mirror-yaf/uploadhandler.go

package main

import (
	"errors"
	"io"
	"log"
	"math/rand"
	"net/http"
	"os"
	"strings"

	"github.com/leon-richardt/jaf/exifscrubber"
)

type uploadHandler struct {
	config       *Config
	exifScrubber *exifscrubber.ExifScrubber
}

func (handler *uploadHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	defer r.Body.Close()

	uploadFile, header, err := r.FormFile("file")
	if err != nil {
		http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)
		log.Println("    could not read uploaded file: " + err.Error())
		return
	}

	fileData, err := io.ReadAll(uploadFile)
	uploadFile.Close()
	if err != nil {
		http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not read attached file: " + err.Error())
		return
	}

	// Scrub EXIF, if requested and detectable by us
	if handler.config.ScrubExif {
		scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])

		if err == nil {
			// If scrubbing was successful, update what to write to file
			fileData = scrubbedData
		} else {
			// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know
			// how to handle them. Handling of other errors depends on configuration.
			if err != exifscrubber.ErrUnknownFileType {
				if handler.config.ExifAbortOnError {
					log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())
					http.Error(
						w,
						"could not scrub EXIF from file: "+err.Error(),
						http.StatusInternalServerError,
					)
					return
				}

				// An error occured but we are configured to proceed with the upload anyway
				log.Printf(
					"could not scrub EXIF from file but proceeding with upload as configured: %s",
					err.Error(),
				)
			}
		}
	}

	_, fileExtension := splitFileName(header.Filename)
	link, err := generateLink(handler, fileData[:], fileExtension)
	if err != nil {
		http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)
		log.Println("    could not save file: " + err.Error())
		return
	}

	// Implicitly means code 200
	w.Write([]byte(link))
}

// Generates a valid link to uploadFile with the specified file extension.
// Returns the link or an error in case of failure.
// Does not close the passed file pointer.
func generateLink(handler *uploadHandler, fileData []byte, fileExtension string) (string, error) {
	// Find an unused file name
	var fullFileName string
	var savePath string
	for {
		fileStem := createRandomFileName(handler.config.LinkLength)
		fullFileName = fileStem + fileExtension
		savePath = handler.config.FileDir + fullFileName

		if !fileExists(savePath) {
			break
		}
	}

	link := handler.config.LinkPrefix + fullFileName

	err := saveFile(fileData[:], savePath)
	if err != nil {
		return "", err
	}

	return link, nil
}

func saveFile(fileData []byte, name string) error {
	err := os.WriteFile(name, fileData, 0o644)
	return err
}

func fileExists(fileName string) bool {
	_, err := os.Stat(fileName)

	return !errors.Is(err, os.ErrNotExist)
}

func createRandomFileName(length int) string {
	chars := make([]byte, length)

	for i := 0; i < length; i++ {
		index := rand.Intn(len(allowedChars))
		chars[i] = allowedChars[index]
	}

	return string(chars)
}

func splitFileName(name string) (string, string) {
	extIndex := strings.LastIndex(name, ".")

	if extIndex == -1 {
		// No dot at all
		return name, ""
	}

	return name[:extIndex], name[extIndex:]
}
initial commit 2020-10-27 17:17:41 +01:00			`package main`

			`import (`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`"errors"`
initial commit 2020-10-27 17:17:41 +01:00			`"io"`
			`"log"`
			`"math/rand"`
			`"net/http"`
			`"os"`
			`"strings"`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00
			`"github.com/leon-richardt/jaf/exifscrubber"`
initial commit 2020-10-27 17:17:41 +01:00			`)`

			`type uploadHandler struct {`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`config *Config`
			`exifScrubber *exifscrubber.ExifScrubber`
initial commit 2020-10-27 17:17:41 +01:00			`}`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func (handler uploadHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
initial commit 2020-10-27 17:17:41 +01:00			`defer r.Body.Close()`

			`uploadFile, header, err := r.FormFile("file")`
			`if err != nil {`
			`http.Error(w, "could not read uploaded file: "+err.Error(), http.StatusBadRequest)`
			`log.Println(" could not read uploaded file: " + err.Error())`
			`return`
			`}`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00
			`fileData, err := io.ReadAll(uploadFile)`
			`uploadFile.Close()`
			`if err != nil {`
			`http.Error(w, "could not read attached file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not read attached file: " + err.Error())`
			`return`
			`}`

			`// Scrub EXIF, if requested and detectable by us`
			`if handler.config.ScrubExif {`
			`scrubbedData, err := handler.exifScrubber.ScrubExif(fileData[:])`

