2017-05-05 16:39:15 +02:00
package router
2017-05-08 11:18:49 +02:00
import (
"encoding/json"
2017-05-05 16:39:15 +02:00
"html"
2017-05-08 11:18:49 +02:00
"net/http"
2017-05-05 16:39:15 +02:00
"strconv"
2017-05-11 05:04:11 +02:00
"strings"
2017-05-08 11:18:49 +02:00
"time"
2017-05-17 07:58:40 +02:00
"github.com/NyaaPantsu/nyaa/config"
"github.com/NyaaPantsu/nyaa/db"
"github.com/NyaaPantsu/nyaa/model"
"github.com/NyaaPantsu/nyaa/service"
"github.com/NyaaPantsu/nyaa/service/api"
"github.com/NyaaPantsu/nyaa/service/torrent"
2017-05-23 05:18:19 +02:00
"github.com/NyaaPantsu/nyaa/service/upload"
2017-06-05 15:19:25 +02:00
"github.com/NyaaPantsu/nyaa/service/user"
2017-06-13 08:01:57 +02:00
"github.com/NyaaPantsu/nyaa/service/user/form"
"github.com/NyaaPantsu/nyaa/util/crypto"
2017-05-17 07:58:40 +02:00
"github.com/NyaaPantsu/nyaa/util/log"
2017-06-13 08:01:57 +02:00
msg "github.com/NyaaPantsu/nyaa/util/messages"
"github.com/NyaaPantsu/nyaa/util/modelHelper"
2017-05-25 02:42:35 +02:00
"github.com/NyaaPantsu/nyaa/util/search"
2017-05-08 11:18:49 +02:00
"github.com/gorilla/mux"
2017-05-05 16:39:15 +02:00
)
2017-05-25 21:54:58 +02:00
// APIHandler : Controller for api request on torrent list
func APIHandler ( w http . ResponseWriter , r * http . Request ) {
2017-06-16 01:30:09 +02:00
t := r . URL . Query ( ) . Get ( "t" )
if t != "" {
RSSTorznabHandler ( w , r )
} else {
vars := mux . Vars ( r )
page := vars [ "page" ]
whereParams := serviceBase . WhereParams { }
req := apiService . TorrentsRequest { }
defer r . Body . Close ( )
2017-05-09 17:09:45 +02:00
2017-06-16 01:30:09 +02:00
contentType := r . Header . Get ( "Content-Type" )
if contentType == "application/json" {
d := json . NewDecoder ( r . Body )
if err := d . Decode ( & req ) ; err != nil {
http . Error ( w , err . Error ( ) , http . StatusBadRequest )
}
2017-05-09 18:54:12 +02:00
2017-06-16 01:30:09 +02:00
if req . MaxPerPage == 0 {
2017-05-31 04:21:57 +02:00
req . MaxPerPage = config . Conf . Navigation . TorrentsPerPage
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
}
2017-06-16 01:30:09 +02:00
if req . Page <= 0 {
req . Page = 1
}
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
2017-06-16 01:30:09 +02:00
whereParams = req . ToParams ( )
} else {
var err error
maxString := r . URL . Query ( ) . Get ( "max" )
if maxString != "" {
req . MaxPerPage , err = strconv . Atoi ( maxString )
if ! log . CheckError ( err ) {
req . MaxPerPage = config . Conf . Navigation . TorrentsPerPage
}
} else {
req . MaxPerPage = config . Conf . Navigation . TorrentsPerPage
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
}
2017-06-16 01:30:09 +02:00
req . Page = 1
if page != "" {
req . Page , err = strconv . Atoi ( html . EscapeString ( page ) )
if ! log . CheckError ( err ) {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
if req . Page <= 0 {
NotFoundHandler ( w , r )
return
}
2017-05-20 01:10:16 +02:00
}
2017-05-09 18:54:12 +02:00
}
2017-05-09 17:09:45 +02:00
2017-06-16 01:30:09 +02:00
torrents , nbTorrents , err := torrentService . GetTorrents ( whereParams , req . MaxPerPage , req . MaxPerPage * ( req . Page - 1 ) )
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
2017-05-08 11:18:49 +02:00
2017-06-16 01:30:09 +02:00
b := model . APIResultJSON {
Torrents : model . TorrentsToJSON ( torrents ) ,
}
b . QueryRecordCount = req . MaxPerPage
b . TotalRecordCount = nbTorrents
w . Header ( ) . Set ( "Content-Type" , "application/json" )
err = json . NewEncoder ( w ) . Encode ( b )
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
2017-05-05 16:39:15 +02:00
}
}
2017-05-25 21:54:58 +02:00
// APIViewHandler : Controller for viewing a torrent by its ID
func APIViewHandler ( w http . ResponseWriter , r * http . Request ) {
2017-05-05 16:39:15 +02:00
vars := mux . Vars ( r )
id := vars [ "id" ]
2017-05-26 12:12:52 +02:00
torrent , err := torrentService . GetTorrentByID ( id )
2017-05-23 05:18:25 +02:00
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusNotFound )
return
}
Consistency, formatting, error checking, cleanup, and a couple bug fixes (#245)
* Checkpoint: it builds
The config, db, model, network, os, and public packages have had some
fixes to glaringly obvious flaws, dead code removed, and stylistic
changes.
