feat: Starting to add saved search folder

Signed-off-by: Vincent Boutour <[email protected]>
ViBiOh · Dec 28, 2022 · 05bf85a · 05bf85a
1 parent 7495091
commit 05bf85a
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 5 deletions.
diff --git a/cmd/fibr/templates/layout.html b/cmd/fibr/templates/layout.html
@@ -57,6 +57,11 @@ <h2 class="small bg-grey no-margin full ellipsis">
           </a>
         {{ end }}
       {{ else }}
+        {{ if and .Request.CanEdit .Search }}
+          <a class="padding" href="#create-saved-search">
+            <img class="icon" src="{{ url "/svg/folder-search?fill=" }}aliceblue" alt="Created saved search folder">
+          </a>
+        {{ end }}
         <a class="padding" href="#search" download>
           <img class="icon" src="{{ url "/svg/search?fill=" }}{{ if .Search }}limegreen{{ else }}aliceblue{{ end }}" alt="Search files">
         </a>

diff --git a/cmd/fibr/templates/saved-search-folder-modal.html b/cmd/fibr/templates/saved-search-folder-modal.html
@@ -0,0 +1,19 @@
+{{ define "saved-search-folder-modal" }}
+  <div id="create-saved-search" class="modal saved-search-folder-modal">
+    <div class="modal-content">
+      <h2 class="header">Create new saved-search</h2>
+
+      <form method="post" action="#">
+        <input type="hidden" name="type" value="saved-search-folder" />
+        <input type="hidden" name="method" value="PUT" />
+
+        <p class="padding no-margin">
+          <label for="name" class="block">Name</label>
+          <input id="name" class="full" type="text" name="name" />
+        </p>
+
+        {{ template "form_buttons" "Create" }}
+      </form>
+    </div>
+  </div>
+{{ end }}
diff --git a/cmd/fibr/templates/search.html b/cmd/fibr/templates/search.html
@@ -11,6 +11,15 @@
       overflow: auto;
     }
 
+    .saved-search-folder-modal:target {
+      display: flex;
+      z-index: 5;
+    }
+
+    .saved-search-folder-modal:target ~ .content {
+      pointer-events: none;
+    }
+
     {{ if eq .Request.Display "list" }}
       .file-download {
         display: none;
@@ -51,6 +60,10 @@
   {{ template "search-modal" . }}
   {{ template "items-style" . }}
 
+  {{ if .Request.CanEdit }}
+    {{ template "saved-search-folder-modal" }}
+  {{ end }}
+
   {{ if .HasMap }}
     {{ template "map-modal" . }}
   {{ end }}

diff --git a/pkg/crud/post.go b/pkg/crud/post.go
@@ -106,7 +106,7 @@ func (a App) handleMultipart(w http.ResponseWriter, r *http.Request, request pro
 				a.error(w, r, request, model.WrapInvalid(fmt.Errorf("parse chunk number: %w", err)))
 			}
 
-			chunkNumber = fmt.Sprintf("%10d", chunkNumberValue)
+			chunkNumber = fmt.Sprintf("%010d", chunkNumberValue)
 
 			a.uploadChunk(w, r, request, values["filename"], chunkNumber, file)
 		} else {
@@ -197,7 +197,12 @@ func (a App) handlePost(w http.ResponseWriter, r *http.Request, request provider
 	case http.MethodPatch:
 		a.Rename(w, r, request)
 	case http.MethodPut:
-		a.Create(w, r, request)
+		switch putType := r.FormValue("type"); putType {
+		case "folder":
+			a.Create(w, r, request)
+		default:
+			a.error(w, r, request, model.WrapInvalid(fmt.Errorf("unknown type `%s`", putType)))
+		}
 	case http.MethodDelete:
 		a.Delete(w, r, request)
 	case http.MethodTrace:

diff --git a/pkg/crud/upload_chunk.go b/pkg/crud/upload_chunk.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/ViBiOh/fibr/pkg/provider"
 	"github.com/ViBiOh/httputils/v4/pkg/logger"
@@ -17,13 +18,19 @@ import (
 	"github.com/ViBiOh/httputils/v4/pkg/tracer"
 )
 
+var ErrRelativePath = errors.New("forbidden relative path")
+
 func (a App) uploadChunk(w http.ResponseWriter, r *http.Request, request provider.Request, fileName, chunkNumber string, file io.Reader) {
 	if file == nil {
 		a.error(w, r, request, model.WrapInvalid(errors.New("no file provided for save")))
 		return
 	}
 
-	var err error
+	fileName, err := safeFilename(fileName)
+	if err != nil {
+		a.error(w, r, request, model.WrapInvalid(err))
+		return
+	}
 
 	tempDestination := filepath.Join(a.temporaryFolder, sha.New(fileName))
 	tempFile := filepath.Join(tempDestination, chunkNumber)
@@ -65,9 +72,12 @@ func (a App) mergeChunk(w http.ResponseWriter, r *http.Request, request provider
 	ctx, end := tracer.StartSpan(r.Context(), a.tracer, "mergeChunk")
 	defer end()
 
-	var err error
+	fileName, err := safeFilename(values["filename"])
+	if err != nil {
+		a.error(w, r, request, model.WrapInvalid(err))
+		return
+	}
 
-	fileName := values["filename"]
 	tempFolder := filepath.Join(a.temporaryFolder, sha.New(fileName))
 	tempFile := filepath.Join(tempFolder, fileName)
 
@@ -169,3 +179,16 @@ func browseChunkFiles(directory, destination string, writer io.Writer) error {
 		return nil
 	})
 }
+
+func safeFilename(fileName string) (string, error) {
+	if strings.Contains(fileName, "..") {
+		return fileName, ErrRelativePath
+	}
+
+	output, err := provider.SanitizeName(fileName, true)
+	if err != nil {
+		return fileName, fmt.Errorf("sanitize: %w", err)
+	}
+
+	return output, nil
+}