release: 0.7.0

.github/workflows/close_inactive_issues.yml

@@ -14,6 +14,7 @@ jobs:
         with:
           days-before-issue-stale: 30
           days-before-issue-close: 14
+          exempt-issue-labels: "feature"
           stale-issue-label: "stale"
           stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
           close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."

CHANGELOG.md

@@ -1,3 +1,15 @@
+## [0.7.0](https://github.com/stonith404/pingvin-share/compare/v0.6.1...v0.7.0) (2023-01-13)
+
+
+### Features
+
+* add ClamAV to scan for malicious files ([76088cc](https://github.com/stonith404/pingvin-share/commit/76088cc76aedae709f06deaee2244efcf6a22bed))
+
+
+### Bug Fixes
+
+* invalid github release link on admin page ([349bf47](https://github.com/stonith404/pingvin-share/commit/349bf475cc7fc1141dbd2a9bd2f63153c4d5b41b))
+
 ### [0.6.1](https://github.com/stonith404/pingvin-share/compare/v0.6.0...v0.6.1) (2023-01-11)
 
 

Dockerfile

@@ -30,7 +30,7 @@ RUN npm run build  && npm prune --production
 
 # Stage 5: Final image
 FROM node:18-slim AS runner
-ENV NODE_ENV=production
+ENV NODE_ENV=docker
 RUN apt-get update && apt-get install -y openssl
 
 WORKDIR /opt/app/frontend

README.md

@@ -4,13 +4,12 @@ Pingvin Share is self-hosted file sharing platform and an alternative for WeTran
 
 ## ✨ Features
 
-- Spin up your instance within 2 minutes
 - Create a share with files that you can access with a link
 - No file size limit, only your disk will be your limit
 - Set a share expiration
 - Optionally secure your share with a visitor limit and a password
 - Email recepients
-- Light & dark mode
+- ClamAV integration
 
 ## 🐧 Get to know Pingvin Share
 
@@ -30,6 +29,18 @@ Pingvin Share is self-hosted file sharing platform and an alternative for WeTran
 
 The website is now listening available on `http://localhost:3000`, have fun with Pingvin Share 🐧!
 
+### Integrations
+
+#### ClamAV
+
+With ClamAV the shares get scanned for malicious files and get removed if any found.
+
+1. Add the ClamAV container to the Docker Compose stack (see `docker-compose.yml`) and start the container.
+2. As soon as the ClamAV container is ready (when ClamAV logs "socket found, clamd started"), restart the Pingvin Share container with `docker compose restart pingvin-share`
+3. The Pingvin Share logs should now log "ClamAV is active"
+
+Please note that ClamAV needs a lot of [ressources](https://docs.clamav.net/manual/Installing/Docker.html#memory-ram-requirements).
+
 ### Additional resources
 
 - [Synology NAS installation](https://mariushosting.com/how-to-install-pingvin-share-on-your-synology-nas/)

