sour-is/go-paste
1
0
Fork 0
Code Pull Requests Actions Releases 6 Activity

initial commit

Browse Source
This commit is contained in:
xuu
2017-04-14 16:15:07 -06:00
commit 8e6da6cd30
19 changed files with 3387 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

283
assets/app.js Normal file
View File

@@ -0,0 +1,283 @@
var app = angular.module('souris-app', ['souris-common', 'hljs']).
config(function ($routeProvider) {
$routeProvider.
when('/', {controller: CreateCtrl, templateUrl: 'create.html'}).
when('/:id!:key', {controller: ViewCtrl, templateUrl: 'view.html'}).
when('/:id', {controller: ViewCtrl, templateUrl: 'view.html'}).
otherwise({redirectTo: '/'});
});
var TEXT = "";
function CreateCtrl($scope, $remoteService, $location, $route) {
"use strict";
$scope.reload = $route.reload;
$scope.o = {text: TEXT};
var base_url = $location.absUrl();
base_url = base_url.slice(0, base_url.indexOf('#'));
$scope.$base_url = base_url;
// Add Randomness to RNG
console.info("Adding extra entropy from server and user input.");
$scope.entropy = 0;
var addEntropy = function (s) {
$scope.entropy += s.length;
fn.seed(s, {entropy: true});
};
$remoteService('/paste/rng').get().success(addEntropy);
(function (events, count) {
var t = [];
function w(e) {
t.push([e.pageX, e.pageY, e.keyCode, +new Date]);
if (t.length < count) {
return;
}
addEntropy(t);
$scope.$apply();
t = [];
}
for (var i in events)
if (events.hasOwnProperty(i))
document.addEventListener(events[i], w);
})(['mousemove', 'keydown', 'keypress', 'click', 'scroll'], 16);
$scope.HighliteLang = fn.obj(HighliteLang);
$scope.ExpireTimes = fn.obj(ExpireTimes);
// Encrypt and send function
$scope.Encrypt = function (o) {
if (o.text.length > 512) {o.zip = true; $scope.o.zip = true; }
var e = encrypt(o);
console.log("Sending:\n" + json(e));
$remoteService('/paste')
.post({}, e.txt)
.success(function (d) {
console.log("Received:\n" + d);
d = d.split(' ');
$scope.result = {status: d[0], id: d[1], key: e.key, text: e.txt};
});
};
}
CreateCtrl.$inject = ['$scope', '$remoteService', '$location', '$route'];
function ViewCtrl($scope, $params, $remoteService, $location) {
"use strict";
var base_url = $location.absUrl();
base_url = base_url.slice(0, base_url.indexOf('#'));
$scope.$base_url = base_url;
var id = $params.id,
key = $params.key;
$scope.id = id;
$scope.key = key;
function store(o) {
$scope.store = o;
}
$scope.copy = function(t) {
TEXT = t;
$location.path('/');
}
$remoteService('/paste/:id')
.get({id: id})
.success(decrypt(key, store))
.error(function(d, c){
var msg = '';
switch(c){
case 403: msg = 'Authentication Required.'; break;
case 404: msg = 'Message Not Found.'; break;
case 410: msg = 'Message Expired.'; break;
}
$scope.store = {err:msg, code:c};
});
}
ViewCtrl.$inject = ['$scope', '$routeParams', '$remoteService', '$location'];
var HighliteLang = [["text", "Plain Text"], ["apache", "Apache"], ["bash", "Bash"], ["coffeescript", "CoffeeScript"], ["cpp", "C++"], ["cs", "C#"], ["css", "CSS"], ["diff", "Diff"], ["http", "HTTP"], ["ini", "Ini"], ["java", "Java"], ["javascript", "JavaScript"], ["json", "JSON"], ["makefile", "Makefile"], ["markdown", "Markdown"], ["nginx", "Nginx"], ["objectivec", "Objective C"], ["perl", "Perl"], ["php", "PHP"], ["python", "Python"], ["ruby", "Ruby"], ["sql", "SQL"], ["xml", "HTML, XML"]];
var ExpireTimes = [[3600, "1 Hour"], [86400, "1 Day"], [604800, "1 Week"], [2419200, "4 Weeks"], [15778463, "6 Months"], [31556926, "1 Year"]];
var fn = {
sha: function (s) { return this.b64(CryptoJS.SHA256(s)); },
rmd: function (s) { return this.b64(CryptoJS.RIPEMD160(s)); },
chk: function (s) { return this.b64(CryptoJS.RIPEMD160(CryptoJS.SHA256(s))); },
enc: function (t, p) { return CryptoJS.AES.encrypt(t, p).toString(); },
dec: function (c, p) { return CryptoJS.AES.decrypt(c, p); },
b64: function (s) {
if (s == undefined) return;
