fix alot
This commit is contained in:
@@ -2,32 +2,54 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
func uploadHandler(c *gin.Context) {
|
||||
file, err := c.FormFile("file")
|
||||
err := c.Request.ParseMultipartForm(0) // unlimited
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
src, header, err := c.Request.FormFile("file")
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "No file uploaded"})
|
||||
return
|
||||
}
|
||||
defer src.Close()
|
||||
|
||||
id := uuid.New().String()
|
||||
delID := uuid.New().String()
|
||||
// Secure the filename to prevent path traversal attacks
|
||||
cleanName := filepath.Base(file.Filename)
|
||||
storagePath := filepath.Join("uploads", id+"_"+cleanName)
|
||||
cleanName := filepath.Base(header.Filename)
|
||||
|
||||
if err := c.SaveUploadedFile(file, storagePath); err != nil {
|
||||
c.JSON(500, gin.H{"error": "Failed to save file"})
|
||||
folderPath := filepath.Join("uploads", id)
|
||||
os.MkdirAll(folderPath, 0755)
|
||||
|
||||
storagePath := filepath.Join(folderPath, cleanName)
|
||||
|
||||
dst, err := os.Create(storagePath)
|
||||
if err != nil {
|
||||
c.JSON(500, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
defer dst.Close()
|
||||
|
||||
written, err := io.Copy(dst, src)
|
||||
fmt.Println("UPLOAD COMPLETE:", cleanName, written, "bytes")
|
||||
if err != nil {
|
||||
c.JSON(500, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
expiry := time.Now().Add(time.Hour * 24) // Default 24h
|
||||
expiry := time.Now().Add(24 * time.Hour)
|
||||
|
||||
record := FileRecord{
|
||||
ID: id,
|
||||
@@ -42,9 +64,8 @@ func uploadHandler(c *gin.Context) {
|
||||
|
||||
c.JSON(200, gin.H{
|
||||
"id": id,
|
||||
"deletion_id": delID,
|
||||
"filename": cleanName,
|
||||
"download_url": fmt.Sprintf("/f/%s", id),
|
||||
"delete_url": fmt.Sprintf("/api/file/delete/%s", delID),
|
||||
})
|
||||
}
|
||||
|
||||
@@ -61,7 +82,9 @@ func downloadHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.FileAttachment(record.Path, record.Filename)
|
||||
//c.FileAttachment(record.Path, record.Filename)
|
||||
c.Header("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, record.Filename))
|
||||
c.File(record.Path)
|
||||
|
||||
db.Model(&record).Update("download_count", record.DownloadCount+1)
|
||||
if record.DeleteAfterDownload {
|
||||
@@ -78,3 +101,39 @@ func deleteHandler(c *gin.Context) {
|
||||
performDeletion(&record)
|
||||
c.JSON(200, gin.H{"message": "Deleted successfully"})
|
||||
}
|
||||
|
||||
func loginHandler(c *gin.Context) {
|
||||
|
||||
username := c.PostForm("username")
|
||||
password := c.PostForm("password")
|
||||
|
||||
var user User
|
||||
|
||||
if err := db.Where("username = ?", username).First(&user).Error; err != nil {
|
||||
c.HTML(401, "login.html", gin.H{"Error": true})
|
||||
return
|
||||
}
|
||||
|
||||
if bcrypt.CompareHashAndPassword(
|
||||
[]byte(user.Password),
|
||||
[]byte(password),
|
||||
) != nil {
|
||||
|
||||
c.HTML(401, "login.html", gin.H{"Error": true})
|
||||
return
|
||||
}
|
||||
|
||||
token, _ := generateToken(username)
|
||||
|
||||
c.SetCookie(
|
||||
"auth",
|
||||
token,
|
||||
86400,
|
||||
"/",
|
||||
"",
|
||||
false,
|
||||
true,
|
||||
)
|
||||
|
||||
c.Redirect(302, "/admin")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user