mirror-yaf/uploadhandler.go

package main

import (
	"errors"
	"io"
	"log"
	"math/rand"
	"net/http"
	"os"

	"github.com/nouryxd/yaf/exifscrubber"
	"github.com/nouryxd/yaf/extdetect"
)

type uploadHandler struct {
	config       *Config
	exifScrubber *exifscrubber.ExifScrubber
}

func (handler *uploadHandler) PostUploadRedirect(w http.ResponseWriter, r *http.Request) {
	defer r.Body.Close()

	// Limit size to set value in config
	r.Body = http.MaxBytesReader(w, r.Body, int64(handler.config.MaxFileSizeMB)*1024*1024)
	uploadFile, header, err := r.FormFile("file")
	if err != nil {
		http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)
		log.Println("    could not read uploaded file: " + err.Error())
		return
	}

	fileData, err := io.ReadAll(uploadFile)
	uploadFile.Close()
	if err != nil {
		http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not read attached file: " + err.Error())
		return
	}

	// Scrub EXIF, if requested and detectable by us
	if handler.config.ScrubExif {
		scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])

		if err == nil {
			// If scrubbing was successful, update what to write to file
			fileData = scrubbedData
		} else {
			// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know
			// how to handle them. Handling of other errors depends on configuration.
			if err != exifscrubber.ErrUnknownFileType {
				if handler.config.ExifAbortOnError {
					log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())
					http.Error(
						w,
						"could not scrub EXIF from file: "+err.Error(),
						http.StatusInternalServerError,
					)
					return
				}

				// An error occured but we are configured to proceed with the upload anyway
				log.Printf(
					"could not scrub EXIF from file but proceeding with upload as configured: %s",
					err.Error(),
				)
			}
		}
	}

	link, err := generateLink(handler, fileData[:], header.Filename)
	if err != nil {
		http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not save file: " + err.Error())
		return
	}

	// Implicitly means code 200
	http.Redirect(w, r, link, http.StatusFound)
}

func (handler *uploadHandler) PostUpload(w http.ResponseWriter, r *http.Request) {
	defer r.Body.Close()

	// Limit size to set value in config
	r.Body = http.MaxBytesReader(w, r.Body, int64(handler.config.MaxFileSizeMB)*1024*1024)
	uploadFile, header, err := r.FormFile("file")
	if err != nil {
		http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)
		log.Println("    could not read uploaded file: " + err.Error())
		return
	}

	fileData, err := io.ReadAll(uploadFile)
	uploadFile.Close()
	if err != nil {
		http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not read attached file: " + err.Error())
		return
	}

	// Scrub EXIF, if requested and detectable by us
	if handler.config.ScrubExif {
		scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])

		if err == nil {
			// If scrubbing was successful, update what to write to file
			fileData = scrubbedData
		} else {
			// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know
			// how to handle them. Handling of other errors depends on configuration.
			if err != exifscrubber.ErrUnknownFileType {
				if handler.config.ExifAbortOnError {
					log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())
					http.Error(
						w,
						"could not scrub EXIF from file: "+err.Error(),
						http.StatusInternalServerError,
					)
					return
				}

				// An error occured but we are configured to proceed with the upload anyway
				log.Printf(
					"could not scrub EXIF from file but proceeding with upload as configured: %s",
					err.Error(),
				)
			}
		}
	}

	link, err := generateLink(handler, fileData[:], header.Filename)
	if err != nil {
		http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not save file: " + err.Error())
		return
	}

	// Implicitly means code 200
	w.Write([]byte(link))
}

// Generates a valid link to uploadFile with the specified file extension.
// Returns the link or an error in case of failure.
// Does not close the passed file pointer.
func generateLink(handler *uploadHandler, fileData []byte, fileName string) (string, error) {
	ext := extdetect.BuildFileExtension(fileData, fileName)

	// Find an unused file name
	var fullFileName string
	var savePath string
	for {
		fileStem := createRandomFileName(handler.config.LinkLength)
		fullFileName = fileStem + ext
		savePath = handler.config.FileDir + fullFileName

		if !fileExists(savePath) {
			break
		}
	}

	link := handler.config.LinkPrefix + fullFileName

	err := saveFile(fileData[:], savePath)
	if err != nil {
		return "", err
	}

	return link, nil
}

func saveFile(fileData []byte, name string) error {
	err := os.WriteFile(name, fileData, 0o644)
	return err
}

func fileExists(fileName string) bool {
	_, err := os.Stat(fileName)

	return !errors.Is(err, os.ErrNotExist)
}

func createRandomFileName(length int) string {
	chars := make([]byte, length)

	for i := 0; i < length; i++ {
		index := rand.Intn(len(allowedChars))
		chars[i] = allowedChars[index]
	}

	return string(chars)
}
initial commit 2020-10-27 17:17:41 +01:00			`package main`

			`import (`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`"errors"`
initial commit 2020-10-27 17:17:41 +01:00			`"io"`
			`"log"`
			`"math/rand"`
			`"net/http"`
			`"os"`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00
rename github account 2024-03-31 21:00:24 +02:00			`"github.com/nouryxd/yaf/exifscrubber"`
			`"github.com/nouryxd/yaf/extdetect"`
initial commit 2020-10-27 17:17:41 +01:00			`)`

