├── LICENSE ├── README.md ├── SECURITY.md ├── composer.json ├── composer.lock ├── lib ├── authorize2.php ├── filename.php └── log-lib.php ├── speechlines.inc.php ├── upload └── pomf.php └── users ├── README.md └── create.php /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 George Tsatsis 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # RLAPI 2 | 3 | RLAPI is the new RATELIMITED file hosting API, allowing for file uploading & handling in a fast and lightweight manner. 4 | 5 | ## Getting Started 6 | 7 | These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system. 8 | 9 | ### Prerequisites 10 | 11 | What things you need to install the software and how to install them 12 | 13 | ``` 14 | PHP 7.x 15 | Apache/NGINX/A PHP Capable Webserver 16 | Minio (Can be found on minio.io) 17 | Postgres 18 | Our sample Database File (Will be uploaded later on. Currently working on polishing our software :) ) 19 | 20 | Also, you'll need a brain! 21 | ``` 22 | 23 | ### Installing 24 | 25 | Once you have installed all the prerequisites, clone this git repo to your working directory. 26 | 27 | Import the database file into PostgreSQL and make sure to edit your token. 28 | 29 | Currently, there is no configuration and everything is hardcoded, as such, please edit the files and the requirements accordingly with the file locations that you are going to have. 30 | 31 | Once done, POST to the api with a file in the form files\[\]. 32 | 33 | Note: Do not forget to change your token in the database! 34 | 35 | ## Running the tests 36 | 37 | Testing is fairly simple, just POST to the API and voila! 38 | 39 | 40 | ## Deployment 41 | 42 | Install, Test, Verify, done 43 | 44 | ## Built With 45 | 46 | * [PHP](http://php.net) - The web framework used 47 | * Love - The secret ingredient 48 | 49 | ## Contributing 50 | 51 | Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us. 52 | 53 | ## Versioning 54 | 55 | We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/gtsatsis/RLAPI/tags). 56 | 57 | ## Authors 58 | 59 | * **George Tsatsis** - *Initial work* - [gtsatsis](https://github.com/gtsatsis) 60 | * **Samuel Simão** - *Initial work* - [SamuelCSimao](https://github.com/SamuelCSimao) 61 | 62 | See also the list of [contributors](https://github.com/gtsatsis/RLAPI/contributors) who participated in this project. 63 | 64 | ## License 65 | 66 | This project is licensed under the MIT License - see the [LICENSE.md](LICENSE) file for details 67 | 68 | ## Acknowledgments 69 | 70 | * Every individual StackOverflow/StackExchange Network user whose code snippets were used. They are credited in the code comments. 71 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | ## RATELIMITED Security 2 | 3 | We take security very seriously at RATELIMITED. We welcome everyone to peek at our code and verify for themselves, as well as run a clone of our service for themselves. 4 | 5 | ### Where should I report security issues? 6 | 7 | In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please use our [vulnerability disclosure program at Hacker One](https://hackerone.com/ratelimited) to provide details and repro steps and we will respond ASAP. If you prefer not to use Hacker One, email us directly at `security@ratelimited.me` with details and repro steps. Security issues *always* take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes. 8 | 9 | ### What counts as a security issue? 10 | 11 | Mostly, a security issue would be one of the following: 12 | 13 | * SQL Injection 14 | * Priviledge Escalation 15 | * XSS 16 | 17 | And the like. 18 | 19 | ### What is out of scope, though? 