bluebell/upload/upload.go

package upload

import (
	"archive/tar"
	"compress/gzip"
	"context"
	"crypto/subtle"
	"errors"
	"fmt"
	"github.com/1f349/bluebell/database"
	"github.com/dustin/go-humanize"
	"github.com/julienschmidt/httprouter"
	"github.com/spf13/afero"
	"io"
	"io/fs"
	"net/http"
	"path/filepath"
	"slices"
	"strings"
)

var indexBranches = []string{
	"main",
	"master",
}

func containsOnly(s string, f func(r rune) bool) bool {
	for _, r := range []rune(s) {
		if !f(r) {
			return false
		}
	}
	return true
}

func isValidSite(site string) bool {
	if len(site) < 1 || site[0] == '-' {
		return false
	}
	switch site[0] {
	case '-':
		return false
	}
	return containsOnly(site, func(r rune) bool {
		return isAlphanumericOrDash(r) || r == '.'
	})
}

func isValidBranch(branch string) bool {
	if len(branch) < 1 {
		return false
	}
	switch branch[0] {
	case '-', '/':
		return false
	}
	if branch[len(branch)-1] == '/' {
		return false
	}
	return containsOnly(branch, func(r rune) bool {
		return isAlphanumericOrDash(r) || r == '/' || r == '.'
	})
}

func isAlphanumericOrDash(r rune) bool {
	switch {
	case r >= '0' && r <= '9':
		return true
	case r >= 'a' && r <= 'z':
		return true
	case r >= 'A' && r <= 'Z':
		return true
	case r == '-', r == '_':
		return true
	default:
		return false
	}
}

type sitesQueries interface {
	GetSiteByDomain(ctx context.Context, domain string) (database.Site, error)
}

func New(storage afero.Fs, db sitesQueries) *Handler {
	return &Handler{storage, db}
}

const maxFileSize = 1 * humanize.GiByte

type Handler struct {
	storageFs afero.Fs
	db        sitesQueries
}

func (h *Handler) Handle(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
	site := params.ByName("site")
	branch := params.ByName("branch")

	siteConf, err := h.db.GetSiteByDomain(req.Context(), site)
	if err != nil {
		http.Error(rw, "", http.StatusNotFound)
		return
	}
	token, ok := strings.CutPrefix(req.Header.Get("Authorization"), "Bearer ")
	if !ok || subtle.ConstantTimeCompare([]byte(token), []byte(siteConf.Token)) == 0 {
		http.Error(rw, "403 Forbidden", http.StatusForbidden)
		return
	}

	fileData, fileHeader, err := req.FormFile("upload")
	if err != nil {
		http.Error(rw, "Missing file upload", http.StatusBadRequest)
		return
	}

	// if file is bigger than maxFileSize
	if fileHeader.Size > maxFileSize {
		http.Error(rw, "File too big", http.StatusInsufficientStorage)
		return
	}

	err = h.extractTarGzUpload(fileData, site, branch)
	if err != nil {
		http.Error(rw, fmt.Sprintf("Invalid upload: %s", err), http.StatusBadRequest)
		return
	}

	rw.WriteHeader(http.StatusAccepted)
}

func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) error {
	if !isValidSite(site) {
		return fmt.Errorf("invalid site name: %s", site)
	}
	if !isValidBranch(branch) {
		return fmt.Errorf("invalid branch name: %s", branch)
	}
	if slices.Contains(indexBranches, branch) {
		branch = ""
	}

	_, err := h.db.GetSiteByDomain(context.Background(), site)
	if err != nil {
		return fmt.Errorf("invalid site: %w", err)
	}

	siteBranchPath := filepath.Join(site, "@"+branch)
	siteBranchOldPath := filepath.Join(site, "old@"+branch)

	// try the new "old@[...]" and old "@[...].old" paths
	err = h.storageFs.RemoveAll(siteBranchPath + ".old")
	if err != nil && !errors.Is(err, fs.ErrNotExist) {
		return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)
	}
	err = h.storageFs.RemoveAll(siteBranchOldPath)
	if err != nil && !errors.Is(err, fs.ErrNotExist) {
		return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)
	}

	err = h.storageFs.Rename(siteBranchPath, siteBranchOldPath)
	if err != nil && !errors.Is(err, fs.ErrNotExist) {
		return fmt.Errorf("failed to save an old copy of the site: %w", err)
	}

	err = h.storageFs.MkdirAll(siteBranchPath, fs.ModePerm)
	if err != nil {
		return fmt.Errorf("failed to make site directory: %w", err)
	}
	branchFs := afero.NewBasePathFs(h.storageFs, siteBranchPath)

	// decompress gzip wrapper
	gzipReader, err := gzip.NewReader(fileData)
	if err != nil {
		return fmt.Errorf("invalid gzip file: %w", err)
	}

