separate metadata/upload into separate files, handle mime types safely, preserve names on download (only)

2017-10-06 20:19:02 +13:00 · 2017-10-06 20:19:02 +13:00 · dfc86893a2
commit dfc86893a2
parent 5885b58dcd
3 changed files with 143 additions and 99 deletions
--- a/Metadata.go
+++ b/Metadata.go
@ -0,0 +1,45 @@
 package contented
 import (
 	"encoding/json"
 	"os"
 	"time"
 	"github.com/boltdb/bolt"
 )
 type Metadata struct {
 	FileSize   int64
 	UploadTime time.Time
 	UploadIP   string
 	Filename   string
 	MimeType   string
 }
 func (this *Server) Metadata(fileID string) (*Metadata, error) {
 	var m Metadata
 	err := this.db.View(func(tx *bolt.Tx) error {
 		content := tx.Bucket(this.metadataBucket).Get([]byte(fileID))
 		if len(content) == 0 {
 			return os.ErrNotExist
 		}
 		return json.Unmarshal(content, &m)
 	})
 	if err != nil {
 		return nil, err
 	}
 	return &m, nil
 }
 func (this *Server) SetMetadata(fileID string, m Metadata) error {
 	jb, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	return this.db.Update(func(tx *bolt.Tx) error {
 		return tx.Bucket(this.metadataBucket).Put([]byte(fileID), jb)
 	})
 }
--- a/Server.go
+++ b/Server.go
@ -1,17 +1,12 @@
 package contented
 import (
 	"crypto/sha512"
 	"encoding/hex"
 	"encoding/json"
 	"io"
 	"log"
 	"mime/multipart"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"github.com/boltdb/bolt"
 )
@ -55,99 +50,6 @@ func NewServer(opts *ServerOptions) (*Server, error) {
 	return s, nil
 }
 type Metadata struct {
 	FileSize   int64
 	UploadTime time.Time
 	UploadIP   string
 	Filename   string
 }
 func (this *Server) handleUpload(src multipart.File, hdr *multipart.FileHeader, UploadIP string) (string, error) {
 	// Get file length
 	srcLen, err := src.Seek(0, io.SeekEnd)
 	if err != nil {
 		return "", err
 	}
 	_, err = src.Seek(0, io.SeekStart)
 	if err != nil {
 		return "", err
 	}
 	// Get file hash
 	hasher := sha512.New512_256()
 	_, err = io.CopyN(hasher, src, int64(srcLen))
 	if err != nil {
 		return "", err
 	}
 	_, err = src.Seek(0, io.SeekStart)
 	if err != nil {
 		return "", err
 	}
 	// Save file to disk
 	fileID := hex.EncodeToString(hasher.Sum(nil))
 	dest, err := os.OpenFile(filepath.Join(this.opts.DataDirectory, fileID), os.O_CREATE|os.O_WRONLY, 0600)
 	if err != nil {
 		if os.IsExist(err) {
 			return fileID, nil // hash matches existing upload
 		}
 		return "", err
 	}
 	defer dest.Close()
 	_, err = io.CopyN(dest, src, int64(srcLen))
 	if err != nil {
 		return "", err
 	}
 	// Persist metadata to DB
 	m := Metadata{
 		Filename:   hdr.Filename,
 		UploadTime: time.Now(),
 		UploadIP:   UploadIP,
 		FileSize:   srcLen,
 	}
 	err = this.SetMetadata(fileID, m)
 	if err != nil {
 		return "", err
 	}
 	// Done
 	return fileID, nil
 }
 func (this *Server) Metadata(fileID string) (*Metadata, error) {
 	var m Metadata
 	err := this.db.View(func(tx *bolt.Tx) error {
 		content := tx.Bucket(this.metadataBucket).Get([]byte(fileID))
 		if len(content) == 0 {
 			return os.ErrNotExist
 		}
 		return json.Unmarshal(content, &m)
 	})
 	if err != nil {
 		return nil, err
 	}
 	return &m, nil
 }
 func (this *Server) SetMetadata(fileID string, m Metadata) error {
 	jb, err := json.Marshal(m)
 	if err != nil {
 		return err
 	}
 	return this.db.Update(func(tx *bolt.Tx) error {
 		return tx.Bucket(this.metadataBucket).Put([]byte(fileID), jb)
 	})
 }
 func (this *Server) handleView(w http.ResponseWriter, r *http.Request, fileID string) error {
 	// Load file
 	f, err := os.Open(filepath.Join(this.opts.DataDirectory, fileID))
@ -163,7 +65,15 @@ func (this *Server) handleView(w http.ResponseWriter, r *http.Request, fileID st
 		return err
 	}
-	http.ServeContent(w, r, m.Filename, m.UploadTime, f)
+	// ServeContent only uses the filename to get the mime type, which we can
 	// set accurately (including blacklist)
 	w.Header().Set(`Content-Type`, m.MimeType)
 	if m.MimeType == `application/octet-stream` {
 		w.Header().Set(`Content-Disposition`, `attachment; filename="`+m.Filename+`"`)
 	}
 	http.ServeContent(w, r, "", m.UploadTime, f)
 	return nil
 }
--- a/upload.go
+++ b/upload.go
@ -0,0 +1,89 @@
 package contented
 import (
 	"crypto/sha512"
 	"encoding/hex"
 	"io"
 	"mime"
 	"mime/multipart"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"time"
 )
 func (this *Server) handleUpload(src multipart.File, hdr *multipart.FileHeader, UploadIP string) (string, error) {
 	// Get file length
 	srcLen, err := src.Seek(0, io.SeekEnd)
 	if err != nil {
 		return "", err
 	}
 	_, err = src.Seek(0, io.SeekStart)
 	if err != nil {
 		return "", err
 	}
 	// Get file hash
 	hasher := sha512.New512_256()
 	_, err = io.CopyN(hasher, src, int64(srcLen))
 	if err != nil {
 		return "", err
 	}
 	_, err = src.Seek(0, io.SeekStart)
 	if err != nil {
 		return "", err
 	}
 	// Save file to disk
 	fileID := hex.EncodeToString(hasher.Sum(nil))
 	dest, err := os.OpenFile(filepath.Join(this.opts.DataDirectory, fileID), os.O_CREATE|os.O_WRONLY, 0600)
 	if err != nil {
 		if os.IsExist(err) {
 			return fileID, nil // hash matches existing upload
 		}
 		return "", err
 	}
 	defer dest.Close()
 	_, err = io.CopyN(dest, src, int64(srcLen))
 	if err != nil {
 		return "", err
 	}
 	// Determine mime type
 	ctype := hdr.Header.Get("Content-Type")
 	if ctype == "" {
 		ctype = mime.TypeByExtension(path.Ext(hdr.Filename))
 	}
 	if ctype == "" {
 		ctype = `application/octet-stream`
 	}
 	// Blacklisted mime-types
 	ctype = strings.ToLower(ctype)
 	if strings.HasPrefix(ctype, `text/html`) ||
 		strings.HasPrefix(ctype, `application/javascript`) {
 		ctype = `application/octet-stream`
 	}
 	// Persist metadata to DB
 	m := Metadata{
 		Filename:   hdr.Filename,
 		UploadTime: time.Now(),
 		UploadIP:   UploadIP,
 		FileSize:   srcLen,
 		MimeType:   ctype,
 	}
 	err = this.SetMetadata(fileID, m)
 	if err != nil {
 		return "", err
 	}
 	// Done
 	return fileID, nil
 }