thuja

thuja.go (15849B)

---

 // Copyright 2022 kqueue <kqueue@cocaine.ninja>
 
 // Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
 
 // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING
 // ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 package main
 
 import (
 	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
 	"github.com/CAFxX/httpcompression"
 	"github.com/CAFxX/httpcompression/contrib/klauspost/gzip"
 	"github.com/CAFxX/httpcompression/contrib/klauspost/zstd"
 	"kqueue.dev/thuja/go-nude"
 	"github.com/didip/tollbooth/v7"
 	"github.com/nfnt/resize"
 	bolt "go.etcd.io/bbolt"
 	"image"
 	"image/jpeg"
 	_ "image/png"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"runtime"
 	"strconv"
 	"strings"
 	"unicode/utf8"
 )
 
 var (
 	staticdir   *string
 	dbpath      *string
 	nsfwallowed *bool
 	port        *string
 	domain      *string
 )
 
 const (
 	htmlTagStart = 60 // Unicode `<`
 	htmlTagEnd   = 62 // Unicode `>`
 )
 
 // Aggressively strips HTML tags from a string.
 // It will only keep anything between `>` and `<`.
 func stripHtmlTags(s string) string {
 	// Setup a string builder and allocate enough memory for the new string.
 	var builder strings.Builder
 	builder.Grow(len(s) + utf8.UTFMax)
 
 	in := false // True if we are inside an HTML tag.
 	start := 0  // The index of the previous start tag character `<`
 	end := 0    // The index of the previous end tag character `>`
 
 	for i, c := range s {
 		// If this is the last character and we are not in an HTML tag, save it.
 		if (i+1) == len(s) && end >= start {
 			builder.WriteString(s[end:])
 		}
 
 		// Keep going if the character is not `<` or `>`
 		if c != htmlTagStart && c != htmlTagEnd {
 			continue
 		}
 
 		if c == htmlTagStart {
 			// Only update the start if we are not in a tag.
 			// This make sure we strip out `<<br>` not just `<br>`
 			if !in {
 				start = i
 			}
 			in = true
 
 			// Write the valid string between the close and start of the two tags.
 			builder.WriteString(s[end:start])
 			continue
 		}
 		// else c == htmlTagEnd
 		in = false
 		end = i + 1
 	}
 	s = builder.String()
 	return s
 }
 
 // defines json format for all posts made
 type postform struct {
 	Title       string   `json:"title"`
 	Text        string   `json:"text"`
 	Id          int      `json:"id"`
 	Commentsnum int      `json:"commentsnum"`
 	Comments    []string `json:"comments"`
 	Ip          string   `json:"ip"`
 }
 
 // function that overwrites keys in the bolt database
 func databaseoverwrite(key string, value string, bucket string) error {
 	db, err := bolt.Open(*dbpath, 0600, nil)
 	if err != nil {
 		return err
 	}
 	defer db.Close()
 	tx, err := db.Begin(true)
 	if err != nil {
 		return err
 	}
 	defer tx.Rollback()
 	_, err = tx.CreateBucketIfNotExists([]byte(bucket))
 	if err != nil {
 		return err
 	}
 	b := tx.Bucket([]byte(bucket))
 	err = b.Delete([]byte(key))
 	if err != nil {
 		return err
 	}
 	err = b.Put([]byte(key), []byte(value))
 	if err != nil {
 		return err
 	}
 	if err := tx.Commit(); err != nil {
 		return err
 	}
 	return nil
 }
 
