noury/mirror-yaf
1
0
Fork 0
mirror of https://github.com/lyx0/yaf.git synced 2024-11-13 19:49:53 +01:00
Code Issues Projects Releases Packages Wiki Activity
mirror-yaf/uploadhandler.go

192 lines
5.2 KiB
Go
Raw Normal View History

initial commit
2020-10-27 17:17:41 +01:00
package main
import (
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
"errors"
initial commit
2020-10-27 17:17:41 +01:00
"io"
"log"
"math/rand"
"net/http"
"os"
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
"github.com/leon-richardt/jaf/exifscrubber"
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library.
2022-10-17 20:36:24 +02:00
"github.com/leon-richardt/jaf/extdetect"
initial commit
2020-10-27 17:17:41 +01:00
)
type uploadHandler struct {
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
config *Config
exifScrubber *exifscrubber.ExifScrubber
initial commit
2020-10-27 17:17:41 +01:00
}
implement file expiration, add basic frontend
2023-07-14 14:11:38 +02:00
func (handler *uploadHandler) PostUploadRedirect(w http.ResponseWriter, r *http.Request) {
initial commit
2020-10-27 17:17:41 +01:00
defer r.Body.Close()
implement file expiration, add basic frontend
2023-07-14 14:11:38 +02:00
// Limit size to 50Mb
r.Body = http.MaxBytesReader(w, r.Body, 50*1024*1024)
uploadFile, header, err := r.FormFile("file")
if err != nil {
http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)
log.Println(" could not read uploaded file: " + err.Error())
return
}
fileData, err := io.ReadAll(uploadFile)
uploadFile.Close()
if err != nil {
http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)
log.Println(" could not read attached file: " + err.Error())
return
}
// Scrub EXIF, if requested and detectable by us
if handler.config.ScrubExif {
scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])
if err == nil {
// If scrubbing was successful, update what to write to file
fileData = scrubbedData
} else {
// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know
// how to handle them. Handling of other errors depends on configuration.
if err != exifscrubber.ErrUnknownFileType {
if handler.config.ExifAbortOnError {
log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())
http.Error(
w,
"could not scrub EXIF from file: "+err.Error(),
http.StatusInternalServerError,
)
return
}
// An error occured but we are configured to proceed with the upload anyway
log.Printf(
"could not scrub EXIF from file but proceeding with upload as configured: %s",
err.Error(),
)
}
}
}
link, err := generateLink(handler, fileData[:], header.Filename)
if err != nil {
http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)
log.Println(" could not save file: " + err.Error())
return
}
// Implicitly means code 200
http.Redirect(w, r, link, http.StatusFound)
}
func (handler *uploadHandler) PostUpload(w http.ResponseWriter, r *http.Request) {
defer r.Body.Close()
// Limit size to 50Mb
r.Body = http.MaxBytesReader(w, r.Body, 50*1024*1024)
initial commit
2020-10-27 17:17:41 +01:00
uploadFile, header, err := r.FormFile("file")
if err != nil {
http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)
log.Println(" could not read uploaded file: " + err.Error())
return
}
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
fileData, err := io.ReadAll(uploadFile)
uploadFile.Close()
if err != nil {
http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)
log.Println(" could not read attached file: " + err.Error())
return
}
// Scrub EXIF, if requested and detectable by us
if handler.config.ScrubExif {
scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])
if err == nil {
// If scrubbing was successful, update what to write to file
fileData = scrubbedData
} else {
// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know
// how to handle them. Handling of other errors depends on configuration.
if err != exifscrubber.ErrUnknownFileType {
if handler.config.ExifAbortOnError {
log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())
http.Error(
w,
"could not scrub EXIF from file: "+err.Error(),
http.StatusInternalServerError,
)
return
}
// An error occured but we are configured to proceed with the upload anyway
log.Printf(
"could not scrub EXIF from file but proceeding with upload as configured: %s",
err.Error(),
)
}
}
}
initial commit
2020-10-27 17:17:41 +01:00
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library.
2022-10-17 20:36:24 +02:00
link, err := generateLink(handler, fileData[:], header.Filename)
initial commit
2020-10-27 17:17:41 +01:00
if err != nil {
http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)
log.Println(" could not save file: " + err.Error())
return
}
// Implicitly means code 200
w.Write([]byte(link))
}
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
// Generates a valid link to uploadFile with the specified file extension.
// Returns the link or an error in case of failure.
// Does not close the passed file pointer.
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library.
2022-10-17 20:36:24 +02:00
func generateLink(handler *uploadHandler, fileData []byte, fileName string) (string, error) {
ext := extdetect.BuildFileExtension(fileData, fileName)
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
// Find an unused file name
var fullFileName string
var savePath string
for {
fileStem := createRandomFileName(handler.config.LinkLength)
feat: improve file extension detection If a file extension is explicitly specified in the upload name, it is always used directly. Detection of common file extension combinations is also performed. Currently, only ".tar.gz" and ".tar.xz" are detected. If you would like to add support for more common combinations, please open an issue or pull request. If no file extension is explicitly specified, jaf falls back to MIME type detection via the github.com/gabriel-vasile/mimetype library.
2022-10-17 20:36:24 +02:00
fullFileName = fileStem + ext
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
savePath = handler.config.FileDir + fullFileName
if !fileExists(savePath) {
break
}
}
link := handler.config.LinkPrefix + fullFileName
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
err := saveFile(fileData[:], savePath)
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
if err != nil {
return "", err
}
return link, nil
}
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
func saveFile(fileData []byte, name string) error {
err := os.WriteFile(name, fileData, 0o644)
return err
initial commit
2020-10-27 17:17:41 +01:00
}
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml
2022-08-16 00:23:29 +02:00
func fileExists(fileName string) bool {
_, err := os.Stat(fileName)
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf.
2022-06-21 17:28:07 +02:00
return !errors.Is(err, os.ErrNotExist)
}
initial commit
2020-10-27 17:17:41 +01:00
func createRandomFileName(length int) string {
chars := make([]byte, length)
for i := 0; i < length; i++ {
index := rand.Intn(len(allowedChars))
chars[i] = allowedChars[index]
}
return string(chars)
}
Reference in a new issue Copy permalink