bfile/filed/src/web/forms.rs


/*
 forms.rs - All the forms
*/

use std::{collections::HashMap, net::IpAddr};

use askama::Template;
use warp::{Filter, reply::{Reply, with_status, html}, reject::Rejection, filters::multipart::FormData, http::StatusCode};
use futures_util::TryStreamExt;
use bytes::BufMut;
use serde::Serialize;
use warp_real_ip::real_ip;

use crate::files::{File, lookup::LookupKind, DeleteMode};

use super::{state::SharedState, pages::{UploadSuccessPage, ErrorPage}, rejection::HttpReject};

#[derive(Debug, Serialize, Clone)]
pub struct FormElement {
    pub data: Vec<u8>,
    pub mime: String
}
impl FormElement {
    
    #[allow(dead_code)]
    pub fn as_str_or_reject(self: &Self) -> Result<String, Rejection> {
        Ok(String::from_utf8(self.data.clone()).map_err(|err| warp::reject::custom(HttpReject::FromUtf8Error(err)))?)
    }

    pub fn as_atr_or_none(self: &Self) -> Option<String> {
        if let Ok(res) = String::from_utf8(self.data.clone()) {
            Some(res)
        } else {
            None
        }
    }

    pub fn is_checked(self: &Self) -> bool {
        if self.data.len() != 2 {
            return false
        }
        let data = self.data.clone();
        let on = "on".bytes().collect::<Vec<u8>>();
        data == on
    }

    pub async fn from_formdata(form: FormData) -> Result<HashMap<String, FormElement>, warp::Error> {
        form.and_then(|mut field| async move {
            let mut bytes: Vec<u8> = vec![];
            while let Some(byte) = field.data().await {
                bytes.put(byte.unwrap())
            }
            
            Ok((field.name().into(), FormElement { data: bytes, mime: field.content_type().unwrap_or("text/plain").to_string() }))
        }).try_collect()
          .await
    }
}

pub struct UploadFormData {
    pub filename: Option<String>,
    pub password: Option<String>,
    pub instancepass: Option<String>,
    pub lookup_kind: LookupKind,
    pub delmode: DeleteMode,
    pub file: Vec<u8>,
    pub mime: String,
    pub tos_consent: bool
}

impl Default for UploadFormData {
    fn default() -> Self {
        UploadFormData {
            filename: None,
            password: None,
            instancepass: None,
            lookup_kind: LookupKind::ByHash,
            delmode: DeleteMode::Time,
            file: vec![],
            mime: "application/x-octet-stream".into(),
            tos_consent: false
        }
    }
}

impl UploadFormData {

    pub fn from_formdata(data: HashMap<String, FormElement>, use_defaults: bool) -> Option<UploadFormData> {
        let mut out = Self::default();
        
        // Add a name
        match data.get("named") {
            Some(val) => {
                if val.is_checked() {
                    let name = data.get("filename")?;
                    out.filename = Some(name.as_atr_or_none()?);
                    out.lookup_kind = LookupKind::ByHash
                }
            },
            None => ()
        }

        // Add a password
        match data.get("passworded") {
            Some(val) => {
                if val.is_checked() {
                    let pass = data.get("password")?;
                    out.password = Some(pass.as_atr_or_none()?);
                    out.lookup_kind = LookupKind::ByName
                }
            },
            None => ()
        }

        // Delete mode
        match data.get("delmode") {
            Some(val) => {
                let val = val.data.clone();
                let is_30 = val == "30".bytes().collect::<Vec<u8>>();
                if is_30 {
                    out.delmode = DeleteMode::Time
                } else {
                    out.delmode = DeleteMode::TimeOrDownload
                }
            },
            None => {
                if ! use_defaults {
                    return None
                }
            }
        }

        match data.get("instancepass") {
            Some(val) => {
                let val = val.data.clone();
                if let Ok(pass) = String::from_utf8(val) {
                    out.instancepass = Some(pass);
                }
            },
            None => ()
        };

        let file = data.get("file")?;
        out.file = file.data.clone();
        out.mime = file.mime.clone();
        out.tos_consent = match data.get("tos_consent") {
            Some(v) => v.is_checked(),
            None => false
        };

