add confirmation of zonefile upload and add mimetype validation to only allow users to upload text/plain

2024-11-25 04:13:45 +00:00 · 2023-01-21 11:19:29 -05:00 · 2023-01-21 11:19:29 -05:00 · 320f757917
commit 320f757917
parent 27fd45a1f9
1 changed files with 38 additions and 0 deletions
--- a/internal/api/zone.go
+++ b/internal/api/zone.go
@ -2,6 +2,7 @@ package api

 import (
 	"bytes"
+	"encoding/json"
 	"fmt"
 	"io"
 	"log"
@ -64,6 +65,12 @@ func ReceiveFile(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	ok := validateContentType(file)
+	if !ok {
+		http.Error(w, "file must be text/plain", http.StatusUnsupportedMediaType)
+
+		return
+	}
 	defer file.Close() //nolint: errcheck

 	name := strings.Split(header.Filename, ".")
@ -97,6 +104,20 @@ func ReceiveFile(w http.ResponseWriter, r *http.Request) {
 		})

 	buf.Reset()
+
+	w.WriteHeader(http.StatusCreated)
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(
+		internal.Response{
+			HTTPResponse: http.StatusCreated,
+			Message:      "Successfully uploaded zonefile",
+		})
+
+	if err != nil {
+		internalServerError(w, "internal server error")
+
+		return
+	}
 }

 // Parse godoc
@ -197,3 +218,20 @@ func (zone *ZoneRequest) Parse() error {

 	return nil
 }
+
+func validateContentType(file io.Reader) bool {
+	bytes, err := io.ReadAll(file)
+	if err != nil {
+		return false
+	}
+
+	mimeType := http.DetectContentType(bytes)
+	mime := strings.Contains(mimeType, "text/plain")
+
+	switch mime {
+	case true:
+		return true
+	default:
+		return false
+	}
+}