contented/upload.go

package contented

import (
	"crypto/sha512"
	"encoding/hex"
	"encoding/json"
	"io"
	"log"
	"mime"
	"mime/multipart"
	"net/http"
	"os"
	"path"
	"path/filepath"
	"strings"
	"time"
)

func (this *Server) handleUpload(w http.ResponseWriter, r *http.Request) {

	err := r.ParseMultipartForm(this.opts.MaxUploadBytes * 2)
	if err != nil {
		log.Printf("%s Invalid request: %s\n", r.RemoteAddr, err.Error())
		http.Error(w, "Invalid request", 400)
		return
	}

	if r.MultipartForm == nil || r.MultipartForm.File == nil || len(r.MultipartForm.File["f"]) < 1 {
		log.Printf("%s Invalid request: no multipart content\n", r.RemoteAddr)
		http.Error(w, "Invalid request", 400)
		return
	}

	ret := make([]string, 0, len(r.MultipartForm.File["f"]))

	for _, fhs := range r.MultipartForm.File["f"] {
		f, err := fhs.Open()
		if err != nil {
			log.Printf("%s Internal error: %s\n", r.RemoteAddr, err.Error())
			http.Error(w, "Internal error", 500)
			return
		}

		path, err := this.handleUploadFile(f, fhs, remoteIP(r))
		if err != nil {
			log.Printf("%s Upload failed: %s\n", r.RemoteAddr, err.Error())
			http.Error(w, "Upload failed", 500)
		}

		ret = append(ret, path)
	}

	jb, err := json.Marshal(ret)
	if err != nil {
		log.Printf("%s Internal error: %s\n", r.RemoteAddr, err.Error())
		http.Error(w, "Internal error", 500)
		return
	}

	w.Header().Set(`Content-Type`, `application/json`)
	w.WriteHeader(200)
	w.Write(jb)
}

func (this *Server) handleUploadFile(src multipart.File, hdr *multipart.FileHeader, UploadIP string) (string, error) {

	// Get file length
	srcLen, err := src.Seek(0, io.SeekEnd)
	if err != nil {
		return "", err
	}

	_, err = src.Seek(0, io.SeekStart)
	if err != nil {
		return "", err
	}

	// Get file hash
	hasher := sha512.New512_256()
	_, err = io.CopyN(hasher, src, int64(srcLen))
	if err != nil {
		return "", err
	}

	_, err = src.Seek(0, io.SeekStart)
	if err != nil {
		return "", err
	}

	// Save file to disk
	fileID := hex.EncodeToString(hasher.Sum(nil))
	dest, err := os.OpenFile(filepath.Join(this.opts.DataDirectory, fileID), os.O_CREATE|os.O_WRONLY, 0600)
	if err != nil {
		if os.IsExist(err) {
			return fileID, nil // hash matches existing upload
		}

		return "", err
	}
	defer dest.Close()

	_, err = io.CopyN(dest, src, int64(srcLen))
	if err != nil {
		return "", err
	}

	// Determine mime type
	ctype := hdr.Header.Get("Content-Type")
	if ctype == "" {
		ctype = mime.TypeByExtension(path.Ext(hdr.Filename))
	}
	if ctype == "" {
		ctype = `application/octet-stream`
	}

	// Blacklisted mime-types
	ctype = strings.ToLower(ctype)
	if strings.HasPrefix(ctype, `text/html`) ||
		strings.HasPrefix(ctype, `application/javascript`) {
		ctype = `application/octet-stream`
	}

	// Persist metadata to DB
	m := Metadata{
		Filename:   hdr.Filename,
		UploadTime: time.Now(),
		UploadIP:   UploadIP,
		FileSize:   srcLen,
		MimeType:   ctype,
	}
	err = this.SetMetadata(fileID, m)
	if err != nil {
		return "", err
	}

	// Done
	return fileID, nil
}
separate metadata/upload into separate files, handle mime types safely, preserve names on download (only) 2017-10-06 07:19:02 +00:00			`package contented`

			`import (`
			`"crypto/sha512"`
			`"encoding/hex"`
server: handle multiple uploads 2017-10-08 01:10:15 +00:00			`"encoding/json"`
separate metadata/upload into separate files, handle mime types safely, preserve names on download (only) 2017-10-06 07:19:02 +00:00			`"io"`
server: handle multiple uploads 2017-10-08 01:10:15 +00:00			`"log"`
separate metadata/upload into separate files, handle mime types safely, preserve names on download (only) 2017-10-06 07:19:02 +00:00			`"mime"`
			`"mime/multipart"`
server: handle multiple uploads 2017-10-08 01:10:15 +00:00			`"net/http"`
separate metadata/upload into separate files, handle mime types safely, preserve names on download (only) 2017-10-06 07:19:02 +00:00			`"os"`
			`"path"`
			`"path/filepath"`
			`"strings"`
			`"time"`
			`)`

server: handle multiple uploads 2017-10-08 01:10:15 +00:00			`func (this Server) handleUpload(w http.ResponseWriter, r http.Request) {`