20 | 21 | First off, any third-party site (Such as, but not limited to `discordapp.com`, `okta.com`, `duo.com`, `bitly.com`) is out of scope entirely. 22 | 23 | Now, attacks related to our site which would be out of scope would be of the likes: 24 | * DDoS attacks 25 | * Physical attacks 26 | * Phishing attacks 27 | * Attacks that require access to a client's computer in order to work (Such as Remote Administration Tools/Trojans installed on ones PC) 28 | * Social Engineering attacks 29 | 30 | ### Do you pay? 31 | 32 | Sadly, due to our size and our costs to run, we are unable to pay for security vulnerability disclosures, but don't let that stop you! We'll award you with recognition on our Discord server and premium benefits on our service if your submission is deemed valid! 33 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "require": { 3 | "aws/aws-sdk-php": "^3.44" 4 | "ramsey/uuid" 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /composer.lock: -------------------------------------------------------------------------------- 1 | { 2 | "_readme": [ 3 | "This file locks the dependencies of your project to a known state", 4 | "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", 5 | "This file is @generated automatically" 6 | ], 7 | "content-hash": "6a604ec3d7a3b598c187166d208d3f5b", 8 | "packages": [ 9 | { 10 | "name": "aws/aws-sdk-php", 11 | "version": "3.48.8", 12 | "source": { 13 | "type": "git", 14 | "url": "https://github.com/aws/aws-sdk-php.git", 15 | "reference": "40dc24b2152cb00a5a6b2f2fe1678b86b6f0ba57" 16 | }, 17 | "dist": { 18 | "type": "zip", 19 | "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/40dc24b2152cb00a5a6b2f2fe1678b86b6f0ba57", 20 | "reference": "40dc24b2152cb00a5a6b2f2fe1678b86b6f0ba57", 21 | "shasum": "" 22 | }, 23 | "require": { 24 | "ext-json": "*", 25 | "ext-pcre": "*", 26 | "ext-simplexml": "*", 27 | "ext-spl": "*", 28 | "guzzlehttp/guzzle": "^5.3.1|^6.2.1", 29 | "guzzlehttp/promises": "~1.0", 30 | "guzzlehttp/psr7": "^1.4.1", 31 | "mtdowling/jmespath.php": "~2.2", 32 | "php": ">=5.5" 33 | }, 34 | "require-dev": { 35 | "andrewsville/php-token-reflection": "^1.4", 36 | "aws/aws-php-sns-message-validator": "~1.0", 37 | "behat/behat": "~3.0", 38 | "doctrine/cache": "~1.4", 39 | "ext-dom": "*", 40 | "ext-openssl": "*", 41 | "nette/neon": "^2.3", 42 | "phpunit/phpunit": "^4.8.35|^5.4.3", 43 | "psr/cache": "^1.0" 44 | }, 45 | "suggest": { 46 | "aws/aws-php-sns-message-validator": "To validate incoming SNS notifications", 47 | "doctrine/cache": "To use the DoctrineCacheAdapter", 48 | "ext-curl": "To send requests using cURL", 49 | "ext-openssl": "Allows working with CloudFront private distributions and verifying received SNS messages" 50 | }, 51 | "type": "library", 52 | "extra": { 53 | "branch-alias": { 54 | "dev-master": "3.0-dev" 55 | } 56 | }, 57 | "autoload": { 58 | "psr-4": { 59 | "Aws\\": "src/" 60 | }, 61 | "files": [ 62 | "src/functions.php" 63 | ] 64 | }, 65 | "notification-url": "https://packagist.org/downloads/", 66 | "license": [ 67 | "Apache-2.0" 68 | ], 69 | "authors": [ 70 | { 71 | "name": "Amazon Web Services", 72 | "homepage": "http://aws.amazon.com" 73 | } 74 | ], 75 | "description": "AWS SDK for PHP - Use Amazon Web Services in your PHP project", 76 | "homepage": "http://aws.amazon.com/sdkforphp", 77 | "keywords": [ 78 | "amazon", 79 | "aws", 80 | "cloud", 81 | "dynamodb", 82 | "ec2", 83 | "glacier", 84 | "s3", 85 | "sdk" 86 | ], 87 | "time": "2018-01-05T22:21:07+00:00" 88 | }, 89 | { 90 | "name": "guzzlehttp/guzzle", 91 | "version": "6.3.0", 92 | "source": { 93 | "type": "git", 94 | "url": "https://github.com/guzzle/guzzle.git", 95 | "reference": "f4db5a78a5ea468d4831de7f0bf9d9415e348699" 96 | }, 97 | "dist": { 98 | "type": "zip", 99 | "url": "https://api.github.com/repos/guzzle/guzzle/zipball/f4db5a78a5ea468d4831de7f0bf9d9415e348699", 100 | "reference": "f4db5a78a5ea468d4831de7f0bf9d9415e348699", 101 | "shasum": "" 102 | }, 103 | "require": { 104 | "guzzlehttp/promises": "^1.0", 105 | "guzzlehttp/psr7": "^1.4", 106 | "php": ">=5.5" 107 | }, 108 | "require-dev": { 109 | "ext-curl": "*", 110 | "phpunit/phpunit": "^4.0 || ^5.0", 111 | "psr/log": "^1.0" 112 | }, 113 | "suggest": { 114 | "psr/log": "Required for using the Log middleware" 115 | }, 116 | "type": "library", 117 | "extra": { 118 | "branch-alias": { 119 | "dev-master": "6.2-dev" 120 | } 121 | }, 122 | "autoload": { 123 | "files": [ 124 | "src/functions_include.php" 125 | ], 126 | "psr-4": { 127 | "GuzzleHttp\\": "src/" 128 | } 129 | }, 130 | "notification-url": "https://packagist.org/downloads/", 131 | "license": [ 132 | "MIT" 133 | ], 134 | "authors": [ 135 | { 136 | "name": "Michael Dowling", 137 | "email": "mtdowling@gmail.com", 138 | "homepage": "https://github.com/mtdowling" 139 | } 140 | ], 141 | "description": "Guzzle is a PHP HTTP client library", 142 | "homepage": "http://guzzlephp.org/", 143 | "keywords": [ 144 | "client", 145 | "curl", 146 | "framework", 147 | "http", 148 | "http client", 149 | "rest", 150 | "web service" 151 | ], 152 | "time": "2017-06-22T18:50:49+00:00" 153 | }, 154 | { 155 | "name": "guzzlehttp/promises", 156 | "version": "v1.3.1", 157 | "source": { 158 | "type": "git", 159 | "url": "https://github.com/guzzle/promises.git", 160 | "reference": "a59da6cf61d80060647ff4d3eb2c03a2bc694646" 161 | }, 162 | "dist": { 163 | "type": "zip", 164 | "url": "https://api.github.com/repos/guzzle/promises/zipball/a59da6cf61d80060647ff4d3eb2c03a2bc694646", 165 | "reference": "a59da6cf61d80060647ff4d3eb2c03a2bc694646", 166 | "shasum": "" 167 | }, 168 | "require": { 169 | "php": ">=5.5.0" 170 | }, 171 | "require-dev": { 172 | "phpunit/phpunit": "^4.0" 173 | }, 174 | "type": "library", 175 | "extra": { 176 | "branch-alias": { 177 | "dev-master": "1.4-dev" 178 | } 179 | }, 180 | "autoload": { 181 | "psr-4": { 182 | "GuzzleHttp\\Promise\\": "src/" 183 | }, 184 | "files": [ 185 | "src/functions_include.php" 186 | ] 187 | }, 188 | "notification-url": "https://packagist.org/downloads/", 189 | "license": [ 190 | "MIT" 191 | ], 192 | "authors": [ 193 | { 194 | "name": "Michael Dowling", 195 | "email": "mtdowling@gmail.com", 196 | "homepage": "https://github.com/mtdowling" 197 | } 198 | ], 199 | "description": "Guzzle promises library", 200 | "keywords": [ 201 | "promise" 202 | ], 203 | "time": "2016-12-20T10:07:11+00:00" 204 | }, 205 | { 206 | "name": "guzzlehttp/psr7", 207 | "version": "1.4.2", 208 | "source": { 209 | "type": "git", 210 | "url": "https://github.com/guzzle/psr7.git", 211 | "reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c" 212 | }, 213 | "dist": { 214 | "type": "zip", 215 | "url": "https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c", 216 | "reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c", 217 | "shasum": "" 218 | }, 219 | "require": { 220 | "php": ">=5.4.0", 221 | "psr/http-message": "~1.0" 222 | }, 223 | "provide": { 224 | "psr/http-message-implementation": "1.0" 225 | }, 226 | "require-dev": { 227 | "phpunit/phpunit": "~4.0" 228 | }, 229 | "type": "library", 230 | "extra": { 231 | "branch-alias": { 232 | "dev-master": "1.4-dev" 233 | } 234 | }, 235 | "autoload": { 236 | "psr-4": { 237 | "GuzzleHttp\\Psr7\\": "src/" 238 | }, 239 | "files": [ 240 | "src/functions_include.php" 241 | ] 242 | }, 243 | "notification-url": "https://packagist.org/downloads/", 244 | "license": [ 245 | "MIT" 246 | ], 247 | "authors": [ 248 | { 249 | "name": "Michael Dowling", 250 | "email": "mtdowling@gmail.com", 251 | "homepage": "https://github.com/mtdowling" 252 | }, 253 | { 254 | "name": "Tobias Schultze", 255 | "homepage": "https://github.com/Tobion" 256 | } 257 | ], 258 | "description": "PSR-7 message implementation that also provides common utility methods", 259 | "keywords": [ 260 | "http", 261 | "message", 262 | "request", 263 | "response", 264 | "stream", 265 | "uri", 266 | "url" 267 | ], 268 | "time": "2017-03-20T17:10:46+00:00" 269 | }, 270 | { 271 | "name": "mtdowling/jmespath.php", 272 | "version": "2.4.0", 273 | "source": { 274 | "type": "git", 275 | "url": "https://github.com/jmespath/jmespath.php.git", 276 | "reference": "adcc9531682cf87dfda21e1fd5d0e7a41d292fac" 277 | }, 278 | "dist": { 279 | "type": "zip", 280 | "url": "https://api.github.com/repos/jmespath/jmespath.php/zipball/adcc9531682cf87dfda21e1fd5d0e7a41d292fac", 281 | "reference": "adcc9531682cf87dfda21e1fd5d0e7a41d292fac", 282 | "shasum": "" 283 | }, 284 | "require": { 285 | "php": ">=5.4.0" 286 | }, 287 | "require-dev": { 288 | "phpunit/phpunit": "~4.0" 289 | }, 290 | "bin": [ 291 | "bin/jp.php" 292 | ], 293 | "type": "library", 294 | "extra": { 295 | "branch-alias": { 296 | "dev-master": "2.0-dev" 297 | } 298 | }, 299 | "autoload": { 300 | "psr-4": { 301 | "JmesPath\\": "src/" 302 | }, 303 | "files": [ 304 | "src/JmesPath.php" 305 | ] 306 | }, 307 | "notification-url": "https://packagist.org/downloads/", 308 | "license": [ 309 | "MIT" 310 | ], 311 | "authors": [ 312 | { 313 | "name": "Michael Dowling", 314 | "email": "mtdowling@gmail.com", 315 | "homepage": "https://github.com/mtdowling" 316 | } 317 | ], 318 | "description": "Declaratively specify how to extract elements from a JSON document", 319 | "keywords": [ 320 | "json", 321 | "jsonpath" 322 | ], 323 | "time": "2016-12-03T22:08:25+00:00" 324 | }, 325 | { 326 | "name": "psr/http-message", 327 | "version": "1.0.1", 328 | "source": { 329 | "type": "git", 330 | "url": "https://github.com/php-fig/http-message.git", 331 | "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363" 332 | }, 333 | "dist": { 334 | "type": "zip", 335 | "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363", 336 | "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363", 337 | "shasum": "" 338 | }, 339 | "require": { 340 | "php": ">=5.3.0" 341 | }, 342 | "type": "library", 343 | "extra": { 344 | "branch-alias": { 345 | "dev-master": "1.0.x-dev" 346 | } 347 | }, 348 | "autoload": { 349 | "psr-4": { 350 | "Psr\\Http\\Message\\": "src/" 351 | } 352 | }, 353 | "notification-url": "https://packagist.org/downloads/", 354 | "license": [ 355 | "MIT" 356 | ], 357 | "authors": [ 358 | { 359 | "name": "PHP-FIG", 360 | "homepage": "http://www.php-fig.org/" 361 | } 362 | ], 363 | "description": "Common interface for HTTP messages", 364 | "homepage": "https://github.com/php-fig/http-message", 365 | "keywords": [ 366 | "http", 367 | "http-message", 368 | "psr", 369 | "psr-7", 370 | "request", 371 | "response" 372 | ], 373 | "time": "2016-08-06T14:39:51+00:00" 374 | } 375 | ], 376 | "packages-dev": [], 377 | "aliases": [], 378 | "minimum-stability": "stable", 379 | "stability-flags": [], 380 | "prefer-stable": false, 381 | "prefer-lowest": false, 382 | "platform": [], 383 | "platform-dev": [] 384 | } 385 | -------------------------------------------------------------------------------- /lib/authorize2.php: -------------------------------------------------------------------------------- 1 | 8 | * @author George