coder/coderd/files.go

package coderd

import (
	"crypto/sha256"
	"database/sql"
	"encoding/hex"
	"errors"
	"fmt"
	"io"
	"net/http"

	"github.com/go-chi/chi/v5"

	"github.com/coder/coder/coderd/database"
	"github.com/coder/coder/coderd/httpapi"
	"github.com/coder/coder/coderd/httpmw"
	"github.com/coder/coder/coderd/rbac"
	"github.com/coder/coder/codersdk"
)

func (api *API) postFile(rw http.ResponseWriter, r *http.Request) {
	apiKey := httpmw.APIKey(r)
	// This requires the site wide action to create files.
	// Once created, a user can read their own files uploaded
	if !api.Authorize(rw, r, rbac.ActionCreate, rbac.ResourceFile) {
		return
	}

	contentType := r.Header.Get("Content-Type")

	switch contentType {
	case "application/x-tar":
	default:
		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
			Message: fmt.Sprintf("Unsupported content type header %q.", contentType),
		})
		return
	}

	r.Body = http.MaxBytesReader(rw, r.Body, 10*(10<<20))
	data, err := io.ReadAll(r.Body)
	if err != nil {
		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
			Message: "Failed to read file from request.",
			Detail:  err.Error(),
		})
		return
	}
	hashBytes := sha256.Sum256(data)
	hash := hex.EncodeToString(hashBytes[:])
	file, err := api.Database.GetFileByHash(r.Context(), hash)
	if err == nil {
		// The file already exists!
		httpapi.Write(rw, http.StatusOK, codersdk.UploadResponse{
			Hash: file.Hash,
		})
		return
	}
	file, err = api.Database.InsertFile(r.Context(), database.InsertFileParams{
		Hash:      hash,
		CreatedBy: apiKey.UserID,
		CreatedAt: database.Now(),
		Mimetype:  contentType,
		Data:      data,
	})
	if err != nil {
		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
			Message: "Internal error saving file.",
			Detail:  err.Error(),
		})
		return
	}

	httpapi.Write(rw, http.StatusCreated, codersdk.UploadResponse{
		Hash: file.Hash,
	})
}

func (api *API) fileByHash(rw http.ResponseWriter, r *http.Request) {
	hash := chi.URLParam(r, "hash")
	if hash == "" {
		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
			Message: "File hash must be provided in url.",
		})
		return
	}
	file, err := api.Database.GetFileByHash(r.Context(), hash)
	if errors.Is(err, sql.ErrNoRows) {
		httpapi.Forbidden(rw)
		return
	}
	if err != nil {
		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
			Message: "Internal error fetching file.",
			Detail:  err.Error(),
		})
		return
	}

	if !api.Authorize(rw, r, rbac.ActionRead,
		rbac.ResourceFile.WithOwner(file.CreatedBy.String()).WithID(file.Hash)) {
		return
	}

	rw.Header().Set("Content-Type", file.Mimetype)
	rw.WriteHeader(http.StatusOK)
	_, _ = rw.Write(file.Data)
}
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`package coderd`

			`import (`
			`"crypto/sha256"`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`"database/sql"`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`"encoding/hex"`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`"errors"`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`"fmt"`
			`"io"`
			`"net/http"`

feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`"github.com/go-chi/chi/v5"`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00
chore: Move httpapi, httpmw, & database into `coderd` (#568) * chore: Move httpmw to /coderd directory httpmw is specific to coderd and should be scoped under coderd * chore: Move httpapi to /coderd directory httpapi is specific to coderd and should be scoped under coderd * chore: Move database to /coderd directory database is specific to coderd and should be scoped under coderd * chore: Update codecov & gitattributes for generated files * chore: Update Makefile 2022-03-25 21:07:45 +00:00			`"github.com/coder/coder/coderd/database"`
			`"github.com/coder/coder/coderd/httpapi"`
			`"github.com/coder/coder/coderd/httpmw"`
feat: Add RBAC to /files endpoints (#1664) * feat: Add RBAC to /files endpoints 2022-05-24 13:25:02 +00:00			`"github.com/coder/coder/coderd/rbac"`
feat: Add templates to create working release (#422) * Add templates * Move API structs to codersdk * Back to green tests! * It all works, but now with tea! 🧋 * It works! * Add cancellation to provisionerd * Tests pass! * Add deletion of workspaces and projects * Fix agent lock * Add clog * Fix linting errors * Remove unused CLI tests * Rename daemon to start * Fix leaking command * Fix promptui test * Update agent connection frequency * Skip login tests on Windows * Increase tunnel connect timeout * Fix templater * Lower test requirements * Fix embed * Disable promptui tests for Windows * Fix write newline * Fix PTY write newline * Fix CloseReader * Fix compilation on Windows * Fix linting error * Remove bubbletea * Cleanup readwriter * Use embedded templates instead of serving over API * Move templates to examples * Improve workspace create flow * Fix Windows build * Fix tests * Fix linting errors * Fix untar with extracting max size * Fix newline char 2022-03-22 19:17:50 +00:00			`"github.com/coder/coder/codersdk"`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`)`

chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. 2022-05-26 03:14:08 +00:00			`func (api API) postFile(rw http.ResponseWriter, r http.Request) {`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`apiKey := httpmw.APIKey(r)`
feat: Add RBAC to /files endpoints (#1664) * feat: Add RBAC to /files endpoints 2022-05-24 13:25:02 +00:00			`// This requires the site wide action to create files.`
			`// Once created, a user can read their own files uploaded`
			`if !api.Authorize(rw, r, rbac.ActionCreate, rbac.ResourceFile) {`
			`return`
			`}`

refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`contentType := r.Header.Get("Content-Type")`

			`switch contentType {`
			`case "application/x-tar":`
			`default:`
			`httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{`
chore: Linter rule for properly formatted api errors (#2123) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field 2022-06-07 14:33:06 +00:00			`Message: fmt.Sprintf("Unsupported content type header %q.", contentType),`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`})`
			`return`
			`}`

