package api import ( "fmt" "io" "log" "net/http" "strings" "dns.froth.zone/pomme/internal" "github.com/go-chi/jwtauth/v5" "github.com/go-chi/render" "github.com/miekg/dns" "gorm.io/gorm" ) // Upload godoc // // @Summary upload a zonefile // @Description Upload takes a multipart form file as user input. It must not exceed 1 mb and must be of text/plain content type. // @Description If a file uploads successfully it will be saved locally and parsed. // @Description If parsing is successful pomme will save the file to your ZoneDir defined in your config. // @Description Uploads are associated with a specific user. // // @Description Rate limited: 10 requests every 10 second // @Description you must specify "Bearer" before entering your token // // @Tags DNS // @Accept mpfd // @Produce json // @Param file formData file true "Zonefile to upload" // @Success 200 {object} internal.SwaggerGenericResponse[internal.Response] // @Failure 500 {object} internal.SwaggerGenericResponse[internal.Response] "internalServerError is a 500 server error with a logged error call back" // @Param Authorization header string true "Bearer Token" // // @Security Bearer // // @Router /api/upload [post] func ReceiveFile(w http.ResponseWriter, r *http.Request) { var result internal.User logger, ok := r.Context().Value(keyLoggerContextID).(*Responder) if !ok { return } _, claims, _ := jwtauth.FromContext(r.Context()) r.Body = http.MaxBytesReader(w, r.Body, 1*1024*1024) // approx 1 mb max upload file, header, err := r.FormFile("file") if err != nil { logger.Response = Response{ Message: "File upload failed", Status: http.StatusInternalServerError, Err: err.Error(), } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } defer file.Close() //nolint: errcheck b, err := io.ReadAll(file) if err != nil { logger.Response = Response{ Message: "internal server error", Status: http.StatusInternalServerError, Err: err.Error(), } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } ok = validateContentType(file) if !ok { logger.Response = Response{ Message: "file type must be text/plain", Status: http.StatusUnsupportedMediaType, } logger.newLogEntry().infoLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } user, ok := claims["username"].(string) if !ok { logger.Response = Response{ Message: "Expected username to be a string", Status: http.StatusInternalServerError, Err: "unable to assert string type to claims interface{}", } logger.newLogEntry().errorLogger(logger.Response) return } zoneFile := newDNSRequest(header.Filename, user, b) if err := zoneFile.parse(); err != nil { logger.Response = Response{ Message: "Unable to parse zonefile", Status: http.StatusInternalServerError, Err: err.Error(), } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } db, ok := r.Context().Value(keyPrincipalContextID).(*gorm.DB) if !ok { logger.Response = Response{ Message: "Unable to parse zonefile", Status: http.StatusInternalServerError, Err: "db connection failed", // retarded linter } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } // check if request is coming from user not in the DB but has a valid JWT db.Where("username = ?", user).First(&result) if result.Username == "" { logger.Response = Response{ Message: "Internal server error", Status: http.StatusInternalServerError, Err: "user does not exist", } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } db.Create( &ZoneRequest{ User: user, Zone: &Zone{ FileName: header.Filename, }, }) if err := zoneFile.save(); err != nil { logger.Response = Response{ Message: "Unable to save zonefile", Status: http.StatusInternalServerError, Err: err.Error(), } logger.newLogEntry().errorLogger(logger.Response) logger.newLogEntry().apiError(logger.Response, w, r) return } w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) resp := internal.Response{ Message: "Successfully uploaded zonefile", } render.JSON(w, r, resp) } func newDNSRequest(filename string, user string, dat []byte) ndr { return &ZoneRequest{ User: user, Zone: &Zone{ FileName: filename, Body: dat, }, } } func (zone *ZoneRequest) parse() error { zp := dns.NewZoneParser(strings.NewReader(string(zone.Body)), "", "") for rr, ok := zp.Next(); ok; rr, ok = zp.Next() { log.Println(rr) } if err := zp.Err(); err != nil { return fmt.Errorf("unable to parse Zonefile: %w", err) } return nil } func (zone *ZoneRequest) save() error { return makeLocal(zone) } func validateContentType(file io.Reader) bool { bytes, err := io.ReadAll(file) if err != nil { return false } mimeType := http.DetectContentType(bytes) mime := strings.Contains(mimeType, "text/plain") switch mime { case true: return true default: return false } }