From 9e6a0c75819a8da03b2a86c5beb992afbb3bdcaa Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Sun, 10 Nov 2019 17:21:49 -0500 Subject: [PATCH] don't read more than 1MB of json --- admin.go | 184 ++++++++++++++----------------------------------------- go.mod | 3 - go.sum | 12 ---- web.go | 3 +- 4 files changed, 47 insertions(+), 155 deletions(-) diff --git a/admin.go b/admin.go index 652a9b1..86db7e8 100644 --- a/admin.go +++ b/admin.go @@ -15,161 +15,67 @@ package main +/* +#include +*/ +import "C" import ( + "fmt" "io/ioutil" "log" - - "github.com/gdamore/tcell" - "github.com/rivo/tview" + "os" ) func adminscreen() { log.SetOutput(ioutil.Discard) + stdout := os.Stdout + esc := "\x1b" + smcup := esc + "[?1049h" + rmcup := esc + "[?1049l" - messages := []*struct { - name string - label string - text string - }{ - { - name: "servermsg", - label: "server", - text: string(serverMsg), - }, - { - name: "aboutmsg", - label: "about", - text: string(aboutMsg), - }, - { - name: "loginmsg", - label: "login", - text: string(loginMsg), - }, + hidecursor := func() { + } + showcursor := func() { + } + movecursor := func(x, y int) { + stdout.WriteString(fmt.Sprintf(esc+"[%d;%dH", x, y)) + } + clearscreen := func() { + stdout.WriteString(esc + "[2J") } - app := tview.NewApplication() - var maindriver func(event *tcell.EventKey) *tcell.EventKey + savedtio := new(C.struct_termios) + C.tcgetattr(1, savedtio) + restore := func() { + stdout.WriteString(rmcup) + showcursor() + C.tcsetattr(1, C.TCSAFLUSH, savedtio) + } + defer restore() - table := tview.NewTable().SetFixed(1, 0).SetSelectable(true, false). - SetSelectedStyle(tcell.ColorBlack, tcell.ColorPurple, 0) + init := func() { + tio := new(C.struct_termios) + C.tcgetattr(1, tio) + tio.c_lflag = tio.c_lflag & ^C.uint(C.ECHO|C.ICANON) + C.tcsetattr(1, C.TCSADRAIN, tio) - mainframe := tview.NewFrame(table) - mainframe.AddText(tview.Escape("honk admin - [q] quit"), - true, 0, tcell.ColorPurple) - mainframe.SetBorders(1, 0, 1, 0, 4, 0) - - dupecell := func(base *tview.TableCell) *tview.TableCell { - rv := new(tview.TableCell) - *rv = *base - return rv + hidecursor() + stdout.WriteString(smcup) + clearscreen() + movecursor(1, 1) } - showtable := func() { - table.Clear() + init() - row := 0 - { - col := 0 - headcell := tview.TableCell{ - Color: tcell.ColorWhite, - NotSelectable: true, - } - cell := dupecell(&headcell) - cell.Text = "which " - table.SetCell(row, col, cell) - col++ - cell = dupecell(&headcell) - cell.Text = "message" - table.SetCell(row, col, cell) - - row++ - } - for i := 0; i < 3; i++ { - col := 0 - msg := messages[i] - headcell := tview.TableCell{ - Color: tcell.ColorWhite, - } - cell := dupecell(&headcell) - cell.Text = msg.label - table.SetCell(row, col, cell) - col++ - cell = dupecell(&headcell) - cell.Text = tview.Escape(msg.text) - table.SetCell(row, col, cell) - - row++ - } - - app.SetInputCapture(maindriver) - app.SetRoot(mainframe, true) - } - - arrowadapter := func(event *tcell.EventKey) *tcell.EventKey { - switch event.Key() { - case tcell.KeyDown: - return tcell.NewEventKey(tcell.KeyTab, '\t', tcell.ModNone) - case tcell.KeyUp: - return tcell.NewEventKey(tcell.KeyBacktab, '\t', tcell.ModNone) - } - return event - } - - editform := tview.NewForm() - descbox := tview.NewInputField().SetLabel("msg: ").SetFieldWidth(60) - editform.AddButton("save", nil) - editform.AddButton("cancel", nil) - savebutton := editform.GetButton(0) - editform.SetFieldTextColor(tcell.ColorBlack) - editform.SetFieldBackgroundColor(tcell.ColorPurple) - editform.SetLabelColor(tcell.ColorWhite) - editform.SetButtonTextColor(tcell.ColorPurple) - editform.SetButtonBackgroundColor(tcell.ColorBlack) - editform.GetButton(1).SetSelectedFunc(showtable) - editform.SetCancelFunc(showtable) - - editframe := tview.NewFrame(editform) - editframe.SetBorders(1, 0, 1, 0, 4, 0) - - showform := func() { - editform.Clear(false) - editform.AddFormItem(descbox) - app.SetInputCapture(arrowadapter) - app.SetRoot(editframe, true) - } - - editmsg := func(which int) { - msg := messages[which] - editframe.Clear() - editframe.AddText(tview.Escape("edit "+msg.label+" message"), - true, 0, tcell.ColorPurple) - descbox.SetText(msg.text) - savebutton.SetSelectedFunc(func() { - msg.text = descbox.GetText() - updateconfig(msg.name, msg.text) - showtable() - }) - showform() - } - - table.SetSelectedFunc(func(row, col int) { - editmsg(row - 1) - }) - - maindriver = func(event *tcell.EventKey) *tcell.EventKey { - switch event.Rune() { - case 'e': - r, _ := table.GetSelection() - r-- - editmsg(r) + for { + var buf [1]byte + os.Stdin.Read(buf[:]) + c := buf[0] + switch c { case 'q': - app.Stop() - return nil + return + default: + os.Stdout.Write(buf[:]) } - return event } - - showtable() - app.Run() } diff --git a/go.mod b/go.mod index 8325e0c..f4a3c35 100644 --- a/go.mod +++ b/go.mod @@ -2,11 +2,8 @@ module humungus.tedunangst.com/r/honk require ( github.com/andybalholm/cascadia v1.0.0 - github.com/gdamore/tcell v1.1.1 github.com/gorilla/mux v1.7.2 github.com/mattn/go-runewidth v0.0.4 - github.com/rivo/tview v0.0.0-20190406182340-90b4da1bd64c - github.com/rivo/uniseg v0.0.0-20190313204849-f699dde9c340 // indirect golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4 golang.org/x/net v0.0.0-20190620200207-3b0461eec859 humungus.tedunangst.com/r/go-sqlite3 v1.1.3 diff --git a/go.sum b/go.sum index 5bcf165..3438010 100644 --- a/go.sum +++ b/go.sum @@ -1,19 +1,9 @@ github.com/andybalholm/cascadia v1.0.0 h1:hOCXnnZ5A+3eVDX8pvgl4kofXv2ELss0bKcqRySc45o= github.com/andybalholm/cascadia v1.0.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= -github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko= -github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= -github.com/gdamore/tcell v1.1.1 h1:U73YL+jMem2XfhvaIUfPO6MpJawaG92B2funXVb9qLs= -github.com/gdamore/tcell v1.1.1/go.mod h1:K1udHkiR3cOtlpKG5tZPD5XxrF7v2y7lDq7Whcj+xkQ= github.com/gorilla/mux v1.7.2 h1:zoNxOV7WjqXptQOVngLmcSQgXmgk4NMz1HibBchjl/I= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/lucasb-eyer/go-colorful v0.0.0-20181028223441-12d3b2882a08 h1:5MnxBC15uMxFv5FY/J/8vzyaBiArCOkMdFT9Jsw78iY= -github.com/lucasb-eyer/go-colorful v0.0.0-20181028223441-12d3b2882a08/go.mod h1:NXg0ArsFk0Y01623LgUqoqcouGDB+PwCCQlrwrG6xJ4= github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/rivo/tview v0.0.0-20190406182340-90b4da1bd64c h1:g/UvEDB8RutkfYbTULmcCUpN0uQCVeh6j4bHt+Te8yM= -github.com/rivo/tview v0.0.0-20190406182340-90b4da1bd64c/go.mod h1:J4W+hErFfITUbyFAEXizpmkuxX7ZN56dopxHB4XQhMw= -github.com/rivo/uniseg v0.0.0-20190313204849-f699dde9c340 h1:nOZbL5f2xmBAHWYrrHbHV1xatzZirN++oOQ3g83Ypgs= -github.com/rivo/uniseg v0.0.0-20190313204849-f699dde9c340/go.mod h1:SOLvOL4ybwgLJ6TYoX/rtaJ8EGOulH4XU7E9/TLrTCE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d h1:adrbvkTDn9rGnXg2IJDKozEpXXLZN89pdIA+Syt4/u0= golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -30,8 +20,6 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 h1:FVCohIoYO7IJoDDVpV2pdq7SgrMH6wHnuTyrdrxJNoY= -gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0/go.mod h1:OdE7CF6DbADk7lN8LIKRzRJTTZXIjtWgA5THM5lhBAw= humungus.tedunangst.com/r/go-sqlite3 v1.1.3 h1:G2N4wzDS0NbuvrZtQJhh4F+3X+s7BF8b9ga8k38geUI= humungus.tedunangst.com/r/go-sqlite3 v1.1.3/go.mod h1:FtEEmQM7U2Ey1TuEEOyY1BmphTZnmiEjPsNLEAkpf/M= humungus.tedunangst.com/r/webs v0.6.24 h1:/Svffk8mEWXsb7RiKJ94g/FKi941C5pbRX6UKFc4bXs= diff --git a/web.go b/web.go index 4ba0312..5f2cac1 100644 --- a/web.go +++ b/web.go @@ -295,7 +295,8 @@ func inbox(w http.ResponseWriter, r *http.Request) { return } var buf bytes.Buffer - io.Copy(&buf, r.Body) + limiter := io.LimitReader(r.Body, 1*1024*1024) + io.Copy(&buf, limiter) payload := buf.Bytes() j, err := junk.FromBytes(payload) if err != nil {