PrivateBin / PrivateBin

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
https://privatebin.info/
Other
6.55k stars 815 forks source link

Yourls error 400, trying to create multiple shortlinks? #1099

Open pellle87 opened 1 year ago

pellle87 commented 1 year ago

Steps to reproduce

  1. create a paste
  2. klick the shorten button

What happens

it creates a shorturl but it seems to try to create multiple {"status":"fail","code":"error:url","message":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbz[...] already exists in database (short URL: sh.xxxx.se\/6c3wl)","errorCode":"400","statusCode":"400","url":{"keyword":"6c3wl","url":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbzaG4o6QQYn1PB4Dc9bDkZ9nhLy","title":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbzaG4o6QQYn1PB4Dc9bDkZ9nhLy","date":"2023-06-11 19:33:14","ip":"2xxxx.1xx.xx.xx","clicks":0},"title":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbzaG4o6QQYn1PB4Dc9bDkZ9nhLy","shorturl":"https:\/\/sh.xxxx.se\/6c3wl"}

Additional information

urlshortener = "https://sh.xxxxxxx.se/yourls-api.php?signature=xxxxxxxxx&action=shorturl&format=json&url="

Basic information

Server OS: ubuntu:22.04 php 8.1

Webserver: Apache (latest)

Browser: Brave

PrivateBin version: 1.5.1 I can reproduce this issue on https://privatebin.net: Yes / No

pellle87 commented 1 year ago

if i use urlshortener = "${basepath}shortenviayourls?link=" and signature = "xxxxxxxxx" apiurl = "https://sh.mydomain/api.php"

i get redirected to https://mydomain.se/shortenviayourls?link= and i get a 404

elrido commented 1 year ago

[...]"message":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbz[...]

and

if i use urlshortener = "${basepath}shortenviayourls?link=" [...] i get redirected to https://mydomain.se/shortenviayourls?link= and i get a 404

That sounds like the basepath is not set and not detected correctly or it is and your webserver is not forwarding the /shortenviayourls path to the index.php of PrivateBin. This is difficult to diagnose remotely and likely a misconfiguration of the two services and/or used webservers, not a bug in the software.

pellle87 commented 1 year ago

[...]"message":"https:\/\/p.xxxxx.se\/?a7d0d61ffeabdfce#H7JSiqfPqe7v6EdDFbz[...]

and

if i use urlshortener = "${basepath}shortenviayourls?link=" [...] i get redirected to https://mydomain.se/shortenviayourls?link= and i get a 404

That sounds like the basepath is not set and not detected correctly or it is and your webserver is not forwarding the /shortenviayourls path to the index.php of PrivateBin. This is difficult to diagnose remotely and likely a misconfiguration of the two services and/or used webservers, not a bug in the software.

basepath is set to: basepath = "https://p.mydomain.se/"

and my apache virtualhost looks like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName p.mydomain.se
        ServerAlias www.p.mydomain.se
        ServerAdmin pelle@mydomain.me
        DocumentRoot /var/www/p.mydomain.se/public_html/
        ErrorLog /${APACHE_LOG_DIR}/p.mydomain.se-error.log
        CustomLog ${APACHE_LOG_DIR}/p.kmydomain.se-access.log combined
<Directory "/var/www/p.mydomain.se/public_html/">
        Options Includes FollowSymLinks MultiViews
        AllowOverride All
         Order allow,deny
      Allow from all
   </Directory>

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/p.mydomain.se/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/p.mydomain.se/privkey.pem
</VirtualHost>
</IfModule>

Yea it might be a misconfig by one of the two services, but i cant for the life of me figure it out since everything else works etc

pellle87 commented 1 year ago

if i configure it like this: urlshortener = "https://sh.mydomain.se/api.php?action=shorturl&format=json&url=" and comment out signature and api url i get redirected to my yourls page but it says

Too Many Requests
Too many URLs added too fast. Slow down please.
RedAISkye commented 3 months ago

if i configure it like this: urlshortener = "https://sh.mydomain.se/api.php?action=shorturl&format=json&url=" and comment out signature and api url i get redirected to my yourls page but it says

Too Many Requests
Too many URLs added too fast. Slow down please.

I've got the same configuration and I'm getting the exact error after Shorten URL is clicked from created paste. Upon checking the url shortner's dashboard, the short URL is indeed created successfully, so there doesn't seem to be any misconfiguration.

However, if I do include the signature in the urlshortener directly, it works fine. But isn't that unsafe? Since private API key is exposed.

Also. If I use basepath instead for urlshortener, even though I can see the URL is passed correctly, it shows me a blank screen and nothing happens.

rugk commented 3 months ago

Yeah, so if you run into the rate limiting of YOURs you likely have too much requests? There is nothing we can do here.

RedAISkye commented 3 months ago

Yeah, so if you run into the rate limiting of YOURs you likely have too much requests? There is nothing we can do here.

But this is a self hosted service and it was one request. The action also went through as the URL was indeed shortened.

It doesn't happen if I directly set the API key in the URL. This method works fine.

The basepath method doesn't work at all, just shows a blank page.