nyaa-pantsu/router/apiHandler.go

package router

import (
	"encoding/json"
	"fmt"
	"html"
	"net/http"
	//"sort"
	"strconv"
	"time"

	"github.com/ewhal/nyaa/config"
	"github.com/ewhal/nyaa/db"
	"github.com/ewhal/nyaa/model"
	"github.com/ewhal/nyaa/service/api"
	"github.com/ewhal/nyaa/service/torrent"
	"github.com/ewhal/nyaa/util"
	"github.com/gorilla/mux"
)

func ApiHandler(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	page := vars["page"]
	whereParams := torrentService.WhereParams{}
	req := apiService.TorrentsRequest{}

	contentType := r.Header.Get("Content-Type")
	if contentType == "application/json" {
		d := json.NewDecoder(r.Body)
		if err := d.Decode(&req); err != nil {
			util.SendError(w, err, 502)
		}

		if req.MaxPerPage == 0 {
			req.MaxPerPage = 50
		}
		if req.Page == 0 {
			req.Page = 1
		}

		whereParams = req.ToParams()
	} else {
		var errConv error
		req.MaxPerPage, errConv = strconv.Atoi(r.URL.Query().Get("max"))
		if errConv != nil || req.MaxPerPage == 0 {
			req.MaxPerPage = 50 // default Value maxPerPage
		}

		req.Page, _ = strconv.Atoi(html.EscapeString(page))
		if req.Page == 0 {
			req.Page = 1
		}
	}

	nbTorrents := 0
	torrents, nbTorrents, err := torrentService.GetTorrents(whereParams, req.MaxPerPage, req.MaxPerPage*(req.Page-1))
	if err != nil {
		util.SendError(w, err, 400)
		return
	}

	b := model.ApiResultJson{
		Torrents: model.TorrentsToJSON(torrents),
	}
	b.QueryRecordCount = req.MaxPerPage
	b.TotalRecordCount = nbTorrents
	w.Header().Set("Content-Type", "application/json")
	err = json.NewEncoder(w).Encode(b)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}

func ApiViewHandler(w http.ResponseWriter, r *http.Request) {

	vars := mux.Vars(r)
	id := vars["id"]

	torrent, err := torrentService.GetTorrentById(id)
	b := torrent.ToJson()

	w.Header().Set("Content-Type", "application/json")
	err = json.NewEncoder(w).Encode(b)

	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}

func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {
	if config.UploadsDisabled == 1 {
		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
		return
	}

	contentType := r.Header.Get("Content-Type")
	if contentType == "application/json" {
		token := r.Header.Get("Authorization")
		user := model.User{}
		db.ORM.Where("api_token = ?", token).First(&user) //i don't like this
		if user.Id == 0 {
			http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)
			return
		}

		defer r.Body.Close()

		upload := apiService.TorrentRequest{}
		d := json.NewDecoder(r.Body)
		if err := d.Decode(&upload); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		err, code := upload.ValidateUpload()
		if err != nil {
			http.Error(w, err.Error(), code)
			return
		}

		torrent := model.Torrents{
			Name:         upload.Name,
			Category:     upload.Category,
			Sub_Category: upload.SubCategory,
			Status:       1,
			Hash:         upload.Hash,
			Date:         time.Now(),
			Filesize:     0, //?
			Description:  upload.Description,
			UploaderId:   user.Id,
			Uploader:     &user,
		}

		db.ORM.Create(&torrent)
		if err != nil {
			util.SendError(w, err, 500)
			return
		}
		fmt.Printf("%+v\n", torrent)
	}
}

func ApiUpdateHandler(w http.ResponseWriter, r *http.Request) {
	if config.UploadsDisabled == 1 {
		http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)
		return
	}

	contentType := r.Header.Get("Content-Type")
	if contentType == "application/json" {
		token := r.Header.Get("Authorization")
		user := model.User{}
		db.ORM.Where("api_token = ?", token).First(&user) //i don't like this
		if user.Id == 0 {
			http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)
			return
		}

		defer r.Body.Close()

		update := apiService.UpdateRequest{}
		d := json.NewDecoder(r.Body)
		if err := d.Decode(&update); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		id := update.Id
		torrent := model.Torrents{}
		db.ORM.Where("torrent_id = ?", id).First(&torrent)
		if torrent.Id == 0 {
			http.Error(w, apiService.ErrTorrentId.Error(), http.StatusBadRequest)
			return
		}
		if torrent.UploaderId != 0 && torrent.UploaderId != user.Id { //&& user.Status != mod
			http.Error(w, apiService.ErrRights.Error(), http.StatusForbidden)
			return
		}

		err, code := update.Update.ValidateUpdate()
		if err != nil {
			http.Error(w, err.Error(), code)
			return
		}
		update.UpdateTorrent(&torrent)

		db.ORM.Save(&torrent)
		if err != nil {
			util.SendError(w, err, 500)
			return
		}
		fmt.Printf("%+v\n", torrent)
	}
}
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`package router`

