added modify command for upload and form

2025-12-16 20:20:58 +01:00 · 2023-03-31 14:21:34 +02:00
parent b916fa8fb6
commit 5ec23ce9fd
8 changed files with 225 additions and 6 deletions
--- a/api/form_handlers.go
+++ b/api/form_handlers.go
@@ -199,7 +199,7 @@ func FormDescribe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	}

 	response, err := db.Get(apicontext, id, common.TypeForm)
-	if err != nil {
+	if err != nil || len(response.Forms) == 0 {
 		return JsonStatus(c, fiber.StatusForbidden,
 			"No form with that id could be found!")
 	}
@@ -262,6 +262,19 @@ func FormPage(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallexpire bool) error {
 func FormModify(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 	var formdata common.Form

+	// retrieve the API Context name from the session
+	apicontext, err := SessionGetApicontext(c)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusInternalServerError,
+			"Unable to initialize session store from context: "+err.Error())
+	}
+
+	id, err := common.Untaint(c.Params("id"), cfg.RegKey)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Invalid id provided!")
+	}
+
 	// extract form data
 	if err := c.BodyParser(&formdata); err != nil {
 		return JsonStatus(c, fiber.StatusInternalServerError,
@@ -281,5 +294,36 @@ func FormModify(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
 		return err
 	}

-	return nil
+	// lookup orig entry
+	response, err := db.Get(apicontext, id, common.TypeForm)
+	if err != nil || len(response.Forms) == 0 {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"No form with that id could be found!")
+	}
+
+	form := response.Forms[0]
+
+	// modify fields
+	if formdata.Expire != "" {
+		form.Expire = formdata.Expire
+	}
+
+	if formdata.Notify != "" {
+		form.Notify = formdata.Notify
+	}
+
+	if formdata.Description != "" {
+		form.Description = formdata.Description
+	}
+
+	// run in foreground because we need the feedback here
+	if err := db.Insert(id, form); err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Failed to insert: "+err.Error())
+	}
+
+	res := &common.Response{Forms: []*common.Form{form}}
+	res.Success = true
+	res.Code = fiber.StatusOK
+	return c.Status(fiber.StatusOK).JSON(res)
 }
--- a/api/server.go
+++ b/api/server.go
@@ -76,6 +76,11 @@ func Runserver(conf *cfg.Config, args []string) error {
 			return UploadDescribe(c, conf, db)
 		})

+		// modify
+		api.Put("/uploads/:id", auth, func(c *fiber.Ctx) error {
+			return UploadModify(c, conf, db)
+		})
+
 		// download w/o expire
 		api.Get("/uploads/:id/file", auth, func(c *fiber.Ctx) error {
 			return UploadFetch(c, conf, db)
@@ -101,6 +106,11 @@ func Runserver(conf *cfg.Config, args []string) error {
 		api.Get("/forms/:id", auth, func(c *fiber.Ctx) error {
 			return FormDescribe(c, conf, db)
 		})
+
+		// modify
+		api.Put("/forms/:id", auth, func(c *fiber.Ctx) error {
+			return FormModify(c, conf, db)
+		})
 	}

 	// public routes
--- a/api/upload_handlers.go
+++ b/api/upload_handlers.go
@@ -328,3 +328,64 @@ func UploadDescribe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {

 	return c.Status(fiber.StatusOK).JSON(response)
 }
+
+func UploadModify(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
+	var formdata common.Upload
+
+	// retrieve the API Context name from the session
+	apicontext, err := SessionGetApicontext(c)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusInternalServerError,
+			"Unable to initialize session store from context: "+err.Error())
+	}
+
+	id, err := common.Untaint(c.Params("id"), cfg.RegKey)
+	if err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Invalid id provided!")
+	}
+
+	// extract form data
+	if err := c.BodyParser(&formdata); err != nil {
+		return JsonStatus(c, fiber.StatusInternalServerError,
+			"bodyparser error : "+err.Error())
+	}
+
+	// post process input data
+	if err := untaintField(c, &formdata.Expire, cfg.RegDuration, "expire data"); err != nil {
+		return err
+	}
+
+	if err := untaintField(c, &formdata.Description, cfg.RegDuration, "description"); err != nil {
+		return err
+	}
+
+	// lookup orig entry
+	response, err := db.Get(apicontext, id, common.TypeUpload)
+	if err != nil || len(response.Uploads) == 0 {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"No upload with that id could be found!")
+	}
+
+	upload := response.Uploads[0]
+
+	// modify fields
+	if formdata.Expire != "" {
+		upload.Expire = formdata.Expire
+	}
+
+	if formdata.Description != "" {
+		upload.Description = formdata.Description
+	}
+
+	// run in foreground because we need the feedback here
+	if err := db.Insert(id, upload); err != nil {
+		return JsonStatus(c, fiber.StatusForbidden,
+			"Failed to insert: "+err.Error())
+	}
+
+	res := &common.Response{Uploads: []*common.Upload{upload}}
+	res.Success = true
+	res.Code = fiber.StatusOK
+	return c.Status(fiber.StatusOK).JSON(res)
+}