207 lines
6.1 KiB
Go
207 lines
6.1 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"crypto/md5"
|
||
|
"crypto/subtle"
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
"io"
|
||
|
"io/ioutil"
|
||
|
"log"
|
||
|
"net/http"
|
||
|
"os"
|
||
|
"path"
|
||
|
"strings"
|
||
|
"time"
|
||
|
)
|
||
|
|
||
|
type AdminApi struct {
|
||
|
mux *http.ServeMux
|
||
|
}
|
||
|
|
||
|
func NewAdminApi() (a *AdminApi) {
|
||
|
a = &AdminApi{}
|
||
|
a.mux = http.NewServeMux()
|
||
|
a.mux.HandleFunc("/", a.adminHandler)
|
||
|
a.mux.HandleFunc("/delete", a.deleteVideo)
|
||
|
a.mux.HandleFunc("/upload", a.uploadVideo)
|
||
|
a.mux.HandleFunc("/rename", a.renameVideo)
|
||
|
return a
|
||
|
}
|
||
|
func (a *AdminApi) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||
|
if a.checkAuth(w, r) {
|
||
|
a.mux.ServeHTTP(w, r)
|
||
|
}
|
||
|
}
|
||
|
func (a *AdminApi) checkAuth(w http.ResponseWriter, r *http.Request) (success bool) {
|
||
|
success = false
|
||
|
user, password, ok := r.BasicAuth()
|
||
|
if subtle.ConstantTimeCompare([]byte(user), []byte(config.AdminUser)) == 1 &&
|
||
|
subtle.ConstantTimeCompare([]byte(password), []byte(config.AdminPassword)) == 1 {
|
||
|
success = true
|
||
|
}
|
||
|
if !success {
|
||
|
if !ok {
|
||
|
time.Sleep(3 * time.Second)
|
||
|
}
|
||
|
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", config.ApplicationName))
|
||
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||
|
}
|
||
|
return success
|
||
|
}
|
||
|
|
||
|
func (a *AdminApi) adminHandler(w http.ResponseWriter, r *http.Request) {
|
||
|
var v struct {
|
||
|
ApplicationName string
|
||
|
Videos []Video
|
||
|
}
|
||
|
v.ApplicationName = config.ApplicationName
|
||
|
|
||
|
dataDir := path.Join(config.DataDirectory, "video")
|
||
|
dir, err := os.ReadDir(dataDir)
|
||
|
if err != nil {
|
||
|
log.Printf("admin: can't read data directory: %s", err.Error())
|
||
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
for _, entry := range dir {
|
||
|
if entry.Type().IsRegular() && strings.HasSuffix(entry.Name(), ".json") && entry.Name() != "index.json" {
|
||
|
video, err := readVideoInfo(path.Join(dataDir, entry.Name()))
|
||
|
if err != nil {
|
||
|
log.Printf("admin: can't read video info: %s", err.Error())
|
||
|
continue
|
||
|
}
|
||
|
v.Videos = append(v.Videos, video)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
err = executeTemplate(w, "admin.html", &v)
|
||
|
if err != nil {
|
||
|
log.Printf("Can't execute template \"admin.html\": %s", err.Error())
|
||
|
return
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func (a *AdminApi) deleteVideo(w http.ResponseWriter, r *http.Request) {
|
||
|
if r.Method != http.MethodPost {
|
||
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
|
||
|
return
|
||
|
}
|
||
|
err := r.ParseForm()
|
||
|
referer := r.Header.Get("Referer")
|
||
|
if err != nil {
|
||
|
log.Printf("can't parse form: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
ID := r.Form.Get("fileid")
|
||
|
ID = path.Clean(path.Base(ID))
|
||
|
rawInfo, err := ioutil.ReadFile(path.Join(config.DataDirectory, "video", ID+".json"))
|
||
|
if err != nil {
|
||
|
log.Printf("can't read info: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
var info Video
|
||
|
err = json.Unmarshal(rawInfo, &info)
|
||
|
if err != nil {
|
||
|
log.Printf("can't read info: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
err = os.Remove(path.Join(config.DataDirectory, "video", info.Name))
|
||
|
if err != nil {
|
||
|
log.Printf("can't remove video: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
err = os.Remove(path.Join(config.DataDirectory, "video", ID+".json"))
|
||
|
if err != nil {
|
||
|
log.Printf("can't remove info: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
http.Redirect(w, r, referer, http.StatusMovedPermanently)
|
||
|
}
|
||
|
func (a *AdminApi) uploadVideo(w http.ResponseWriter, r *http.Request) {
|
||
|
if r.Method != http.MethodPost {
|
||
|
http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
|
||
|
return
|
||
|
}
|
||
|
err := r.ParseForm()
|
||
|
if err != nil {
|
||
|
log.Printf("can't parse form: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
referer := r.Header.Get("Referer")
|
||
|
reader, err := r.MultipartReader()
|
||
|
if err != nil {
|
||
|
log.Printf("can't read multipart: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
for {
|
||
|
header, err := reader.NextPart()
|
||
|
if err == io.EOF {
|
||
|
break
|
||
|
}
|
||
|
defer header.Close()
|
||
|
if header.FormName() != "file" {
|
||
|
break
|
||
|
}
|
||
|
filename := header.FileName()
|
||
|
if len(filename) == 0 {
|
||
|
http.Error(w, "Filename are empty", http.StatusBadRequest)
|
||
|
return
|
||
|
}
|
||
|
tempFile, err := ioutil.TempFile(path.Join(config.DataDirectory, "tmp"), "upload-")
|
||
|
if err != nil {
|
||
|
log.Printf("can't create temp file: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
defer tempFile.Close()
|
||
|
hashbucket := md5.New()
|
||
|
fileWriter := io.MultiWriter(tempFile, hashbucket)
|
||
|
written, err := io.Copy(fileWriter, header)
|
||
|
if err != nil {
|
||
|
log.Printf("can't write temp file: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
tmpName := path.Base(tempFile.Name())
|
||
|
err = tempFile.Close()
|
||
|
if err != nil {
|
||
|
log.Printf("can't close file: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
var video Video
|
||
|
video.DisplayName = path.Base(path.Clean(filename))
|
||
|
video.ID = fmt.Sprintf("%x", hashbucket.Sum(nil))
|
||
|
video.Name = fmt.Sprintf("%s%s", video.ID, path.Ext(filename))
|
||
|
video.Size = written
|
||
|
err = os.Rename(path.Join(config.DataDirectory, "tmp", tmpName), path.Join(config.DataDirectory, "video", video.Name))
|
||
|
if err != nil {
|
||
|
log.Printf("can't rename file: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
infoRaw, err := json.Marshal(&video)
|
||
|
if err != nil {
|
||
|
log.Printf("can't marshal info: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
err = ioutil.WriteFile(path.Join(config.DataDirectory, "video", video.ID+".json"), infoRaw, os.ModePerm)
|
||
|
if err != nil {
|
||
|
log.Printf("can't write info: %s", err.Error())
|
||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||
|
return
|
||
|
}
|
||
|
}
|
||
|
http.Redirect(w, r, referer, http.StatusMovedPermanently)
|
||
|
}
|
||
|
func (a *AdminApi) renameVideo(w http.ResponseWriter, r *http.Request) {}
|