* Style changes and old code removal in router
Router needs a lot of work done to its (lack of) error handling.
* Dead code removal and style changes
Now up to util/email/email.go. After I'm finished with the initial sweep
I'll go back and fix error handling and security issues. Then I'll fix
the broken API. Then I'll go through to add documentation and fix code
visibility.
* Finish dead code removal and style changes
Vendored libraries not touched. Everything still needs security fixes
and documentation. There's also one case of broken functionality.
* Fix accidental find-and-replace
* Style, error checking, saftey, bug fix changes
* Redo error checking erased during merge
* Re-add merge-erased fix. Make Safe safe.
2017-05-10 04:34:40 +02:00
b := torrent . ToJSON ( )
2017-05-05 16:39:15 +02:00
w . Header ( ) . Set ( "Content-Type" , "application/json" )
err = json . NewEncoder ( w ) . Encode ( b )
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
2017-05-27 03:50:31 +02:00
defer r . Body . Close ( )
2017-05-06 23:46:53 +02:00
}
2017-05-08 11:18:49 +02:00
2017-05-25 21:54:58 +02:00
// APIViewHeadHandler : Controller for checking a torrent by its ID
func APIViewHeadHandler ( w http . ResponseWriter , r * http . Request ) {
2017-05-23 05:18:19 +02:00
vars := mux . Vars ( r )
id , err := strconv . ParseInt ( vars [ "id" ] , 10 , 32 )
2017-05-27 03:50:31 +02:00
defer r . Body . Close ( )
2017-05-23 05:18:19 +02:00
if err != nil {
return
}
2017-05-26 12:12:52 +02:00
_ , err = torrentService . GetRawTorrentByID ( uint ( id ) )
2017-05-23 05:18:19 +02:00
if err != nil {
NotFoundHandler ( w , r )
return
}
w . Write ( nil )
}
2017-05-25 21:54:58 +02:00
// APIUploadHandler : Controller for uploading a torrent with api
func APIUploadHandler ( w http . ResponseWriter , r * http . Request ) {
2017-05-18 15:37:44 +02:00
token := r . Header . Get ( "Authorization" )
2017-06-13 08:01:57 +02:00
username := r . FormValue ( "username" )
user , _ , _ , _ , err := userService . RetrieveUserByAPITokenAndName ( token , username )
messages := msg . GetMessages ( r )
2017-05-27 03:50:31 +02:00
defer r . Body . Close ( )
2017-05-20 01:10:16 +02:00
2017-06-05 15:19:25 +02:00
if err != nil {
2017-06-13 08:01:57 +02:00
messages . AddError ( "errors" , "Error API token doesn't exist" )
2017-06-05 15:19:25 +02:00
}
2017-05-20 01:10:16 +02:00
if ! uploadService . IsUploadEnabled ( user ) {
2017-06-13 08:01:57 +02:00
messages . AddError ( "errors" , "Error uploads are disabled" )
2017-05-08 11:18:49 +02:00
}
2017-05-20 01:10:16 +02:00
2017-05-11 05:04:11 +02:00
if user . ID == 0 {
2017-06-13 08:01:57 +02:00
messages . ImportFromError ( "errors" , apiService . ErrAPIKey )
2017-06-05 15:19:25 +02:00
}
2017-05-28 06:22:39 +02:00
2017-06-13 08:01:57 +02:00
if ! messages . HasErrors ( ) {
upload := apiService . TorrentRequest { }
contentType := r . Header . Get ( "Content-Type" )
if contentType != "application/json" && ! strings . HasPrefix ( contentType , "multipart/form-data" ) && r . Header . Get ( "Content-Type" ) != "application/x-www-form-urlencoded" {
// TODO What should we do here ? upload is empty so we shouldn't
// create a torrent from it
messages . AddError ( "errors" , "Please provide either of Content-Type: application/json header or multipart/form-data" )
}
