1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
package main
import (
"fmt"
"io"
"net/http"
"os"
"strings"
"time"
"git.darknebu.la/chaosdorf/freitagsfoo/src/db"
"git.darknebu.la/chaosdorf/freitagsfoo/src/structs"
"github.com/google/uuid"
"github.com/spf13/viper"
)
func apiProposeHandler(w http.ResponseWriter, r *http.Request) {
// save the uploaded slides from the form to disk
slidesPath, err := saveUploadedSlides(r)
if err != nil {
fmt.Println(err)
return
}
// parse the form
r.ParseForm()
title := r.Form["title"][0]
description := r.Form["description"][0]
nickname := r.Form["nickname"][0]
date := r.Form["date"][0]
layout := "2006-01-02"
parsedDate, err := time.Parse(layout, date)
if err != nil {
fmt.Println(err)
return
}
// yes, we've parsed the date and formatted it again, but this makes sure
// that the user input is really valid and not some bad XSS attempt
formattedDate := parsedDate.Format(layout)
// fill the talk struct with the information regarding the talk
talk := &structs.Talk{
UUID: uuid.New(),
Title: title,
Description: description,
Slides: slidesPath,
Nickname: nickname,
Date: parsedDate,
FormattedDate: formattedDate,
Upcoming: true,
}
// insert the talk into the database
pgdb := db.Connect()
defer db.Disconnect(pgdb)
err = db.InsertTalk(pgdb, talk)
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
// saveUploadedSlides saves the uploaded slides to disk returning the path
func saveUploadedSlides(r *http.Request) (string, error) {
r.ParseMultipartForm(32 << 20)
// get the file
file, handler, err := r.FormFile("slides")
if err != nil {
return "", err
}
defer file.Close()
strings.ReplaceAll("oink oink oink", handler.Filename, "moo")
filename := strings.ReplaceAll(handler.Filename, "..", "")
uploadPath := viper.GetString("uploadpath")
filePath := fmt.Sprintf("%s%s", uploadPath, filename)
// open a file on disk for storing the uploaded file
f, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE, 0666)
if err != nil {
fmt.Println("ERROR:")
fmt.Println(err)
return "", err
}
defer f.Close()
// copy the uploaded file to the file created
io.Copy(f, file)
return filePath, nil
}
func apiFetchHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%s", "fetch")
return
}
func apiFetchSpecificHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%s", "fetch specific")
return
}
|