			`r.Body = http.MaxBytesReader(rw, r.Body, 10*(10<<20))`
			`data, err := io.ReadAll(r.Body)`
			`if err != nil {`
			`httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{`
chore: Linter rule for properly formatted api errors (#2123) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field 2022-06-07 14:33:06 +00:00			`Message: "Failed to read file from request.",`
chore: Update BE http errors to be ui friendly (#1994) * chore: More UI friendly errors Mainly capitlization + messages prefix error 2022-06-03 21:48:09 +00:00			`Detail: err.Error(),`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`})`
			`return`
			`}`
			`hashBytes := sha256.Sum256(data)`
feat: Add "coder projects create" command (#246) * Refactor parameter parsing to return nil values if none computed * Refactor parameter to allow for hiding redisplay * Refactor parameters to enable schema matching * Refactor provisionerd to dynamically update parameter schemas * Refactor job update for provisionerd * Handle multiple states correctly when provisioning a project * Add project import job resource table * Basic creation flow works! * Create project fully works!!! * Only show job status if completed * Add create workspace support * Replace Netflix/go-expect with ActiveState * Fix linting errors * Use forked chzyer/readline * Add create workspace CLI * Add CLI test * Move jobs to their own APIs * Remove go-expect * Fix requested changes * Skip workspacecreate test on windows 2022-02-12 19:34:04 +00:00			`hash := hex.EncodeToString(hashBytes[:])`
			`file, err := api.Database.GetFileByHash(r.Context(), hash)`
			`if err == nil {`
			`// The file already exists!`
chore: idea: unify http responses further (#941) 2022-04-12 15:17:33 +00:00			`httpapi.Write(rw, http.StatusOK, codersdk.UploadResponse{`
feat: Add "coder projects create" command (#246) * Refactor parameter parsing to return nil values if none computed * Refactor parameter to allow for hiding redisplay * Refactor parameters to enable schema matching * Refactor provisionerd to dynamically update parameter schemas * Refactor job update for provisionerd * Handle multiple states correctly when provisioning a project * Add project import job resource table * Basic creation flow works! * Create project fully works!!! * Only show job status if completed * Add create workspace support * Replace Netflix/go-expect with ActiveState * Fix linting errors * Use forked chzyer/readline * Add create workspace CLI * Add CLI test * Move jobs to their own APIs * Remove go-expect * Fix requested changes * Skip workspacecreate test on windows 2022-02-12 19:34:04 +00:00			`Hash: file.Hash,`
			`})`
			`return`
			`}`
			`file, err = api.Database.InsertFile(r.Context(), database.InsertFileParams{`
			`Hash: hash,`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`CreatedBy: apiKey.UserID,`
			`CreatedAt: database.Now(),`
			`Mimetype: contentType,`
			`Data: data,`
			`})`
			`if err != nil {`
			`httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{`
chore: Linter rule for properly formatted api errors (#2123) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field 2022-06-07 14:33:06 +00:00			`Message: "Internal error saving file.",`
chore: Update BE http errors to be ui friendly (#1994) * chore: More UI friendly errors Mainly capitlization + messages prefix error 2022-06-03 21:48:09 +00:00			`Detail: err.Error(),`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`})`
			`return`
			`}`
chore: idea: unify http responses further (#941) 2022-04-12 15:17:33 +00:00
			`httpapi.Write(rw, http.StatusCreated, codersdk.UploadResponse{`
refactor: Allow provisioner jobs to be disconnected from projects (#194) * Nest jobs under an organization * Rename project parameter to parameter schema * Update references when computing project parameters * Add files endpoint * Allow one-off project import jobs * Allow variables to be injected that are not defined by the schema * Update API to use jobs first * Fix CLI tests * Fix linting * Fix hex length for files table * Reduce memory allocation for windows 2022-02-08 18:00:44 +00:00			`Hash: file.Hash,`
			`})`
			`}`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00
chore: Remove interface from coderd and lift API surface (#1772) Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. 2022-05-26 03:14:08 +00:00			`func (api API) fileByHash(rw http.ResponseWriter, r http.Request) {`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`hash := chi.URLParam(r, "hash")`
			`if hash == "" {`
			`httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{`
chore: Linter rule for properly formatted api errors (#2123) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field 2022-06-07 14:33:06 +00:00			`Message: "File hash must be provided in url.",`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`})`
			`return`
			`}`
			`file, err := api.Database.GetFileByHash(r.Context(), hash)`
			`if errors.Is(err, sql.ErrNoRows) {`
feat: Add RBAC to /files endpoints (#1664) * feat: Add RBAC to /files endpoints 2022-05-24 13:25:02 +00:00			`httpapi.Forbidden(rw)`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`return`
			`}`
			`if err != nil {`
			`httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{`
chore: Linter rule for properly formatted api errors (#2123) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field 2022-06-07 14:33:06 +00:00			`Message: "Internal error fetching file.",`
chore: Update BE http errors to be ui friendly (#1994) * chore: More UI friendly errors Mainly capitlization + messages prefix error 2022-06-03 21:48:09 +00:00			`Detail: err.Error(),`
feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`})`
			`return`
			`}`
feat: Add RBAC to /files endpoints (#1664) * feat: Add RBAC to /files endpoints 2022-05-24 13:25:02 +00:00
			`if !api.Authorize(rw, r, rbac.ActionRead,`
			`rbac.ResourceFile.WithOwner(file.CreatedBy.String()).WithID(file.Hash)) {`
			`return`
			`}`

feat: Refactor API routes to use UUIDs instead of friendly names (#401) * Add client for agent * Cleanup code * Fix linting error * Rename routes to be simpler * Rename workspace history to workspace build * Refactor HTTP middlewares to use UUIDs * Cleanup routes * Compiles! * Fix files and organizations * Fix querying * Fix agent lock * Cleanup database abstraction * Add parameters * Fix linting errors * Fix log race * Lock on close wait * Fix log cleanup * Fix e2e tests * Fix upstream version of opencensus-go * Update coderdtest.go * Fix coverpkg * Fix codecov ignore 2022-03-07 17:40:54 +00:00			`rw.Header().Set("Content-Type", file.Mimetype)`
			`rw.WriteHeader(http.StatusOK)`
			`_, _ = rw.Write(file.Data)`
			`}`