package main import ( "bytes" "encoding/json" "errors" "fmt" "io" "net/http" "os" "path" "regexp" "strconv" "strings" "bitbucket.org/taruti/mimemagic" "github.com/zenazn/goji/web" ) // Describes metadata directly from the user request type UploadRequest struct { src io.Reader filename string expiry int64 // Seconds until expiry, 0 = never randomBarename bool deletionKey string // Empty string if not defined } // Metadata associated with a file as it would actually be stored type Upload struct { Filename string // Final filename on disk Size int64 Expiry int64 // Unix timestamp of expiry, 0=never DeleteKey string // Deletion key, one generated if not provided } func uploadPostHandler(c web.C, w http.ResponseWriter, r *http.Request) { upReq := UploadRequest{} uploadHeaderProcess(r, &upReq) contentType := r.Header.Get("Content-Type") if contentType == "application/octet-stream" { if r.URL.Query().Get("randomize") == "true" { upReq.randomBarename = true } upReq.expiry = parseExpiry(r.URL.Query().Get("expires")) defer r.Body.Close() upReq.src = r.Body upReq.filename = r.URL.Query().Get("qqfile") } else if strings.HasPrefix(contentType, "multipart/form-data") { return file, headers, err := r.FormFile("file") if err != nil { oopsHandler(c, w, r) return } defer file.Close() r.ParseForm() if r.Form.Get("randomize") == "true" { upReq.randomBarename = true } upReq.expiry = parseExpiry(r.Form.Get("expires")) upReq.src = file upReq.filename = headers.Filename } else { if r.FormValue("content") == "" { oopsHandler(c, w, r) return } extension := r.FormValue("extension") if extension == "" { extension = "txt" } upReq.src = strings.NewReader(r.FormValue("content")) upReq.expiry = parseExpiry(r.FormValue("expires")) upReq.filename = r.FormValue("filename") + "." + extension } upload, err := processUpload(upReq) if err != nil { oopsHandler(c, w, r) return } if strings.EqualFold("application/json", r.Header.Get("Accept")) { js := generateJSONresponse(upload) w.Header().Set("Content-Type", "application/json; charset=UTF-8") w.Write(js) } else { http.Redirect(w, r, "/"+upload.Filename, 301) } } func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) { upReq := UploadRequest{} uploadHeaderProcess(r, &upReq) defer r.Body.Close() upReq.filename = c.URLParams["name"] upReq.src = r.Body upload, err := processUpload(upReq) if err != nil { oopsHandler(c, w, r) return } if strings.EqualFold("application/json", r.Header.Get("Accept")) { js := generateJSONresponse(upload) w.Header().Set("Content-Type", "application/json; charset=UTF-8") w.Write(js) } else { fmt.Fprintf(w, Config.siteURL+upload.Filename) } } func uploadHeaderProcess(r *http.Request, upReq *UploadRequest) { // For legacy reasons if r.Header.Get("X-Randomized-Filename") == "yes" { upReq.randomBarename = true } else if r.Header.Get("X-Randomized-Barename") == "yes" { upReq.randomBarename = true } upReq.deletionKey = r.Header.Get("X-Delete-Key") // Get seconds until expiry. Non-integer responses never expire. expStr := r.Header.Get("X-File-Expiry") upReq.expiry = parseExpiry(expStr) } func processUpload(upReq UploadRequest) (upload Upload, err error) { // Determine the appropriate filename, then write to disk barename, extension := barePlusExt(upReq.filename) // Pull the first 512 bytes off for use in MIME detection if needed header := make([]byte, 512) n, err := upReq.src.Read(header) if n == 0 || err != nil { return } if upReq.randomBarename || len(barename) == 0 { barename = generateBarename() } if len(extension) == 0 { // Determine the type of file from header mimetype := mimemagic.Match("", header) // If the mime type is in our map, use that // otherwise just use "ext" if val, exists := mimeToExtension[mimetype]; exists { extension = val } else { extension = "ext" } } upload.Filename = strings.Join([]string{barename, extension}, ".") _, err = os.Stat(path.Join(Config.filesDir, upload.Filename)) fileexists := err == nil for fileexists { counter, err := strconv.Atoi(string(barename[len(barename)-1])) if err != nil { barename = barename + "1" } else { barename = barename[:len(barename)-1] + strconv.Itoa(counter+1) } upload.Filename = strings.Join([]string{barename, extension}, ".") _, err = os.Stat(path.Join(Config.filesDir, upload.Filename)) fileexists = err == nil } dst, err := os.Create(path.Join(Config.filesDir, upload.Filename)) if err != nil { return } defer dst.Close() // Get the rest of the metadata needed for storage upload.Expiry = getFutureTimestamp(upReq.expiry) // If no delete key specified, pick a random one. if upReq.deletionKey == "" { upload.DeleteKey = randomString(30) } else { upload.DeleteKey = upReq.deletionKey } metadataWrite(upload.Filename, &upload) // Make a multi-reader from the header and the remainder of bytes // in the upReq.src io.Reader src := io.MultiReader(bytes.NewReader(header), upReq.src) bytes, err := io.Copy(dst, src) if err != nil { return } else if bytes == 0 { os.Remove(path.Join(Config.filesDir, upload.Filename)) os.Remove(path.Join(Config.metaDir, upload.Filename)) return upload, errors.New("Empty file") } upload.Size = bytes return } func generateBarename() string { return randomString(8) } func generateJSONresponse(upload Upload) []byte { js, _ := json.Marshal(map[string]string{ "url": Config.siteURL + upload.Filename, "filename": upload.Filename, "delete_key": upload.DeleteKey, "expiry": strconv.FormatInt(int64(upload.Expiry), 10), "size": strconv.FormatInt(upload.Size, 10), }) return js } var barePlusRe = regexp.MustCompile(`[^A-Za-z0-9\-]`) func barePlusExt(filename string) (barename, extension string) { filename = strings.TrimSpace(filename) filename = strings.ToLower(filename) extension = path.Ext(filename) barename = filename[:len(filename)-len(extension)] extension = barePlusRe.ReplaceAllString(extension, "") barename = barePlusRe.ReplaceAllString(barename, "") return } func parseExpiry(expStr string) int64 { if expStr == "" { return 0 } else { expiry, err := strconv.ParseInt(expStr, 10, 64) if err != nil { return 0 } else { return int64(expiry) } } }