 // function that puts keys into the bolt database
 func databaseput(key string, value string, bucket string) error {
 	db, err := bolt.Open(*dbpath, 0600, nil)
 	if err != nil {
 		return err
 	}
 	defer db.Close()
 	tx, err := db.Begin(true)
 	if err != nil {
 		return err
 	}
 	defer tx.Rollback()
 	_, err = tx.CreateBucketIfNotExists([]byte(bucket))
 	if err != nil {
 		return err
 	}
 	b := tx.Bucket([]byte(bucket))
 	err = b.Put([]byte(key), []byte(value))
 	if err != nil {
 		return err
 	}
 	if err := tx.Commit(); err != nil {
 		return err
 	}
 	return nil
 }
 func CreateBucketsIfNotExists(buckets []string, bucketnum int) error {
 	db, err := bolt.Open(*dbpath, 0600, nil)
 	if err != nil {
 		return err
 	}
 	defer db.Close()
 	tx, err := db.Begin(true)
 	if err != nil {
 		return err
 	}
 	defer tx.Rollback()
 	for i := 0; i < bucketnum; i++ {
 		_, err = tx.CreateBucketIfNotExists([]byte(buckets[i]))
 		if err != nil {
 			return err
 		}
 	}
 	if err := tx.Commit(); err != nil {
 		return err
 	}
 	return nil
 }
 
 // gets keys out the bolt database
 func databaseget(key string, bucket string) (string, error) {
 	db, err := bolt.Open(*dbpath, 0600, nil)
 	errmsg := "something fucked up"
 	if err != nil {
 		return errmsg, err
 	}
 	defer db.Close()
 	tx, err := db.Begin(true)
 	if err != nil {
 		return errmsg, err
 	}
 	defer tx.Rollback()
 	//	_, err = tx.CreateBucketIfNotExists([]byte(bucket))
 	//	if err != nil {
 	//		return errmsg, err
 	//	}
 	b := tx.Bucket([]byte(bucket))
 	v := b.Get([]byte(key))
 	if v == nil {
 		return "empty key", nil
 	}
 	return string(v), nil
 }
 
 // function that allows thuja to handle multiple posts at once
 func multiposts(overwrite bool, board string) int {
 	postnum, err := databaseget("postnum", board)
 	if postnum == "empty key" && overwrite == false {
 		databaseput("postnum", "0", board)
 		postnum = "0"
 		return 0
 	}
 	if postnum == "empty key" && overwrite == true {
 		databaseput("postnum", "1", board)
 		postnum = "1"
 		return 1
 	}
 
 	if err != nil {
 		log.Fatal(err)
 		return -1
 	}
 	i, _ := strconv.Atoi(postnum)
 	if !overwrite {
 		return i
 	} else {
 		i++
 		databaseoverwrite("postnum", strconv.Itoa(i), board)
 		return i
 	}
 }
 
 // the main function, just runs the http handler functions
 func main() {
 	runtime.GOMAXPROCS(runtime.NumCPU() - 1)
 	staticdir = flag.String("staticdir", "/var/thuja/public", "the directory where index.html and image files are stored, must be readable and writable by thuja")
 	port = flag.String("port", ":8080", "the port thuja listens on")
 	dbpath = flag.String("db", "/var/thuja/thuja.db", "where thuja's bolt database is stored, must be readable and writable by thuja")
 	domain = flag.String("domain", "http://127.0.0.1", " by thuja")
 	nsfwallowed = flag.Bool("nsfw", false, "is nsfw content allowed or not?")
 	flag.Parse()
 	boards := []string{"Technology", "Christianity", "Weightlifting", "General"}
 	CreateBucketsIfNotExists(boards, 4)
 	postlmt := tollbooth.NewLimiter(1.0/55, nil)
 	postlmt.SetIPLookups([]string{"X-Forwarded-For"})
 	postlmt.SetMessage("You're posting too quickly, wait a bit")
 	postlmt.SetMessageContentType("text/plain; charset=utf-8")
 	getlmt := tollbooth.NewLimiter(2, nil)
 	getlmt.SetMessage("rate limit")
 	getlmt.SetMessageContentType("text/plain; charset=utf-8")
 	postlmt.SetIPLookups([]string{"X-Forwarded-For"})
 	// Set gzip compression settings
 	pgz, err := gzip.New(gzip.Options{Level: 6})
 	if err != nil {
 		log.Fatal(err)
 	}
 	zstdenc, err := zstd.New()
 	// set zstd commpression settings
 	compress, err := httpcompression.Adapter(
 		httpcompression.Compressor("zstd", 0, zstdenc),
 		httpcompression.Compressor("gzip", 1, pgz),
 	)
 	http.Handle("/post", tollbooth.LimitFuncHandler(postlmt, posthandler))
 	http.Handle("/comment", tollbooth.LimitFuncHandler(postlmt, commenthandler))
 	http.Handle("/get", compress(tollbooth.LimitFuncHandler(getlmt, gethandler)))
 	fs := http.FileServer(http.Dir(*staticdir))
 	http.Handle("/", compress(tollbooth.LimitHandler(getlmt, fs)))
 	http.ListenAndServe(*port, nil)
 }
 
