nonces) {
-               next if $nonce eq '.';
-               next if $nonce eq '..';
-
-               # ensure it's a directory
-               my $nonce_dir = File::Spec->catdir($link_dir, $nonce);
-               next unless -d $nonce_dir;
-
-               # make URIs for all the files in the nonce dirs
-               opendir DIR, $nonce_dir;
-               my @files = readdir(DIR);
-               closedir DIR;
-
-               for my $file (@files) {
-                       next if $file eq '.';
-                       next if $file eq '..';
-
-                       my $uri_link = join '/', $http_uri, $nonce, $file;
-                       print "$uri_link\n";
-               }
-       }
-}
-
-
-# script begins
-if (@ARGV) {
-       addFiles($_) for @ARGV;
-}
-else {
-       listFiles;
-}

diff --git a/public.sh b/public.sh
deleted file mode 100755 (executable)
index 6ed9695..0000000
--- a/public.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-service=proxy_public
-
-for f in $(docker service ps -q $service)
-do
-    [[ running == $(docker inspect --format '{{.Status.State}}' $f) ]] || continue
-    container_id=$(docker inspect --format '{{.Status.ContainerStatus.ContainerID}}' $f)
-    echo docker exec $container_id /root/public "$@"
-    docker exec $container_id /root/public "$@"
-done

diff --git a/readme.md b/readme.md
index 27b668bb9ea09e76bcc996ca149fd5b3a02f0238..f8fb6dcd4150b5ee0a7bdcf6290e38841142a032 100644 (file)
--- a/readme.md
+++ b/readme.md
@@ -7,22 +7,12 @@ A stupid and easy way to publicize my stuff. like dropbox but safer.
 docker stack deploy -c <(docker-compose config) public
 ```
 
 docker stack deploy -c <(docker-compose config) public
 ```
 

-### creating a public directory by filename regex
-```
-cliftonpalmer@pop-os:~/swarm/share-public$ ./public.sh  simplify
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis3.jpg
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis.png
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis.clip
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis2.png
-```
+### reaching the services
+
+Must authorize self through ```$hostname```/lua/publish.lua and set up valid users on first deployment

 
 

-### listing public directories and contents

 ```
 ```

-cliftonpalmer@pop-os:~/swarm/share-public$ ./public.sh
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis3.jpg
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis2.png
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis.png
-http://public.purplebirdman.online/1ojxVHOXk9u89u234erso7df/SimplifyPikoPseftis.clip
+htpasswd -c passwords $username

 ```
 
 ## todo
 ```
 
 ## todo