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-backend",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "scripts": {
     "build": "nest build",
     "dev": "nest start --watch",
@@ -16,60 +16,62 @@
     "@nestjs/common": "^9.2.1",
     "@nestjs/config": "^2.2.0",
     "@nestjs/core": "^9.2.1",
-    "@nestjs/jwt": "^9.0.0",
+    "@nestjs/jwt": "^10.0.1",
     "@nestjs/mapped-types": "^1.2.0",
     "@nestjs/passport": "^9.0.0",
     "@nestjs/platform-express": "^9.2.1",
     "@nestjs/schedule": "^2.1.0",
     "@nestjs/throttler": "^3.1.0",
-    "@prisma/client": "^4.7.1",
+    "@prisma/client": "^4.8.1",
     "archiver": "^5.3.1",
-    "argon2": "^0.30.2",
+    "argon2": "^0.30.3",
     "body-parser": "^1.20.1",
+    "clamscan": "^2.1.2",
     "class-transformer": "^0.5.1",
     "class-validator": "^0.13.2",
     "content-disposition": "^0.5.4",
     "cookie-parser": "^1.4.6",
     "mime-types": "^2.1.35",
     "moment": "^2.29.4",
-    "nodemailer": "^6.8.0",
+    "nodemailer": "^6.9.0",
     "otplib": "^12.0.1",
     "passport": "^0.6.0",
-    "passport-jwt": "^4.0.0",
+    "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
     "qrcode-svg": "^1.1.0",
     "reflect-metadata": "^0.1.13",
-    "rimraf": "^3.0.2",
-    "rxjs": "^7.6.0",
+    "rimraf": "^4.0.4",
+    "rxjs": "^7.8.0",
     "ts-node": "^10.9.1"
   },
   "devDependencies": {
-    "@nestjs/cli": "^9.1.5",
-    "@nestjs/schematics": "^9.0.3",
+    "@nestjs/cli": "^9.1.8",
+    "@nestjs/schematics": "^9.0.4",
     "@nestjs/testing": "^9.2.1",
     "@types/archiver": "^5.3.1",
+    "@types/clamscan": "^2.0.4",
     "@types/cookie-parser": "^1.4.3",
     "@types/cron": "^2.0.0",
-    "@types/express": "^4.17.14",
+    "@types/express": "^4.17.15",
     "@types/mime-types": "^2.1.1",
-    "@types/node": "^18.11.10",
-    "@types/nodemailer": "^6.4.6",
-    "@types/passport-jwt": "^3.0.7",
+    "@types/node": "^18.11.18",
+    "@types/nodemailer": "^6.4.7",
+    "@types/passport-jwt": "^3.0.8",
     "@types/qrcode-svg": "^1.1.1",
     "@types/supertest": "^2.0.12",
-    "@typescript-eslint/eslint-plugin": "^5.45.0",
-    "@typescript-eslint/parser": "^5.45.0",
+    "@typescript-eslint/eslint-plugin": "^5.48.1",
+    "@typescript-eslint/parser": "^5.48.1",
     "cross-env": "^7.0.3",
-    "eslint": "^8.29.0",
-    "eslint-config-prettier": "^8.5.0",
+    "eslint": "^8.31.0",
+    "eslint-config-prettier": "^8.6.0",
     "eslint-plugin-prettier": "^4.2.1",
     "newman": "^5.3.2",
-    "prettier": "^2.8.0",
-    "prisma": "^4.7.1",
+    "prettier": "^2.8.2",
+    "prisma": "^4.8.1",
     "source-map-support": "^0.5.21",
     "ts-loader": "^9.4.2",
-    "tsconfig-paths": "4.1.1",
-    "typescript": "^4.9.3",
-    "wait-on": "^6.0.1"
+    "tsconfig-paths": "4.1.2",
+    "typescript": "^4.9.4",
+    "wait-on": "^7.0.1"
   }
 }

backend/prisma/migrations/20230113080918_removed_reason_attribute/migration.sql

@@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Share" ADD COLUMN "removedReason" TEXT;

backend/prisma/schema.prisma

@@ -52,11 +52,12 @@ model Share {
   id        String   @id @default(uuid())
   createdAt DateTime @default(now())
 
-  uploadLocked Boolean  @default(false)
-  isZipReady   Boolean  @default(false)
-  views        Int      @default(0)
-  expiration   DateTime
-  description  String?
+  uploadLocked  Boolean  @default(false)
+  isZipReady    Boolean  @default(false)
+  views         Int      @default(0)
+  expiration    DateTime
+  description   String?
+  removedReason String?
 
   creatorId  String?
   creator    User?            @relation(fields: [creatorId], references: [id], onDelete: Cascade)

backend/src/app.module.ts

@@ -12,6 +12,7 @@ import { JobsModule } from "./jobs/jobs.module";
 import { PrismaModule } from "./prisma/prisma.module";
 import { ShareModule } from "./share/share.module";
 import { UserModule } from "./user/user.module";
+import { ClamscanModule } from "./clamscan/clamscan.module";
 
