Add password validation

handler/upload/initialisation/initialisation.go

@@ -0,0 +1,174 @@
+package initialisation
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/fossyy/filekeeper/db"
+	"github.com/fossyy/filekeeper/logger"
+	"github.com/fossyy/filekeeper/middleware"
+	"github.com/fossyy/filekeeper/session"
+	"github.com/fossyy/filekeeper/types"
+	"github.com/fossyy/filekeeper/types/models"
+	"github.com/google/uuid"
+	"gorm.io/gorm"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+)
+
+var log *logger.AggregatedLogger
+
+func init() {
+	log = logger.Logger()
+}
+
+func POST(w http.ResponseWriter, r *http.Request) {
+	cookie, err := r.Cookie("Session")
+	if err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	storeSession, err := session.Store.Get(cookie.Value)
+	if err != nil {
+		if errors.Is(err, &session.SessionNotFound{}) {
+			storeSession.Destroy(w)
+		}
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	userSession := middleware.GetUser(storeSession)
+
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	var fileInfo types.FileInfo
+	if err := json.Unmarshal(body, &fileInfo); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	fileData, err := getFile(fileInfo.Name, userSession.UserID)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			upload, err := handleNewUpload(userSession, fileInfo)
+			if err != nil {
+				handleError(w, err, http.StatusInternalServerError)
+				return
+			}
+			respondJSON(w, upload)
+			return
+		}
+		respondErrorJSON(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	info, err := GetUploadInfo(fileData.ID.String())
+	if err != nil {
+		log.Error(err.Error())
+		return
+	}
+
+	if info.Done {
+		respondJSON(w, map[string]bool{"Done": true})
+		return
+	}
+	respondJSON(w, info)
+}
+
+func getFile(name string, ownerID uuid.UUID) (models.File, error) {
+	var data models.File
+	err := db.DB.Table("files").Where("name = ? AND owner_id = ?", name, ownerID).First(&data).Error
+	if err != nil {
+		return data, err
+	}
+	return data, nil
+}
+
+func handleNewUpload(user types.User, file types.FileInfo) (models.FilesUploaded, error) {
+	uploadDir := "uploads"
+	if _, err := os.Stat(uploadDir); os.IsNotExist(err) {
+		log.Error(err.Error())
+		err := os.Mkdir(uploadDir, os.ModePerm)
+		if err != nil {
+			log.Error(err.Error())
+			return models.FilesUploaded{}, err
+		}
+	}
+
+	fileID := uuid.New()
+	ownerID := user.UserID
+
+	currentDir, _ := os.Getwd()
+	basePath := filepath.Join(currentDir, uploadDir)
+	saveFolder := filepath.Join(basePath, ownerID.String(), fileID.String())
+	if filepath.Dir(saveFolder) != filepath.Join(basePath, ownerID.String()) {
+		return models.FilesUploaded{}, errors.New("invalid path")
+	}
+
+	err := os.MkdirAll(saveFolder, os.ModePerm)
+	if err != nil {
+		log.Error(err.Error())
+		return models.FilesUploaded{}, err
+	}
+
+	newFile := models.File{
+		ID:         fileID,
+		OwnerID:    ownerID,
+		Name:       file.Name,
+		Size:       file.Size,
+		Downloaded: 0,
+	}
+	err = db.DB.Create(&newFile).Error
+	if err != nil {
+		log.Error(err.Error())
+		return models.FilesUploaded{}, err
+	}
+
+	filesUploaded := models.FilesUploaded{
+		UploadID: uuid.New(),
+		FileID:   fileID,
+		OwnerID:  ownerID,
+		Name:     file.Name,
+		Size:     file.Size,
+		Uploaded: -1,
+		Done:     false,
+	}
+
+	err = db.DB.Create(&filesUploaded).Error
+	if err != nil {
+		log.Error(err.Error())
+		return models.FilesUploaded{}, err
+	}
+	return filesUploaded, nil
+}
+
+func GetUploadInfo(fileID string) (*models.FilesUploaded, error) {
+	var data *models.FilesUploaded
+	err := db.DB.Table("files_uploadeds").Where("file_id = ?", fileID).First(&data).Error
+	if err != nil {
+		return data, err
+	}
+	return data, nil
+}
+
+func respondJSON(w http.ResponseWriter, data interface{}) {
+	w.Header().Set("Content-Type", "application/json")
+	if err := json.NewEncoder(w).Encode(data); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+	}
+}
+
+func respondErrorJSON(w http.ResponseWriter, err error, statusCode int) {
+	w.WriteHeader(statusCode)
+	respondJSON(w, map[string]string{"error": err.Error()})
+}
+
+func handleError(w http.ResponseWriter, err error, statusCode int) {
+	http.Error(w, err.Error(), statusCode)
+	log.Error(err.Error())
+}