api upload 2017-05-08 11:18:49 +02:00			`import (`
			`"encoding/json"`
			`"fmt"`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`"html"`
api upload 2017-05-08 11:18:49 +02:00			`"net/http"`
using reflect 2017-05-09 18:37:40 +02:00			`//"sort"`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`"strconv"`
api upload 2017-05-08 11:18:49 +02:00			`"time"`

token werks 2017-05-09 19:58:35 +02:00			`"github.com/ewhal/nyaa/config"`
			`"github.com/ewhal/nyaa/db"`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`"github.com/ewhal/nyaa/model"`
using reflect 2017-05-09 18:37:40 +02:00			`"github.com/ewhal/nyaa/service/api"`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`"github.com/ewhal/nyaa/service/torrent"`
Refactor search Optimise, error handling and avoid some exploits 2017-05-09 13:31:58 +02:00			`"github.com/ewhal/nyaa/util"`
api upload 2017-05-08 11:18:49 +02:00			`"github.com/gorilla/mux"`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`)`

			`func ApiHandler(w http.ResponseWriter, r *http.Request) {`
			`vars := mux.Vars(r)`
			`page := vars["page"]`
search query 2017-05-09 17:09:45 +02:00			`whereParams := torrentService.WhereParams{}`
default value bug 2017-05-09 18:54:12 +02:00			`req := apiService.TorrentsRequest{}`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00
search query 2017-05-09 17:09:45 +02:00			`contentType := r.Header.Get("Content-Type")`
			`if contentType == "application/json" {`
			`d := json.NewDecoder(r.Body)`
using reflect 2017-05-09 18:37:40 +02:00			`if err := d.Decode(&req); err != nil {`
search query 2017-05-09 17:09:45 +02:00			`util.SendError(w, err, 502)`
			`}`

default value bug 2017-05-09 18:54:12 +02:00			`if req.MaxPerPage == 0 {`
			`req.MaxPerPage = 50`
			`}`
			`if req.Page == 0 {`
			`req.Page = 1`
			`}`

using reflect 2017-05-09 18:37:40 +02:00			`whereParams = req.ToParams()`
default value bug 2017-05-09 18:54:12 +02:00			`} else {`
			`var errConv error`
			`req.MaxPerPage, errConv = strconv.Atoi(r.URL.Query().Get("max"))`
			`if errConv != nil \|\| req.MaxPerPage == 0 {`
			`req.MaxPerPage = 50 // default Value maxPerPage`
			`}`

			`req.Page, _ = strconv.Atoi(html.EscapeString(page))`
			`if req.Page == 0 {`
			`req.Page = 1`
			`}`
search query 2017-05-09 17:09:45 +02:00			`}`

			`nbTorrents := 0`
default value bug 2017-05-09 18:54:12 +02:00			`torrents, nbTorrents, err := torrentService.GetTorrents(whereParams, req.MaxPerPage, req.MaxPerPage*(req.Page-1))`
Refactor search Optimise, error handling and avoid some exploits 2017-05-09 13:31:58 +02:00			`if err != nil {`
			`util.SendError(w, err, 400)`
			`return`
			`}`
api upload 2017-05-08 11:18:49 +02:00
Death to reallocations! 2017-05-09 01:56:57 +02:00			`b := model.ApiResultJson{`
			`Torrents: model.TorrentsToJSON(torrents),`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`}`
default value bug 2017-05-09 18:54:12 +02:00			`b.QueryRecordCount = req.MaxPerPage`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`b.TotalRecordCount = nbTorrents`
			`w.Header().Set("Content-Type", "application/json")`
Refactor search Optimise, error handling and avoid some exploits 2017-05-09 13:31:58 +02:00			`err = json.NewEncoder(w).Encode(b)`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`}`

			`func ApiViewHandler(w http.ResponseWriter, r *http.Request) {`

			`vars := mux.Vars(r)`
			`id := vars["id"]`

			`torrent, err := torrentService.GetTorrentById(id)`
upload changes 2017-05-09 19:37:39 +02:00			`b := torrent.ToJson()`
Separated Routes and handler from Main Everything is in the router folder in different file 2017-05-05 16:39:15 +02:00
			`w.Header().Set("Content-Type", "application/json")`
			`err = json.NewEncoder(w).Encode(b)`