			`if err == nil {`
			`// If scrubbing was successful, update what to write to file`
			`fileData = scrubbedData`
			`} else {`
			`// Unknown file types (not PNG or JPEG) are allowed to contain EXIF, as we don't know`
			`// how to handle them. Handling of other errors depends on configuration.`
			`if err != exifscrubber.ErrUnknownFileType {`
			`if handler.config.ExifAbortOnError {`
			`log.Printf("could not scrub EXIF from file, aborting upload: %s", err.Error())`
			`http.Error(`
			`w,`
			`"could not scrub EXIF from file: "+err.Error(),`
			`http.StatusInternalServerError,`
			`)`
			`return`
			`}`

			`// An error occured but we are configured to proceed with the upload anyway`
			`log.Printf(`
			`"could not scrub EXIF from file but proceeding with upload as configured: %s",`
			`err.Error(),`
			`)`
			`}`
			`}`
			`}`
initial commit 2020-10-27 17:17:41 +01:00
ref: remove debug output 2020-10-27 17:24:10 +01:00			`_, fileExtension := splitFileName(header.Filename)`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`link, err := generateLink(handler, fileData[:], fileExtension)`
initial commit 2020-10-27 17:17:41 +01:00			`if err != nil {`
			`http.Error(w, "could not save file: "+err.Error(), http.StatusInternalServerError)`
			`log.Println(" could not save file: " + err.Error())`
			`return`
			`}`

			`// Implicitly means code 200`
			`w.Write([]byte(link))`
			`}`

ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`// Generates a valid link to uploadFile with the specified file extension.`
			`// Returns the link or an error in case of failure.`
			`// Does not close the passed file pointer.`
feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func generateLink(handler *uploadHandler, fileData []byte, fileExtension string) (string, error) {`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`// Find an unused file name`
			`var fullFileName string`
			`var savePath string`
			`for {`
			`fileStem := createRandomFileName(handler.config.LinkLength)`
			`fullFileName = fileStem + fileExtension`
			`savePath = handler.config.FileDir + fullFileName`

			`if !fileExists(savePath) {`
			`break`
			`}`
			`}`

			`link := handler.config.LinkPrefix + fullFileName`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`err := saveFile(fileData[:], savePath)`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00			`if err != nil {`
			`return "", err`
			`}`

			`return link, nil`
			`}`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func saveFile(fileData []byte, name string) error {`
			`err := os.WriteFile(name, fileData, 0o644)`
			`return err`
initial commit 2020-10-27 17:17:41 +01:00			`}`

feat: add option to scrub EXIF tags on image files EXIF scrubbing can be enabled via the `ScrubExif` config key. When enabled, all standard EXIF tags (as defined by the IFD mappings in the go-exif library) are removed on uploaded JPEG and PNG images. The `ExifAllowedIds` and `ExifAllowedPaths` config keys can be used to selectively allow specific tags to survive the scrubbing. This can be useful if you want to preserve image orientation information for example. The IDs for standard tags can be found in [1]. The path specification for `ExifAllowedPaths` relies on the format implemented in go-exif which is "documented" in machine-readable format in [2]. Multiple paths can be specified, separated by a space. The path format is as follows: 1. For tags in the main section: `IFD/<GroupName>/<FieldName>`. Examples: `IFD/Orientation`, `IFD/Exif/Flash`, `IFD/GPSInfo/GPSTimeStamp`. You will probably want to use both [1] and [2] in combination if you plan to specify allowed tags by path. 2. Tags in the thumbnail section follow the same format but paths start with `IFD1/` instead of `IFD`. [1]: https://exiv2.org/tags.html [2]: https://github.com/dsoprea/go-exif/blob/a6301f85c82b0de82ceb8501f3c4a73ea7df01c2/assets/tags.yaml 2022-08-16 00:23:29 +02:00			`func fileExists(fileName string) bool {`
			`_, err := os.Stat(fileName)`
ref: check file existence instead of keeping in-memory set The benefit of keeping all managed file names in memory instead of checking on demand does not outweigh the increased memory usage. Additionally, this method allows users to manually move files into the served directory without fearing they might be overwritten by jaf. 2022-06-21 17:28:07 +02:00
			`return !errors.Is(err, os.ErrNotExist)`
			`}`

initial commit 2020-10-27 17:17:41 +01:00			`func createRandomFileName(length int) string {`
			`chars := make([]byte, length)`

			`for i := 0; i < length; i++ {`
			`index := rand.Intn(len(allowedChars))`
			`chars[i] = allowedChars[index]`
			`}`

			`return string(chars)`
			`}`

			`func splitFileName(name string) (string, string) {`
			`extIndex := strings.LastIndex(name, ".")`

			`if extIndex == -1 {`
			`// No dot at all`
			`return name, ""`
			`}`

			`return name[:extIndex], name[extIndex:]`
			`}`