// As long as the right content-type is sent, formValue is smart enough to parse it
err = upload . ExtractInfo ( r )
if err != nil {
messages . ImportFromError ( "errors" , err )
2017-06-05 15:19:25 +02:00
}
2017-05-26 01:48:14 +02:00
2017-06-13 08:01:57 +02:00
if ! messages . HasErrors ( ) {
status := model . TorrentStatusNormal
if upload . Remake { // overrides trusted
status = model . TorrentStatusRemake
} else if user . IsTrusted ( ) {
status = model . TorrentStatusTrusted
}
err = torrentService . ExistOrDelete ( upload . Infohash , user )
2017-06-05 15:19:25 +02:00
if err != nil {
2017-06-13 08:01:57 +02:00
messages . ImportFromError ( "errors" , err )
}
if ! messages . HasErrors ( ) {
torrent := model . Torrent {
Name : upload . Name ,
Category : upload . CategoryID ,
SubCategory : upload . SubCategoryID ,
Status : status ,
Hidden : upload . Hidden ,
Hash : upload . Infohash ,
Date : time . Now ( ) ,
Filesize : upload . Filesize ,
Description : upload . Description ,
WebsiteLink : upload . WebsiteLink ,
UploaderID : user . ID }
torrent . ParseTrackers ( upload . Trackers )
db . ORM . Create ( & torrent )
if db . ElasticSearchClient != nil {
err := torrent . AddToESIndex ( db . ElasticSearchClient )
if err == nil {
log . Infof ( "Successfully added torrent to ES index." )
} else {
log . Errorf ( "Unable to add torrent to ES index: %s" , err )
}
} else {
log . Errorf ( "Unable to create elasticsearch client: %s" , err )
}
messages . AddInfoT ( "infos" , "torrent_uploaded" )
torrentService . NewTorrentEvent ( Router , user , & torrent )
// add filelist to files db, if we have one
if len ( upload . FileList ) > 0 {
for _ , uploadedFile := range upload . FileList {
file := model . File { TorrentID : torrent . ID , Filesize : upload . Filesize }
err := file . SetPath ( uploadedFile . Path )
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusBadRequest )
return
}
db . ORM . Create ( & file )
}
}
apiResponseHandler ( w , r , torrent . ToJSON ( ) )
2017-06-05 15:19:25 +02:00
return
2017-05-26 01:48:14 +02:00
}
}
2017-05-11 05:25:41 +02:00
}
2017-06-13 08:01:57 +02:00
apiResponseHandler ( w , r )
2017-05-08 11:18:49 +02:00
}
2017-05-09 19:37:39 +02:00
2017-05-25 21:54:58 +02:00
// APIUpdateHandler : Controller for updating a torrent with api
2017-05-19 04:55:59 +02:00
// FIXME Impossible to update a torrent uploaded by user 0
2017-05-25 21:54:58 +02:00
func APIUpdateHandler ( w http . ResponseWriter , r * http . Request ) {
2017-05-18 15:37:44 +02:00
token := r . Header . Get ( "Authorization" )
2017-06-13 08:01:57 +02:00
username := r . FormValue ( "username" )
user , _ , _ , _ , err := userService . RetrieveUserByAPITokenAndName ( token , username )
2017-05-27 03:50:31 +02:00
defer r . Body . Close ( )
2017-06-13 08:01:57 +02:00
messages := msg . GetMessages ( r )
2017-05-20 01:10:16 +02:00
2017-06-05 15:19:25 +02:00
if err != nil {
2017-06-13 08:01:57 +02:00
messages . AddError ( "errors" , "Error API token doesn't exist" )
2017-06-05 15:19:25 +02:00
}
2017-05-20 01:10:16 +02:00
if ! uploadService . IsUploadEnabled ( user ) {
2017-06-13 08:01:57 +02:00
messages . AddError ( "errors" , "Error uploads are disabled" )
2017-05-09 20:54:50 +02:00
}
2017-06-05 15:19:25 +02:00
if user . ID == 0 {
2017-06-13 08:01:57 +02:00
messages . ImportFromError ( "errors" , apiService . ErrAPIKey )
2017-06-05 15:19:25 +02:00
