george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Renamed classes for full PSR-2 compliance, some cleanup

Browse Source
This commit is contained in:
El RIDO
2016-08-09 11:54:42 +02:00
parent 6e558aab0a
commit b45bef8388
52 changed files with 1943 additions and 1505 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
lib/Persistence/AbstractPersistence.php Normal file
View File

@@ -0,0 +1,130 @@
<?php
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.22
*/
namespace PrivateBin\Persistence;
use Exception;
/**
* AbstractPersistence
*
* persists data in PHP files
*/
abstract class AbstractPersistence
{
/**
* path in which to persist something
*
* @access private
* @static
* @var string
*/
private static $_path = 'data';
/**
* set the path
*
* @access public
* @static
* @param string $path
* @return void
*/
public static function setPath($path)
{
self::$_path = $path;
}
/**
* get the path
*
* @access public
* @static
* @param string $filename
* @return string
*/
public static function getPath($filename = null)
{
if (strlen($filename)) {
return self::$_path . DIRECTORY_SEPARATOR . $filename;
} else {
return self::$_path;
}
}
/**
* checks if the file exists
*
* @access protected
* @static
* @param string $filename
* @return bool
*/
protected static function _exists($filename)
{
self::_initialize();
return is_file(self::$_path . DIRECTORY_SEPARATOR . $filename);
}
/**
* prepares path for storage
*
* @access protected
* @static
* @throws Exception
* @return void
*/
protected static function _initialize()
{
// Create storage directory if it does not exist.
if (!is_dir(self::$_path)) {
if (!@mkdir(self::$_path)) {
throw new Exception('unable to create directory ' . self::$_path, 10);
}
}
// Create .htaccess file if it does not exist.
$file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
if (!is_file($file)) {
$writtenBytes = @file_put_contents(
$file,
'Allow from none' . PHP_EOL .
'Deny from all' . PHP_EOL,
LOCK_EX
);
if ($writtenBytes === false || $writtenBytes < 30) {
throw new Exception('unable to write to file ' . $file, 11);
}
}
}
/**
* store the data
*
* @access protected
* @static
* @param string $filename
* @param string $data
* @throws Exception
* @return string
*/
protected static function _store($filename, $data)
{
self::_initialize();
$file = self::$_path . DIRECTORY_SEPARATOR . $filename;
$writtenBytes = @file_put_contents($file, $data, LOCK_EX);
if ($writtenBytes === false || $writtenBytes < strlen($data)) {
throw new Exception('unable to write to file ' . $file, 13);
}
@chmod($file, 0640); // protect file access
return $file;
}
}

101
lib/Persistence/PurgeLimiter.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.22
*/
namespace PrivateBin\Persistence;
use PrivateBin\Configuration;
/**
* PurgeLimiter
*
* Handles purge limiting, so purging is not triggered too frequently.
*/
class PurgeLimiter extends AbstractPersistence
{
/**
* time limit in seconds, defaults to 300s
*
* @access private
* @static
* @var int
*/
private static $_limit = 300;
/**
* set the time limit in seconds
*
* @access public
* @static
* @param int $limit
* @return void
*/
public static function setLimit($limit)
{
self::$_limit = $limit;
}
/**
* set configuration options of the traffic limiter
*
* @access public
* @static
* @param Configuration $conf
* @return void
*/
public static function setConfiguration(Configuration $conf)
{
self::setLimit($conf->getKey('limit', 'purge'));
self::setPath($conf->getKey('dir', 'purge'));
}
/**
* check if the purge can be performed
*
* @access public
* @static
* @throws Exception
* @return bool
*/
public static function canPurge()
{
// disable limits if set to less then 1
if (self::$_limit < 1) {
return true;
}
$file = 'purge_limiter.php';
$now = time();
if (!self::_exists($file)) {
self::_store(
$file,
'<?php' . PHP_EOL .
'$GLOBALS[\'purge_limiter\'] = ' . $now . ';' . PHP_EOL
);
}
$path = self::getPath($file);
require $path;
$pl = $GLOBALS['purge_limiter'];
if ($pl + self::$_limit >= $now) {
$result = false;
} else {
$result = true;
self::_store(
$file,
'<?php' . PHP_EOL .
'$GLOBALS[\'purge_limiter\'] = ' . $now . ';' . PHP_EOL
);
}
return $result;
}
}

