summaryrefslogtreecommitdiffstats
path: root/run-gomf.bash
blob: 2e2c0efb6c213e3426973160d67a44d470a0fc96 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
#!/bin/bash

# This software is released into public domain.
# It is provided "as is", without warranties or conditions of any kind.
# Anyone is free to modify, redistribute and do anything with this software.

# Simple startup/configuration script for Gomf
# Leave options blank ("OPTION=", "OPTION=''") or comment them out to use Gomf
# defaults (see `gomf --help`)

set -e

###############################################################################


# The Gomf binary
#GOMF_BIN=gomf

# Root folder for Gomf containing gomf-web files
#
# All paths in other options are relative to this.
# Defaults to current directory if not set.
#GOMF_ROOT=~/www/gomf-web

# The website name, appearing on web pages
#NAME='Gomf'

# The hostname to serve uploaded files on
#
# By default, any connection can serve files on path /u/$file, but, if enabled,
# this host will serve them directly on /$file.
#UPLOAD_HOST=u.example.com

# The URL to serve uploaded files on
#
# Generated URLs will be $UPLOAD_URL/$file.$ext.
# If not specified, it is generated depending on which variables are set:
# - $UPLOAD_HOST and $LISTEN_HTTPS: https://$UPLOAD_HOST/
# - $UPLOAD_HOST and $LISTEN_HTTP: http://$UPLOAD_HOST/
# - $LISTEN_HTTPS: https://$LISTEN_HTTPS/u/
# - $LISTEN_HTTP: http://$LISTEN_HTTP/u/
#UPLOAD_URL=https://u.example.com/

# The contact email address, appearing on web pages
#CONTACT_EMAIL=contact@example.com

# The abuse contact email address, appearing on web pages
#ABUSE_EMAIL=abuse@example.com

# The host to listen on for HTTP and/or HTTPS
#
# Use 'localhost' if using local reverse proxy, 0.0.0.0 to listen to any host
# or a specific hostname to only allow connections to that address.
#LISTEN_HOST=0.0.0.0

# The port to listen on for HTTP
#
# 80 for a standard HTTP server, probably a higher port (e.g. 9000) if
# reverse-proxied.
#HTTP_PORT=80

# The port to listen on for HTTPS
#
# 443 for a standard HTTPS server. Requires TLS_CERT and TLS_KEY
#HTTPS_PORT=443

# SSL certificate for HTTPS
#TLS_CERT=cert.pem

# SSL certificate key for HTTPS
#TLS_KEY=key.pem

# Redirect traffic accepted with the HTTP handler to HTTOS
#
# Uses the same host, path and query as the incomming request, just rewrites
# the scheme to https://.
# Only works when serving directly. If a reverse proxy is used, it should be
# also used to set up this redirect instead.
#REDIRECT_HTTPS=0

# Adds the HSTS header to responses
#HSTS=0

# Sets the Content-Security-Policy header
#
# Useful for disallowing script execution in XML-based formats (e.g. SVG).
# Gomf default is "default-src 'none'; media-src 'self'", which blocks all
# scripts but allows inline video playback. 
# Set to "0" to disable the CSP header.
#CSP="default-src 'none'; media-src 'self'"

# Allows serving HTML/XHTML files with their actual MIME types
#
# If disabled, text/html and application/xhtml+xml will be served as types
# text/plain to prevent rendering thme in browser and to keep services such as
# CloudFlare from modifying them to insert its tracking JavaScript.
#ALLOW_HTML=0

# Sets Access-Control-Allow-Origin header to "*"
#
# This enables CORS and allows other sites' JavaScript applications to upload
# files using XMLHttpRequest.
#CORS=1

# Enables grills
#
# With this enabled, the path /grill.php will serve a redirect to a random file
# from the static/grill/ directory. This is used as a background-image in the
# bottom right corner in the default gomf-web style.
#GRILL=1

# The charset used to generate file IDs
#
# Should only contain URL-safe characters. Must not contain / and _.
#ID_CHARSET='abcdefghijklmnopqrstuvwxyz'

# The length of generated file IDs
#ID_LENGTH=6

# Maximum allowed size in MiB
#
# When blank/commented, no maximum upload size is enforced.
#MAX_SIZE_MIB=50

# Enable whitelist mode instead of blacklist for filters
#
# When enabled, only the file extensions/types specified in filters are allowed
# and all others are blocked. When disabled, the extensions/types in filters
# are blocked and all others are allowed.
#WHITELIST=0

# The file extensions (without leading dot) to filter
#
# Set to an empty array to disable.
#FILTER_EXT=(exe dll msi scr com pif)

