Gopost is a Go program for making file transfers. It can either serve files or accept multiple file uploads via POST. It imitates an unconfigured Apache server running on Ubuntu. Using the -s/--serve command line flag will instead serve files from the given directory (--serve=/home/user/Documents). Basic authentication and TLS is supported and can be enabled on the command line.
I got the idea to make this program after learning about uploadserver [https://github.com/Densaugeo/uploadserver].
WARNING
While this server supports TLS and basic authentication, it may not be perfect. I would recommend only using it on a secure or trusted network. Pick a good password when using basic authentication. Basic authentication is useless without TLS enabled too! If possible, use your own TLS certs instead of auto-generating self-signed certificates. Auto-generated/self-signed certificates created using the "-t/--tls" flag are good for 2 weeks from the day of creation.
NOTE
You must run the program from within the cmd directory or the static resources will not be found! Think templates and images.
If using a self-signed TLS certificate, you may see errors logged such as
http: TLS handshake error from 127.0.0.1:43434: remote error: tls: unknown certificate
This error message can be safely ignored as long as you intended to use a self-signed certificate. This error message is just informing you that the client received a self-signed certificate when visiting the web page.
Defaults
Default settings are to serve on the first available IPv4 address (0.0.0.0) on port 8080 using HTTP. This can be changed with command line arguments.
Usage
Install Go and clone this repository
git clone https://github.com/spcnvdr/gopost.git
Change into the directory inside the project
cd ./gopost/
Build the program and change into the cmd directory
make
cd cmd
Optionally, change into the directory and build the program manually
cd cmd
go build ./cmd/main.go -o gopost
Run the program with --help to see available options.
./gopost --help
The default option is to imitate an unconfigured Apache server and accept file uploads to the current directory
./gopost
Generate self-signed TLS certs and serve FOLDER for downloading
./gopost -t -s FOLDER
Set up basic auth with existing TLS certs. Basic auth will interactively prompt for a password to avoid storing a password in .bash_history or other command line logs.
./gopost -c cert.pem -k key.pem -u Bob
Use the -q/--query arguemnt to make the POST parameter used to accept uploads unpredicatable. This is an extra layer of security by obscurity to prevent someone from fuzzing the site and discovering upload functionality. Example cURL command given too
./gopost -q sahdidnj -v
curl -X POST http://HOST:PORT -F 'sahdidnj=@./FILE.pdf' -v
This server accepts multiple file uploads from the command line using cURL. Add the --insecure option if using a self-signed certificate.
If using basic authentication, add the following to the commands:
-u login:password
Example of uploading to a server with self-signed certs
curl -X POST https://IP:PORT/ -F 'files=@./myfile.txt' -F 'files=@./myfile.pdf' --insecure
or for when running plain HTTP:
curl -X POST http://IP:PORT/ -F 'files=@./myfile.txt' -F 'files=@./myfile.pdf'
To Do
- Remove any unneeded functions/packages
- Add option to specify alternate destination directory for uploads
- Add Nginx default pages and option to impersonate Nginx
- Make response headers match exactly Apache/Nginx
- Show server address in 404 response?
- Handle other error responses (400)
Contributing
Pull requests, new feature suggestions, and bug reports/issues are welcome.
License
This project is licensed under the 3-Clause BSD License also known as the "New BSD License" or the "Modified BSD License". A copy of the license can be found in the LICENSE file. A copy can also be found at the Open Source Institute