        Some(out)
    }
}

fn bad_req_html(data: String) -> Box<dyn Reply> {
    Box::new(
        with_status(
            html(data),
            StatusCode::BAD_REQUEST
        )
    )
}

pub async fn upload(form: FormData, ip: Option<IpAddr>, state: SharedState) -> Result<Box<dyn Reply>, Rejection> {

    if ! state.config.files.allow_uploads {
        return Ok(
            Box::new(warp::redirect(warp::http::Uri::from_static("/")))
        )
    }

    let params: HashMap<String, FormElement> = FormElement::from_formdata(form).await.map_err(|x| HttpReject::WarpError(x))?;
    let formdata = UploadFormData::from_formdata(params.clone(), false);

    if let Some(formdata) = formdata {

        let mut breaks_conf = false;
        if (!state.config.files.allow_custom_names) && formdata.filename.is_some() {
            breaks_conf = true;
        }
        if (!state.config.files.allow_pass_protection) && formdata.password.is_some() {
            breaks_conf = true;
        }
        
        if breaks_conf {
            let error = ErrorPage {
                env: state.env,
                conf: state.config,
                error_text: "Attempt to set name or password when they are disabled".into(),
                link: None,
                link_text: None
            };
            return Ok(
                bad_req_html(
                    error.render()
                        .map_err(|x| HttpReject::AskamaError(x))?
                )
            );
        }
        if ! formdata.tos_consent {
            let error = ErrorPage {
                env: state.env,
                conf: state.config,
                error_text: "You must agree to the ToS".into(),
                link: None,
                link_text: None
            };

            return Ok(
                bad_req_html(
                    error.render()
                        .map_err(|x| HttpReject::AskamaError(x))?
                )
            )
        }

        if let Some(upload_pass) = state.config.files.upload_pass.clone() {

            if let Some(pass) = formdata.instancepass {
                if upload_pass != pass {
                    let error = ErrorPage {
                        env: state.env.clone(),
                        conf: state.config.clone(),
                        error_text: "Password is invalid".into(),
                        link: Some("/".into()),
                        link_text: Some("Go back".into())
                    };

                    return Ok(
                        Box::new(
                            html(
                                error.render()
                                    .map_err(|x| HttpReject::AskamaError(x))?
                            )
                        )
                    )
                }
            } else {
                let error = ErrorPage {
                    env: state.env.clone(),
                    conf: state.config.clone(),
                    error_text: "Password is not available".into(),
                    link: Some("/".into()),
                    link_text: Some("Go back".into())
                };

                return Ok(
                    Box::new(
                        html(
                            error.render()
                                .map_err(|x| HttpReject::AskamaError(x))?
                        )
                    )
                )
            }
        }

        let file = File::create(
            formdata.file,
            formdata.mime,
            formdata.filename.clone(),
            state.env.clone(),
            formdata.delmode,
            formdata.password,
            ip
        ).await
         .map_err(|x| HttpReject::StringError(x.to_string()))
         ?;
        
        state.file_mgr.save(&file, formdata.lookup_kind)
                      .map_err(|x| HttpReject::StringError(x.to_string()))?;
        
        let page = UploadSuccessPage {
            env: state.env,
            conf: state.config,
            link: match formdata.filename {
                Some(v) => v,
                None => file.hash()
            }
        };

        return Ok(
            Box::new(
                html(
                    page.render()
                        .map_err(|x| HttpReject::AskamaError(x))?
                )
            )
        )
    }

    let error = ErrorPage {
        env: state.env,
        conf: state.config,
        error_text: "Form is malformed".into(),
        link: None,
        link_text: None
    };

    return Ok(
        bad_req_html(
            error.render()
                .map_err(|x| HttpReject::AskamaError(x))?
        )
    )

}

pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {
    warp::post()
        .and(warp::multipart::form())
        .and(real_ip(vec![state.env.proxy_addr]))
        .and(
            warp::any().map(move || state.clone())
        )
        .and_then(upload)
}
get it to run with docker 2023-09-30 11:26:47 +02:00
			`/*`
			`forms.rs - All the forms`
			`*/`

