Add support for authenticated hastebin requests

booky10 · Jul 11, 2023 · 89d5b65 · 89d5b65
1 parent ac53819
commit 89d5b65
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 9 deletions.
diff --git a/common/src/main/java/dev/booky/stackdeobf/http/HttpUtil.java b/common/src/main/java/dev/booky/stackdeobf/http/HttpUtil.java
@@ -42,10 +42,13 @@ public static CompletableFuture<byte[]> getAsync(URI uri) {
     }
 
     public static CompletableFuture<byte[]> getAsync(URI uri, Executor executor) {
-        HttpRequest request = HttpRequest.newBuilder(uri).build();
+        return getAsync(HttpRequest.newBuilder(uri).build(), executor);
+    }
+
+    public static CompletableFuture<byte[]> getAsync(HttpRequest request, Executor executor) {
         HttpResponse.BodyHandler<byte[]> handler = HttpResponse.BodyHandlers.ofByteArray();
 
-        LOGGER.info("Requesting {}...", uri);
+        LOGGER.info("Requesting {}...", request.uri());
         long start = System.currentTimeMillis();
 
         return getHttpClient(executor).sendAsync(request, handler).thenApplyAsync(resp -> {
@@ -54,7 +57,7 @@ public static CompletableFuture<byte[]> getAsync(URI uri, Executor executor) {
 
             String message = "Received {} bytes ({}) with status {} from {} in {}ms";
             Object[] args = {bodyBytes.length, FileUtils.byteCountToDisplaySize(bodyBytes.length),
-                    resp.statusCode(), uri, timeDiff};
+                    resp.statusCode(), request.uri(), timeDiff};
 
             if (!isSuccess(resp.statusCode())) {
                 LOGGER.error(message, args);

diff --git a/web/src/main/java/dev/booky/stackdeobf/web/ApiRoutes.java b/web/src/main/java/dev/booky/stackdeobf/web/ApiRoutes.java
@@ -16,6 +16,7 @@
 import io.javalin.http.util.NaiveRateLimit;
 
 import java.net.URI;
+import java.net.http.HttpRequest;
 import java.nio.file.Path;
 import java.util.Locale;
 import java.util.Map;
@@ -26,6 +27,8 @@
 
 public final class ApiRoutes {
 
+    private static final String HASTEBIN_API_TOKEN = System.getProperty("web.hastebin-api-token");
+
     private static final Path CACHE_DIR = Path.of(System.getProperty("mappings.cachedir", "mappings"));
     private static final String DEFAULT_MAPPINGS_PROVIDER = "yarn";
     private static final String DEFAULT_MAPPINGS_VERSION = "3465";
@@ -48,7 +51,7 @@ private ApiRoutes(Javalin javalin, Map<Integer, VersionData> versionData) {
                 .buildAsync(this::loadMapping);
         this.urlCache = Caffeine.newBuilder()
                 .expireAfterAccess(1, TimeUnit.HOURS)
-                .buildAsync((uri, executor) -> HttpUtil.getAsync(uri, executor));
+                .buildAsync(this::loadUrl);
     }
 
     public static void register(Javalin javalin, Map<Integer, VersionData> versionData) {
@@ -91,6 +94,16 @@ private CompletableFuture<CachedMappings> loadMapping(CacheKey key, Executor exe
         return CachedMappings.create(CACHE_DIR, provider, executor);
     }
 
+    private CompletableFuture<byte[]> loadUrl(URI uri, Executor executor) {
+        HttpRequest.Builder request = HttpRequest.newBuilder(uri);
+        if ("hastebin.com".equals(uri.getHost()) && uri.getPath().startsWith("/raw")) {
+            if (HASTEBIN_API_TOKEN != null) {
+                request.header("Authorization", "Bearer " + HASTEBIN_API_TOKEN);
+            }
+        }
+        return HttpUtil.getAsync(request.build(), executor);
+    }
+
     private void register() {
         this.javalin.get(PREFIX + "/deobf/url", ctx -> ctx.future(() -> this.handleDeobfUrlReq(ctx)));
         this.javalin.post(PREFIX + "/deobf/body", ctx -> ctx.future(() -> this.handleDeobfBodyReq(ctx)));

diff --git a/web/src/main/resources/public/index.html b/web/src/main/resources/public/index.html
@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
     <link href="style.css" rel="stylesheet" type="text/css"/>
-    <script src="script.js?v=3" type="text/javascript" defer></script>
+    <script src="script.js?v=4" type="text/javascript" defer></script>
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta charset="UTF-8">

diff --git a/web/src/main/resources/public/script.js b/web/src/main/resources/public/script.js
@@ -30,14 +30,17 @@ function tryFixInputUrl() {
         if (!url.pathname.startsWith("/d") && url.pathname.startsWith("/p")) {
             url.pathname = "/d" + url.pathname.substring("/p".length);
         }
+    } else if (url.host.endsWith("hastebin.com")) {
+        // after toptal bought hastebin.com they completely destroyed the ability to
+        // change the pathname to get the raw file content without authentication... thanks?
+        if (url.pathname.startsWith("/share")) {
+            url.pathname = "/raw" + url.pathname.substring("/share".length);
+        }
     } else if (
             // all haste-servers (before being bought by toptal) and pastebin
             // support simply adding "/raw" at the front of the path
             (url.host.startsWith("haste") || url.host.startsWith("paste"))
-            // after toptal bought hastebin.com they completely destroyed the ability to
-            // change the pathname to get the raw file content... thanks?
-            && !url.host.endsWith("toptal.com") && !url.host.endsWith("hastebin.com")
-            // same for paste.gg, only that they weren't bought by toptal and support multiple files
+            // paste.gg allows storing multiple files, so just ignore this
             && !url.host.endsWith("paste.gg")) {
         if (!url.pathname.startsWith("/raw")) {
             url.pathname = "/raw" + url.pathname;