desviar 0.0.14 → 0.0.15

data/README.md

@@ -56,15 +56,15 @@ Commands:
 * /link/nnn - retrieve details
 * /config - set runtime configuration
 
+For scripting, the list, link and config commands can be modified with a _/json_ suffix (e.g. _/config/json_) to generate json instead of html output.
+
 Here's an example of creating a new link via _curl_:
 
     curl --digest --user desviar:password http://localhost:4567/create \
      --data "redir_uri=http://localhost/test&expiration=1800&captcha=1&notes=testing"
 
 Security notes:
-Consider moving the default database location from /dev/shm/desviar, and set its permissions to 0600.
-
-You can modify config.ru to direct log output to a different file.
+Consider moving the default database location from /dev/shm/desviar, and set its permissions to 0600. You can modify config.ru to direct log output to a different file.
 
 #### Features implemented ####
 

data/config/config.rb.example

@@ -25,6 +25,9 @@ $config = {
     :msg_exp => "Default expiration interval, in seconds",
 :exp => 900,
 
+    :msg_redir_retain => "Retention policy for URI - discard before saving db entry to be more secure",
+:redir_retain => "keep",
+
     :msg_authprompt => "AuthPrompt appears in the browser authentication dialog",
 :authprompt => "Please Authenticate",
 
@@ -85,5 +88,6 @@ $optvals = {
     Syslog::LOG_LOCAL3
     ],
 :hashlength => [ 3, 4, 6, 8, 12, 24, 32, 48, 64 ],
-:recordsmax => [ 50, 100, 150, 250, 500 ]
+:recordsmax => [ 50, 100, 150, 250, 500 ],
+:redir_retain => [ "keep", "discard" ]
 }

data/desviar.gemspec

@@ -37,9 +37,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dm-sqlite-adapter", ">= 1.2"
   spec.add_dependency "dm-timestamps", ">= 1.2"
   spec.add_dependency "dm-validations", ">= 1.2"
+  spec.add_dependency "multi_json", ">= 1.7"
   spec.add_dependency "rack-recaptcha", ">= 0.6"
   spec.add_dependency "rack-test", ">= 0.6"
   spec.add_dependency "sinatra", ">= 1.4"
+  spec.add_dependency "sinatra-contrib", ">= 1.4"
   spec.add_dependency "syntaxi", ">= 0.5"
   spec.add_dependency "yajl-ruby", ">= 1.1"
 end

data/lib/desviar.rb

@@ -11,6 +11,7 @@
 #       http://www.apache.org/licenses/LICENSE-2.0
 
 require 'sinatra/base'
+require 'sinatra/json'
 require 'securerandom'
 require 'dm-core'
 require 'dm-migrations'
@@ -22,6 +23,7 @@ require 'net/http'
 #require 'test/unit'
 require 'rack/test'
 require 'rack/recaptcha'
+require 'multi_json'
 
 if ENV['DESVIAR_CONFIG']
   require ENV['DESVIAR_CONFIG']
@@ -42,6 +44,7 @@ module Desviar
       DataMapper.setup(:default, $config[:dbmethod])
       DataMapper.auto_upgrade! if DataMapper.respond_to?(:auto_upgrade!)
       $config[:cryptkey] = SecureRandom.base64(32) if $config[:cryptkey].nil?
+      helpers Sinatra::JSON
     end
 
     get '/' do
@@ -56,23 +59,23 @@ module Desviar
   
     # submit
     post '/create' do
+      error 400 if params[:redir_uri].strip == ""
+
       # Create a new data record, generating the random URI and omitting
       #   remote-access credentials if specified.
       @desviar = Desviar::Model::Main.new(params.merge({
         :temp_uri => "#{$config[:uriprefix]}#{SecureRandom.urlsafe_base64($config[:hashlength])[0,$config[:hashlength]]}#{$config[:urisuffix]}",
         :expires_at     => Time.now + params[:expiration].to_i,
         :captcha_validated => false
-      }).delete_if {|key, val| key == "remoteuser" || key == "remotepw"})
+      }).delete_if {|key, val| key == "redir_uri" || key == "remoteuser" || key == "remotepw"})
 
       # Cache the remote URI
-      object = URI.parse(@desviar[:redir_uri])
+      object = URI.parse(params[:redir_uri])
       http = Net::HTTP.new(object.host, object.port)
-      http.use_ssl = @desviar[:redir_uri].index('https') == 0
+      http.use_ssl = params[:redir_uri].index('https') == 0
       http.verify_mode = OpenSSL::SSL::VERIFY_NONE
       req = Net::HTTP::Get.new(object.request_uri)
-      if params[:remoteuser] != ''
-        req.basic_auth params[:remoteuser], params[:remotepw]
-      end
+      req.basic_auth params[:remoteuser], params[:remotepw] if params[:remoteuser] != ''
       response = http.request(req)
       if !$config[:dbencrypt]
         @desviar[:content] = response.body[0, $config[:contentmax]]
@@ -84,6 +87,8 @@ module Desviar
         @desviar[:cipher_iv] = obj.iv
       end
 
