brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ae5dfc48351510649298aea631914ac9c3636aa
ReSendit/internal/file/handlers.go
Bram 8ae5dfc483 add clickable notification
2026-04-10 10:14:28 +02:00

241 lines
5.7 KiB
Go
Raw Blame History

package file
import (
"ResendIt/internal/config"
"ResendIt/internal/notify"
"ResendIt/internal/util"
"fmt"
"log"
"net/http"
"path/filepath"
"strconv"
"time"
"github.com/gin-gonic/gin"
)
type Handler struct {
service *Service
configService ConfigService
}
// ConfigService is the small interface we need from the config package.
// Keeping it as an interface avoids import cycles and keeps file.Handler easy to test.
type ConfigService interface {
GetIntDefault(key string, def int) int
GetInt64Default(key string, def int64) int64
GetStringDefault(key string, def string) string
}
func NewHandler(s *Service, cfg ConfigService) *Handler {
return &Handler{service: s, configService: cfg}
}
func (h *Handler) Upload(c *gin.Context) {
err := c.Request.ParseMultipartForm(0)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
file, err := c.FormFile("file")
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "missing file"})
return
}
maxSize := h.configService.GetInt64Default(config.KeyUploadMaxFileSizeBytes, config.DefaultUploadMaxFileSizeBytes)
if file.Size > maxSize {
c.JSON(http.StatusRequestEntityTooLarge, gin.H{"error": "file too large"})
return
}
f, err := file.Open()
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": "cannot open file"})
return
}
defer f.Close()
once := c.PostForm("once") == "true"
durationStr := c.PostForm("duration")
hours, err := strconv.Atoi(durationStr)
if err != nil || hours <= 0 {
hours = 24 // default
}
maxHours := h.configService.GetIntDefault(config.KeyUploadMaxHours, config.DefaultUploadMaxHours)
if hours > maxHours {
hours = maxHours
}
duration := time.Duration(hours) * time.Hour
record, err := h.service.UploadFile(
file.Filename,
f,
once,
duration,
)
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
enabled := h.configService.GetIntDefault(config.KeyUseNtfy, config.DefaultUseNtfy)
if enabled == 1 {
ntfyURL := h.configService.GetStringDefault(config.KeyNtfyUrl, "")
topic := h.configService.GetStringDefault(config.KeyNtfyTopic, config.DefaultNtfyTopic)
go func() {
title := "ReSendit: new upload"
msg := fmt.Sprintf("%s (%s)\nID: %s", record.Filename, util.HumanSize(record.Size), record.ID)
clickUrl := fmt.Sprintf("f/%s", record.ViewID)
if err := notify.Publish(ntfyURL, topic, title, msg, clickUrl); err != nil {
log.Printf("ntfy publish failed: %v", err)
}
}()
}
c.JSON(http.StatusOK, gin.H{
"id": record.ID,
"deletion_id": record.DeletionID,
"filename": record.Filename,
"size": record.Size,
"expires_at": record.ExpiresAt,
"view_key": record.ViewID,
})
}
func (h *Handler) View(c *gin.Context) {
id := c.Param("id")
record, err := h.service.DownloadFile(id)
if err != nil {
c.HTML(http.StatusOK, "error.html", nil)
return
}
name := util.SafeFilename(record.Filename)
c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
c.Header("X-Content-Type-Options", "nosniff")
c.File(record.Path)
}
func isXSSRisk(filename string) bool {
ext := filepath.Ext(filename)
switch ext {
case ".html", ".htm", ".js", ".css", ".svg":
return true
default:
return false
}
}
func (h *Handler) Download(c *gin.Context) {
id := c.Param("id")
record, err := h.service.DownloadFile(id)
if err != nil {
c.HTML(http.StatusOK, "error.html", nil)
return
}
name := util.SafeFilename(record.Filename)
c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
c.Header("X-Content-Type-Options", "nosniff")
//c.Header("Content-Security-Policy", "default-src 'none'; img-src 'self'; media-src 'self'; script-src 'none'; style-src 'none';")
//c.Header("Content-Type", "application/octet-stream")
c.File(record.Path)
}
func (h *Handler) Delete(c *gin.Context) {
id := c.Param("del_id")
_, err := h.service.DeleteFileByDeletionID(id)
if err != nil {
c.HTML(http.StatusOK, "error.html", nil)
return
}
//c.JSON(http.StatusOK, gin.H{"status": "deleted"})
c.HTML(http.StatusOK, "deleted.html", nil)
}
func (h *Handler) AdminList(c *gin.Context) {
records, err := h.service.repo.GetAll()
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, records)
}
func (h *Handler) AdminGet(c *gin.Context) {
id := c.Param("id")
record, err := h.service.repo.GetByID(id)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "file not found"})
return
}
c.File(record.Path)
}
func (h *Handler) AdminDelete(c *gin.Context) {
id := c.Param("id")
_, err := h.service.DeleteFileByID(id)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "file not found"})
return
}
c.Redirect(301, "/admin")
}
func (h *Handler) AdminForceDelete(c *gin.Context) {
id := c.Param("id")
_, err := h.service.GetFileByID(id)
if err != nil {
c.JSON(http.StatusNotFound, gin.H{"error": "file not found"})
return
}
if _, err := h.service.ForceDelete(id); err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.Redirect(301, "/admin")
}
func (h *Handler) Import(c *gin.Context) {
var records []ImportFileRecord
if err := c.ShouldBindJSON(&records); err != nil {
c.JSON(400, gin.H{"error": "invalid JSON"})
return
}
if err := h.service.ImportFiles(records); err != nil {
c.JSON(500, gin.H{"error": err.Error()})
return
}
c.JSON(200, gin.H{
"imported": len(records),
})
}
func (h *Handler) Export(c *gin.Context) {
records, err := h.service.GetAllFiles()
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
return
}
c.JSON(http.StatusOK, records)
}
Reference in New Issue View Git Blame Copy Permalink