 // self explanatory
 func commenthandler(w http.ResponseWriter, r *http.Request) {
 	id := r.FormValue("id")
 	text := r.FormValue("text")
 	if utf8.RuneCountInString(text) > 800 {
 		fmt.Fprintf(w, "text is too long, comment must be less than 800 characters")
 		return
 	}
 	board := r.FormValue("board")
 	post, _ := databaseget(id, board)
 	if post == "empty key" {
 		fmt.Fprintf(w, "id not found")
 		return
 	}
 	var jsonpost postform
 	var jsonfr []byte
 	json.Unmarshal([]byte(post), &jsonpost)
 	strippedtext := stripHtmlTags(text)
 	if jsonpost.Commentsnum == 0 {
 		jsonpost.Comments = []string{strippedtext}
 		jsonpost.Commentsnum = 1
 		jsonfr, _ = json.Marshal(jsonpost)
 	} else {
 		jsonpost.Commentsnum++
 		jsonpost.Comments = append(jsonpost.Comments, strippedtext)
 		jsonfr, _ = json.Marshal(jsonpost)
 	}
 	err := databaseoverwrite(id, string(jsonfr), board)
 	if err != nil {
 		log.Println(err)
 		fmt.Fprintf(w, "shit fucked up")
 		return
 	}
 	var url string
 	if *domain == "http://127.0.0.1" {
 		url = *domain + *port
 	} else {
 		url = *domain
 	}
 	url = fmt.Sprintf("%s/get?board=%s&id=%s", url, board, id)
 	http.Redirect(w, r, url, http.StatusFound)
 }
 
 // self explanatory
 func posthandler(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseMultipartForm(2 << 20)
 	if err != nil {
 		fmt.Fprintf(w, "shit fucked up, likely a too large post request")
 		log.Println(err)
 		return
 	}
 	title := r.FormValue("title")
 	text := r.FormValue("text")
 	board := r.FormValue("board")
 	if board == "" {
 		fmt.Fprintf(w, "must specify board")
 		return
 	}
 	if utf8.RuneCountInString(title) > 55 {
 		fmt.Fprintf(w, "title is too long, titles must be less than 55 characters")
 		return
 	}
 	if utf8.RuneCountInString(text) > 4000 {
 		fmt.Fprintf(w, "text is too long, post must be less than 4000 characters")
 		return
 	}
 
 	img, _, err := r.FormFile("image")
 	var nofile bool
 	switch err {
 	case nil:
 		nofile = false
 	case http.ErrMissingFile:
 		nofile = true
 	default:
 		log.Println(err)
 		nofile = true
 	}
 	if nofile == false {
 		buff := make([]byte, 512)
 		_, err = img.Read(buff)
 		if err != nil {
 			log.Println(err)
 			fmt.Fprintf(w, "shit fucked up")
 			return
 		}
 		filetype := http.DetectContentType(buff)
 		switch filetype {
 		case "image/png":
 			// do nothing
 		case "image/jpeg":
 			// do nothing
 		default:
 			fmt.Fprintf(w, "use a different filetype, supported filetypes are png and jpeg")
 			return
 		}
 		_, err := img.Seek(0, io.SeekStart)
 		if err != nil {
 			log.Println(err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 	}
 	shit := multiposts(true, board)
 	if shit == -1 {
 		fmt.Fprintf(w, "shit fucked up")
 		return
 	}
 	var filepath string
 	if nofile == false {
 