handler/upload/upload.go

@@ -0,0 +1,142 @@
+package uploadHandler
+
+import (
+	"errors"
+	"github.com/fossyy/filekeeper/db"
+	"github.com/fossyy/filekeeper/handler/upload/initialisation"
+	"github.com/fossyy/filekeeper/logger"
+	"github.com/fossyy/filekeeper/middleware"
+	"github.com/fossyy/filekeeper/session"
+	filesView "github.com/fossyy/filekeeper/view/upload"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"sync"
+)
+
+var log *logger.AggregatedLogger
+var mu sync.Mutex
+
+func init() {
+	log = logger.Logger()
+}
+
+func GET(w http.ResponseWriter, r *http.Request) {
+	component := filesView.Main("upload page")
+	if err := component.Render(r.Context(), w); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+}
+
+func POST(w http.ResponseWriter, r *http.Request) {
+	fileID := r.PathValue("id")
+	if err := r.ParseMultipartForm(32 << 20); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	cookie, err := r.Cookie("Session")
+	if err != nil {
+		handleCookieError(w, r, err)
+		return
+	}
+
+	storeSession, err := session.Store.Get(cookie.Value)
+	if err != nil {
+		if errors.Is(err, &session.SessionNotFound{}) {
+			storeSession.Destroy(w)
+		}
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	userSession := middleware.GetUser(storeSession)
+
+	if r.FormValue("done") == "true" {
+		finalizeFileUpload(fileID)
+		return
+	}
+
+	uploadDir := "uploads"
+	if err := createUploadDirectory(uploadDir); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+
+	file, err := initialisation.GetUploadInfo(fileID)
+	if err != nil {
+		log.Error("error getting upload info: " + err.Error())
+		return
+	}
+
+	currentDir, _ := os.Getwd()
+	basePath := filepath.Join(currentDir, uploadDir)
+	saveFolder := filepath.Join(basePath, userSession.UserID.String(), file.FileID.String())
+
+	if filepath.Dir(saveFolder) != filepath.Join(basePath, userSession.UserID.String()) {
+		log.Error("invalid path")
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	fileByte, _, err := r.FormFile("chunk")
+	if err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+	defer fileByte.Close()
+
+	dst, err := os.OpenFile(filepath.Join(saveFolder, file.Name), os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
+	if err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+	defer dst.Close()
+	if _, err := io.Copy(dst, fileByte); err != nil {
+		handleError(w, err, http.StatusInternalServerError)
+		return
+	}
+	rawIndex := r.FormValue("index")
+	index, err := strconv.Atoi(rawIndex)
+	if err != nil {
+		return
+	}
+	updateIndex(index, fileID)
+}
+
+func finalizeFileUpload(fileID string) {
+	db.DB.Table("files_uploadeds").Where("file_id = ?", fileID).Updates(map[string]interface{}{
+		"Done": true,
+	})
+}
+
+func createUploadDirectory(uploadDir string) error {
+	if _, err := os.Stat(uploadDir); os.IsNotExist(err) {
+		if err := os.Mkdir(uploadDir, os.ModePerm); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func updateIndex(index int, fileID string) {
+	db.DB.Table("files_uploadeds").Where("file_id = ?", fileID).Updates(map[string]interface{}{
+		"Uploaded": index,
+	})
+}
+
+func handleCookieError(w http.ResponseWriter, r *http.Request, err error) {
+	if errors.Is(err, http.ErrNoCookie) {
+		http.Redirect(w, r, "/signin", http.StatusSeeOther)
+		return
+	}
+	handleError(w, err, http.StatusInternalServerError)
+}
+
+func handleError(w http.ResponseWriter, err error, status int) {
+	http.Error(w, err.Error(), status)
+	log.Error(err.Error())
+}