			`type uploadHandler struct {`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`config *Config`
			`exifScrubber *exifscrubber.ExifScrubber`
initial commit 2020-10-27 17:17:41 +01:00			`}`

implement file expiration, add basic frontend 2023-07-14 14:11:38 +02:00			`func (handler uploadHandler) PostUploadRedirect(w http.ResponseWriter, r http.Request) {`
initial commit 2020-10-27 17:17:41 +01:00			`defer r.Body.Close()`

set max upload size through the config file instead 2023-10-06 03:16:53 +02:00			`// Limit size to set value in config`
			`r.Body = http.MaxBytesReader(w, r.Body, int64(handler.config.MaxFileSizeMB)10241024)`
implement file expiration, add basic frontend 2023-07-14 14:11:38 +02:00			`uploadFile, header, err := r.FormFile("file")`
			`if err != nil {`
			`http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)`
			`log.Println(" could not read uploaded file: " + err.Error())`
			`return`
			`}`

			`fileData, err := io.ReadAll(uploadFile)`
			`uploadFile.Close()`
			`if err != nil {`
			`http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not read attached file: " + err.Error())`
			`return`
			`}`

			`// Scrub EXIF, if requested and detectable by us`
			`if handler.config.ScrubExif {`
			`scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])`

			`if err == nil {`
			`// If scrubbing was successful, update what to write to file`
			`fileData = scrubbedData`
			`} else {`
			`// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know`
			`// how to handle them. Handling of other errors depends on configuration.`
			`if err != exifscrubber.ErrUnknownFileType {`
			`if handler.config.ExifAbortOnError {`
			`log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())`
			`http.Error(`
			`w,`
			`"could not scrub EXIF from file: "+err.Error(),`
			`http.StatusInternalServerError,`
			`)`
			`return`
			`}`

			`// An error occured but we are configured to proceed with the upload anyway`
			`log.Printf(`
			`"could not scrub EXIF from file but proceeding with upload as configured: %s",`
			`err.Error(),`
			`)`
			`}`
			`}`
			`}`

			`link, err := generateLink(handler, fileData[:], header.Filename)`
			`if err != nil {`
			`http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not save file: " + err.Error())`
			`return`
			`}`

			`// Implicitly means code 200`
			`http.Redirect(w, r, link, http.StatusFound)`
			`}`

			`func (handler uploadHandler) PostUpload(w http.ResponseWriter, r http.Request) {`
			`defer r.Body.Close()`

set max upload size through the config file instead 2023-10-06 03:16:53 +02:00			`// Limit size to set value in config`
			`r.Body = http.MaxBytesReader(w, r.Body, int64(handler.config.MaxFileSizeMB)10241024)`
initial commit 2020-10-27 17:17:41 +01:00			`uploadFile, header, err := r.FormFile("file")`
			`if err != nil {`
			`http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)`
			`log.Println(" could not read uploaded file: " + err.Error())`
			`return`
			`}`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00
			`fileData, err := io.ReadAll(uploadFile)`
			`uploadFile.Close()`
			`if err != nil {`
			`http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not read attached file: " + err.Error())`
			`return`
			`}`

			`// Scrub EXIF, if requested and detectable by us`
			`if handler.config.ScrubExif {`
			`scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])`

			`if err == nil {`
			`// If scrubbing was successful, update what to write to file`
			`fileData = scrubbedData`
			`} else {`
			`// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know`
			`// how to handle them. Handling of other errors depends on configuration.`
			`if err != exifscrubber.ErrUnknownFileType {`
			`if handler.config.ExifAbortOnError {`
			`log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())`
			`http.Error(`
			`w,`
			`"could not scrub EXIF from file: "+err.Error(),`
			`http.StatusInternalServerError,`
			`)`
			`return`
			`}`

			`// An error occured but we are configured to proceed with the upload anyway`
			`log.Printf(`
			`"could not scrub EXIF from file but proceeding with upload as configured: %s",`
			`err.Error(),`
			`)`
			`}`
			`}`
			`}`
initial commit 2020-10-27 17:17:41 +01:00
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library. 2022-10-17 20:36:24 +02:00			`link, err := generateLink(handler, fileData[:], header.Filename)`
initial commit 2020-10-27 17:17:41 +01:00			`if err != nil {`
			`http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not save file: " + err.Error())`
			`return`
			`}`

			`// Implicitly means code 200`
			`w.Write([]byte(link))`
			`}`

ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`// Generates a valid link to uploadFile with the specified file extension.`
			`// Returns the link or an error in case of failure.`
			`// Does not close the passed file pointer.`
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library. 2022-10-17 20:36:24 +02:00			`func generateLink(handler *uploadHandler, fileData []byte, fileName string) (string, error) {`
			`ext := extdetect.BuildFileExtension(fileData, fileName)`

ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`// Find an unused file name`
			`var fullFileName string`
			`var savePath string`
			`for {`
			`fileStem := createRandomFileName(handler.config.LinkLength)`
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library. 2022-10-17 20:36:24 +02:00			`fullFileName = fileStem + ext`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`savePath = handler.config.FileDir + fullFileName`

			`if !fileExists(savePath) {`
			`break`
			`}`
			`}`

			`link := handler.config.LinkPrefix + fullFileName`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`err := saveFile(fileData[:], savePath)`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`if err != nil {`
			`return "", err`
			`}`

			`return link, nil`
			`}`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func saveFile(fileData []byte, name string) error {`
			`err := os.WriteFile(name, fileData, 0o644)`
			`return err`
initial commit 2020-10-27 17:17:41 +01:00			`}`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func fileExists(fileName string) bool {`
			`_, err := os.Stat(fileName)`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00
			`return !errors.Is(err, os.ErrNotExist)`
			`}`

initial commit 2020-10-27 17:17:41 +01:00			`func createRandomFileName(length int) string {`
			`chars := make([]byte, length)`

			`for i := 0; i < length; i++ {`
			`index := rand.Intn(len(allowedChars))`
			`chars[i] = allowedChars[index]`
			`}`

			`return string(chars)`
			`}`