Version set to 23.34.0.

Makefile

@@ -5,7 +5,7 @@ SYSDDIR_=${shell pkg-config systemd --variable=systemdsystemunitdir}
 SYSDDIR=${SYSDDIR_:/%=%}
 DESTDIR=/
 
-VERSION=23.31.1
+VERSION=23.34.0
 
 FLAGS=-trimpath -mod=readonly -modcacherw
 LDFLAGS=-ldflags "-s -w -X main.version=${VERSION}" -tags osusergo,netgo

build/archlinux/PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: Alexander "Arav" Andreev <me@arav.su>
 pkgname=dwelling-upload
-pkgver=23.31.1
+pkgver=23.34.0
 pkgrel=1
 pkgdesc="Arav's Dwelling / Upload"
 arch=('i686' 'x86_64' 'arm' 'armv6h' 'armv7h' 'aarch64')

configs/nginx.conf

@@ -11,7 +11,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/arav.su/privkey.pem;
 
 
-    add_header Content-Security-Policy   "default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'self'";
+    add_header Content-Security-Policy   "default-src 'self'; script-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; font-src 'self'; form-action 'self'";
     add_header X-Frame-Options           "DENY";
     add_header X-Content-Type-Options    "nosniff";
     add_header X-XSS-Protection          "1; mode=block";

go.mod

@@ -4,4 +4,4 @@ go 1.17
 
 require github.com/pkg/errors v0.9.1
 
-require git.arav.su/Arav/httpr v0.2.1
+require git.arav.su/Arav/httpr v0.3.1

go.sum

@@ -1,4 +1,4 @@
-git.arav.su/Arav/httpr v0.2.1 h1:wtago8iYOqeoyOvio1uhMItXaTHXiBVfsshtYWSURhw=
+git.arav.su/Arav/httpr v0.3.1 h1:8ba90SJ4XYUWfIlC3V0Zuw3+CcOb9IYVkOZ/2mB9JO0=
-git.arav.su/Arav/httpr v0.2.1/go.mod h1:z0SVYwe5dBReeVuFU9QH2PmBxICJwchxqY5OfZbeVzU=
+git.arav.su/Arav/httpr v0.3.1/go.mod h1:z0SVYwe5dBReeVuFU9QH2PmBxICJwchxqY5OfZbeVzU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

init/systemd/dwelling-upload-clean.service

@@ -19,18 +19,33 @@ LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProcSubset=pid
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHome=true
+ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
+ProtectProc=noaccess
 ProtectSystem=strict
-RestrictAddressFamilies=
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
+SystemCallFilter=~@clock
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@debug
+SystemCallFilter=~@module
+SystemCallFilter=~@mount
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@privileged
+SystemCallFilter=~@raw-io
+SystemCallFilter=~@reboot
+SystemCallFilter=~@swap
 
 [Install]
 WantedBy=multi-user.target

init/systemd/dwelling-upload.service

@@ -28,18 +28,33 @@ LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProcSubset=pid
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHome=true
+ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
+ProtectProc=noaccess
 ProtectSystem=strict
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
+SystemCallFilter=~@clock
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@debug
+SystemCallFilter=~@module
+SystemCallFilter=~@mount
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@privileged
+SystemCallFilter=~@raw-io
+SystemCallFilter=~@reboot
+SystemCallFilter=~@swap
 
 [Install]
 WantedBy=multi-user.target

web/assets/css/main.css

@@ -33,6 +33,8 @@
 	background-color: var(--secondary-color);
 	color: var(--background-color); }
 
+.center { text-align: center; }
+
 a,
 button {
 	color: var(--primary-color);
@@ -50,8 +52,8 @@ input[type="file"] {
 	color: var(--text-color);
 	font: inherit; }
 
-input[type="file"]::file-selector-button,
+button,
-button {
+input[type="file"]::file-selector-button {
 	background: none;
 	border: none;
 	color: var(--primary-color);
@@ -91,8 +93,6 @@ h2 {
 
 small { font-size: .8rem; }
 
-.center { text-align: center; }
-
 html { margin-left: calc(100vw - 100%); }
 
 body {
@@ -109,24 +109,22 @@ header {
 	flex-wrap: wrap;
 	justify-content: space-between; }
 
-#logo {
+header svg { width: 360px; }
-	display: block;
-	width: 360px; }
 
-#logo text { fill: var(--text-color); }
+header svg text { fill: var(--text-color); }
 
-#logo .logo {
+header svg text:first-child {
 	font-size: 2rem;
 	font-variant-caps: small-caps;
 	font-weight: bold; }
 
