Added curl and wget support

2023-07-03 17:03:43 +02:00 · 2023-07-03 17:03:43 +02:00 · 56e7e0da17
commit 56e7e0da17
parent 1621878e44
5 changed files with 38 additions and 7 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1156,7 +1156,7 @@ dependencies = [

 [[package]]
 name = "sqpad"
-version = "0.1.0"
+version = "1.0.0"
 dependencies = [
 "actix-web",
 "chrono",
--- a/Files/index.html
+++ b/Files/index.html
@ -4,7 +4,7 @@
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>SqDecrypt</title>
+  <title>SqPad</title>
  <style>
    body {
      background-color: black;
--- a/Files/posts.json
+++ b/Files/posts.json
@ -0,0 +1,2 @@
+{"name":"llllllll","crypt":"U6O3QDZVQiFfRnj4aG0Exw==","date":"03/07/2023@16:39:26","id":790468326923469714}
+{"name":"Hi","crypt":"2Mj3sF0C0loJjnWVgAB7tQ==","date":"03/07/2023@16:54:51","id":8071774849875630801}
--- a/README.md
+++ b/README.md
@ -1,8 +1,18 @@
 # SqPad
 A encrypted pastebin.

+## Install
 Juste compile and launch it in the same folder as "Files".

+## Usage
+Simply enter a note on the form on the main page. Once submitted, the note is encrypted using DES-256. 
+
+The note can be accessed via its individual link. Please keep in mind that the server does not store links; it only saves the name of the note (in cleartext) and its content (encrypted). 
+
+The link can be used via a browser normally; it can also be used with curl or wget. In that case, the note is stripped of all html (only the text of the note is displayed) to be used in scripts, etc.
+
+For now, notes are kept forever until some admin manually removes them.
+
 TODO : 
 * Put the "files" folder somewhere else
 * When user-agent is curl or wget, do not display html on posts
--- a/src/main.rs
+++ b/src/main.rs
@ -3,6 +3,7 @@ use std::fs;
 use serde::{Serialize, Deserialize};
 use serde_derive::{Serialize, Deserialize};
 use actix_web::{get, post, web, App, HttpResponse, HttpServer, HttpRequest, Responder};
+use actix_web::http::header::HeaderValue;
 use std::fs::OpenOptions;
 use std::io::prelude::*;
 use chrono::Local;
@ -24,7 +25,6 @@ struct EncryptedPost {

 fn decrypt(encrypted: String, pass: &str) -> Result<String, String> {
    let mc = new_magic_crypt!(pass, 256);
-    println!("Trying with {} and pass {}", encrypted, pass);
    let result = mc.decrypt_base64_to_string(&encrypted);
    match result {
        Ok(v) => {
@ -69,7 +69,6 @@ fn get_all_posts() -> (Vec<EncryptedPost>, String) {

 #[post("/")]
 async fn post_index(web::Form(form): web::Form<Post>, req: HttpRequest) -> impl Responder {
-    println!("{:?}", req);
    let hostname = req.headers().get("Host").unwrap().to_str().unwrap();
    let pass = random_password();
    let encrypted = encrypt(&form.content, &pass);
@ -88,7 +87,7 @@ async fn post_index(web::Form(form): web::Form<Post>, req: HttpRequest) -> impl
 fn random_password() -> String {
    const CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
                            abcdefghijklmnopqrstuvwxyz\
-                            0123456789)(*&^%$#@!~";
+                            0123456789";
    let mut rng = rand::thread_rng();
    let password: String = (0..64)
        .map(|_| {
@ -100,13 +99,33 @@ fn random_password() -> String {
 }

 #[get("/decrypt/{givenid}/{password}")] // <- define path parameters
-async fn show_post(path: web::Path<(u64, String)>) -> impl Responder {
+async fn show_post(path: web::Path<(u64, String)>, req: HttpRequest) -> impl Responder {
    let (givenid, password) = path.into_inner();
    let (posts, _) = get_all_posts();
    let mut ret_text = fs::read_to_string("./Files/header.html").unwrap();
+    let placeholder = HeaderValue::from_static("Please ignore");
+    let useragent = req.headers()
+        .get("user-agent")
+        .unwrap_or(&placeholder)
+        .to_str()
+        .unwrap_or("Please ignore");
+
    for post in posts {
        if givenid == post.id {
-            let _ = &mut ret_text.push_str(&format!("\n <b>This is the link to your post. Don't lose it !</b><br>\n><i>{} @{}</i><br><br>\n", post.name, post.date));
+
+            //Change the output for wget and curl
+            if useragent.starts_with("curl") || useragent.starts_with("Wget") {
+                let mut content = decrypt(post.crypt, &password)
+                                .unwrap_or("Error decrypting".to_string());
+                content.push_str("\n");
+                return HttpResponse::Ok().body(content);
+            }
+
+            let _ = &mut ret_text.push_str(&format!("\n\
+<b>This is the link to your post. Don't lose it !\
+It can also be accessed raw using Curl or Wget.</b><br>\n\
+><i>{} @{}</i><br><br>\n", post.name, post.date));
+
            let _ = match decrypt(post.crypt, &password) {
                Ok(v) => {
                    let _ = &mut ret_text.push_str(&v);