 @Module({
   imports: [
@@ -28,6 +29,7 @@ import { UserModule } from "./user/user.module";
       limit: 100,
     }),
     ScheduleModule.forRoot(),
+    ClamscanModule,
   ],
   providers: [
     {

backend/src/clamscan/clamscan.module.ts

@@ -0,0 +1,10 @@
+import { forwardRef, Module } from "@nestjs/common";
+import { FileModule } from "src/file/file.module";
+import { ClamScanService } from "./clamscan.service";
+
+@Module({
+  imports: [forwardRef(() => FileModule)],
+  providers: [ClamScanService],
+  exports: [ClamScanService],
+})
+export class ClamscanModule {}

backend/src/clamscan/clamscan.service.ts

@@ -0,0 +1,86 @@
+import { Injectable } from "@nestjs/common";
+import * as NodeClam from "clamscan";
+import * as fs from "fs";
+import { FileService } from "src/file/file.service";
+import { PrismaService } from "src/prisma/prisma.service";
+
+const clamscanConfig = {
+  clamdscan: {
+    host: process.env.NODE_ENV == "docker" ? "clamav" : "127.0.0.1",
+    port: 3310,
+    localFallback: false,
+  },
+  preference: "clamdscan",
+};
+
+@Injectable()
+export class ClamScanService {
+  constructor(
+    private fileService: FileService,
+    private prisma: PrismaService
+  ) {}
+
+  private ClamScan: Promise<NodeClam | null> = new NodeClam()
+    .init(clamscanConfig)
+    .then((res) => {
+      console.log("ClamAV is active");
+      return res;
+    })
+    .catch(() => {
+      console.log("ClamAV is not active");
+      return null;
+    });
+
+  async check(shareId: string) {
+    const clamScan = await this.ClamScan;
+
+    if (!clamScan) return [];
+
+    const infectedFiles = [];
+
+    const files = fs
+      .readdirSync(`./data/uploads/shares/${shareId}`)
+      .filter((file) => file != "archive.zip");
+
+    for (const fileId of files) {
+      const { isInfected } = await clamScan
+        .isInfected(`./data/uploads/shares/${shareId}/${fileId}`)
+        .catch(() => {
+          console.log("ClamAV is not active");
+          return { isInfected: false };
+        });
+
+      const fileName = (
+        await this.prisma.file.findUnique({ where: { id: fileId } })
+      ).name;
+
+      if (isInfected) {
+        infectedFiles.push({ id: fileId, name: fileName });
+      }
+    }
+
+    return infectedFiles;
+  }
+
+  async checkAndRemove(shareId: string) {
+    const infectedFiles = await this.check(shareId);
+
+    if (infectedFiles.length > 0) {
+      await this.fileService.deleteAllFiles(shareId);
+      await this.prisma.file.deleteMany({ where: { shareId } });
+
+      const fileNames = infectedFiles.map((file) => file.name).join(", ");
+
+      await this.prisma.share.update({
+        where: { id: shareId },
+        data: {
+          removedReason: `Your share got removed because the file(s) ${fileNames} are malicious.`,
+        },
+      });
+
+      console.log(
+        `Share ${shareId} deleted because it contained ${infectedFiles.length} malicious file(s)`
+      );
+    }
+  }
+}

backend/src/main.ts

@@ -11,7 +11,7 @@ async function bootstrap() {
   app.useGlobalPipes(new ValidationPipe({ whitelist: true }));
   app.useGlobalInterceptors(new ClassSerializerInterceptor(app.get(Reflector)));
 
-  app.use(bodyParser.raw({type:'application/octet-stream', limit:'20mb'}));
+  app.use(bodyParser.raw({ type: "application/octet-stream", limit: "20mb" }));
   app.use(cookieParser());
   app.set("trust proxy", true);
 

backend/src/share/share.module.ts

@@ -1,12 +1,18 @@
 import { forwardRef, Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
+import { ClamscanModule } from "src/clamscan/clamscan.module";
 import { EmailModule } from "src/email/email.module";
 import { FileModule } from "src/file/file.module";
 import { ShareController } from "./share.controller";
 import { ShareService } from "./share.service";
 