+header svg text:last-child { font-size: .88rem; }
+
 @media screen and (-webkit-min-device-pixel-ratio:0) {
-	#logo .logo { font-size: 2.082rem; } }
+	header svg text:first-child { font-size: 2.082rem; } }
 
 @-moz-document url-prefix() {
-	#logo .logo { font-size: 2rem; } }
+	header svg text:first-child { font-size: 2rem; } }
-
-#logo .under { font-size: .88rem; }
 
 nav { margin-top: .5rem; }
 
@@ -138,6 +136,14 @@ nav h1 {
 
 section { margin-top: 1rem; }
 
+#error {
+	font-size: 3.5rem;
+	line-height: 5rem;
+	text-align: center;
+	margin: 6rem 0; }
+
+#error h1 { font-size: 8rem; }
+
 footer {
 	font-size: .8rem;
 	text-align: center;
@@ -146,7 +152,7 @@ footer {
 @media screen and (max-width: 640px) {
 	header { display: block; }
 
-	#logo {
+	header svg {
 		margin: 0 auto;
 		width: 100%; }
 

web/assets/robots.txt

@@ -1,2 +1,3 @@
 User-agent: *
-Disallow: /assets/
+Allow: /$
+Disallow: /

web/templates/base.jade

@@ -12,9 +12,9 @@ html(lang="en")
 		block head
 	body
 		header
-			svg#logo(viewBox="0 -25 216 40")
+			svg(viewBox="0 -25 216 40")
-				text.logo Arav's dwelling
+				text Arav's dwelling
-				text.under(y="11") Welcome to my sacred place, wanderer
+				text(y="11") Welcome to my sacred place, wanderer
 			nav
 				a(href=mainSite title="Arav's dwelling") Back to main website
 				block header

web/templates/errorXXX.jade

@@ -1,20 +1,10 @@
 extends base.jade
 
-block head
-	:go:func ErrorXXX(mainSite string, code int, errorMsg string)
-	style(type="text/css").
-		#error {
-			font-size: 3.5rem;
-			line-height: 5rem;
-			text-align: center;
-			margin: 6rem 0; }
-
-		#error h1 { font-size: 8rem; }
-
 block header
 	h1 Еггог
 
 block body
+	:go:func ErrorXXX(mainSite string, code int, errorMsg string)
 	section#error
 		h1 #{code}
 		| #{http.StatusText(code)}

web/templates/index.jade

@@ -5,11 +5,11 @@ block header
 
 block body
 	:go:func Index(mainSite string, keepForHours int, fileMaxSize, storageAvailableStr string)
-	section#rules
+	section
 		h2 Rules
 		p Maximum file size is #[b #{fileMaxSize}] and it will be kept for #[b #{keepForHours}] hours.
 		p Content you upload should comply with Russian Federation's law. Generally speaking, anything illegal, like CP, extremist literature, and so on is forbidden.
-	section#upload.center
+	section.center
 		h2 Upload
 		form(action="/" method="POST" enctype="multipart/form-data")
 			input(type="file" name="file" multiple=false)
@@ -17,14 +17,12 @@ block body
 		p.center #[b #{storageAvailableStr}] left.
 	section
 		p Using cURL: #[code curl -F 'file=@somefile.ext' https://upload.arav.su]
-		p Over I2P: #[code curl --proxy 127.0.0.1:4444 -F 'file=@somefile.ext' http://upload.arav.i2p]
+		p Also works under other networks (I2P, Tor, Yggdrasil). For Tor and I2P you'll need to add a #[code --proxy] option for cURL. Same for deletion.
-		p Same for Tor, just set #[code --proxy] and replace a domain.
+		p A resulted link has the following structure: #[code <site>/<hash>/<file>.<ext>].
-		p A resulted link looks like this: #[code /base64rawURL(salted SHA-256)/filename.ext].
 	section.center
 		h2 Delete
 		form(action="/delete" method="POST")
 			input(type="text", name="hash" placeholder="File hash goes here" minlength="43" maxlength="43" size="43" required="")
 			button(type="submit") Delete
 	section
-		p Using cURL: #[code curl -XDELETE https://upload.arav.su/<hash>]
+		p Using cURL: #[code curl -XDELETE https://upload.arav.su/<hash>]
-		p Over I2P: #[code curl --proxy 127.0.0.1:4444 -XDELETE http://upload.arav.i2p/<hash>]

web/templates/uploaded.jade

@@ -5,7 +5,7 @@ block header
 
 block body
 	:go:func Uploaded(mainSite, site, downloadLink string, keepForHours int)
-	section#file
+	section
 		h2 Your link
 		center
 			a(href=downloadLink) #{site}#{downloadLink}