			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
Stop using categories & status DB tables Also fixes the incorrect JSON keys in API responses 2017-05-06 23:46:53 +02:00			`}`
api upload 2017-05-08 11:18:49 +02:00
			`func ApiUploadHandler(w http.ResponseWriter, r *http.Request) {`
			`if config.UploadsDisabled == 1 {`
			`http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)`
			`return`
			`}`

update 2017-05-09 20:54:50 +02:00			`contentType := r.Header.Get("Content-Type")`
upload changes 2017-05-09 19:37:39 +02:00			`if contentType == "application/json" {`
token werks 2017-05-09 19:58:35 +02:00			`token := r.Header.Get("Authorization")`
			`user := model.User{}`
			`db.ORM.Where("api_token = ?", token).First(&user) //i don't like this`
			`if user.Id == 0 {`
validator rewrite 2017-05-09 22:24:32 +02:00			`http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)`
token werks 2017-05-09 19:58:35 +02:00			`return`
			`}`
api upload 2017-05-08 11:18:49 +02:00
upload changes 2017-05-09 19:37:39 +02:00			`defer r.Body.Close()`
api upload 2017-05-08 11:18:49 +02:00
update 2017-05-09 20:54:50 +02:00			`upload := apiService.TorrentRequest{}`
upload changes 2017-05-09 19:37:39 +02:00			`d := json.NewDecoder(r.Body)`
			`if err := d.Decode(&upload); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
update 2017-05-09 20:54:50 +02:00			`err, code := upload.ValidateUpload()`
upload changes 2017-05-09 19:37:39 +02:00			`if err != nil {`
token werks 2017-05-09 19:58:35 +02:00			`http.Error(w, err.Error(), code)`
upload changes 2017-05-09 19:37:39 +02:00			`return`
			`}`
api upload 2017-05-08 11:18:49 +02:00
upload changes 2017-05-09 19:37:39 +02:00			`torrent := model.Torrents{`
			`Name: upload.Name,`
			`Category: upload.Category,`
			`Sub_Category: upload.SubCategory,`
			`Status: 1,`
			`Hash: upload.Hash,`
			`Date: time.Now(),`
			`Filesize: 0, //?`
			`Description: upload.Description,`
token werks 2017-05-09 19:58:35 +02:00			`UploaderId: user.Id,`
			`Uploader: &user,`
upload changes 2017-05-09 19:37:39 +02:00			`}`

			`db.ORM.Create(&torrent)`
i fucking hate git 2017-05-09 23:21:15 +02:00			`if err != nil {`
			`util.SendError(w, err, 500)`
			`return`
			`}`
upload changes 2017-05-09 19:37:39 +02:00			`fmt.Printf("%+v\n", torrent)`
			`}`
api upload 2017-05-08 11:18:49 +02:00			`}`
upload changes 2017-05-09 19:37:39 +02:00
token werks 2017-05-09 19:58:35 +02:00			`func ApiUpdateHandler(w http.ResponseWriter, r *http.Request) {`
update 2017-05-09 20:54:50 +02:00			`if config.UploadsDisabled == 1 {`
			`http.Error(w, "Error uploads are disabled", http.StatusInternalServerError)`
			`return`
			`}`

			`contentType := r.Header.Get("Content-Type")`
			`if contentType == "application/json" {`
			`token := r.Header.Get("Authorization")`
			`user := model.User{}`
			`db.ORM.Where("api_token = ?", token).First(&user) //i don't like this`
			`if user.Id == 0 {`
validator rewrite 2017-05-09 22:24:32 +02:00			`http.Error(w, apiService.ErrApiKey.Error(), http.StatusForbidden)`
update 2017-05-09 20:54:50 +02:00			`return`
			`}`

			`defer r.Body.Close()`

			`update := apiService.UpdateRequest{}`
			`d := json.NewDecoder(r.Body)`
			`if err := d.Decode(&update); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`id := update.Id`
			`torrent := model.Torrents{}`
			`db.ORM.Where("torrent_id = ?", id).First(&torrent)`
			`if torrent.Id == 0 {`
validator rewrite 2017-05-09 22:24:32 +02:00			`http.Error(w, apiService.ErrTorrentId.Error(), http.StatusBadRequest)`
update 2017-05-09 20:54:50 +02:00			`return`
			`}`
validator rewrite 2017-05-09 22:24:32 +02:00			`if torrent.UploaderId != 0 && torrent.UploaderId != user.Id { //&& user.Status != mod`
			`http.Error(w, apiService.ErrRights.Error(), http.StatusForbidden)`
update 2017-05-09 20:54:50 +02:00			`return`
			`}`
validator rewrite 2017-05-09 22:24:32 +02:00
update 2017-05-09 20:54:50 +02:00			`err, code := update.Update.ValidateUpdate()`
			`if err != nil {`
			`http.Error(w, err.Error(), code)`
			`return`
			`}`
			`update.UpdateTorrent(&torrent)`
token werks 2017-05-09 19:58:35 +02:00
update 2017-05-09 20:54:50 +02:00			`db.ORM.Save(&torrent)`
i fucking hate git 2017-05-09 23:21:15 +02:00			`if err != nil {`
			`util.SendError(w, err, 500)`
			`return`
			`}`
update 2017-05-09 20:54:50 +02:00			`fmt.Printf("%+v\n", torrent)`
			`}`
token werks 2017-05-09 19:58:35 +02:00			`}`