Tsatsis 9 | * @copyright 2017-2018 RATELIMITED, LLC 10 | * @license MIT 11 | * @version GIT: 12 | * @link https://ratelimited.me 13 | * @see pg_* 14 | * @since File available since RLAPI 2.0 15 | */ 16 | /* This project requires */ 17 | require '../vendor/autoload.php'; // Composer Autoloader 18 | require '../speechlines.inc.php'; // Speech Lines ($messages for the user) 19 | require '../../../rl1-pgdbcreds.inc.php'; // Database Credentials 20 | 21 | $rlmeInstance = false; 22 | 23 | /** 24 | * Authenticate a user token 25 | * 26 | * @param string $token A service token 27 | * 28 | * @return void 29 | */ 30 | function authenticate($token) 31 | { 32 | require('../../../rl1-pgdbcreds.inc.php'); 33 | /** 34 | * Make allowed variable global 35 | * 36 | * @todo Avoid globals replacing them with something else 37 | */ 38 | global $allowed, $donorLevel, $isAdmin; 39 | 40 | $token = explode(' ', $token); 41 | 42 | /* Prepare PostgreSQL query */ 43 | $tokencomparison = pg_prepare( 44 | $database, 45 | "fetch-token-by-token", 46 | "SELECT * FROM tokens WHERE token = $1" 47 | ); 48 | /* Execute PostgreSQL query */ 49 | $tokencomparisonresult = pg_execute( 50 | $database, "fetch-token-by-token", $token 51 | ); 52 | // The row that pulled from the database 53 | $tokenrow = pg_fetch_object($tokencomparisonresult); 54 | 55 | /** 56 | * Assume tokenrow went all right and begin authenticating 57 | * 58 | * @todo Error handling 59 | */ 60 | if ($tokenrow) { 61 | // User id 62 | $uid = $tokenrow->user_id; 63 | // Query to select user from database 64 | $userGet = "SELECT * FROM users WHERE id = '$uid'"; 65 | // Execute query 66 | $userResult = pg_query($database, $userGet); 67 | // The row containing data 68 | $userRow = pg_fetch_object($userResult); 69 | // Fetch whether the user is valid or not to a variable 70 | $isblocked = $userRow->is_blocked; 71 | /* If we got an allowed user, allowed = true and vice-versa */ 72 | if ($isblocked == 't') { 73 | $allowed = false; 74 | } 75 | if ($isblocked == 'f') { 76 | $allowed = true; 77 | } 78 | /* If is_blocked is null, then allow access*/ 79 | if(is_null($isblocked) or empty($isblocked)) { 80 | $allowed = true; 81 | } 82 | 83 | /* Define $hasPaid and the hasPaid check */ 84 | 85 | if($rlmeInstance = true){ 86 | $migrated = $userRow->migratedtorlauth; 87 | } 88 | 89 | /* Define $donationLevel and the donor levels */ 90 | $donationLevel = $userRow->donationlevel; 91 | if($donationLevel == "free" || $donationLevel == null){ 92 | $donorLevel = "free"; 93 | } 94 | if($donationLevel == "platinum"){ 95 | $donorLevel = "platinum"; 96 | } 97 | if($donationLevel == "gold"){ 98 | $donorLevel = "gold"; 99 | } 100 | 101 | /* Define $isAdmin and add proper checks */ 102 | if($userRow->is_admin == 't'){ 103 | $isAdmin = true; 104 | } 105 | 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /lib/filename.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | -------------------------------------------------------------------------------- /speechlines.inc.php: -------------------------------------------------------------------------------- 1 | 28 | -------------------------------------------------------------------------------- /upload/pomf.php: -------------------------------------------------------------------------------- 1 | 9 | * @author George Tsatsis 10 | * @copyright 2017-2018 RATELIMITED, LLC 11 | * @license MIT 12 | * @version GIT: 13 | * @link https://ratelimited.me 14 | * @see S3Client 15 | * @since File available since RLAPI 2.0 16 | */ 17 | 18 | /** 19 | * Set PHP to report errors (any nature) 20 | * 21 | * @todo Remove when in production to avoid attacks