	// parse tar encoding
	tarReader := tar.NewReader(gzipReader)
	for {
		next, err := tarReader.Next()
		if err == io.EOF {
			// finished reading tar, exit now
			break
		}
		if err != nil {
			return fmt.Errorf("invalid tar archive: %w", err)
		}

		err = branchFs.MkdirAll(filepath.Dir(next.Name), fs.ModePerm)
		if err != nil {
			return fmt.Errorf("failed to make directory tree: %w", err)
		}

		create, err := branchFs.Create(next.Name)
		if err != nil {
			return fmt.Errorf("failed to create output file: '%s': %w", next.Name, err)
		}

		_, err = io.Copy(create, tarReader)
		if err != nil {
			return fmt.Errorf("failed to copy from archive to output file: '%s': %w", next.Name, err)
		}
	}
	return nil
}
Start adding project code 2023-07-22 00:59:45 +01:00			`package upload`

			`import (`
			`"archive/tar"`
			`"compress/gzip"`
Add database storage 2024-08-16 16:48:50 +01:00			`"context"`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`"crypto/subtle"`
			`"errors"`
Start adding project code 2023-07-22 00:59:45 +01:00			`"fmt"`
Add database storage 2024-08-16 16:48:50 +01:00			`"github.com/1f349/bluebell/database"`
			`"github.com/dustin/go-humanize"`
Start adding project code 2023-07-22 00:59:45 +01:00			`"github.com/julienschmidt/httprouter"`
			`"github.com/spf13/afero"`
			`"io"`
Keep working on this 2023-08-21 00:27:54 +01:00			`"io/fs"`
Start adding project code 2023-07-22 00:59:45 +01:00			`"net/http"`
			`"path/filepath"`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`"slices"`
Add database storage 2024-08-16 16:48:50 +01:00			`"strings"`
Start adding project code 2023-07-22 00:59:45 +01:00			`)`

This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`var indexBranches = []string{`
			`"main",`
			`"master",`
			`}`

Test site and branch names 2025-01-07 23:51:31 +00:00			`func containsOnly(s string, f func(r rune) bool) bool {`
			`for _, r := range []rune(s) {`
			`if !f(r) {`
			`return false`
			`}`
			`}`
			`return true`
			`}`

			`func isValidSite(site string) bool {`
			`if len(site) < 1 \|\| site[0] == '-' {`
			`return false`
			`}`
			`switch site[0] {`
			`case '-':`
			`return false`
			`}`
			`return containsOnly(site, func(r rune) bool {`
			`return isAlphanumericOrDash(r) \|\| r == '.'`
			`})`
			`}`

			`func isValidBranch(branch string) bool {`
			`if len(branch) < 1 {`
			`return false`
			`}`
			`switch branch[0] {`
			`case '-', '/':`
			`return false`
			`}`
			`if branch[len(branch)-1] == '/' {`
			`return false`
			`}`
			`return containsOnly(branch, func(r rune) bool {`
			`return isAlphanumericOrDash(r) \|\| r == '/' \|\| r == '.'`
			`})`
			`}`

			`func isAlphanumericOrDash(r rune) bool {`
			`switch {`
			`case r >= '0' && r <= '9':`
			`return true`
			`case r >= 'a' && r <= 'z':`
			`return true`
			`case r >= 'A' && r <= 'Z':`
			`return true`
			`case r == '-', r == '_':`
			`return true`
			`default:`
			`return false`
			`}`
			`}`

Add database storage 2024-08-16 16:48:50 +01:00			`type sitesQueries interface {`
			`GetSiteByDomain(ctx context.Context, domain string) (database.Site, error)`
Start adding project code 2023-07-22 00:59:45 +01:00			`}`

Add database storage 2024-08-16 16:48:50 +01:00			`func New(storage afero.Fs, db sitesQueries) *Handler {`
			`return &Handler{storage, db}`
			`}`

			`const maxFileSize = 1 * humanize.GiByte`

Start adding project code 2023-07-22 00:59:45 +01:00			`type Handler struct {`
			`storageFs afero.Fs`
Add database storage 2024-08-16 16:48:50 +01:00			`db sitesQueries`
Start adding project code 2023-07-22 00:59:45 +01:00			`}`

This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`func (h Handler) Handle(rw http.ResponseWriter, req http.Request, params httprouter.Params) {`
			`site := params.ByName("site")`
			`branch := params.ByName("branch")`
Keep working on this 2023-08-21 00:27:54 +01:00
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`siteConf, err := h.db.GetSiteByDomain(req.Context(), site)`
Add database storage 2024-08-16 16:48:50 +01:00			`if err != nil {`
			`http.Error(rw, "", http.StatusNotFound)`
Keep working on this 2023-08-21 00:27:54 +01:00			`return`
			`}`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`token, ok := strings.CutPrefix(req.Header.Get("Authorization"), "Bearer ")`
			`if !ok \|\| subtle.ConstantTimeCompare([]byte(token), []byte(siteConf.Token)) == 0 {`
Keep working on this 2023-08-21 00:27:54 +01:00			`http.Error(rw, "403 Forbidden", http.StatusForbidden)`
			`return`
			`}`
Start adding project code 2023-07-22 00:59:45 +01:00
			`fileData, fileHeader, err := req.FormFile("upload")`
			`if err != nil {`
			`http.Error(rw, "Missing file upload", http.StatusBadRequest)`
			`return`
			`}`

