feat(server): add box create/upload endpoints and improve UI

- Add `/box` endpoint to create an upload box and return its URL - Add `/box/:id/upload` endpoint for uploading a single file to an existing box - Refactor upload saving into a shared helper and validate box IDs/filenames - Ensure unique filenames by checking existing files on disk to avoid collisions - Update upload panel CSS to use flex layout for better resizing/scroll behaviorfeat(server): add box create/upload endpoints and improve UI - Add `/box` endpoint to create an upload box and return its URL - Add `/box/:id/upload` endpoint for uploading a single file to an existing box - Refactor upload saving into a shared helper and validate box IDs/filenames - Ensure unique filenames by checking existing files on disk to avoid collisions - Update upload panel CSS to use flex layout for better resizing/scroll behavior
2026-04-25 18:57:08 +03:00
parent fb7e378b3a
commit f06a2c544f
3 changed files with 305 additions and 60 deletions
--- a/lib/server/server.go
+++ b/lib/server/server.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
+	"mime/multipart"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -23,6 +24,50 @@ func Run(addr string) error {
 		ctx.HTML(http.StatusOK, "index.html", gin.H{})
 	})

+	router.POST("/box", func(ctx *gin.Context) {
+		boxID, err := newBoxID()
+		if err != nil {
+			ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Could not create upload box"})
+			return
+		}
+
+		if err := os.MkdirAll(boxPath(boxID), 0755); err != nil {
+			ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Could not prepare upload box"})
+			return
+		}
+
+		ctx.JSON(http.StatusOK, gin.H{
+			"box_id":  boxID,
+			"box_url": "/box/" + boxID,
+		})
+	})
+
+	router.POST("/box/:id/upload", func(ctx *gin.Context) {
+		boxID := ctx.Param("id")
+		if !validBoxID(boxID) {
+			ctx.JSON(http.StatusBadRequest, gin.H{"error": "Invalid box id"})
+			return
+		}
+
+		file, err := ctx.FormFile("file")
+		if err != nil {
+			ctx.JSON(http.StatusBadRequest, gin.H{"error": "No file received"})
+			return
+		}
+
+		savedFile, err := saveUploadedFile(ctx, boxID, file)
+		if err != nil {
+			ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+
+		ctx.JSON(http.StatusOK, gin.H{
+			"box_id":  boxID,
+			"box_url": "/box/" + boxID,
+			"file":    savedFile,
+		})
+	})
+
 	router.POST("/upload", func(ctx *gin.Context) {
 		form, err := ctx.MultipartForm()
 		if err != nil {
@@ -42,33 +87,21 @@ func Run(addr string) error {
 			return
 		}

-		boxPath := filepath.Join(uploadRoot, boxID)
-		if err := os.MkdirAll(boxPath, 0755); err != nil {
+		if err := os.MkdirAll(boxPath(boxID), 0755); err != nil {
 			ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Could not prepare upload box"})
 			return
 		}

 		savedFiles := make([]gin.H, 0, len(files))
-		usedNames := make(map[string]int, len(files))

 		for _, file := range files {
-			filename, ok := safeFilename(file.Filename)
-			if !ok {
-				ctx.JSON(http.StatusBadRequest, gin.H{"error": "Invalid filename"})
+			savedFile, err := saveUploadedFile(ctx, boxID, file)
+			if err != nil {
+				ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 				return
 			}

-			filename = uniqueFilename(filename, usedNames)
-			destination := filepath.Join(boxPath, filename)
-			if err := ctx.SaveUploadedFile(file, destination); err != nil {
-				ctx.JSON(http.StatusInternalServerError, gin.H{"error": "Could not save uploaded files"})
-				return
-			}
-
-			savedFiles = append(savedFiles, gin.H{
-				"name": filename,
-				"size": file.Size,
-			})
+			savedFiles = append(savedFiles, savedFile)
 		}

 		ctx.JSON(http.StatusOK, gin.H{
@@ -93,21 +126,64 @@ func newBoxID() (string, error) {
 	return hex.EncodeToString(bytes), nil
 }

+func validBoxID(boxID string) bool {
+	if len(boxID) != 32 {
+		return false
+	}
+
+	for _, character := range boxID {
+		if !strings.ContainsRune("0123456789abcdef", character) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func boxPath(boxID string) string {
+	return filepath.Join(uploadRoot, boxID)
+}
+
+func saveUploadedFile(ctx *gin.Context, boxID string, file *multipart.FileHeader) (gin.H, error) {
+	filename, ok := safeFilename(file.Filename)
+	if !ok {
+		return nil, fmt.Errorf("Invalid filename")
+	}
+
+	boxPath := boxPath(boxID)
+	if err := os.MkdirAll(boxPath, 0755); err != nil {
+		return nil, fmt.Errorf("Could not prepare upload box")
+	}
+
+	filename = uniqueFilename(boxPath, filename)
+	destination := filepath.Join(boxPath, filename)
+	if err := ctx.SaveUploadedFile(file, destination); err != nil {
+		return nil, fmt.Errorf("Could not save uploaded file")
+	}
+
+	return gin.H{
+		"name": filename,
+		"size": file.Size,
+	}, nil
+}
+
 func safeFilename(name string) (string, bool) {
 	filename := filepath.Base(name)
 	filename = strings.TrimSpace(filename)
 	return filename, filename != "" && filename != "." && filename != string(filepath.Separator)
 }

-func uniqueFilename(filename string, usedNames map[string]int) string {
-	count := usedNames[filename]
-	usedNames[filename] = count + 1
-
-	if count == 0 {
+func uniqueFilename(directory string, filename string) string {
+	if _, err := os.Stat(filepath.Join(directory, filename)); os.IsNotExist(err) {
 		return filename
 	}

 	extension := filepath.Ext(filename)
 	base := strings.TrimSuffix(filename, extension)
-	return fmt.Sprintf("%s-%d%s", base, count+1, extension)
+	for count := 2; ; count++ {
+		candidate := fmt.Sprintf("%s-%d%s", base, count, extension)
+		if _, err := os.Stat(filepath.Join(directory, candidate)); os.IsNotExist(err) {
+			return candidate
+		}
+	}
 }