Add encryption support to http_upload.sh

This commit is contained in:
Travis Burtrum 2017-01-20 01:42:30 -05:00
parent 0def21ee84
commit 37cedbdd3e
3 changed files with 23 additions and 3 deletions

View File

@ -9,10 +9,25 @@ set -e
[ -z "$http_upload_hmac_key" ] && echo "variable http_upload_hmac_key must be set, exiting..." 1>&2 && exit 1
[ -z "$http_upload_file_size_limit" ] && http_upload_file_size_limit=$((100 * 1024 * 1024)) # bytes, default to 100 * 1024 * 1024 = 100 MB
encrypt=0
[ -z "$http_upload_encrypt" ] && encrypt=$http_upload_encrypt
[ "$1" == '-e' ] && encrypt=1 && shift
[ "$2" == '-e' ] && encrypt=1
file_to_upload="$1"
base_name="$(basename "$file_to_upload")"
tag=''
if [ $encrypt -eq 1 ]
then
iv_key="$(openssl rand -hex 48)"
orig_file_to_upload="$file_to_upload"
file_to_upload="$(mktemp)"
aesgcm "$iv_key" enc < "$orig_file_to_upload" > "$file_to_upload"
tag="#$iv_key"
fi
file_size="$(stat -c %s "$file_to_upload")"
[ $file_size -gt $http_upload_file_size_limit ] && echo "file size $file_size greater than limit of $http_upload_file_size_limit, exiting..." 1>&2 && exit 1
@ -25,4 +40,6 @@ get_url="${http_upload_url}${uuid}/${base_name}"
curl -f -T "$file_to_upload" "${get_url}?v=${hmac_secret}"
echo "$get_url"
echo -n "${get_url}${tag}"
[ $encrypt -eq 1 ] && rm "$file_to_upload"

View File

@ -13,7 +13,7 @@ set -e # exit on error
[ -z "$puush_api_key" ] && export puush_api_key='' # find API key here: http://puush.me/account/settings
[ -z "$imgur_api_key" ] && export imgur_api_key='486690f872c678126a2c09a9e196ce1b' # nabbed from here: https://github.com/dave1010/scripts/blob/master/shoot
[ -z "$imgup_path" ] && export imgup_path='' # example: 'ssh user@host ~/imgup.sh ~/htdocs/s http://host/s png'
[ -z "$http_upload_path" ] && export http_upload_path='' # example: '~/bin/http_upload.sh' without quotes where your required variables are already exported
[ -z "$http_upload_path" ] && export http_upload_path='' # example: '~/bin/http_upload.sh' without quotes where your required variables are already exported, add -e for encryption
# if these are empty, go with defaults we know to exist and work without configuration
[ -z "$upload" ] && export upload='imgur' # must be one of 'puush', 'imgur', 'imgup', or 'http_upload'
@ -42,7 +42,7 @@ function upload_imgup {
function upload_http_upload {
[ -z "$http_upload_path" ] && echo '$imgup_path is empty, cannot upload!' && return
"$http_upload_path" "$1"
$http_upload_path "$1"
}
####################################################################################################################################

View File

@ -25,6 +25,8 @@ Mainly meant to be used for images from scripts like open-screeny.sh, it can rea
Required dependencies are openssl, curl, and standard unix utilities stat, awk, and basename
Optional dependencies include aesgcm from [ImageDownloader][6] which is used to encrypt files just like Conversations and gajim do with http_upload before upload. Either set the variable http_upload_encrypt to 1 or pass -e to the script as the first or second argument to enable this encryption.
imgup.sh
------------
This script reads a file from stdin, and moves it to a certain directory with the shortest name possible that doesn't conflict based on the sha1sum, then echos the URL the file will be available at.
@ -47,3 +49,4 @@ nginx_http_upload.php is licensed seperately as mentioned at the top of the file
[4]: http://b1t.it/
[5]: https://github.com/Hidendra/puush-api
[6]: https://modules.prosody.im/mod_http_upload_external.html
[7]: https://github.com/moparisthebest/ImageDownloader