and exploits 22 | */ 23 | /**ini_set('display_errors', 1); 24 | ini_set('display_startup_errors', 1); 25 | error_reporting(E_ALL);*/ 26 | 27 | /* This project requires the following files: */ 28 | require '../vendor/autoload.php'; // Composer Auto-loader 29 | require '../lib/authorize2.php'; // Authorization Library 30 | require '../lib/log-lib.php'; // Logging Library 31 | require '../lib/filename.php'; // Filename-related functions 32 | require '../speechlines.inc.php'; // Speech Lines ($dbConnFailed etc) 33 | require '../../../S3APICredStore/s3Credentials.inc.php'; // S3 API Credentials 34 | require '../../../rl1-pgdbcreds.inc.php'; // Database Credentials 35 | 36 | /* Define Filesizes in bytes for convenience 37 | (Code taken from StackOverflow: https://stackoverflow.com/a/14758827/8156177 */ 38 | define('KB', 1024); 39 | define('MB', 1048576); 40 | define('GB', 1073741824); 41 | define('TB', 1099511627776); 42 | 43 | /* Killswitch Mode / Maintenance Mode */ 44 | $killSwitch = false; 45 | if($killSwitch == true){ 46 | echo json_encode(array('success' => false, 'files' => 'Killswitch Mode Active; Possible maintenance', 'details' => 'Killswitch Mode Active; Possible maintenance')); 47 | die(); 48 | } 49 | 50 | // Pass all the GET parameters to an array 51 | parse_str($_SERVER['QUERY_STRING'], $get_array); 52 | 53 | // Extract the token (?key) to the $token variable 54 | $token = $_GET['key']; 55 | 56 | /* If no token is provided, report to the user and die */ 57 | if (is_null($token) or !isset($token)) { 58 | echo $noToken; 59 | return; 60 | } 61 | 62 | // Initialize AWS credentials with values from the previously required file 63 | $credentials = new Aws\Credentials\Credentials($s3APIKey, $s3APISecret); 64 | 65 | // Authenticate using the provided token 66 | authenticate($token); 67 | 68 | if($allowed === false) { 69 | echo $tokenIsBlocked; 70 | } 71 | 72 | /* If the token is allowed, create s3 client and start processing files */ 73 | if ($allowed === true) { 74 | if($hasPaid === true){ 75 | $s3 = new Aws\S3\S3Client( 76 | [ 77 | 'version' => 'latest', // Latest S3 version 78 | 'region' => 'us-east-1', // The service's region 79 | 'endpoint' => 'http://127.0.0.1:9000', // API to point to 80 | 'credentials' => $credentials, // Credentials (s3Credentials.inc.php) 81 | //'signature' => 'v4', 82 | 'use_path_style_endpoint' => true // Minio Compatible (https://minio.io) 83 | ] 84 | ); 85 | 86 | /* 87 | If $_FILES is empty, then the user has not posted any files. 88 | Die with an error to prevent PHP warnings 89 | */ 90 | if(empty($_FILES)) { 91 | echo "{ 92 | \"success\": false, 93 | \"errorcode\": 405, 94 | \"description\": \"You need to supply files to be upload using HTTP POST (files[])!\" 95 | }"; 96 | return; 97 | } 98 | 99 | /** 100 | * Foreach loop to process files 101 | * 102 | * @todo Better error handling and reporting 103 | */ 104 | foreach ($_FILES['files']['name'] as $files) { 105 | $filesize = implode($_FILES['files']['size']); 106 | if($donorLevel == "free" && $filesize > 104857600){ 107 | echo "{\"success\": false,\"errorcode\": 402,\"description\": \"Sorry, but this file is too big for your donation tier of: Free. Please donate in order to upload bigger files\"}"; 108 | die();} 109 | if($donorLevel == "platinum" && $filesize > 262144000){ 110 | echo "{\"success\": false,\"errorcode\": 402,\"description\": \"Sorry, but this file is too big for your donation tier of: Platinum. Please donate in order to upload bigger files\"}"; 111 | die();} 112 | if($donorLevel == "gold" && $filesize > 524288000){ 113 | echo "{\"success\": false,\"errorcode\": 402,\"description\": \"Sorry, but this file is too big for your donation tier of: Gold. Please donate in order to upload bigger files.