get client ip on upload action 2023-10-26 10:30:35 +02:00			`use std::{collections::HashMap, net::IpAddr};`
get it to run with docker 2023-09-30 11:26:47 +02:00
handle stuff using rejection 2023-10-01 04:05:08 +02:00			`use askama::Template;`
fix compile warnings 2023-10-26 17:19:30 +02:00			`use warp::{Filter, reply::{Reply, with_status, html}, reject::Rejection, filters::multipart::FormData, http::StatusCode};`
get it to run with docker 2023-09-30 11:26:47 +02:00			`use futures_util::TryStreamExt;`
			`use bytes::BufMut;`
actually save the files when submitted 2023-10-01 06:44:19 +02:00			`use serde::Serialize;`
get client ip on upload action 2023-10-26 10:30:35 +02:00			`use warp_real_ip::real_ip;`
actually save the files when submitted 2023-10-01 06:44:19 +02:00
save delete mode 2023-10-13 01:25:51 +02:00			`use crate::files::{File, lookup::LookupKind, DeleteMode};`
get it to run with docker 2023-09-30 11:26:47 +02:00
fix compile warnings 2023-10-26 17:19:30 +02:00			`use super::{state::SharedState, pages::{UploadSuccessPage, ErrorPage}, rejection::HttpReject};`
stateful warp controllers 2023-10-01 02:14:35 +02:00
enforce terms and conditions 2023-10-13 15:37:18 +02:00			`#[derive(Debug, Serialize, Clone)]`
scratch curl API 2023-11-01 10:19:51 +01:00			`pub struct FormElement {`
add a ToS switch 2023-11-02 15:08:45 +01:00			`pub data: Vec<u8>,`
			`pub mime: String`
actually save the files when submitted 2023-10-01 06:44:19 +02:00			`}`
file upload functionality 2023-10-01 10:40:37 +02:00			`impl FormElement {`
fix compile warnings 2023-10-26 17:19:30 +02:00
			`#[allow(dead_code)]`
file upload functionality 2023-10-01 10:40:37 +02:00			`pub fn as_str_or_reject(self: &Self) -> Result<String, Rejection> {`
			`Ok(String::from_utf8(self.data.clone()).map_err(\|err\| warp::reject::custom(HttpReject::FromUtf8Error(err)))?)`
			`}`
get it to run with docker 2023-09-30 11:26:47 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`pub fn as_atr_or_none(self: &Self) -> Option<String> {`
			`if let Ok(res) = String::from_utf8(self.data.clone()) {`
			`Some(res)`
			`} else {`
			`None`
			`}`
add config checks on backend 2023-10-21 08:09:36 +02:00			`}`

just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`pub fn is_checked(self: &Self) -> bool {`
			`if self.data.len() != 2 {`
			`return false`
get it to run with docker 2023-09-30 11:26:47 +02:00			`}`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`let data = self.data.clone();`
			`let on = "on".bytes().collect::<Vec<u8>>();`
			`data == on`
			`}`

			`pub async fn from_formdata(form: FormData) -> Result<HashMap<String, FormElement>, warp::Error> {`
			`form.and_then(\|mut field\| async move {`
			`let mut bytes: Vec<u8> = vec![];`
			`while let Some(byte) = field.data().await {`
			`bytes.put(byte.unwrap())`
			`}`

			`Ok((field.name().into(), FormElement { data: bytes, mime: field.content_type().unwrap_or("text/plain").to_string() }))`
			`}).try_collect()`
			`.await`
			`}`
			`}`

scratch curl API 2023-11-01 10:19:51 +01:00			`pub struct UploadFormData {`
			`pub filename: Option<String>,`
			`pub password: Option<String>,`
			`pub instancepass: Option<String>,`
			`pub lookup_kind: LookupKind,`
			`pub delmode: DeleteMode,`
			`pub file: Vec<u8>,`
			`pub mime: String,`
			`pub tos_consent: bool`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`}`

			`impl Default for UploadFormData {`
			`fn default() -> Self {`
			`UploadFormData {`
			`filename: None,`
			`password: None,`
check for password server side 2023-10-26 17:02:09 +02:00			`instancepass: None,`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`lookup_kind: LookupKind::ByHash,`
			`delmode: DeleteMode::Time,`
			`file: vec![],`
			`mime: "application/x-octet-stream".into(),`
			`tos_consent: false`
handle stuff using rejection 2023-10-01 04:05:08 +02:00			`}`
			`}`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`}`
get it to run with docker 2023-09-30 11:26:47 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`impl UploadFormData {`
check the password on when the file is downloaded 2023-10-15 09:16:08 +02:00
scratch curl API 2023-11-01 10:19:51 +01:00			`pub fn from_formdata(data: HashMap<String, FormElement>, use_defaults: bool) -> Option<UploadFormData> {`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`let mut out = Self::default();`

			`// Add a name`
			`match data.get("named") {`
			`Some(val) => {`
			`if val.is_checked() {`
			`let name = data.get("filename")?;`
			`out.filename = Some(name.as_atr_or_none()?);`
			`out.lookup_kind = LookupKind::ByHash`
			`}`
			`},`
			`None => ()`
			`}`
check the password on when the file is downloaded 2023-10-15 09:16:08 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`// Add a password`
			`match data.get("passworded") {`
			`Some(val) => {`
			`if val.is_checked() {`
			`let pass = data.get("password")?;`
			`out.password = Some(pass.as_atr_or_none()?);`
			`out.lookup_kind = LookupKind::ByName`
			`}`
			`},`
			`None => ()`
			`}`