106
lib/Persistence/ServerSalt.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.22
*/
namespace PrivateBin\Persistence;
use Exception;
/**
* ServerSalt
*
* This is a random string which is unique to each PrivateBin installation.
* It is automatically created if not present.
*
* Salt is used:
* - to generate unique VizHash in discussions (which are not reproductible across PrivateBin servers)
* - to generate unique deletion token (which are not re-usable across PrivateBin servers)
*/
class ServerSalt extends AbstractPersistence
{
/**
* generated salt
*
* @access private
* @static
* @var string
*/
private static $_salt = '';
/**
* generate a large random hexadecimal salt
*
* @access public
* @static
* @return string
*/
public static function generate()
{
$randomSalt = '';
if (function_exists('mcrypt_create_iv')) {
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
} else {
// fallback to mt_rand()
for ($i = 0; $i < 256; ++$i) {
$randomSalt .= base_convert(mt_rand(), 10, 16);
}
}
return $randomSalt;
}
/**
* get server salt
*
* @access public
* @static
* @throws Exception
* @return string
*/
public static function get()
{
if (strlen(self::$_salt)) {
return self::$_salt;
}
$file = 'salt.php';
if (self::_exists($file)) {
if (is_readable(self::getPath($file))) {
$items = explode('|', file_get_contents(self::getPath($file)));
}
if (!isset($items) || !is_array($items) || count($items) != 3) {
throw new Exception('unable to read file ' . self::getPath($file), 20);
}
self::$_salt = $items[1];
} else {
self::$_salt = self::generate();
self::_store(
$file,
'<?php /* |' . self::$_salt . '| */ ?>'
);
}
return self::$_salt;
}
/**
* set the path
*
* @access public
* @static
* @param string $path
* @return void
*/
public static function setPath($path)
{
self::$_salt = '';
parent::setPath($path);
}
}

141
lib/Persistence/TrafficLimiter.php Normal file
View File

@@ -0,0 +1,141 @@
<?php
/**
* PrivateBin
*
* a zero-knowledge paste bin
*
* @link https://github.com/PrivateBin/PrivateBin
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
* @version 0.22
*/
namespace PrivateBin\Persistence;
use PrivateBin\Configuration;
/**
* TrafficLimiter
*
* Handles traffic limiting, so no user does more than one call per 10 seconds.
*/
class TrafficLimiter extends AbstractPersistence
{
/**
* time limit in seconds, defaults to 10s
*
* @access private
* @static
* @var int
*/
private static $_limit = 10;
/**
* key to fetch IP address
*
* @access private
* @static
* @var string
*/
private static $_ipKey = 'REMOTE_ADDR';
/**
* set the time limit in seconds
*
* @access public
* @static
* @param int $limit
* @return void
*/
public static function setLimit($limit)
{
self::$_limit = $limit;
}
/**
* set configuration options of the traffic limiter
*
* @access public
* @static
* @param Configuration $conf
* @return void
*/
public static function setConfiguration(Configuration $conf)
{
self::setLimit($conf->getKey('limit', 'traffic'));
self::setPath($conf->getKey('dir', 'traffic'));
if (($option = $conf->getKey('header', 'traffic')) !== null) {
$httpHeader = 'HTTP_' . $option;
if (array_key_exists($httpHeader, $_SERVER) && !empty($_SERVER[$httpHeader])) {
self::$_ipKey = $httpHeader;
}
}
}
/**
* get the current visitors IP address
*
* @access public
* @static
* @return string
*/
public static function getIp()
{
return $_SERVER[self::$_ipKey];
}
/**
* traffic limiter
*
* Make sure the IP address makes at most 1 request every 10 seconds.
*
* @access public
* @static
* @throws Exception
* @return bool
*/
public static function canPass()
{
// disable limits if set to less then 1
if (self::$_limit < 1) {
return true;
}
$ip = hash_hmac('sha256', self::getIp(), ServerSalt::get());
$file = 'traffic_limiter.php';
if (!self::_exists($file)) {
self::_store(
$file,
'<?php' . PHP_EOL .
'$GLOBALS[\'traffic_limiter\'] = array();' . PHP_EOL
);
}
$path = self::getPath($file);
require $path;
$now = time();
$tl = $GLOBALS['traffic_limiter'];
// purge file of expired IPs to keep it small
foreach ($tl as $key => $time) {
if ($time + self::$_limit < $now) {
unset($tl[$key]);
}
}
if (array_key_exists($ip, $tl) && ($tl[$ip] + self::$_limit >= $now)) {
$result = false;
} else {
$tl[$ip] = time();
$result = true;
}
self::_store(
$file,
'<?php' . PHP_EOL .
'$GLOBALS[\'traffic_limiter\'] = ' .
var_export($tl, true) . ';' . PHP_EOL
);
return $result;
}
}