Add README.md

Carlgo11 · Carlgo11 · commit 48fe82197b7e · 2020-01-25T02:13:37.000+01:00
diff --git a/INSTALLATION.md b/INSTALLATION.md
diff --git a/README.md b/README.md
@@ -0,0 +1,70 @@
+# TempFiles Backend
+[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/Carlgo11/Tempfiles-backend/Test%20PHPUnit?style=for-the-badge)](https://github.com/Carlgo11/Tempfiles-backend/actions)
+
+## API calls :mega:
+A list of available API calls can be found over at [Postman](https://documenter.getpostman.com/view/1675224/SW7ezkZn).
+
+## Local installation :desktop-computer:
+
+1. Install PHP, Nginx, Git, MySQL
+   ```BASH
+   sudo apt update
+   sudo apt upgrade
+   sudo apt install nginx php php-fpm php-mysql git mysql
+   ```
+
+2. MySQL will ask you to generate a new password. Remember this password for later.
+   ![MySQL Password input](https://cloud.githubusercontent.com/assets/3535780/25774895/c03b5a3c-3298-11e7-94ac-e10cc4d92b39.png)
+
+3. Download the source code
+   ```BASH
+   git clone https://github.com/Carlgo11/Tempfiles-backend.git
+   cd Tempfiles-backend/
+   ```
+
+4. Install the MySQL database.
+   ```BASH
+   mysql -u root -p < ./resources/install_mysql.sql
+   ```
+
+5. Sign in to MySQL and create a new user
+   ```mysql
+   mysql - u root -p
+   CREATE USER 'tempfiles'@'localhost' IDENTIFIED BY '<password>';
+   grant all privileges on tempfiles.files to `tempfiles`@`localhost`;
+   flush privileges;
+   exit;
+   ```
+   Optionally, if you want to set stricter permissions, The MySQL user only needs _SELECT_, _INSERT_, _UPDATE_, _DELETE_ permissions to the `files` table.
+
+6. Copy the Nginx configurations to the sites-available directory.
+   ```BASH
+   cp ./ressouces/nginx/*.conf > /etc/nginx/sites-available/
+   ```
+
+7. Set the mysql password and username in the Nginx configurations.
+   ```BASH
+   nano /etc/nginx/sites-available/*.conf
+   ```
+   Change the fastcgi_param variable values. Each variable has a comment suffix that describes it's usage.
+   ```
+   # Env vars
+   fastcgi_param ag44jc7aqs2rsup2bb6cx7utc 'localhost';	# hostname
+   fastcgi_param hp7wz20wu4qfbfcmqywfai1j4 'tempfiles';	# username
+   fastcgi_param mom8c5hrbn8c1r5lro1imfyax 'password';	# password
+   fastcgi_param qb1yi60nrz3tjjjqqb7l2yqra 'tempfiles';	# database
+   fastcgi_param rb421p9wniz81ttj7bdgrg0ub 'files';	# table
+   ```
+
+8. Generate certificates.
+   For HTTPS to work you'll need a certificate. Due to the many different certificate companies and their different ways of generating certificates I won't go into that in this text.
+   When you have a certificate, change the following lines in both nginx configs:
+   ```
+   ssl_certificate {path_to_cert}/cert.pem; #Change path
+   ssl_certificate_key {path_to_key}/privkey.pem; #Change path
+   ```
+
+9. Restart Nginx
+   ```BASH
+   sudo systemctl restart nginx
+   ```
diff --git a/api.php b/api.php
@@ -37,6 +37,7 @@
 } catch (Exception $ex) {
 //    error_log($ex); //Spews out the error to log. Maybe not so good for production env?
 	$api = new API();
+	$api->addMessage('success', false);
 	$api->addMessage('error', $ex->getMessage());
 	$api->outputJSON(500);
 }
diff --git a/src/com/carlgo11/tempfiles/DataStorage.php b/src/com/carlgo11/tempfiles/DataStorage.php
@@ -104,12 +104,12 @@ public static function getFile(string $id, string $password) {
 		$query->close();
 
 		$file = new File(NULL, $id);
-		$iv = explode(",", base64_decode($iv_encoded));
+		$iv = explode(" ", base64_decode($iv_encoded));
 		$file->setIV($iv);
 
 		if ($enc_content !== NULL) {
 			$metadata_string = Encryption::decrypt($enc_filedata, $password, $iv[2], $iv[3]);
-			if($metadata_string === FALSE) throw new Exception("Unable to decrypt file metadata.");
+			if ($metadata_string === FALSE) return FALSE;
 
