Add password validation

handler/download/download.go

@@ -0,0 +1,62 @@
+package downloadHandler
+
+import (
+	"errors"
+	"github.com/fossyy/filekeeper/db"
+	"github.com/fossyy/filekeeper/logger"
+	"github.com/fossyy/filekeeper/middleware"
+	"github.com/fossyy/filekeeper/session"
+	"github.com/fossyy/filekeeper/types"
+	"github.com/fossyy/filekeeper/types/models"
+	"github.com/fossyy/filekeeper/utils"
+	downloadView "github.com/fossyy/filekeeper/view/download"
+	"net/http"
+)
+
+var log *logger.AggregatedLogger
+
+func init() {
+	log = logger.Logger()
+}
+
+func GET(w http.ResponseWriter, r *http.Request) {
+	cookie, err := r.Cookie("Session")
+	if err != nil {
+		if errors.Is(err, http.ErrNoCookie) {
+			http.Redirect(w, r, "/signin", http.StatusSeeOther)
+			return
+		}
+		log.Error(err.Error())
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	storeSession, err := session.Store.Get(cookie.Value)
+	if err != nil {
+		if errors.Is(err, &session.SessionNotFound{}) {
+			storeSession.Destroy(w)
+		}
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	userSession := middleware.GetUser(storeSession)
+
+	var files []models.File
+	db.DB.Table("files").Where("owner_id = ?", userSession.UserID).Find(&files)
+	var filesData []types.FileData
+	for i := 0; i < len(files); i++ {
+		filesData = append(filesData, types.FileData{
+			ID:         files[i].ID.String(),
+			Name:       files[i].Name,
+			Size:       utils.ConvertFileSize(files[i].Size),
+			Downloaded: files[i].Downloaded,
+		})
+	}
+
+	component := downloadView.Main("Download Page", filesData)
+	err = component.Render(r.Context(), w)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Error(err.Error())
+		return
+	}
+}

handler/download/file/file.go

@@ -0,0 +1,56 @@
+package downloadFileHandler
+
+import (
+	"github.com/fossyy/filekeeper/db"
+	"github.com/fossyy/filekeeper/logger"
+	"github.com/fossyy/filekeeper/types/models"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+var log *logger.AggregatedLogger
+
+func init() {
+	log = logger.Logger()
+}
+
+func GET(w http.ResponseWriter, r *http.Request) {
+	fileID := r.PathValue("id")
+
+	var file models.File
+	err := db.DB.Table("files").Where("id = ?", fileID).First(&file).Error
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Error(err.Error())
+	}
+
+	uploadDir := "uploads"
+
+	currentDir, _ := os.Getwd()
+	basePath := filepath.Join(currentDir, uploadDir)
+	saveFolder := filepath.Join(basePath, file.OwnerID.String(), file.ID.String())
+
+	if filepath.Dir(saveFolder) != filepath.Join(basePath, file.OwnerID.String()) {
+		log.Error("invalid path")
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	openFile, err := os.OpenFile(filepath.Join(saveFolder, file.Name), os.O_RDONLY, 0)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Error(err.Error())
+	}
+	defer openFile.Close()
+
+	stat, err := openFile.Stat()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		log.Error(err.Error())
+	}
+
+	w.Header().Set("Content-Disposition", "attachment; filename="+stat.Name())
+	http.ServeContent(w, r, stat.Name(), stat.ModTime(), openFile)
+	return
+}