 @Module({
-  imports: [JwtModule.register({}), EmailModule, forwardRef(() => FileModule)],
+  imports: [
+    JwtModule.register({}),
+    EmailModule,
+    ClamscanModule,
+    forwardRef(() => FileModule),
+  ],
   controllers: [ShareController],
   providers: [ShareService],
   exports: [ShareService],

backend/src/share/share.service.ts

@@ -10,6 +10,7 @@ import * as archiver from "archiver";
 import * as argon from "argon2";
 import * as fs from "fs";
 import * as moment from "moment";
+import { ClamScanService } from "src/clamscan/clamscan.service";
 import { ConfigService } from "src/config/config.service";
 import { EmailService } from "src/email/email.service";
 import { FileService } from "src/file/file.service";
@@ -23,7 +24,8 @@ export class ShareService {
     private fileService: FileService,
     private emailService: EmailService,
     private config: ConfigService,
-    private jwtService: JwtService
+    private jwtService: JwtService,
+    private clasmScanService: ClamScanService
   ) {}
 
   async create(share: CreateShareDTO, user?: User) {
@@ -123,6 +125,9 @@ export class ShareService {
       );
     }
 
+    // Check if any file is malicious with ClamAV
+    this.clasmScanService.checkAndRemove(share.id);
+
     return await this.prisma.share.update({
       where: { id },
       data: { uploadLocked: true },
@@ -157,7 +162,7 @@ export class ShareService {
   }
 
   async get(id: string) {
-    const share: any = await this.prisma.share.findUnique({
+    const share = await this.prisma.share.findUnique({
       where: { id },
       include: {
         files: true,
@@ -165,10 +170,13 @@ export class ShareService {
       },
     });
 
+    if (share.removedReason)
+      throw new NotFoundException(share.removedReason, "share_removed");
+
     if (!share || !share.uploadLocked)
       throw new NotFoundException("Share not found");
 
-    return share;
+    return share as any;
   }
 
   async getMetaData(id: string) {

docker-compose-dev.yml

@@ -0,0 +1,7 @@
+version: '3.8'
+services:
+  clamav:
+    restart: unless-stopped
+    ports:
+      - 3310:3310
+    image: clamav/clamav

docker-compose.yml

@@ -6,4 +6,9 @@ services:
     ports:
       - 3000:3000
     volumes:
-      - "${PWD}/data:/opt/app/backend/data"
+      - "./data:/opt/app/backend/data"
+# Optional: Add ClamAV (see README.md)  
+# ClamAV is currently only available for AMD64 see https://github.com/Cisco-Talos/clamav/issues/482
+#  clamav:
+#    restart: unless-stopped
+#    image: clamav/clamav

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share-frontend",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "scripts": {
     "dev": "next dev",
     "build": "next build",
@@ -11,19 +11,19 @@
   "dependencies": {
     "@emotion/react": "^11.10.5",
     "@emotion/server": "^11.10.0",
-    "@mantine/core": "^5.9.2",
-    "@mantine/dropzone": "^5.9.2",
-    "@mantine/form": "^5.9.2",
-    "@mantine/hooks": "^5.9.2",
-    "@mantine/modals": "^5.9.2",
-    "@mantine/next": "^5.9.2",
-    "@mantine/notifications": "^5.9.2",
-    "axios": "^1.2.0",
+    "@mantine/core": "^5.10.0",
+    "@mantine/dropzone": "^5.10.0",
+    "@mantine/form": "^5.10.0",
+    "@mantine/hooks": "^5.10.0",
+    "@mantine/modals": "^5.10.0",
+    "@mantine/next": "^5.10.0",
+    "@mantine/notifications": "^5.10.0",
+    "axios": "^1.2.2",
     "cookies-next": "^2.1.1",
     "file-saver": "^2.0.5",
-    "jose": "^4.11.1",
+    "jose": "^4.11.2",
     "moment": "^2.29.4",
-    "next": "^13.0.6",
+    "next": "^13.1.2",
     "next-cookies": "^2.0.3",
     "next-http-proxy-middleware": "^1.2.5",
     "next-pwa": "^5.6.0",
@@ -34,15 +34,15 @@
     "yup": "^0.32.11"
   },
   "devDependencies": {
-    "@types/node": "18.11.10",
+    "@types/node": "18.11.18",
     "@types/react": "18.0.26",
-    "@types/react-dom": "18.0.9",
-    "axios": "^1.2.0",
-    "eslint": "8.29.0",
-    "eslint-config-next": "^13.0.6",
-    "eslint-config-prettier": "^8.5.0",
-    "prettier": "^2.8.0",
-    "tar": "^6.1.12",
-    "typescript": "^4.9.3"
+    "@types/react-dom": "18.0.10",
+    "axios": "^1.2.2",
+    "eslint": "8.31.0",
+    "eslint-config-next": "^13.1.2",
+    "eslint-config-prettier": "^8.6.0",
+    "prettier": "^2.8.2",
+    "tar": "^6.1.13",
+    "typescript": "^4.9.4"
   }
 }