return CryptoJS.enc.Base64.stringify(s).replace(/[=]+/, '').replace(/\//g, '_').replace(/\+/g, '-');
},
d64: function (s) {
if (s == undefined) return;
switch (s.length % 3) {
case 2:
s += '=';
// fallthrough
case 1:
s += '=';
}
return CryptoJS.enc.Base64.parse(s.replace(/_/g, '/').replace(/-/g, '+'));
},
rng: function (n) { return this.b64(CryptoJS.lib.WordArray.random(n)); },
seed: Math.seedrandom,
u8a: function (wa) {
var w = wa.words;
var b = new Uint8Array(w.length * 4), v, i, j, k = 0;
for (i = 0; i < w.length; ++i) {
v = w[i];
for (j = 3; j >= 0; --j) {
b[k++] = ((v >> 8 * j) & 0xFF);
}
}
return b;
},
u16a: function (ua) {
var s = '';
for (var i = 0; i < ua.length; i++) {
s += ('0' + ua[i].toString(16)).slice(-2);
}
return CryptoJS.enc.Hex.parse(s);
},
str8: function (ua) {
var s = '';
for (var i = 0; i < ua.byteLength; i++) {
if ((ua[i]&0x80) == 0) s += String.fromCharCode(ua[i]);
else if ((ua[i]&0xe0) == 0xc0 && (ua[i+1]&0xc0) == 0x80) {
s += String.fromCharCode(((ua[i]&0x1f)<<6) + (ua[i+1]&0x3f));
i += 1;
}
else if ((ua[i]&0xf0) == 0xe0 && (ua[i+1]&0xc0) == 0x80 && (ua[i+2]&0xc0) == 0x80){
s += String.fromCharCode(((ua[i]&0x0f)<<12) + ((ua[i+1]&0x3f)<<6) + (ua[i+2]&0x3f));
i += 2;
}
else if ((ua[i]&0xf8) == 0xf0 && (ua[i+1]&0xc0) == 0x80 && (ua[i+2]&0xc0) == 0x80 && (ua[i+3]&0xc0) == 0x80) {
s += String.fromCharCode(((ua[i]&0x0f)<<18) + ((ua[i+1]&0x3f)<<12) + ((ua[i+2]&0x3f)<<6) + (ua[i+3]&0x3f));
i += 3;
}
else { s += String.fromCharCode(65533); }
}
return s;
},
obj: function (a) {
var o = [];
for (var i = 0; i < a.length; i++) {
o.push({key: a[i][0], val: a[i][1]});
}
return o;
}
};
var decrypt = function (key, tgt) {
return function (d) {
if (d.length === 0) tgt({err: "Not Found", code: 'not_found'});
var s = d.split('\n');
d = {};
var i = 0;
while (true) {
if (s[i] == "") break;
var l = s[i].trim().split(':\t');
d[l[0]] = l[1];
i++;
}
d.tx = s.splice(i).join('');
if (key === undefined) tgt({err: "Missing Key", code: 'no_key'});
else if (d.chk != fn.rmd(fn.d64(key))) tgt({err: "Invalid Key", code: "bad_key"});
else {
var tx;
if (d.zip) {
tx = fn.dec(d.tx, key);
tx = fn.u8a(tx);
tx = fn.str8(pako.inflate(tx));
} else {
tx = fn.dec(d.tx, key).toString(CryptoJS.enc.Utf8);
}
var lang = 'text';
for (i = 0; i < HighliteLang.length; i++)
if (d.lang == HighliteLang[i][0])
lang = HighliteLang[i][0];
tgt({code: 'ok', tx: tx, lang: lang, exp: d.exp, zip: d.zip});
}
};
};
var encrypt = function (o) {
var ts = Date.now();
console.info("Begin Encryption Process...");
var pass;
if (o.pass !== undefined) pass = fn.chk(o.pass);
var r = fn.rng(40);
var key = fn.sha(r);
var chk = fn.chk(r);
var text = o.text;
if (o.zip) {
console.info("Compressing text...");
var bl = o.text.length, bs = Date.now();
var deflate = pako.gzip(text);
text = fn.u16a(deflate);
console.info("Compress complete: " + (Date.now() - bs) + "ms, " + bl + " => " + o.text.length + " bytes");
}
var enc = fn.enc(text, key);
var exp = (o.exp === undefined ? undefined : (o.exp + Date.now() / 1000 | 0));
var header = {
'pass': pass,
'chk': chk,
'lang': o.lang,
'exp': exp,
'zip': o.zip,
'burn': o.burn
};
var s = '';
for (var i in header) if (header.hasOwnProperty(i)) if (header[i] !== undefined) {
s += i + ":\t" + header[i] + "\n";
}
s += "\n";
while (enc.length > 79) {
s += enc.slice(0, 79) + "\n";
enc = enc.slice(79);
}
s += enc + "\n";
console.info("Encrypt complete: " + (Date.now() - ts) + " ms");
return {'txt': s, 'key': key};
};
m.filter('blength', function () {
return function (o) {
if (!(typeof o == 'string' || o instanceof String)) return;
if (o === undefined || o.length === undefined) return;
var utf8length = 0;
for (var n = 0; n < o.length; n++) {
var c = o.charCodeAt(n);
if (c < 128) {
utf8length++;
}
else if ((c > 127) && (c < 2048)) {
utf8length = utf8length + 2;
} else {
utf8length = utf8length + 3;
}
}
return utf8length;
};
});

