mirrors/go-hauk
2
0
Fork 0
mirror of https://github.com/parkan/go-hauk.git synced 2026-05-08 16:47:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
go-hauk/api/create.go
Arkadiy Kukarkin 098d9c45c4 fix code review findings
2025-12-23 13:25:56 +01:00

241 lines
5.5 KiB
Go
Raw Permalink Blame History

package api
import (
"context"
"fmt"
"net/http"
"regexp"
"strconv"
"time"
"github.com/parkan/go-hauk/model"
)
const (
shareModeCreateAlone = 0
shareModeCreateGroup = 1
shareModeJoinGroup = 2
)
var linkIDRe = regexp.MustCompile(`^[\w-]+$`)
func (s *Server) handleCreate(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
if err := r.ParseForm(); err != nil {
http.Error(w, "bad request", http.StatusBadRequest)
return
}
dur := r.FormValue("dur")
interval := r.FormValue("int")
if dur == "" || interval == "" {
fmt.Fprintln(w, "Missing data!")
return
}
user := r.FormValue("usr")
pass := r.FormValue("pwd")
if err := s.auth.Authenticate(user, pass); err != nil {
fmt.Fprintln(w, "Incorrect password!")
return
}
d, err := strconv.Atoi(dur)
if err != nil || d <= 0 {
fmt.Fprintln(w, "Invalid duration!")
return
}
i, err := strconv.ParseFloat(interval, 64)
if err != nil || i <= 0 {
fmt.Fprintln(w, "Invalid interval!")
return
}
mod, _ := strconv.Atoi(r.FormValue("mod"))
adoptable := r.FormValue("ado") == "1"
encrypted := r.FormValue("e2e") == "1"
salt := r.FormValue("salt")
customLink := r.FormValue("lid")
nickname := r.FormValue("nic")
pin, _ := strconv.Atoi(r.FormValue("pin"))
if d > s.cfg.MaxDuration {
fmt.Fprintln(w, "Share duration exceeds maximum configured!")
return
}
if i > float64(s.cfg.MaxDuration) {
fmt.Fprintln(w, "Interval exceeds maximum configured!")
return
}
if i < s.cfg.MinInterval {
fmt.Fprintln(w, "Interval is too short!")
return
}
if (mod == shareModeCreateGroup || mod == shareModeJoinGroup) && encrypted {
fmt.Fprintln(w, "End-to-end encryption is not supported for group shares.")
return
}
if (mod == shareModeCreateGroup || mod == shareModeJoinGroup) && nickname == "" {
fmt.Fprintln(w, "Missing data!")
return
}
if mod == shareModeJoinGroup && pin == 0 {
fmt.Fprintln(w, "Missing data!")
return
}
if encrypted && salt == "" {
fmt.Fprintln(w, "Missing data!")
return
}
expire := time.Now().Add(time.Duration(d) * time.Second)
session, err := model.NewSession(s.store, s.cfg.MaxCachedPts)
if err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
session.SetExpire(expire)
session.SetInterval(i)
if encrypted {
session.SetEncrypted(true, salt)
}
linkGen := func() (string, error) {
return s.linkgen.Generate(ctx)
}
switch mod {
case shareModeCreateAlone:
share, err := model.NewSoloShare(s.store, s.cfg.PublicURL, linkGen)
if err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
if customLink != "" && linkIDRe.MatchString(customLink) {
if err := s.tryCustomLink(ctx, customLink, user); err == nil {
share.SetID(customLink)
}
}
share.SetAdoptable(adoptable)
share.SetHost(session.ID())
share.SetExpire(expire)
if err := share.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
session.AddTarget(share.ID())
if err := session.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
fmt.Fprintln(w, "OK")
fmt.Fprintln(w, session.ID())
fmt.Fprintln(w, share.ViewLink())
fmt.Fprintln(w, share.ID())
case shareModeCreateGroup:
share, err := model.NewGroupShare(s.store, s.cfg.PublicURL, linkGen)
if err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
if customLink != "" && linkIDRe.MatchString(customLink) {
if err := s.tryCustomLink(ctx, customLink, user); err == nil {
share.SetID(customLink)
}
}
share.AddHost(nickname, session.ID())
share.SetExpire(expire)
if err := share.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
session.AddTarget(share.ID())
if err := session.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
fmt.Fprintln(w, "OK")
fmt.Fprintln(w, session.ID())
fmt.Fprintln(w, share.ViewLink())
fmt.Fprintln(w, share.Pin())
fmt.Fprintln(w, share.ID())
case shareModeJoinGroup:
share, err := model.LoadGroupShareByPin(ctx, s.store, pin, s.cfg.PublicURL)
if err != nil {
fmt.Fprintln(w, "Invalid group PIN!")
return
}
share.AddHost(nickname, session.ID())
if err := share.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
session.AddTarget(share.ID())
if err := session.Save(ctx); err != nil {
http.Error(w, "internal error", http.StatusInternalServerError)
return
}
fmt.Fprintln(w, "OK")
fmt.Fprintln(w, session.ID())
fmt.Fprintln(w, share.ViewLink())
fmt.Fprintln(w, share.ID())
default:
fmt.Fprintln(w, "Unsupported share mode!")
}
}
func (s *Server) tryCustomLink(ctx context.Context, link, user string) error {
if !s.cfg.AllowLinkReq {
return fmt.Errorf("custom links disabled")
}
// check reserved links
if allowedUsers, reserved := s.cfg.ReservedLinks[link]; reserved {
allowed := false
for _, u := range allowedUsers {
if u == user {
allowed = true
break
}
}
if !allowed {
return fmt.Errorf("link reserved")
}
}
// whitelist mode: only reserved links allowed
if s.cfg.ReserveWL {
if _, reserved := s.cfg.ReservedLinks[link]; !reserved {
return fmt.Errorf("link not in whitelist")
}
}
exists, err := s.store.Exists(ctx, "locdata-"+link)
if err != nil {
return err
}
if exists {
return fmt.Errorf("link already exists")
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink