Uploader/main.go
AustrianToast ee9708be55
remove Atoi
isn't necessary anymore and sql injection still won't work
2024-06-11 00:10:58 +02:00

215 lines
5.1 KiB
Go

package main
import (
"context"
"fmt"
"io"
"log"
"net/http"
"os"
"github.com/gin-gonic/gin"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/jaswdr/faker"
)
var dbpool *pgxpool.Pool
var uploadFolder string
func main() {
var err error
dbpool, err = pgxpool.New(context.Background(), "postgresql://postgres:postgres@172.19.0.3:5432/postgres")
if err != nil {
log.Fatal(err)
}
defer dbpool.Close()
sqlStmt := `
DROP TABLE IF EXISTS videos;
CREATE TABLE IF NOT EXISTS videos
(
id serial NOT NULL,
filepath text,
CONSTRAINT videos_pkey PRIMARY KEY (id)
)
`
_, err = dbpool.Exec(context.Background(), sqlStmt)
if err != nil {
log.Panicf("main: %v\n", err)
}
faker := faker.New()
for i := 0; i < 10; i++ {
_, err = dbpool.Exec(context.Background(), "insert into videos(filepath) values($1)", faker.File().AbsoluteFilePathForUnix(2))
if err != nil {
log.Panicf("main: %v\n", err)
}
}
currentDir, err := os.Getwd()
if err != nil {
log.Panicf("main: %v\n", err)
}
uploadFolder = fmt.Sprintf("%s/videos", currentDir)
router := gin.Default()
router.SetTrustedProxies(nil)
router.POST("/video/init", initUpload)
router.POST("/video/chunk", receiveChunk)
router.POST("/video/completed", finishUpload)
router.GET("/videos", listVideos)
router.GET("/videos/:id", getVideo)
router.DELETE("/videos/:id", deleteVideo)
router.Run("localhost:8080")
}
func initUpload(c *gin.Context) {
var err error
fileName, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, "Couldn't read html request body")
return
}
rows, _ := dbpool.Query(context.Background(), "select filepath from videos")
for rows.Next() {
var filepath string
err = rows.Scan(&filepath)
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("initUpload: %v\n", err)
}
if filepath == fmt.Sprintf("%s/%s", uploadFolder, fileName) {
c.JSON(http.StatusForbidden, "File already exists")
return
}
}
err = rows.Err()
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("initUpload: %v\n", err)
}
c.JSON(http.StatusOK, "Upload can proceed")
}
func receiveChunk(c *gin.Context) {
chunk, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, "Couldn't read html request body")
return
}
f, err := os.OpenFile(fmt.Sprintf("%s/%s", uploadFolder, c.GetHeader("file-name")), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("receiveChunk: %v\n", err)
}
if _, err := f.Write(chunk); err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("receiveChunk: %v\n", err)
}
if err := f.Close(); err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("receiveChunk: %v\n", err)
}
c.JSON(http.StatusOK, "Received chunk")
}
func finishUpload(c *gin.Context) {
fileName, err := io.ReadAll(c.Request.Body)
if err != nil {
c.JSON(http.StatusBadRequest, "Couldn't read html request body")
return
}
_, err = dbpool.Exec(context.Background(), "insert into videos(filepath) values($1)", fmt.Sprintf("%s/%s", uploadFolder, fileName))
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("finishUpload: %v\n", err)
}
c.JSON(http.StatusOK, "File uploaded successfully")
}
func listVideos(c *gin.Context) {
allVideos := map[int]string{}
var err error
rows, _ := dbpool.Query(context.Background(), "select * from videos")
for rows.Next() {
var id int
var filepath string
err = rows.Scan(&id, &filepath)
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("listVideos: %v\n", err)
}
allVideos[id] = filepath
}
err = rows.Err()
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("listVideos: %v\n", err)
}
c.JSON(http.StatusOK, allVideos)
}
func getVideo(c *gin.Context) {
var err error
rows, _ := dbpool.Query(context.Background(), "select filepath from videos where id = $1", c.Param("id"))
rows.Next()
err = rows.Err()
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("getVideo: %v\n", err)
}
var filepath string
err = rows.Scan(&filepath)
if err != nil {
c.JSON(http.StatusBadRequest, "Video does not exist")
log.Panicf("getVideo: %v\n", err)
}
c.JSON(http.StatusOK, filepath)
}
func deleteVideo(c *gin.Context) {
var err error
rows, _ := dbpool.Query(context.Background(), "select filepath from videos where id = $1", c.Param("id"))
rows.Next()
err = rows.Err()
if err != nil {
c.JSON(http.StatusInternalServerError, "")
log.Panicf("deleteVideo: %v\n", err)
}
var filepath string
err = rows.Scan(&filepath)
if err != nil {
c.JSON(http.StatusBadRequest, "Video does not exist")
log.Panicf("deleteVideo: %v\n", err)
}
_, err = dbpool.Exec(context.Background(), "delete from videos where id = $1", c.Param("id"))
if err != nil {
c.JSON(http.StatusInternalServerError, "Id was likely invalid")
log.Panicf("deleteVideo: %v\n", err)
}
if err = os.Remove(filepath); err != nil {
c.JSON(http.StatusInternalServerError, "DB entry was deleted, but file likely doesn't exist")
log.Panicf("deleteVideo: %v\n", err)
}
c.JSON(http.StatusOK, "File deleted successfully")
}