2022-02-08 18:00:44 +00:00
|
|
|
package coderd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/sha256"
|
2022-03-07 17:40:54 +00:00
|
|
|
"database/sql"
|
2022-02-08 18:00:44 +00:00
|
|
|
"encoding/hex"
|
2022-03-07 17:40:54 +00:00
|
|
|
"errors"
|
2022-02-08 18:00:44 +00:00
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
|
2022-03-07 17:40:54 +00:00
|
|
|
"github.com/go-chi/chi/v5"
|
2022-02-08 18:00:44 +00:00
|
|
|
|
2022-03-25 21:07:45 +00:00
|
|
|
"github.com/coder/coder/coderd/database"
|
|
|
|
"github.com/coder/coder/coderd/httpapi"
|
|
|
|
"github.com/coder/coder/coderd/httpmw"
|
2022-05-24 13:25:02 +00:00
|
|
|
"github.com/coder/coder/coderd/rbac"
|
2022-03-22 19:17:50 +00:00
|
|
|
"github.com/coder/coder/codersdk"
|
2022-02-08 18:00:44 +00:00
|
|
|
)
|
|
|
|
|
2022-05-26 03:14:08 +00:00
|
|
|
func (api *API) postFile(rw http.ResponseWriter, r *http.Request) {
|
2022-02-08 18:00:44 +00:00
|
|
|
apiKey := httpmw.APIKey(r)
|
2022-05-24 13:25:02 +00:00
|
|
|
// This requires the site wide action to create files.
|
|
|
|
// Once created, a user can read their own files uploaded
|
|
|
|
if !api.Authorize(rw, r, rbac.ActionCreate, rbac.ResourceFile) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-02-08 18:00:44 +00:00
|
|
|
contentType := r.Header.Get("Content-Type")
|
|
|
|
|
|
|
|
switch contentType {
|
|
|
|
case "application/x-tar":
|
|
|
|
default:
|
|
|
|
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: fmt.Sprintf("Unsupported content type header %q.", contentType),
|
2022-02-08 18:00:44 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
r.Body = http.MaxBytesReader(rw, r.Body, 10*(10<<20))
|
|
|
|
data, err := io.ReadAll(r.Body)
|
|
|
|
if err != nil {
|
|
|
|
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: "Failed to read file from request.",
|
2022-06-03 21:48:09 +00:00
|
|
|
Detail: err.Error(),
|
2022-02-08 18:00:44 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
hashBytes := sha256.Sum256(data)
|
2022-02-12 19:34:04 +00:00
|
|
|
hash := hex.EncodeToString(hashBytes[:])
|
|
|
|
file, err := api.Database.GetFileByHash(r.Context(), hash)
|
|
|
|
if err == nil {
|
|
|
|
// The file already exists!
|
2022-04-12 15:17:33 +00:00
|
|
|
httpapi.Write(rw, http.StatusOK, codersdk.UploadResponse{
|
2022-02-12 19:34:04 +00:00
|
|
|
Hash: file.Hash,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
file, err = api.Database.InsertFile(r.Context(), database.InsertFileParams{
|
|
|
|
Hash: hash,
|
2022-02-08 18:00:44 +00:00
|
|
|
CreatedBy: apiKey.UserID,
|
|
|
|
CreatedAt: database.Now(),
|
|
|
|
Mimetype: contentType,
|
|
|
|
Data: data,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: "Internal error saving file.",
|
2022-06-03 21:48:09 +00:00
|
|
|
Detail: err.Error(),
|
2022-02-08 18:00:44 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
2022-04-12 15:17:33 +00:00
|
|
|
|
|
|
|
httpapi.Write(rw, http.StatusCreated, codersdk.UploadResponse{
|
2022-02-08 18:00:44 +00:00
|
|
|
Hash: file.Hash,
|
|
|
|
})
|
|
|
|
}
|
2022-03-07 17:40:54 +00:00
|
|
|
|
2022-05-26 03:14:08 +00:00
|
|
|
func (api *API) fileByHash(rw http.ResponseWriter, r *http.Request) {
|
2022-03-07 17:40:54 +00:00
|
|
|
hash := chi.URLParam(r, "hash")
|
|
|
|
if hash == "" {
|
|
|
|
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: "File hash must be provided in url.",
|
2022-03-07 17:40:54 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
file, err := api.Database.GetFileByHash(r.Context(), hash)
|
|
|
|
if errors.Is(err, sql.ErrNoRows) {
|
2022-05-24 13:25:02 +00:00
|
|
|
httpapi.Forbidden(rw)
|
2022-03-07 17:40:54 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
|
2022-06-07 14:33:06 +00:00
|
|
|
Message: "Internal error fetching file.",
|
2022-06-03 21:48:09 +00:00
|
|
|
Detail: err.Error(),
|
2022-03-07 17:40:54 +00:00
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
2022-05-24 13:25:02 +00:00
|
|
|
|
|
|
|
if !api.Authorize(rw, r, rbac.ActionRead,
|
|
|
|
rbac.ResourceFile.WithOwner(file.CreatedBy.String()).WithID(file.Hash)) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-03-07 17:40:54 +00:00
|
|
|
rw.Header().Set("Content-Type", file.Mimetype)
|
|
|
|
rw.WriteHeader(http.StatusOK)
|
|
|
|
_, _ = rw.Write(file.Data)
|
|
|
|
}
|