# The file MIME types to filter
#
# Set to an empty array to disable.
#FILTER_MIME=(
#	application/x-dosexec
#	application/x-msdos-program
#)

# Enable logging
#
# When set to 1, all uploads are logged to $GOMF_ROOT/log/.
#LOG=0

# Enable logging of IP addresses
#LOG_IP=0

# Enable logging of hashed IP addresses
#LOG_IP_HASH=0

# Enable logging of User-Agent headers
#LOG_UA=0

# Enable logging of hashed User-Agent headers
#LOG_UA_HASH=0

# Enable logging of Referer headers
#LOG_REFERER=0

# Enable logging of hashed Referer headers
#LOG_REFERER_HASH=0

# Salt for hashed log entries
#
# Used to obfuscate entries when LOG_*_HASH option is enabled for privacy.
#LOG_HASH_SALT='put some unique string here'

# Count of trusted reverse proxies
#
# Used to determine which, if any, X-Forwarded-For or X-Real-IP to trust when
# logging or hashing the uploaders' IP addresses
#PROXY_COUNT=0

###############################################################################

flags=()
[ -n "$GOMF_ROOT" ] && cd "$GOMF_ROOT"
[ -n "$NAME" ] && flags+=(--name "$NAME")
[ -n "$UPLOAD_HOST" ] && flags+=(--upload-host "$UPLOAD_HOST")
[ -n "$UPLOAD_URL" ] && flags+=(--upload-url "$UPLOAD_URL")
[ -n "$CONTACT_EMAIL" ] && flags+=(--contact "$CONTACT_EMAIL")
[ -n "$ABUSE_EMAIL" ] && flags+=(--abuse "$ABUSE_EMAIL")
[ -n "$HTTP_PORT" ] && flags+=(--http "${HTTP_HOST:-localhost}:$HTTP_PORT")
[ -n "$HTTPS_PORT" ] && [ -n "$TLS_CERT" ] && [ -n "$TLS_KEY" ] && flags+=(
	--https "${HTTP_HOST:-localhost}:$HTTPS_PORT"
	--cert "$TLS_CERT" --key "$TLS_KEY")
[ "${REDIRECT_HTTPS:-0}" -ne 0 ] && flags+=(--redirect-https)
[ "${HSTS:-0}" -ne 0 ] && flags+=(--hsts)
[ -n "${ID_CHARSET}" ] && flags+=(--id-charset "$ID_CHARSET")
[ -n "${ID_LENGTH}" ] && flags+=(--id-length "$ID_LENGTH")
[ -n "${MAX_SIZE_MIB}" ] && flags+=(--max-size "$((MAX_SIZE_MIB*1024*1024))")
[ "${WHITELIST:-0}" -ne 0 ] && flags+=(--whitelist)
oldifs="$IFS" IFS=,
[ -n "$(declare -p FILTER_EXT 2>/dev/null)" ] && flags+=(--filter-ext "${FILTER_EXT[*]}")
[ -n "$(declare -p FILTER_MIME 2>/dev/null)" ] && flags+=(--filter-mime "${FILTER_MIME[*]}")
IFS="$oldifs"
[ "${ALLOW_HTML:-0}" -ne 0 ] && flags+=(--allow-html)
[ "${CORS:-0}" -ne 0 ] && flags+=(--cors)
[ "${GRILL:-0}" -ne 0 ] && flags+=(--grill)
[ -n "$CSP" ] && [ "$CSP" = 0 ] && flags+=(--csp '')
[ -n "$CSP" ] && ! [ "$CSP" = 0 ] && flags+=(--csp "$CSP")
[ "${LOG:-0}" -ne 0 ] && flags+=(--log)
[ "${LOG_IP:-0}" -ne 0 ] && flags+=(--log-ip)
[ "${LOG_IP_HASH:-0}" -ne 0 ] && flags+=(--log-ip-hash)
[ "${LOG_UA:-0}" -ne 0 ] && flags+=(--log-ua)
[ "${LOG_UA_HASH:-0}" -ne 0 ] && flags+=(--log-ua-hash)
[ "${LOG_REFERER:-0}" -ne 0 ] && flags+=(--log-referer)
[ "${LOG_REFERER_HASH:-0}" -ne 0 ] && flags+=(--log-referer-hash)
[ -n "$LOG_HASH_SALT" ] && flags+=(--log-hash-salt "$LOG_HASH_SALT")
[ -n "$PROXY_COUNT" ] && flags+=(--proxy-count "$PROXY_COUNT")

printf "%s" "${GOMF_BIN:-gomf}"
[ "${#flags}" -gt 0 ] && printf " \"%s\"" "${flags[@]}"
printf "\n"
exec "${GOMF_BIN:-gomf}" "${flags[@]}"