\"}"; 114 | die();} 115 | /* 116 | |-------------------------------------------------------| 117 | |Code taken from StackExchange | 118 | |Permalink: https://stackoverflow.com/a/5439548/8156177 | 119 | |-------------------------------------------------------| 120 | */ 121 | 122 | // Get the uploaded file's extension 123 | $extension = pathinfo($files, PATHINFO_EXTENSION); 124 | 125 | $fileName = generateFileName($extension); 126 | 127 | $switch = false; 128 | while($switch === false) { 129 | if(isUnique($fileName)) { 130 | $switch = true; 131 | } else { 132 | $switch = false; 133 | $fileName = generateFileName($extension); 134 | } 135 | } 136 | 137 | /** 138 | * Little hack to convert from array to string by imploding with no 139 | * glue string to avoid "illegal string offset" 140 | * 141 | * @todo Replace by something less "hacky" 142 | */ 143 | $tmpName = implode('', $_FILES['files']['tmp_name']); 144 | 145 | /** 146 | * Move file to a temporary, unaccessible location. 147 | * 148 | * @todo Make the path configurable 149 | */ 150 | move_uploaded_file($tmpName, "/d2/RLTemp/" . $fileName); 151 | 152 | /* Create array with file data */ 153 | $fileNames = array( 154 | 'success' => true, // If the user got here, we had success 155 | 'files' => array( // Add files to an array 156 | array( 157 | // Filename (on the server) 158 | 'url' => $fileName, 159 | // The name of the uploaded file (the user's file name) 160 | 'name' => implode($_FILES['files']['name']), 161 | /* Hashes (md5 and sha1) */ 162 | 'hash_md5' => md5_file('/d2/RLTemp/'.$fileName), 163 | 'hash_sha1' => sha1_file('/d2/RLTemp/'.$fileName) 164 | ) 165 | ) 166 | ); 167 | 168 | /* Create file hashes (md5 and sha1) */ 169 | $md5 = md5_file('/d2/RLTemp/'.$fileName); 170 | $sha1 = sha1_file('/d2/RLTemp/'.$fileName); 171 | 172 | /* Put the file in the Minio/S3 bucket */ 173 | $result = $s3->putObject( 174 | array( 175 | 'Bucket' => 'owoapi', // Bucket name 176 | 'Key' => $fileName, // Key = File name (on the server) 177 | 'SourceFile' => "/d2/RLTemp/" . $fileName, // The file to be put 178 | 'ACL' => 'public-read' // Access Control List set to public read 179 | ) 180 | ); 181 | 182 | // Delete the file from the temporary location 183 | unlink("/d2/RLTemp/" . $fileName); 184 | 185 | // Print the array as JSON for ShareX compatibility 186 | echo json_encode($fileNames); 187 | 188 | // Sanitize original filename 189 | $removeFromStr[] = "'"; 190 | $removeFromStr[] = "="; 191 | $origFileName = str_replace( $removeFromStr, "", implode($_FILES['files']['name']) ); 192 | // Log to database 193 | logtoDB($token,$fileName,$origFileName,time(),$md5,$sha1); 194 | 195 | } 196 | }elseif(isnull($migrated) || $migrated == false){ 197 | $migrationRequired = array( 198 | 'success' => false, 199 | 'errorcode' => 401 200 | 'url' => 'Error: Please migrate to continue.' 201 | 'name' => 'Error: Please migrate to continue.' 202 | ) 203 | echo json_encode($migrationRequired); 204 | } 205 | } 206 | -------------------------------------------------------------------------------- /users/README.md: -------------------------------------------------------------------------------- 1 | # Users Endpoint 2 | 3 | This endpoint will be re-written and finished in RLAPI v2.0 4 | -------------------------------------------------------------------------------- /users/create.php: -------------------------------------------------------------------------------- 1 | 30 | --------------------------------------------------------------------------------