Merge remote-tracking branch 'origin/main' into feature/admin_ui

Author: benbusby

backend/server/auth/handlers.go

@@ -164,7 +164,7 @@ func AccountHandler(w http.ResponseWriter, req *http.Request, id string) {
 			return
 		}
 
-		obscuredEmail, _ := utils.ObscureEmail(user.Email)
+		obscuredEmail, _ := shared.ObscureEmail(user.Email)
 		_ = json.NewEncoder(w).Encode(shared.AccountResponse{
 			Email:            obscuredEmail,
 			PaymentID:        user.PaymentID,

backend/server/html/handlers.go

@@ -12,7 +12,6 @@ import (
 	"yeetfile/backend/server/html/templates"
 	"yeetfile/backend/server/session"
 	"yeetfile/backend/server/upgrades"
-	"yeetfile/backend/utils"
 	"yeetfile/shared"
 	"yeetfile/shared/endpoints"
 )
@@ -199,7 +198,7 @@ func AccountPageHandler(w http.ResponseWriter, req *http.Request, userID string)
 
 	successMsg, errorMsg := generateAccountMessages(req)
 	hasHint := user.PasswordHint != nil && len(user.PasswordHint) > 0
-	obscuredEmail, _ := utils.ObscureEmail(user.Email)
+	obscuredEmail, _ := shared.ObscureEmail(user.Email)
 	isPrevUpgraded := user.UpgradeExp.Year() >= 2024
 
 	isAdmin := auth.IsInstanceAdmin(userID)

backend/server/transfer/upload.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"github.com/benbusby/b2"
 	"log"
+	"net/url"
 	db "yeetfile/backend/db"
 	"yeetfile/backend/service"
 	"yeetfile/backend/utils"
@@ -155,12 +156,22 @@ func InitLargeB2Upload(filename string, upload db.B2Upload) error {
 		return err
 	}
 
+	isDummy := info.Dummy
+	if !isDummy {
+		// Ensure that the dummy option is enabled if the request URI
+		// is not actually valid
+		_, err = url.ParseRequestURI(upload.UploadURL)
+		if err != nil {
+			isDummy = true
+		}
+	}
+
 	return db.UpdateUploadValues(
 		upload.MetadataID,
 		info.UploadURL,
 		info.AuthorizationToken,
 		info.FileID, // Multi-chunk files use the file ID for uploading
-		info.Dummy)
+		isDummy)
 }
 
 func ResetLargeUpload(b2FileID string, metadataID string) (b2.FilePartInfo, error) {

backend/utils/misc.go

@@ -4,7 +4,6 @@ import (
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"log"
@@ -238,36 +237,6 @@ func ParseSizeString(str string) int64 {
 	return 0
 }
 
-// ObscureEmail takes an email and strips out the majority of the address and
-// domain, adding "***" as an indicator of the obfuscation for both.
-func ObscureEmail(email string) (string, error) {
-	segments := strings.Split(email, "@")
-	if len(segments) != 2 {
-		return "", errors.New("invalid email")
-	}
-
-	address := segments[0]
-	domain := segments[1]
-
-	var hiddenEmail string
-	if len(address) > 1 {
-		hiddenEmail = fmt.Sprintf(
-			"%c%c***%c@%c***.com",
-			address[0],
-			address[1],
-			address[len(address)-1],
-			domain[0])
-	} else {
-		hiddenEmail = fmt.Sprintf(
-			"%c***%c@%c***.com",
-			address[0],
-			address[len(address)-1],
-			domain[0])
-	}
-
-	return hiddenEmail, nil
-}
-
 // LimitedChunkReader reads the request body, limited to max chunk size + encryption
 // overhead + 1024 bytes. This is big enough for all data-containing requests
 // made to the YeetFile API.

cli/commands/auth/login/login.go

@@ -1,6 +1,7 @@
 package login
 
 import (
+	"strings"
 	"yeetfile/cli/crypto"
 	"yeetfile/cli/globals"
 	"yeetfile/cli/utils"
@@ -11,6 +12,9 @@ import (
 // generate the login key hash, and stores the user's key pair in their config
 // directory
 func LogIn(identifier, password, code string, sessionKey, vaultKey []byte) error {
+	identifier = strings.TrimSpace(identifier)
+	password = strings.TrimSpace(password)
+
 	userKey, loginKeyHash := crypto.GenerateUserKeys(identifier, password)
 
 	login := shared.Login{

cross_compile.sh

@@ -67,10 +67,12 @@ do
             arch_name="arm32"
         fi
 
-        tar_name="${output_name}_${GOOS}_${arch_name}_${VER}.tar.gz"
+        compressed_name="${output_name}_${GOOS}_${arch_name}_${VER}.tar.gz"
         if [ $GOOS = "darwin" ]; then
             os_name="macOS"
-            tar_name="${output_name}_macos_${arch_name}_${VER}.tar.gz"
+            compressed_name="${output_name}_macos_${arch_name}_${VER}.tar.gz"
+        elif [ $GOOS = "windows" ]; then
+            compressed_name="${output_name}_windows_${arch_name}_${VER}.zip"
         fi
 
         if [ $GOOS = "windows" ]; then
@@ -85,10 +87,14 @@ do
             exit 1
         fi
 
-        tar -czvf out/$tar_name $output_name
+        if [ $GOOS = "windows" ]; then
+            zip -j out/$compressed_name $output_name
+        else
+            tar -czvf out/$compressed_name $output_name
+        fi
         rm -f $output_name
 
-        full_link="$RELEASE_NOTES_LINK/$tar_name"
+        full_link="$RELEASE_NOTES_LINK/$compressed_name"
 
         printf -- "- $os_name (\`$arch_name\`): [$tar_name]($full_link)\n" >> $RELEASE_NOTES_FILE
     done

shared/utils.go

@@ -2,6 +2,7 @@ package shared
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"math"
 	"math/rand"
@@ -184,3 +185,38 @@ func ArrayContains(items []string, target string) bool {
 	}
 	return false
 }
+
+// ObscureEmail takes an email and strips out the majority of the address and
+// domain, adding "***" as an indicator of the obfuscation for both.
+func ObscureEmail(email string) (string, error) {
+	segments := strings.Split(email, "@")
+	if len(segments) != 2 {
+		return "", errors.New("invalid email")
+	}
+
+	address := segments[0]
+	domain := segments[1]
+
+	segments = strings.Split(email, ".")
+	ext := segments[len(segments)-1]
+
+	var hiddenEmail string
+	if len(address) > 1 {
+		hiddenEmail = fmt.Sprintf(
+			"%c%c***%c@%c***.%s",
+			address[0],
+			address[1],
+			address[len(address)-1],
+			domain[0],
+			ext)
+	} else {
+		hiddenEmail = fmt.Sprintf(
+			"%c***%c@%c***.%s",
+			address[0],
+			address[len(address)-1],
+			domain[0],
+			ext)
+	}
+
+	return hiddenEmail, nil
+}