			`err := r.ParseMultipartForm(this.opts.MaxUploadBytes * 2)`
			`if err != nil {`
			`log.Printf("%s Invalid request: %s\n", r.RemoteAddr, err.Error())`
			`http.Error(w, "Invalid request", 400)`
			`return`
			`}`

			`if r.MultipartForm == nil \|\| r.MultipartForm.File == nil \|\| len(r.MultipartForm.File["f"]) < 1 {`
			`log.Printf("%s Invalid request: no multipart content\n", r.RemoteAddr)`
			`http.Error(w, "Invalid request", 400)`
			`return`
			`}`

			`ret := make([]string, 0, len(r.MultipartForm.File["f"]))`

			`for _, fhs := range r.MultipartForm.File["f"] {`
			`f, err := fhs.Open()`
			`if err != nil {`
			`log.Printf("%s Internal error: %s\n", r.RemoteAddr, err.Error())`
			`http.Error(w, "Internal error", 500)`
			`return`
			`}`

server: fix truncating last IP address digit 2017-10-08 02:25:01 +00:00			`path, err := this.handleUploadFile(f, fhs, remoteIP(r))`
server: handle multiple uploads 2017-10-08 01:10:15 +00:00			`if err != nil {`
			`log.Printf("%s Upload failed: %s\n", r.RemoteAddr, err.Error())`
			`http.Error(w, "Upload failed", 500)`
			`}`

			`ret = append(ret, path)`
			`}`

			`jb, err := json.Marshal(ret)`
			`if err != nil {`
			`log.Printf("%s Internal error: %s\n", r.RemoteAddr, err.Error())`
			`http.Error(w, "Internal error", 500)`
			`return`
			`}`

			w.Header().Set(`Content-Type`, `application/json`)
			`w.WriteHeader(200)`
			`w.Write(jb)`
			`}`

			`func (this Server) handleUploadFile(src multipart.File, hdr multipart.FileHeader, UploadIP string) (string, error) {`
separate metadata/upload into separate files, handle mime types safely, preserve names on download (only) 2017-10-06 07:19:02 +00:00
			`// Get file length`
			`srcLen, err := src.Seek(0, io.SeekEnd)`
			`if err != nil {`
			`return "", err`
			`}`

			`_, err = src.Seek(0, io.SeekStart)`
			`if err != nil {`
			`return "", err`
			`}`

			`// Get file hash`
			`hasher := sha512.New512_256()`
			`_, err = io.CopyN(hasher, src, int64(srcLen))`
			`if err != nil {`
			`return "", err`
			`}`

			`_, err = src.Seek(0, io.SeekStart)`
			`if err != nil {`
			`return "", err`
			`}`

			`// Save file to disk`
			`fileID := hex.EncodeToString(hasher.Sum(nil))`
			`dest, err := os.OpenFile(filepath.Join(this.opts.DataDirectory, fileID), os.O_CREATE\|os.O_WRONLY, 0600)`
			`if err != nil {`
			`if os.IsExist(err) {`
			`return fileID, nil // hash matches existing upload`
			`}`

			`return "", err`
			`}`
			`defer dest.Close()`

			`_, err = io.CopyN(dest, src, int64(srcLen))`
			`if err != nil {`
			`return "", err`
			`}`

			`// Determine mime type`
			`ctype := hdr.Header.Get("Content-Type")`
			`if ctype == "" {`
			`ctype = mime.TypeByExtension(path.Ext(hdr.Filename))`
			`}`
			`if ctype == "" {`
			ctype = `application/octet-stream`
			`}`

			`// Blacklisted mime-types`
			`ctype = strings.ToLower(ctype)`
			if strings.HasPrefix(ctype, `text/html`) \|\|
			strings.HasPrefix(ctype, `application/javascript`) {
			ctype = `application/octet-stream`
			`}`

			`// Persist metadata to DB`
			`m := Metadata{`
			`Filename: hdr.Filename,`
			`UploadTime: time.Now(),`
			`UploadIP: UploadIP,`
			`FileSize: srcLen,`
			`MimeType: ctype,`
			`}`
			`err = this.SetMetadata(fileID, m)`
			`if err != nil {`
			`return "", err`
			`}`

			`// Done`
			`return fileID, nil`
			`}`