56
assets/create.html Normal file
View File

@@ -0,0 +1,56 @@
<div class=row ng-show='result != undefined'>
<div class=col-xs-12>
<div class="input-group">
<span class="input-group-btn">
<a class="btn btn-default" ng-click='reload()' type="button">New</a>
</span>
<input type=text readonly class=form-control select-on-click value="{{$base_url}}#/{{result.id}}!{{result.key}}">
<span class="input-group-btn">
<a class='btn btn-default' ng-href='#/{{result.id}}!{{result.key}}'>Open</a>
</span>
</div>
</div>
<pre class=col-xs-12> # Command Line: curl -s {{$base_url}}api/get/{{result.id}} | sed "1,/^\$/d" | openssl aes-256-cbc -d -a -k {{result.key}} <span ng-if='o.zip == true''>| gzip -dc</span>
{{result.text}}</pre>
</div>
<div ng-hide='result != undefined'>
<form name=paste ng-submit='Encrypt(o)'>
<div class="form form-inline">
<ol class='breadcrumb'>
<li>
<label>Syntax</label>
<select class='form-control input-sm' ng-model=o.lang ng-options='i.key as i.val for i in HighliteLang | orderBy:"+val"' ng-init='o.lang = "text"'></select>
</li>
<li>
<label>Expires</label>
<select class='form-control input-sm' ng-model=o.exp ng-options='i.key as i.val for i in ExpireTimes | orderBy:"+key"' ng-init='o.exp = 604800'></select>
</li>
<li>
<label><input type=checkbox ng-model='o.burn' /> Burn on Read</label>
</li>
</ol>
</div>
<textarea style='font-family: hack,"Anonymous Pro",consolita,monospace' required class='form-control' rows=20 ng-model="o.text"></textarea>
<pre>Additional Entropy: {{entropy}} bytes / Content size: {{o.text|blength|default:0}} bytes</pre>
<button type=submit class='btn btn-default btn-lg btn-block' ng-disabled="o.text == undefined || o.text.length == 0">Encrypt</button>
</form>
<p>Create pastes from the command line! <a href=./paste.sh>paste.sh</a>
<pre>
$ echo /etc/passwd | ./paste.sh
env options:
PASTE_URL - Set the url base for paste operations (default: HTTPS://sour.is/paste)
PASTE_GZIP - 0 = No Compression, 1 = Use gzip compression (default: 0)
PASTE_BURN - 0 = No Burn on Read, 1 = Burn on read (default: 0)
PASTE_DATE - Value to be used when setting expire date. (default: next-week)
</pre>
</p>
</div>