+      @desviar[:redir_uri] = $config[:redir_retain] == "keep" ? params[:redir_uri] : ""
+
       # Insert the new record and display the new link
       if @desviar.save
         Desviar::Public::log "Created #{@desviar.id} #{@desviar.redir_uri} #{@desviar.expires_at} #{request.ip}"
@@ -103,6 +108,16 @@ module Desviar
       end
     end
 
+    # show link info - json format
+    get '/link/json/:id' do
+      @desviar = Desviar::Model::Main.get(params[:id])
+      if @desviar && DateTime.now < @desviar[:expires_at]
+        json @desviar.attributes.delete_if {|key, val| key == :content || key == :cipher_iv || key == :hmac}
+      else
+        error 404
+      end
+    end
+
     # clean out expired records
     get '/clean' do
       # TODO: figure out the clean "native" way of DataMapper::Collection.destroy
@@ -121,17 +136,48 @@ module Desviar
 
     # list of most recent records
     get '/list' do
-      @desviar = Desviar::Model::Main.all(:limit => $config[:recordsmax], :order => [ :created_at.desc ])
+      @desviar = Desviar::Model::Main.all(
+         :limit => $config[:recordsmax],
+         :order => [ :created_at.desc ],
+         :fields => [ :id, :created_at, :expires_at, :redir_uri, :captcha, :notes ])
       @total = @desviar.length
       @count = [ @total, $config[:recordsmax] ].min
       erb :list
     end
 
+    # list - json
+    get '/list/json' do
+      @desviar = Desviar::Model::Main.all(
+         :limit => $config[:recordsmax],
+         :order => [ :created_at.desc ],
+         :fields => [ :id, :redir_uri, :temp_uri, :expiration, :captcha,
+                      :notes, :owner, :created_at, :expires_at ])
+      list = Array.new
+      @desviar.each do |item|
+        list << {
+          :id => item.id, :redir_uri => item.redir_uri,
+          :temp_uri => item.temp_uri, :expiration => item.expiration,
+          :captcha => item.captcha, :notes => item.notes,
+          :owner => item.owner, :created_at => item.created_at,
+          :expires_at => item.expires_at }
+      end
+      json list
+    end
+
     # configuration
     get '/config' do
       erb :config
     end
 
+    # configuration - json
+    get '/config/json' do
+      json $config.reject { |opt, val| 
+          opt.to_s.index('msg_') == 0 ||
+          $config[:hidden].include?(opt.to_s) ||
+          $config[:hashed].include?(opt.to_s)
+      }
+    end
+
     # submit
     post '/config' do
       params['config'].each do |opt, val|

data/lib/model.rb

@@ -14,7 +14,7 @@ module Desviar
     include DataMapper::Resource
   
     property :id,         Serial # primary serial key
-    property :redir_uri,  String, :required => true, :length => 255
+    property :redir_uri,  String, :length => 255
     property :temp_uri,   String, :length => 64
     property :expiration, Integer, :required => true
     property :captcha,    Boolean

data/lib/version.rb

@@ -1,7 +1,7 @@
 module Desviar
-  VERSION = "0.0.14"
-  RELEASE = "2013-07-29"
-  TIMESTAMP = "2013-07-29 13:27:33 -07:00"
+  VERSION = "0.0.15"
+  RELEASE = "2013-07-30"
+  TIMESTAMP = "2013-07-29 08:27:33 -07:00"
 
   def self.info
       "#{name} v#{VERSION} (#{RELEASE})"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: desviar
 version: !ruby/object:Gem::Version
-  version: 0.0.14
+  version: 0.0.15
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-29 00:00:00.000000000 Z
+date: 2013-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dm-core
@@ -91,6 +91,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rack-recaptcha
   requirement: !ruby/object:Gem::Requirement
@@ -139,6 +155,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: syntaxi
   requirement: !ruby/object:Gem::Requirement
@@ -207,7 +239,7 @@ files:
 homepage: http://github.com/instantlinux/desviar
 licenses: []
 post_install_message: ! "------------------------------------------------------------------------------\nDesviar
-  v0.0.14\n\nTo configure, download from:\n   https://raw.github.com/instantlinux/desviar/master/config/config.rb.example\ninto
+  v0.0.15\n\nTo configure, download from:\n   https://raw.github.com/instantlinux/desviar/master/config/config.rb.example\ninto
   a new file config.rb and export DESVIAR_CONFIG=<path>/config.rb.\n\nThanks for using
   Desviar.\n------------------------------------------------------------------------------\n"
 rdoc_options: []