frontend/src/components/account/showShareLinkModal.tsx

@@ -1,7 +1,11 @@
 import { Stack, TextInput } from "@mantine/core";
 import { ModalsContextProps } from "@mantine/modals/lib/context";
 
-const showShareLinkModal = (modals: ModalsContextProps, shareId: string, appUrl : string) => {
+const showShareLinkModal = (
+  modals: ModalsContextProps,
+  shareId: string,
+  appUrl: string
+) => {
   const link = `${appUrl}/share/${shareId}`;
   return modals.openModal({
     title: "Share link",

frontend/src/components/upload/Dropzone.tsx

@@ -53,7 +53,10 @@ const Dropzone = ({
         disabled={isUploading}
         openRef={openRef as ForwardedRef<() => void>}
         onDrop={(newFiles: FileUpload[]) => {
-          const fileSizeSum = [...newFiles, ...files].reduce((n, { size }) => n + size, 0);
+          const fileSizeSum = [...newFiles, ...files].reduce(
+            (n, { size }) => n + size,
+            0
+          );
 
           if (fileSizeSum > config.get("MAX_SHARE_SIZE")) {
             toast.error(

frontend/src/pages/admin/index.tsx

@@ -53,7 +53,7 @@ const Admin = () => {
             title: "Update",
             icon: TbRefresh,
             route:
-              "https://github.com/stonith404/pingvin-share/releases/tag/v0.5.0",
+              "https://github.com/stonith404/pingvin-share/releases/latest",
           },
         ]);
       }

frontend/src/pages/share/[shareId].tsx

@@ -47,21 +47,19 @@ const Share = ({ shareId }: { shareId: string }) => {
       .catch((e) => {
         const { error } = e.response.data;
         if (e.response.status == 404) {
-          showErrorModal(
-            modals,
-            "Not found",
-            "This share can't be found. Please check your link."
-          );
+          if (error == "share_removed") {
+            showErrorModal(modals, "Share removed", e.response.data.message);
+          } else {
+            showErrorModal(
+              modals,
+              "Not found",
+              "This share can't be found. Please check your link."
+            );
+          }
         } else if (error == "share_password_required") {
           showEnterPasswordModal(modals, getShareToken);
         } else if (error == "share_token_required") {
           getShareToken();
-        } else if (error == "forbidden") {
-          showErrorModal(
-            modals,
-            "Forbidden",
-            "You're not allowed to see this share. Are you logged in with the correct account?"
-          );
         } else {
           showErrorModal(modals, "Error", "An unknown error occurred.");
         }

frontend/src/types/File.type.ts

@@ -1,3 +1,3 @@
 export type FileUpload = File & { uploadingProgress: number };
 
-export type FileUploadResponse = {id: string, name: string}
+export type FileUploadResponse = { id: string; name: string };

package.json

@@ -1,6 +1,6 @@
 {
   "name": "pingvin-share",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "scripts": {
     "format": "cd frontend && npm run format && cd ../backend && npm run format",
     "lint": "cd frontend && npm run lint && cd ../backend && npm run lint",