Public Pastes
BitBucket - Backup your code in the cloud! Host unlimited private projects, for free. SIGN UP takes 10 seconds, and it's free!
SHARE
TWEET

first hurdles

a guest Jan 31st, 2016 8 Never
  1. 02:52:48    n-tech  https://github.com/infinity-next/infinity-next/blob/master/app/FileStorage.php
  2. 02:52:50    n-tech  jesus christ.
  3. 02:52:52    n-tech  So bcause of how the Laravel framework works, to get the attachments inside a view
  4. 02:52:54    n-tech  I just go:
  5. 02:52:56    n-tech  @foreach ($post->attachments as $attachment)
  6. 02:53:00    n-tech  the ->hash on $storage
  7. 02:53:07    n-tech  {{$attachment->storage->hash}}
  8. 02:53:08    __uguu__    probably a bad way to do it
  9. 02:53:23    n-tech  yeah that's my thought. It has to do a query per post. It's ineffecient.
  10. 02:53:37    __uguu__    at this point you want to get access via sql
  11. 02:54:06    *   __uguu__ looks into it
  12. 02:54:26    __uguu__    what you want to do is...?
  13. 02:54:53    __uguu__    what are you trying to get done?
  14. 02:55:14    n-tech  The hash is what's used to get the file's location.
  15. 02:55:25    n-tech  /board/hash/filename.jpg
  16. 02:55:48    n-tech  the board is irrelevant, just a part of the route. the filename is optional and it determines what it's called on download.
  17. 02:55:58    n-tech  The point is to generate this string:
  18. 02:56:15    n-tech  <img class="attachment-img" src="{!! url("{$board->uri}/file/{$attachment->storage->hash}/{$attachment->filename}") !!}" alt="{{ $attachment->filename }}" />
  19. 02:56:48    n-tech  The getFile controller method is what distributes the content with the specified filename.
  20. 02:57:52    __uguu__    okay so given a post you want every hash of the attachment uploaded with that post?
  21. 02:58:46    n-tech  The hash is derived from the upload and is used to prevent dulicate files on the harddrive and to deal with hash banning.
  22. 02:58:56    n-tech  The MD5 is now the identifier for the system to pull the file from the request.
  23. 02:59:04    n-tech  They are stored on the harddrive as their MD5 for a filename.
  24. 02:59:07    __uguu__    md5 collides
  25. 02:59:13    __uguu__    you really should use sha256
  26. 02:59:15    __uguu__    or sha1
  27. 02:59:22    n-tech  There is approximately a 1x2^128 chance of that happening.
  28. 02:59:28    __uguu__    except that's not true
  29. 02:59:40    __uguu__    md5 is a borked hash algorithm
  30. 03:00:05    __uguu__    i.e. append nul to a file
  31. 03:00:10    __uguu__    still has the same md5
  32. 03:00:38    __uguu__    which is a collision
  33. 03:00:40    n-tech  how is that not desirable when trying to prevent duplicates
  34. 03:00:53    __uguu__    my point is that md5 is pretty borked
  35. 03:01:02    __uguu__    <-- works with crypto
  36. [...]
  37. 07:39:03    ~copypaste  reply_to is definitely flawed
  38. 07:39:09    ~copypaste  you need something like TB's cite_posts table
  39. 07:39:13    ~copypaste  it's hard to do but works very, very well
  40. 07:39:29    ~copypaste  erm, it's just called ``cites`` actually.
  41. 07:40:00    ~copypaste  DESC cites -> http://pastie.org/10183422
  42. 07:40:22    ~copypaste  also
  43. 07:40:33    ~copypaste  __uguu__: no, I recommended MD5 because that's what 4chan uses.
  44. 07:40:41    ~copypaste  Who cares if a NUL byte changes the file?
  45. 07:40:47    ~copypaste  Not me. That's a duplicate, feature not a bug.
  46. 07:40:58    ~copypaste  erm, doesn't change the hash*
  47. 07:41:06    ~copypaste  4chan API expects md5. MD5 is best for this.
  48. 07:41:41    ~copypaste  I understand you work in crypto. This isn't crypto, not really. There's no secret to be leaked.
RAW Paste Data
Top