search

orhun / rustypaste

A minimal file upload/pastebin service.
https://blog.orhun.dev/blazingly-fast-file-sharing
MIT License
771 stars 48 forks source link

502 if you add an extra / #303

Closed repomansez closed 3 months ago

repomansez commented 3 months ago

I just configured an instance of rustypaste on my website, and when testing it I noticed that if I add an extra / at the end of the URL, I get 502'd. Remove it, and it works as expected.

curl -F 'file=@example.txt' https://repomansez.xyz/upload - Works curl -F 'file=@example.txt' https://repomansez.xyz/upload/ - Does not work

I'm not sure if that's a bug or if it's me screwing something up.

Also even if I try to navigate to https://repomansez.xyz/upload/ on my browser I get 404'd. Same thing if I do it locally.

orhun commented 3 months ago

I can't reproduce this with my own instance & locally. Is there a chance that you might have some proxy settings on your server maybe?

Also, have you checked out rpaste yet? 🐻

repomansez commented 3 months ago

I can't reproduce this with my own instance & locally. Is there a chance that you might have some proxy settings on your server maybe? Only thing related to that is nginx's reverse proxy, which I copypasted from your example location /upload { proxy_pass http://localhost:8011/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "sameorigin"; add_header X-Content-Type-Options "nosniff"; } Also, have you checked out rpaste yet? 🐻 Yes! And it's what I use, I'm more concerned about someone trying to use my thingie and presuming it's broken because of the extra /

orhun commented 3 months ago

I see.

I have the exact same set up but I cannot reproduce it :/ Maybe @tessus can also have a look

tessus commented 3 months ago

I can't reproduce this either, but it looks like a reverse proxy config issue. I am using Apache, and my config looks like this:

ProxyPass        /upload              http://localhost:1111
ProxyPassReverse /upload              http://localhost:1111

No slashes at the end.

repomansez commented 3 months ago

I can't reproduce this either, but it looks like a reverse proxy config issue. I am using Apache, and my config looks like this:

ProxyPass        /upload              http://localhost:1111
ProxyPassReverse /upload              http://localhost:1111

No slashes at the end.

Just tested it here and removing the backslash from nginx's reverse proxy makes https://repomansez.xyz/upload say file is not found or expired :(

and I still get 404 if I add the extra /

Here's the log rustypaste gives me without the backslash in reverse_proxy:

rustypaste | 2024-06-13T22:08:17.752397Z DEBUG actix_web::types::query: Failed during Query extractor deserialization. Request path: "/upload"
rustypaste | 2024-06-13T22:08:17.752430Z DEBUG actix_web::extract: Error for Option extractor: Query deserialize error: missing field download
rustypaste | 2024-06-13T22:08:17.753610Z DEBUG actix_web::middleware::logger: Error in response: "file is not found or expired :(\n"
rustypaste | 2024-06-13T22:08:17.753644Z INFO actix_web::middleware::logger: 127.0.0.1 "GET /upload HTTP/1.0" 404 32 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 0.001417
rustypaste | 2024-06-13T22:08:20.337964Z INFO actix_web::middleware::logger: 127.0.0.1 "GET /upload/ HTTP/1.0" 404 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 0.000153

and here's the log with the backslash:

rustypaste | 2024-06-13T22:11:06.057483Z INFO actix_web::middleware::logger: 127.0.0.1 "GET / HTTP/1.0" 200 857 "https://repomansez.xyz/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 0.000187
rustypaste | 2024-06-13T22:11:09.956274Z INFO actix_web::middleware::logger: 127.0.0.1 "GET // HTTP/1.0" 404 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 0.000125

tessus commented 3 months ago

Apache and nginx behave differently with default configs when it comes to adding slashes. So do browsers, btw.

Unfortunately I cannot reproduce the issue on my end. I am using Apache and the config I sent you works for me. I tried both of your curl commands and both work for me.

P.S.: I am not using nginx thus I don't have enough experience to help there.

repomansez commented 3 months ago

Maybe it has more to do with nginx than with rustypaste. I'll have to do some research.

repomansez commented 3 months ago

Some further testing proved that it is in fact Nginx's fault.

location upload { makes upload/ 404 while location upload/ { makes upload 404

I will therefore close this issue as it is unrelated to Rustypaste, thanks for the help!

Edit: I managed to fix it, for future reference if someone encounters this bug while suffering from the same problem, here are some possible solutions: https://stackoverflow.com/questions/22759345/nginx-trailing-slash-in-proxy-pass-url