 		realimg, _, err := image.Decode(img)
 		if err != nil {
 			log.Println(err)
 			fmt.Fprintf(w, "shit fucked up")
 			return
 		}
 		if *nsfwallowed == false {
 			isNSFW, err := nude.IsNude(realimg)
 			if err != nil {
 				log.Println(err)
 				fmt.Fprintf(w, "shit fucked up")
 				return
 			}
 			if isNSFW == true {
 				shit--
 				databaseoverwrite("postnum", strconv.Itoa(shit), board)
 				fmt.Fprintf(w, "the image you posted was detected as NSFW, try a different image or try posting without an image")
 				return
 			}
 		}
 		filepath = fmt.Sprintf("%s/%s-%d.jpg", *staticdir, board, shit)
 		dst, err := os.Create(filepath)
 		if err != nil {
 			fmt.Fprintf(w, "shit fucked up")
 			log.Println(err)
 		}
 		resized := resize.Resize(400, 0, realimg, resize.Lanczos3)
 		options := jpeg.Options{80}
 		jpeg.Encode(dst, resized, &options)
 		if err != nil {
 			log.Println(err)
 			fmt.Fprintf(w, "shit fucked up")
 			return
 		}
 	} else {
 		filepath = "nil"
 	}
 	Ip := r.Header.Get("X-Forwarded-For")
 	comments := []string{}
 	post := postform{stripHtmlTags(title), stripHtmlTags(text), shit, 0, comments, Ip}
 	jsonpost, err := json.Marshal(post)
 	if err != nil {
 		log.Println(err)
 		fmt.Fprintf(w, "shit fucked up")
 		return
 	}
 	err = databaseput(strconv.Itoa(shit), string(jsonpost), board)
 	if err != nil {
 		log.Println(err)
 		fmt.Fprintf(w, "shit fucked up")
 		return
 	} else {
 		var url string
 		if *domain == "http://127.0.0.1" {
 			url = *domain + *port
 		} else {
 			url = *domain
 		}
 		url = fmt.Sprintf("%s/get?board=%s", url, board)
 		http.Redirect(w, r, url, http.StatusFound)
 	}
 }
 func gethandler(w http.ResponseWriter, r *http.Request) {
 	id := r.FormValue("id")
 	board := r.FormValue("board")
 	if board == "" {
 		fmt.Fprintf(w, "must specify board")
 		return
 	}
 	var url string
 	if *domain == "http://127.0.0.1" {
 		url = *domain + *port
 	} else {
 		url = *domain
 	}
 