57
assets/index.html Normal file
View File

@@ -0,0 +1,57 @@
<?doctype html?>
<html ng-app='souris-app'>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>PasteBox</title>
</head>
<body>
<div id="wrapper">
<div class="container-responsive">
<article ng-view></article>
<a onclick='var elm = document.getElementById("debug"); elm.parentNode.style.display="block"; window.scrollTop = window.scrollHeight;' style="margin:3px;cursor:context-menu;font-family:monospace;position:fixed;bottom:0;right:0">&pi;</a>
<div class='panel panel-default' style='height:13em;margin-bottom:0;margin-top:2em;;display:none;position:relative;bottom:0'><b>Debug Log</b>
<div style='float:right'>
<a class="btn" onclick='document.getElementById("debug").parentNode.style.display="none";'><i class='glyphicon glyphicon-remove'></i></a><br/>
<a class="btn" onclick='var elm=document.getElementById("debug");while (elm.firstChild) {elm.removeChild(elm.firstChild);}'><i class='glyphicon glyphicon-ban-circle'></i></a>
</div>
<pre id=debug style='height:12em; overflow:x-scroll;'></pre>
<footer></footer></div>
</div>
</div>
<link rel="stylesheet" href="style.css" integrity='sha384-2g6CT1TMuzCclIAqYC+AkSkfA21njEedIBVs+k3tcZ6gHhCU7s17aGJMLvYsF0fK'>
<script src='app.js'></script>
<noscript>
<div class=container-responsive>
<h1>PasteBox</h1>
<p>It looks like yo don't have javascript enabled for this site. But thats ok. You can still submit and read the content of pastes by using a few curl/openssl/gunzip commands.</p>
<h2>Get the paste</h2>
<p>Lets say you have the following link <code>https://domain.tld/#/FeLq42kIQV69hQCJA8m9lg!5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w</code>. Query the REST endpoint for the ID or part before the ! in the url hash.</p>
<pre><code>$ curl -i https://domain.tld/api/FeLq42kIQV69hQCJA8m9lg</code></pre>
<h2>Decrypt</h2>
<p>Using Openssl you want to remove the header and pass the remaining base64 for decryption. The cypher used is aes-256-cbc. The key is the portion after the ! in the link.</p>
<pre><code>... | sed '1,/^$/d' | openssl aes-256-cbc -d -a -k 5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w</code></pre>
<h2>Deflate</h2>
<p>If as in the provided example the paste has been compressed pass it through gunzip. The header will have "zip: true" if it has been compressed.</p>
<pre><code> ... | gzip -dc </code></pre>
<h2>Example Output</h2>
<pre><code>$ curl -s "https://domain.tld/api/FeLq42kIQV69hQCJA8m9lg" | sed "1,/^$/d" | openssl aes-256-cbc -d -a -k 5EDDziaCjceHjeG5UQ9M7-6wgyq5YVfysAEZ0wUNy6w | gzip -dc
. ____ .-.
.-"` `",( __\_
.-==:;-._ .' .-. `'.
.' `"-:'-/ ( \} -=a .)
/ \/ \,== `- __..-'`
'-' | | | .'\ `;
\ _/---'\ ( `"`
/.`._ ) \ `; Sour.is Paste
\`-/.' `"`
`"\`-.</code></pre>
</div>
</noscript>
</body>
</html>

