Add encryption support to http_upload.sh

This commit is contained in:
Travis Burtrum 2017-01-20 01:42:30 -05:00
parent 0def21ee84
commit 37cedbdd3e
3 changed files with 23 additions and 3 deletions

View File

@ -9,10 +9,25 @@ set -e
[ -z "$http_upload_hmac_key" ] && echo "variable http_upload_hmac_key must be set, exiting..." 1>&2 && exit 1 [ -z "$http_upload_hmac_key" ] && echo "variable http_upload_hmac_key must be set, exiting..." 1>&2 && exit 1
[ -z "$http_upload_file_size_limit" ] && http_upload_file_size_limit=$((100 * 1024 * 1024)) # bytes, default to 100 * 1024 * 1024 = 100 MB [ -z "$http_upload_file_size_limit" ] && http_upload_file_size_limit=$((100 * 1024 * 1024)) # bytes, default to 100 * 1024 * 1024 = 100 MB
encrypt=0
[ -z "$http_upload_encrypt" ] && encrypt=$http_upload_encrypt
[ "$1" == '-e' ] && encrypt=1 && shift
[ "$2" == '-e' ] && encrypt=1
file_to_upload="$1" file_to_upload="$1"
base_name="$(basename "$file_to_upload")" base_name="$(basename "$file_to_upload")"
tag=''
if [ $encrypt -eq 1 ]
then
iv_key="$(openssl rand -hex 48)"
orig_file_to_upload="$file_to_upload"
file_to_upload="$(mktemp)"
aesgcm "$iv_key" enc < "$orig_file_to_upload" > "$file_to_upload"
tag="#$iv_key"
fi
file_size="$(stat -c %s "$file_to_upload")" file_size="$(stat -c %s "$file_to_upload")"
[ $file_size -gt $http_upload_file_size_limit ] && echo "file size $file_size greater than limit of $http_upload_file_size_limit, exiting..." 1>&2 && exit 1 [ $file_size -gt $http_upload_file_size_limit ] && echo "file size $file_size greater than limit of $http_upload_file_size_limit, exiting..." 1>&2 && exit 1
@ -25,4 +40,6 @@ get_url="${http_upload_url}${uuid}/${base_name}"
curl -f -T "$file_to_upload" "${get_url}?v=${hmac_secret}" curl -f -T "$file_to_upload" "${get_url}?v=${hmac_secret}"
echo "$get_url" echo -n "${get_url}${tag}"
[ $encrypt -eq 1 ] && rm "$file_to_upload"

View File

@ -13,7 +13,7 @@ set -e # exit on error
[ -z "$puush_api_key" ] && export puush_api_key='' # find API key here: http://puush.me/account/settings [ -z "$puush_api_key" ] && export puush_api_key='' # find API key here: http://puush.me/account/settings
[ -z "$imgur_api_key" ] && export imgur_api_key='486690f872c678126a2c09a9e196ce1b' # nabbed from here: https://github.com/dave1010/scripts/blob/master/shoot [ -z "$imgur_api_key" ] && export imgur_api_key='486690f872c678126a2c09a9e196ce1b' # nabbed from here: https://github.com/dave1010/scripts/blob/master/shoot
[ -z "$imgup_path" ] && export imgup_path='' # example: 'ssh user@host ~/imgup.sh ~/htdocs/s http://host/s png' [ -z "$imgup_path" ] && export imgup_path='' # example: 'ssh user@host ~/imgup.sh ~/htdocs/s http://host/s png'
[ -z "$http_upload_path" ] && export http_upload_path='' # example: '~/bin/http_upload.sh' without quotes where your required variables are already exported [ -z "$http_upload_path" ] && export http_upload_path='' # example: '~/bin/http_upload.sh' without quotes where your required variables are already exported, add -e for encryption
# if these are empty, go with defaults we know to exist and work without configuration # if these are empty, go with defaults we know to exist and work without configuration
[ -z "$upload" ] && export upload='imgur' # must be one of 'puush', 'imgur', 'imgup', or 'http_upload' [ -z "$upload" ] && export upload='imgur' # must be one of 'puush', 'imgur', 'imgup', or 'http_upload'
@ -42,7 +42,7 @@ function upload_imgup {
function upload_http_upload { function upload_http_upload {
[ -z "$http_upload_path" ] && echo '$imgup_path is empty, cannot upload!' && return [ -z "$http_upload_path" ] && echo '$imgup_path is empty, cannot upload!' && return
"$http_upload_path" "$1" $http_upload_path "$1"
} }
#################################################################################################################################### ####################################################################################################################################

View File

@ -25,6 +25,8 @@ Mainly meant to be used for images from scripts like open-screeny.sh, it can rea
Required dependencies are openssl, curl, and standard unix utilities stat, awk, and basename Required dependencies are openssl, curl, and standard unix utilities stat, awk, and basename
Optional dependencies include aesgcm from [ImageDownloader][6] which is used to encrypt files just like Conversations and gajim do with http_upload before upload. Either set the variable http_upload_encrypt to 1 or pass -e to the script as the first or second argument to enable this encryption.
imgup.sh imgup.sh
------------ ------------
This script reads a file from stdin, and moves it to a certain directory with the shortest name possible that doesn't conflict based on the sha1sum, then echos the URL the file will be available at. This script reads a file from stdin, and moves it to a certain directory with the shortest name possible that doesn't conflict based on the sha1sum, then echos the URL the file will be available at.
@ -47,3 +49,4 @@ nginx_http_upload.php is licensed seperately as mentioned at the top of the file
[4]: http://b1t.it/ [4]: http://b1t.it/
[5]: https://github.com/Hidendra/puush-api [5]: https://github.com/Hidendra/puush-api
[6]: https://modules.prosody.im/mod_http_upload_external.html [6]: https://modules.prosody.im/mod_http_upload_external.html
[7]: https://github.com/moparisthebest/ImageDownloader