README
¶
Golang PhotoBackup server
Browsing through F-Droid one day, I came across PhotoBackup - ever since I stopped using Owncloud, the lack of automatic photo uploads from my phone to my server has been bugging me, so I installed the client and started looking at the server. The concept is reasonable, the API is simple, but the implementations are a bit terrifying, so here's my attempt.
It's written in Go to avoid runtime dependencies; some glaring errors in the Python implementation have been corrected. To build from source (assuming you already have a Go runtime):
$ go get github.com/lupine/photobackup-server-go
$ cd $GOPATH/src/github.com/lupine/photobackup-server-go
$ go build
$ cp config.example ~/.photobackup
$ vi ~/.photobackup # Add a Password= or PasswordBcrypt= line
$ ./photobackup-server-go
There's now a HTTP server running on 127.0.0.1:8420 that will upload to ./incoming with the given password.
If there's demand, I'll put up some precompiled blobs. I wouldn't generally recommend using precompiled blobs you find on the Internet, though.
Deployment strategy
I'd say stick it under runit or systemd, bound to localhost, behind a HTTPS reverse proxy (nginx, say). For bonus points, run it as an unprivileged user in a jail. This is made much easier by the lack of runtime dependencies, of course.
Here's an nginx reverse proxy directive:
location /photobackup {
proxy_pass http://127.0.0.1:8420;
}
Here's a systemd unit file:
[Unit]
Description=HTTP server for PhotoBackup
After=network.target
[Service]
ExecStart=/home/lupine/bin/photobackup-server-go
User=lupine
WorkingDirectory=/home/lupine
Restart=always
Features
Improvements on photobackup-python
- Stores the secret on disc in a different format to on the wire (bcrypt(sha512(secret))
- Constant-time comparison of the secret, to avoid timing attacks
- Doesn't have to bind to the IPv4 wildcard
- Supports HTTP prefixes
- Uses 405 Method Not Allowed where appropriate
- Uses 409 Conflict where an upload would overwrite an existing file
- Doesn't read POST data beyond the filesize parameter
To add
- Direct HTTPS support
- Sensible multi-user support (support for, say, POST /:username[/test])
- Config file management like the python version's "init" stuff.
Documentation
¶
Overview ¶
This is a small HTTP server implementing the "photobackup server" endpoint documented here: https://github.com/PhotoBackup/api/
Written because the existing servers make me a touch sad; go means we can avoid a pile of runtime dependencies. Build-time dependencies are being kept low; bcrypt, homedir and graceful are the only luxuries. Adding gorilla mux and, perhaps, negroni, would probably be overkill.
We're trying to be compatible, so config file is INI-format: ~/.photobackup
[photobackup] MediaRoot=<path to store files in> Password=<sha512 digest of password, no salt> Port=<port>
In addition to these keys, I'm also supporting:
BindAddress=<address to bind to> PasswordBcrypt=<bcrypt of sha512 digest of plain password> HTTPPrefix=<prefix to mount HTTP server at>
The original server was intended to run over HTTP, I think, hence the client sending a SHA512'd password. We support this scheme, but the on-disc storage format is really better off being bcrypt(sha512(password)), so I've added that.
Adding BindAddress and HTTPPrefix means that mounting this behind a HTTP reverse proxy is quite doable, and lets us offload HTTPS to that as well. That's how I'm intending to use it.
I think the original servers are designed so you can connect to them using just HTTP; hence the sha512(password) scheme. This is short-sighted; the only thing it gets you is (weak) protection against sniffing if you happen to use the same password elsewhere. Sniffers in this scenario can still upload to your server and view your photos.
At some point in the future I might add direct HTTPS support as well, but I don't need it.
@author Nick Thomas <photobackup@ur.gs>
Source Files