Reference the maxFileSize constant here 2025-01-07 21:34:47 +00:00			`// if file is bigger than maxFileSize`
Add database storage 2024-08-16 16:48:50 +01:00			`if fileHeader.Size > maxFileSize {`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`http.Error(rw, "File too big", http.StatusInsufficientStorage)`
Start adding project code 2023-07-22 00:59:45 +01:00			`return`
			`}`

			`err = h.extractTarGzUpload(fileData, site, branch)`
			`if err != nil {`
			`http.Error(rw, fmt.Sprintf("Invalid upload: %s", err), http.StatusBadRequest)`
			`return`
			`}`

			`rw.WriteHeader(http.StatusAccepted)`
			`}`

			`func (h *Handler) extractTarGzUpload(fileData io.Reader, site, branch string) error {`
Test site and branch names 2025-01-07 23:51:31 +00:00			`if !isValidSite(site) {`
			`return fmt.Errorf("invalid site name: %s", site)`
			`}`
			`if !isValidBranch(branch) {`
			`return fmt.Errorf("invalid branch name: %s", branch)`
			`}`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`if slices.Contains(indexBranches, branch) {`
			`branch = ""`
			`}`
Test site and branch names 2025-01-07 23:51:31 +00:00
			`_, err := h.db.GetSiteByDomain(context.Background(), site)`
			`if err != nil {`
			`return fmt.Errorf("invalid site: %w", err)`
			`}`

This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`siteBranchPath := filepath.Join(site, "@"+branch)`
Fix old path typo 2025-01-07 21:26:22 +00:00			`siteBranchOldPath := filepath.Join(site, "old@"+branch)`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00
Change old path to 'old@[...]' 2025-01-07 21:18:37 +00:00			`// try the new "old@[...]" and old "@[...].old" paths`
Test site and branch names 2025-01-07 23:51:31 +00:00			`err = h.storageFs.RemoveAll(siteBranchPath + ".old")`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`if err != nil && !errors.Is(err, fs.ErrNotExist) {`
			`return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)`
			`}`
Fix old path typo 2025-01-07 21:26:22 +00:00			`err = h.storageFs.RemoveAll(siteBranchOldPath)`
Change old path to 'old@[...]' 2025-01-07 21:18:37 +00:00			`if err != nil && !errors.Is(err, fs.ErrNotExist) {`
			`return fmt.Errorf("failed to remove old site branch %s: %w", siteBranchPath, err)`
			`}`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00
Fix old path typo 2025-01-07 21:26:22 +00:00			`err = h.storageFs.Rename(siteBranchPath, siteBranchOldPath)`
This is a somewhat decent state of the source code 2025-01-05 18:41:38 +00:00			`if err != nil && !errors.Is(err, fs.ErrNotExist) {`
Keep working on this 2023-08-21 00:27:54 +01:00			`return fmt.Errorf("failed to save an old copy of the site: %w", err)`
			`}`

			`err = h.storageFs.MkdirAll(siteBranchPath, fs.ModePerm)`
			`if err != nil {`
			`return fmt.Errorf("failed to make site directory: %w", err)`
			`}`
			`branchFs := afero.NewBasePathFs(h.storageFs, siteBranchPath)`
Start adding project code 2023-07-22 00:59:45 +01:00
			`// decompress gzip wrapper`
			`gzipReader, err := gzip.NewReader(fileData)`
			`if err != nil {`
			`return fmt.Errorf("invalid gzip file: %w", err)`
			`}`

			`// parse tar encoding`
			`tarReader := tar.NewReader(gzipReader)`
			`for {`
			`next, err := tarReader.Next()`
			`if err == io.EOF {`
Keep working on this 2023-08-21 00:27:54 +01:00			`// finished reading tar, exit now`
Start adding project code 2023-07-22 00:59:45 +01:00			`break`
			`}`
			`if err != nil {`
			`return fmt.Errorf("invalid tar archive: %w", err)`
			`}`

Keep working on this 2023-08-21 00:27:54 +01:00			`err = branchFs.MkdirAll(filepath.Dir(next.Name), fs.ModePerm)`
Start adding project code 2023-07-22 00:59:45 +01:00			`if err != nil {`
			`return fmt.Errorf("failed to make directory tree: %w", err)`
			`}`

Keep working on this 2023-08-21 00:27:54 +01:00			`create, err := branchFs.Create(next.Name)`
Start adding project code 2023-07-22 00:59:45 +01:00			`if err != nil {`
			`return fmt.Errorf("failed to create output file: '%s': %w", next.Name, err)`
			`}`

			`_, err = io.Copy(create, tarReader)`
			`if err != nil {`
			`return fmt.Errorf("failed to copy from archive to output file: '%s': %w", next.Name, err)`
			`}`
			`}`
			`return nil`
			`}`