}
2017-05-09 20:54:50 +02:00
contentType := r . Header . Get ( "Content-Type" )
2017-06-05 15:19:25 +02:00
if contentType != "application/json" && ! strings . HasPrefix ( contentType , "multipart/form-data" ) && r . Header . Get ( "Content-Type" ) != "application/x-www-form-urlencoded" {
// TODO What should we do here ? upload is empty so we shouldn't
// create a torrent from it
2017-06-13 08:01:57 +02:00
messages . AddError ( "errors" , "Please provide either of Content-Type: application/json header or multipart/form-data" )
2017-06-05 15:19:25 +02:00
}
update := apiService . UpdateRequest { }
err = update . Update . ExtractEditInfo ( r )
if err != nil {
2017-06-13 08:01:57 +02:00
messages . ImportFromError ( "errors" , err )
2017-06-05 15:19:25 +02:00
}
2017-06-13 08:01:57 +02:00
if ! messages . HasErrors ( ) {
torrent := model . Torrent { }
db . ORM . Where ( "torrent_id = ?" , r . FormValue ( "id" ) ) . First ( & torrent )
if torrent . ID == 0 {
messages . ImportFromError ( "errors" , apiService . ErrTorrentID )
}
if torrent . UploaderID != 0 && torrent . UploaderID != user . ID { //&& user.Status != mod
messages . ImportFromError ( "errors" , apiService . ErrRights )
}
update . UpdateTorrent ( & torrent , user )
2017-06-15 04:44:46 +02:00
torrentService . UpdateTorrent ( & torrent )
2017-05-09 20:54:50 +02:00
}
2017-06-13 08:01:57 +02:00
apiResponseHandler ( w , r )
2017-05-09 19:58:35 +02:00
}
2017-05-25 21:54:58 +02:00
// APISearchHandler : Controller for searching with api
func APISearchHandler ( w http . ResponseWriter , r * http . Request ) {
2017-05-25 02:42:35 +02:00
vars := mux . Vars ( r )
page := vars [ "page" ]
2017-05-27 03:50:31 +02:00
defer r . Body . Close ( )
2017-05-25 02:42:35 +02:00
// db params url
var err error
pagenum := 1
if page != "" {
pagenum , err = strconv . Atoi ( html . EscapeString ( page ) )
if ! log . CheckError ( err ) {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
if pagenum <= 0 {
NotFoundHandler ( w , r )
return
}
}
2017-06-10 19:46:04 +02:00
_ , torrents , _ , err := search . SearchByQueryWithUser ( r , pagenum )
2017-05-25 02:42:35 +02:00
if err != nil {
2017-06-06 16:22:26 +02:00
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
2017-05-25 02:42:35 +02:00
return
}
b := model . TorrentsToJSON ( torrents )
w . Header ( ) . Set ( "Content-Type" , "application/json" )
err = json . NewEncoder ( w ) . Encode ( b )
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
}
2017-06-13 08:01:57 +02:00
// APILoginHandler : Login with API
// This is not an OAuth api like and shouldn't be used for anything except getting the API Token in order to not store a password
func APILoginHandler ( w http . ResponseWriter , r * http . Request ) {
b := form . LoginForm { }
messages := msg . GetMessages ( r )
contentType := r . Header . Get ( "Content-type" )
if ! strings . HasPrefix ( contentType , "application/json" ) && ! strings . HasPrefix ( contentType , "multipart/form-data" ) && ! strings . HasPrefix ( contentType , "application/x-www-form-urlencoded" ) {
// TODO What should we do here ? upload is empty so we shouldn't
// create a torrent from it
messages . AddError ( "errors" , "Please provide either of Content-Type: application/json header or multipart/form-data" )
}
