commit f7240fcff9dcca26346e6e57d0eb917f4f40a550
parent 94435178d35eafcb7fc9d08defcb1f8583bd77c5
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 3 Feb 2023 12:53:06 -0800
add filedrop per file password
Diffstat:
4 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/cmd/dkf/migrations/127.sql b/cmd/dkf/migrations/127.sql
@@ -0,0 +1,4 @@
+-- +migrate Up
+ALTER TABLE filedrops ADD COLUMN password BLOB NULL;
+
+-- +migrate Down
diff --git a/pkg/database/tableFiledrops.go b/pkg/database/tableFiledrops.go
@@ -18,6 +18,7 @@ type Filedrop struct {
OrigFileName string
FileSize int64
IV []byte
+ Password EncryptedString
CreatedAt time.Time
UpdatedAt *time.Time
}
@@ -50,12 +51,13 @@ func (d *Filedrop) Exists() bool {
}
func (d *Filedrop) GetContent() (*os.File, *ucrypto.StreamDecrypter, error) {
+ password := []byte(d.Password)
filePath1 := filepath.Join(config.Global.ProjectFiledropPath(), d.FileName)
f, err := os.Open(filePath1)
if err != nil {
return nil, nil, err
}
- decrypter, err := utils.DecryptStream(d.IV, f)
+ decrypter, err := utils.DecryptStream(password, d.IV, f)
if err != nil {
f.Close()
return nil, nil, err
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -370,13 +370,12 @@ func DecryptAESMaster(ciphertext []byte) ([]byte, error) {
return DecryptAES(ciphertext, []byte(config.Global.MasterKey()))
}
-func EncryptStream(src io.Reader) (*crypto.StreamEncrypter, error) {
- return crypto.NewStreamEncrypter([]byte(config.Global.MasterKey()), nil, src)
+func EncryptStream(password []byte, src io.Reader) (*crypto.StreamEncrypter, error) {
+ return crypto.NewStreamEncrypter(password, nil, src)
}
-func DecryptStream(iv []byte, src io.Reader) (*crypto.StreamDecrypter, error) {
- encKey := []byte(config.Global.MasterKey())
- decrypter, err := crypto.NewStreamDecrypter(encKey, nil, crypto.StreamMeta{IV: iv}, src)
+func DecryptStream(password, iv []byte, src io.Reader) (*crypto.StreamDecrypter, error) {
+ decrypter, err := crypto.NewStreamDecrypter(password, nil, crypto.StreamMeta{IV: iv}, src)
if err != nil {
return nil, err
}
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -2,6 +2,7 @@ package handlers
import (
"bytes"
+ cryptoRand "crypto/rand"
"crypto/sha256"
dutils "dkforest/pkg/database/utils"
"dkforest/pkg/hashset"
@@ -4285,7 +4286,10 @@ func FileDropHandler(c echo.Context) error {
return c.Render(http.StatusOK, filedropTmplName, data)
}
- encrypter, err := utils.EncryptStream(file)
+ password := make([]byte, 16)
+ _, _ = cryptoRand.Read(password)
+
+ encrypter, err := utils.EncryptStream(password, file)
if err != nil {
data.Error = err.Error()
return c.Render(http.StatusOK, filedropTmplName, data)
@@ -4303,6 +4307,7 @@ func FileDropHandler(c echo.Context) error {
return c.Render(http.StatusOK, filedropTmplName, data)
}
+ filedrop.Password = database.EncryptedString(password)
filedrop.IV = encrypter.Meta().IV
filedrop.OrigFileName = origFileName
filedrop.FileSize = written
@@ -4353,7 +4358,14 @@ func FileDropTmpReconstructHandler(c echo.Context) error {
defer f.Close()
h := sha256.New()
- stream, _, iv, err := crypto.NewCtrStram([]byte(config.Global.MasterKey()))
+ password := make([]byte, 16)
+ _, _ = cryptoRand.Read(password)
+
+ stream, _, iv, err := crypto.NewCtrStram(password)
+ if err != nil {
+ logrus.Error(err)
+ return c.NoContent(http.StatusInternalServerError)
+ }
written := int64(0)
for _, fileName := range fileNames {
by, err := os.ReadFile(filepath.Join(config.Global.ProjectFiledropPath(), filedropUUID, fileName))
@@ -4380,6 +4392,7 @@ func FileDropTmpReconstructHandler(c echo.Context) error {
return c.NoContent(http.StatusInternalServerError)
}
+ filedrop.Password = database.EncryptedString(password)
filedrop.IV = iv
filedrop.OrigFileName = origFileName
filedrop.FileSize = written