 	if id != "" {
 		text, err := databaseget(id, board)
 		if err != nil {
 			log.Println(err)
 			fmt.Fprintf(w, "shit fucked up")
 			return
 		}
 		if text == "NULL" {
 			fmt.Fprintf(w, "post was deleted")
 			return
 		}
 		var testicle postform
 		json.Unmarshal([]byte(text), &testicle)
 		var comments string
 		if testicle.Commentsnum == 0 {
 			comments = "\nnone yet"
 		} else {
 			for a := 0; a < testicle.Commentsnum; a++ {
 				comments = fmt.Sprintf("%s\n<p>%s</p>", comments, testicle.Comments[a])
 			}
 		}
 		// check if file exists
 		// include image file if it does exist
 		var image2 string
 		imagepath := fmt.Sprintf("%s/%s-%d.jpg", *staticdir, board, testicle.Id)
 		if _, err := os.Stat(imagepath); errors.Is(err, os.ErrNotExist) {
 			image2 = "\n"
 		} else {
 			image2 = fmt.Sprintf("<img src=\"%s/%s-%d.jpg\">\n", url, board, testicle.Id)
 		}
 		result := fmt.Sprintf("<!DOCTYPE HTML>\n<html>\n<head>\n<title>%s</title>\n<link rel=\"stylesheet\" href=\"https://kqueue.dev/style.css\" type=\"text/css\" title=\"default\"\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n</head>\n<body>\n<header>\n<article>\n<h1>%s</h1>\n<p>%s</p>\n%s<h3>Comments:</h3>\n<p%s</p>\n<h4>Submit a comment:</h4><form action=\"/comment?board=%s&id=%d\" method=\"post\" enctype=\"multipart/form-data\">\n <label for=\"text\">Text:</label>\n  <input type=\"text\" id=\"text\" name=\"text\"><br><br>\n   <input type=\"submit\" value=\"Submit\">\n</article>", testicle.Title, testicle.Title, testicle.Text, image2, comments, board, testicle.Id)
 		fmt.Fprintf(w, result)
 		return
 	} else {
 		shit := multiposts(false, board)
 		if shit == -1 {
 			fmt.Fprintf(w, "shit fucked up")
 			return
 		}
 		if shit == 0 {
 			fmt.Fprintf(w, "<!DOCTYPE HTML>\n<html>\n<head>\n<title>posts on %s</title>\n<link rel=\"stylesheet\" href=\"https://kqueue.dev/style.css\" type=\"text/css\" title=\"default\"\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n</head>\n<body>\n<header>\n<article><form action=\"/post?board=%s\" method=\"post\" enctype=\"multipart/form-data\">\n  <label for=\"title\">Title:</label>\n  <input type=\"text\" id=\"title\" name=\"title\"><br><br>\n  <label for=\"text\">Text:</label>\n  <input type=\"text\" id=\"text\" name=\"text\"><br><br>\n<label for=\"image\">Image:</label>\n  <input type=\"file\" id=\"image\" name=\"image\" accept = \"image/*\"><br><br>\n   <input type=\"submit\" value=\"Submit\"></article>", board, board)
 			return
 		}
 		postnum := shit
 		var result string
 		result = fmt.Sprintf("<!DOCTYPE HTML>\n<html>\n<head>\n<title>posts on %s</title>\n<link rel=\"stylesheet\" href=\"https://kqueue.dev/style.css\" type=\"text/css\" title=\"default\"\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n</head>\n<body>\n<header>\n<article><h1>Submit your own post</h1><form action=\"/post?board=%s\" method=\"post\" enctype=\"multipart/form-data\">\n  <label for=\"title\">Title:</label>\n  <input type=\"text\" id=\"title\" name=\"title\"><br><br>\n  <label for=\"text\">Text:</label>\n  <input type=\"text\" id=\"text\" name=\"text\"><br><br>\n<label for=\"image\">Image:</label>\n  <input type=\"file\" id=\"image\" name=\"image\" accept = \"image/*\"><br><br>\n   <input type=\"submit\" value=\"Submit\">\n<h1>Posts:</h1>\n", board, board)
 		for postnum != 0 {
 			text, err := databaseget(strconv.Itoa(postnum), board)
 			if err != nil {
 				log.Println(err)
 				fmt.Fprintf(w, "shit fucked up")
 				return
 			}
 			// NULL means the post was deleted
 			if text == "NULL" {
 				//do nothing
 			} else {
 				var testicle postform
 				json.Unmarshal([]byte(text), &testicle)
 				result = fmt.Sprintf("%s<a href=\"%s/get?id=%d&board=%s\">%s</a></p>\n", result, url, postnum, board, testicle.Title)
 			}
 			postnum--
 		}
 		fmt.Fprintf(w, "%s\n</article>", result)
 	}
 }