if strings . HasPrefix ( contentType , "multipart/form-data" ) || strings . HasPrefix ( contentType , "application/x-www-form-urlencoded" ) {
modelHelper . BindValueForm ( & b , r )
} else {
decoder := json . NewDecoder ( r . Body )
err := decoder . Decode ( & b )
if err != nil {
messages . ImportFromError ( "errors" , err )
}
}
defer r . Body . Close ( )
modelHelper . ValidateForm ( & b , messages )
if ! messages . HasErrors ( ) {
user , _ , errorUser := userService . CreateUserAuthenticationAPI ( r , & b )
if errorUser == nil {
messages . AddInfo ( "infos" , "Logged" )
apiResponseHandler ( w , r , user . ToJSON ( ) )
return
}
messages . ImportFromError ( "errors" , errorUser )
}
apiResponseHandler ( w , r )
}
// APIRefreshTokenHandler : Refresh Token with API
func APIRefreshTokenHandler ( w http . ResponseWriter , r * http . Request ) {
token := r . Header . Get ( "Authorization" )
username := r . FormValue ( "username" )
user , _ , _ , _ , err := userService . RetrieveUserByAPITokenAndName ( token , username )
defer r . Body . Close ( )
messages := msg . GetMessages ( r )
if err != nil {
messages . AddError ( "errors" , "Error API token doesn't exist" )
}
if ! messages . HasErrors ( ) {
user . APIToken , _ = crypto . GenerateRandomToken32 ( )
user . APITokenExpiry = time . Unix ( 0 , 0 )
_ , errorUser := userService . UpdateRawUser ( user )
if errorUser == nil {
messages . AddInfoT ( "infos" , "profile_updated" )
apiResponseHandler ( w , r , user . ToJSON ( ) )
return
}
messages . ImportFromError ( "errors" , errorUser )
}
apiResponseHandler ( w , r )
}
// APICheckTokenHandler : Check Token with API
func APICheckTokenHandler ( w http . ResponseWriter , r * http . Request ) {
token := r . Header . Get ( "Authorization" )
username := r . FormValue ( "username" )
user , _ , _ , _ , err := userService . RetrieveUserByAPITokenAndName ( token , username )
defer r . Body . Close ( )
messages := msg . GetMessages ( r )
if err != nil {
messages . AddError ( "errors" , "Error API token doesn't exist" )
} else {
messages . AddInfo ( "infos" , "Logged" )
}
apiResponseHandler ( w , r , user . ToJSON ( ) )
}
// This function is the global response for every simple Post Request API
// Please use it. Responses are of the type:
// {ok: bool, [errors | infos]: ArrayOfString [, data: ArrayOfObjects, all_errors: ArrayOfObjects]}
// To send errors or infos, you just need to use the Messages Util
func apiResponseHandler ( w http . ResponseWriter , r * http . Request , obj ... interface { } ) {
messages := msg . GetMessages ( r )
var apiJSON [ ] byte
w . Header ( ) . Set ( "Content-Type" , "application/json" )
if ! messages . HasErrors ( ) {
mapOk := map [ string ] interface { } { "ok" : true , "infos" : messages . GetInfos ( "infos" ) }
if len ( obj ) > 0 {
mapOk [ "data" ] = obj
if len ( obj ) == 1 {
mapOk [ "data" ] = obj [ 0 ]
}
}
apiJSON , _ = json . Marshal ( mapOk )
} else { // We need to show error messages
mapNotOk := map [ string ] interface { } { "ok" : false , "errors" : messages . GetErrors ( "errors" ) , "all_errors" : messages . GetAllErrors ( ) }
if len ( obj ) > 0 {
mapNotOk [ "data" ] = obj
if len ( obj ) == 1 {
mapNotOk [ "data" ] = obj [ 0 ]
}
}
if len ( messages . GetAllErrors ( ) ) > 0 && len ( messages . GetErrors ( "errors" ) ) == 0 {
mapNotOk [ "errors" ] = "errors"
}
apiJSON , _ = json . Marshal ( mapNotOk )
}
w . Write ( apiJSON )
}