 			/** @var array $metadata_array
 			 * Array containing the following: [name, size, type, deletionPassword, views_array[ 0 => currentViews, 1 => maxViews]]
@@ -143,22 +143,23 @@ public static function getFile(string $id, string $password) {
 	 */
 	public static function uploadFile(File $file, string $password) {
 		global $conf;
-		global $mysql_connection;
+		global /** @var \mysqli_driver $mysql_connection */
+		$mysql_connection;
 		$fileContent = Encryption::encryptFileContent($file->getContent(), $password);
 		$fileMetadata = Encryption::encryptFileDetails($file->getMetaData(), $file->getDeletionPassword(), 0, $file->getMaxViews(), $password);
 		$iv = [$fileContent['iv'], $fileContent['tag'], $fileMetadata['iv'], $fileMetadata['tag']];
-		$enc_iv = base64_encode(implode(',', $iv));
+		$enc_iv = base64_encode(implode(' ', $iv));
 		$null = NULL;
 
 		try {
+			/** @var \mysqli_stmt $query */
 			$query = $mysql_connection->prepare("INSERT INTO `" . $conf['mysql-table'] . "` (id, iv, metadata, content) VALUES (?, ?, ?, ?)");
 			if (!$query)
 				throw new Exception('prepare() failed: ' . htmlspecialchars($mysql_connection->error));
 
 			$id = $file->getID();
 
-			$bp = $query->bind_param("sssb", $id, $enc_iv, $fileMetadata['data'], $null);
-			if (!$bp)
+			if (!$query->bind_param("sssb", $id, $enc_iv, $fileMetadata['data'], $null))
 				throw new Exception('bind_param() failed: ' . htmlspecialchars($query->error));
 
 			// Replace $null with content blob
@@ -167,7 +168,6 @@ public static function uploadFile(File $file, string $password) {
 
 			if (!$query->execute())
 				throw new Exception('execute() failed: ' . htmlspecialchars($query->error));
-
 			$query->close();
 			return TRUE;
 		} catch (Exception $e) {
diff --git a/src/com/carlgo11/tempfiles/Encryption.php b/src/com/carlgo11/tempfiles/Encryption.php
@@ -57,7 +57,12 @@ public static function encryptFileDetails(array $file, string $deletionpass, int
 		$data_string = implode(" ", $data_array);
 
 		$data_enc = base64_encode(openssl_encrypt($data_string, $cipher, $password, OPENSSL_RAW_DATA, $iv, $tag));
+		if(Encryption::decrypt($data_enc, $password, $iv, $tag) !== FALSE)
 		return ['data' => $data_enc, 'iv' => $iv, 'tag' => $tag];
+		else {
+			error_log("Decryption returned false");
+			return self::encryptFileDetails($file, $deletionpass, $currentViews, $maxViews, $password);
+		}
 	}
 
 	/**
diff --git a/src/com/carlgo11/tempfiles/api/Cleanup.php b/src/com/carlgo11/tempfiles/api/Cleanup.php
@@ -12,7 +12,7 @@ public function __construct(string $method) {
 		if ($method !== 'PURGE') throw new Exception("Bad HTTP method. Use PURGE.");
 
 		$status = filter_var(DataStorage::deleteOldFiles(), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
-		parent::addMessage('status', $status);
+		parent::addMessage('success', $status);
 		parent::outputJSON(202);
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@`
`37`	`37`	`} catch (Exception $ex) {`
`38`	`38`	`// error_log($ex); //Spews out the error to log. Maybe not so good for production env?`
`39`	`39`	`$api = new API();`
	`40`	`+ $api->addMessage('success', false);`
`40`	`41`	`$api->addMessage('error', $ex->getMessage());`
`41`	`42`	`$api->outputJSON(500);`
`42`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ public function __construct(string $method) {`
`12`	`12`	`if ($method !== 'PURGE') throw new Exception("Bad HTTP method. Use PURGE.");`
`13`	`13`
`14`	`14`	`$status = filter_var(DataStorage::deleteOldFiles(), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);`
`15`		`- parent::addMessage('status', $status);`
	`15`	`+ parent::addMessage('success', $status);`
`16`	`16`	`parent::outputJSON(202);`
`17`	`17`	`}`
`18`	`18`	`}`