James/purr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't allow configuration of dbFile path or name; use the DATADIR and a hardcoded path

Browse Source
This commit is contained in:
James Eversole 2024-02-17 08:41:39 -06:00
parent f065300113
commit 0e8144b82c
6 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/.env.example
View File

@ -2,6 +2,5 @@ ENVIRONMENT="production"
APPLICATIONHOST="localhost" APPLICATIONHOST="localhost"
APPLICATIONPORT="3000" APPLICATIONPORT="3000"
DATADIR="./" DATADIR="./"
DBFILE="data/Purr.sqlite"
LINKLENGTH="24" LINKLENGTH="24"
ADMINEMAIL="admin@purr.example.com" ADMINEMAIL="admin@purr.example.com"

4
src/Core/Configuration.hs
View File

@ -33,8 +33,8 @@ appPort = getEnv "APPLICATIONPORT"
dataPath :: IO String dataPath :: IO String
dataPath = getEnv "DATADIR" dataPath = getEnv "DATADIR"
dbPath :: IO String dbPath :: String
dbPath = getEnv "DBFILE" dbPath = "data/Purr.sqlite"
confLinkLength :: IO String confLinkLength :: IO String
confLinkLength = getEnv "LINKLENGTH" confLinkLength = getEnv "LINKLENGTH"

2
src/Core/HTTP.hs
View File

@ -1,6 +1,6 @@
module Core.HTTP ( app ) where module Core.HTTP ( app ) where
import Core.Configuration (dbPath, adminEmail, confLinkLength) import Core.Configuration (adminEmail, confLinkLength)
import Core.Types import Core.Types
import Core.Templates (renderIndex, renderStyle) import Core.Templates (renderIndex, renderStyle)

3
src/Core/SQLite.hs
View File

@ -11,8 +11,7 @@ import qualified Data.Text as T
main :: IO () main :: IO ()
main = do main = do
db <- dbPath conn <- open dbPath
conn <- open db
execute_ conn execute_ conn
"CREATE TABLE IF NOT EXISTS pws\ "CREATE TABLE IF NOT EXISTS pws\
\ (link TEXT PRIMARY KEY,\ \ (link TEXT PRIMARY KEY,\

2
src/Feature/Sharing/HTTP.hs
View File

@ -1,6 +1,6 @@
module Feature.Sharing.HTTP ( routes ) where module Feature.Sharing.HTTP ( routes ) where
import Core.Configuration (dbPath, adminEmail, confLinkLength) import Core.Configuration (adminEmail, confLinkLength)
import Core.Templates (renderIndex) import Core.Templates (renderIndex)
import Core.Types import Core.Types

23
src/Feature/Sharing/SQLite.hs
View File

@ -22,19 +22,17 @@ import qualified Data.Text.Lazy as LT
findByLink :: String -> PurrAction (Maybe T.Text) findByLink :: String -> PurrAction (Maybe T.Text)
findByLink link = do findByLink link = do
db <- liftIO dbPath
key <- liftIO encKey key <- liftIO encKey
conn <- liftIO $ open db conn <- liftIO $ open dbPath
res <- liftIO $ query conn "SELECT * from pws WHERE link = ?" (Only (last $ splitOn "/" link)) res <- liftIO $ query conn "SELECT * from pws WHERE link = ?" (Only (last $ splitOn "/" link))
liftIO $ close conn liftIO $ close conn
readEncryptedSecret key res readEncryptedSecret key res
readEncryptedSecret :: B.ByteString -> [SecretEntry] -> PurrAction (Maybe T.Text) readEncryptedSecret :: B.ByteString -> [SecretEntry] -> PurrAction (Maybe T.Text)
readEncryptedSecret key secret = do readEncryptedSecret key secret = do
db <- liftIO dbPath
let secNonce = nonce $ safeHead failedSecret secret let secNonce = nonce $ safeHead failedSecret secret
liftIO $ incViews secret db liftIO $ incViews secret dbPath
delete <- liftIO $ deleteExpiredSecret secret db delete <- liftIO $ deleteExpiredSecret secret dbPath
case secret of case secret of
[] -> return Nothing [] -> return Nothing
(x:_) -> if (delete) (x:_) -> if (delete)
@ -43,8 +41,8 @@ readEncryptedSecret key secret = do
where where
incViews :: [SecretEntry] -> String -> IO () incViews :: [SecretEntry] -> String -> IO ()
incViews [] _ = return () incViews [] _ = return ()
incViews (secret : _) db = do incViews (secret : _) dbPath = do
conn <- open db conn <- open dbPath
execute conn execute conn
"UPDATE pws SET views = views + 1 WHERE link = ?" (Only (link secret)) "UPDATE pws SET views = views + 1 WHERE link = ?" (Only (link secret))
close conn close conn
@ -53,15 +51,15 @@ readEncryptedSecret key secret = do
-- provide the successfully retrieved secret to the requestor. -- provide the successfully retrieved secret to the requestor.
deleteExpiredSecret :: [SecretEntry] -> String -> IO Bool deleteExpiredSecret :: [SecretEntry] -> String -> IO Bool
deleteExpiredSecret [] _ = return False deleteExpiredSecret [] _ = return False
deleteExpiredSecret (sec : _) db = do deleteExpiredSecret (sec : _) dbPath = do
time <- epochTime time <- epochTime
if ((date sec) + ((life sec) * 86400) < time) || (views sec >= maxViews sec) if ((date sec) + ((life sec) * 86400) < time) || (views sec >= maxViews sec)
then deleteSec sec db then deleteSec sec dbPath
else return False else return False
where where
deleteSec :: SecretEntry -> String -> IO Bool deleteSec :: SecretEntry -> String -> IO Bool
deleteSec sec db = do deleteSec sec dbPath = do
conn <- open db conn <- open dbPath
execute conn execute conn
"DELETE FROM pws WHERE link = ?" (Only (link sec)) "DELETE FROM pws WHERE link = ?" (Only (link sec))
close conn close conn
@ -69,11 +67,10 @@ deleteExpiredSecret (sec : _) db = do
insertNewSecret :: T.Text -> Integer -> T.Text -> Integer -> PurrAction () insertNewSecret :: T.Text -> Integer -> T.Text -> Integer -> PurrAction ()
insertNewSecret sec life link maxViews = do insertNewSecret sec life link maxViews = do
db <- liftIO dbPath
key <- liftIO encKey key <- liftIO encKey
nonce <- liftIO Box.newNonce nonce <- liftIO Box.newNonce
let encSec = encryptSecret key sec nonce let encSec = encryptSecret key sec nonce
conn <- liftIO $ open db conn <- liftIO $ open dbPath
time <- liftIO epochTime time <- liftIO epochTime
liftIO $ execute conn liftIO $ execute conn
"INSERT INTO pws (link, secret, nonce, date, life, views, maxViews) VALUES (?, ?, ?, ?, ?, ?, ?)" "INSERT INTO pws (link, secret, nonce, date, life, views, maxViews) VALUES (?, ?, ?, ?, ?, ?, ?)"