458
assets/lib.js Normal file
View File

File diff suppressed because one or more lines are too long

45
assets/paste.sh Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/bash
if [ "$1" = "-h" ]; then
cat 1>&2 <<EOL
usage: echo /etc/passwd | ./paste.sh
env options:
PASTE_URL - Set the url base for paste operations (default: HTTPS://sour.is/paste)
PASTE_GZIP - 0 = No Compression, 1 = Use gzip compression (default: 0)
PASTE_BURN - 0 = No Burn on Read, 1 = Burn on read (default: 0)
PASTE_DATE - Value to be used when setting expire date. (default: next-week)
EOL
exit
fi
PASTE_URL=${PASTE_URL-"https://sour.is/paste"}
PASTE_BURN=${PASTE_BURN-0}
PASTE_DATE=${PASTE_DATE-"next-week"}
PASTE_GZIP=${PASTE_GZIP-0}
GZBIN="cat"
[ "$PASTE_GZIP" -eq "1" ] && GZBIN="gzip -c"
PASS=$(head -c 40 /dev/urandom);
CHK=$(echo -s $PASS | openssl dgst -sha256 -binary | openssl dgst -ripemd160 -binary | base64 | tr '/+' '_-' | tr -d '=')
PASS=$(echo -s $PASS | openssl dgst -sha256 -binary | base64 | tr '/+' '_-' | tr -d '=')
HASH=$((echo -e "exp:\t$(date +%s -d ${PASTE_DATE})"; \
echo -e "chk:\t$CHK"; \
[ "$PASTE_BURN" -eq "1" ] && echo -e "burn:\ttrue"; \
[ "$PASTE_GZIP" -eq "1" ] && echo -e "zip:\ttrue"; \
echo; \
cat /dev/stdin | $GZBIN | openssl aes-256-cbc -e -a -k $PASS) | \
curl -s -X POST ${PASTE_URL}/api/ --data-binary @-)
HASH_OK=$(echo $HASH | cut -c1-2)
if [ "$HASH_OK" = "OK" ]; then
HASH=$(echo $HASH | cut -f2 -d' ')
echo "url: ${PASTE_URL}/#/${HASH}!${PASS}"
echo -n "shell: curl -s ${PASTE_URL}/api/get/${HASH} | sed '1,/^\$/d' | openssl aes-256-cbc -d -a -k ${PASS}"
[ "$PASTE_GZIP" -eq "1" ] && echo " | gzip -dc" || echo;
exit
fi
echo $HASH

12
assets/style.css Normal file
View File

File diff suppressed because one or more lines are too long

1
assets/test.txt Normal file
View File

@@ -0,0 +1 @@
Test.

21
assets/view.html Normal file
View File

@@ -0,0 +1,21 @@
<div class=row>
<div class=col-xs-12>
<div class="input-group">
<span class="input-group-btn">
<a class="btn btn-default" ng-href='#/' type="button">New</a>
</span>
<input type=text readonly class=form-control select-on-click value="{{$base_url}}#/{{id}}!{{key}}">
<span class="input-group-btn">
<a class='btn btn-default' ng-click='copy(store.tx)'>Copy</a>
</span>
</div>
</div>
</div>
<div ng-if="store.err == undefined">
<div class='well well-sm'>
<b>Lang:</b> {{store.lang}}, <b>Expires:</b> <span ng-if='store.exp != "burn_on_read"'>{{store.exp*1000|date}}</span><span ng-if='store.exp == "burn_on_read"'>Burn on Read</span>
</div>
<div hljs language="{{store.lang}}" source="store.tx"></div>
<pre class=col-xs-12> # Command Line: curl -s {{$base_url}}api/get/{{id}} | sed "1,/^\$/d" | openssl aes-256-cbc -d -a -k {{key}} <span ng-if='store.zip != undefined'>| gzip -dc</span>
</div>
<div ng-if="store.err != undefined"><h3>Error: {{store.err}}</h3></div>