			`// Delete mode`
			`match data.get("delmode") {`
			`Some(val) => {`
			`let val = val.data.clone();`
			`let is_30 = val == "30".bytes().collect::<Vec<u8>>();`
			`if is_30 {`
			`out.delmode = DeleteMode::Time`
			`} else {`
			`out.delmode = DeleteMode::TimeOrDownload`
			`}`
			`},`
			`None => {`
scratch curl API 2023-11-01 10:19:51 +01:00			`if ! use_defaults {`
			`return None`
			`}`
add config checks on backend 2023-10-21 08:09:36 +02:00			`}`
check the password on when the file is downloaded 2023-10-15 09:16:08 +02:00			`}`

check for password server side 2023-10-26 17:02:09 +02:00			`match data.get("instancepass") {`
			`Some(val) => {`
			`let val = val.data.clone();`
			`if let Ok(pass) = String::from_utf8(val) {`
			`out.instancepass = Some(pass);`
			`}`
			`},`
			`None => ()`
			`};`

just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`let file = data.get("file")?;`
			`out.file = file.data.clone();`
			`out.mime = file.mime.clone();`
			`out.tos_consent = match data.get("tos_consent") {`
			`Some(v) => v.is_checked(),`
			`None => false`
			`};`

			`Some(out)`
			`}`
			`}`

			`fn bad_req_html(data: String) -> Box<dyn Reply> {`
			`Box::new(`
			`with_status(`
			`html(data),`
			`StatusCode::BAD_REQUEST`
			`)`
			`)`
			`}`

attach user ip to the file record 2023-10-26 15:54:47 +02:00			`pub async fn upload(form: FormData, ip: Option<IpAddr>, state: SharedState) -> Result<Box<dyn Reply>, Rejection> {`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00
			`if ! state.config.files.allow_uploads {`
enforce terms and conditions 2023-10-13 15:37:18 +02:00			`return Ok(`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`Box::new(warp::redirect(warp::http::Uri::from_static("/")))`
enforce terms and conditions 2023-10-13 15:37:18 +02:00			`)`
			`}`
save delete mode 2023-10-13 01:25:51 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`let params: HashMap<String, FormElement> = FormElement::from_formdata(form).await.map_err(\|x\| HttpReject::WarpError(x))?;`
scratch curl API 2023-11-01 10:19:51 +01:00			`let formdata = UploadFormData::from_formdata(params.clone(), false);`
add server side checks for pass and custom name 2023-10-23 05:21:50 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`if let Some(formdata) = formdata {`

add server side checks for pass and custom name 2023-10-23 05:21:50 +02:00			`let mut breaks_conf = false;`
			`if (!state.config.files.allow_custom_names) && formdata.filename.is_some() {`
			`breaks_conf = true;`
			`}`
			`if (!state.config.files.allow_pass_protection) && formdata.password.is_some() {`
			`breaks_conf = true;`
			`}`

			`if breaks_conf {`
			`let error = ErrorPage {`
			`env: state.env,`
			`conf: state.config,`
			`error_text: "Attempt to set name or password when they are disabled".into(),`
			`link: None,`
			`link_text: None`
			`};`
			`return Ok(`
			`bad_req_html(`
			`error.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`);`
			`}`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`if ! formdata.tos_consent {`
			`let error = ErrorPage {`
			`env: state.env,`
			`conf: state.config,`
			`error_text: "You must agree to the ToS".into(),`
			`link: None,`
			`link_text: None`
			`};`

			`return Ok(`
			`bad_req_html(`
			`error.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`)`
add config checks on backend 2023-10-21 08:09:36 +02:00			`}`
actually save the files when submitted 2023-10-01 06:44:19 +02:00
check for password server side 2023-10-26 17:02:09 +02:00			`if let Some(upload_pass) = state.config.files.upload_pass.clone() {`

			`if let Some(pass) = formdata.instancepass {`
			`if upload_pass != pass {`
			`let error = ErrorPage {`
			`env: state.env.clone(),`
			`conf: state.config.clone(),`
			`error_text: "Password is invalid".into(),`
			`link: Some("/".into()),`
			`link_text: Some("Go back".into())`
			`};`

			`return Ok(`
			`Box::new(`
			`html(`
			`error.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`)`
			`)`
			`}`
			`} else {`
			`let error = ErrorPage {`
			`env: state.env.clone(),`
			`conf: state.config.clone(),`
			`error_text: "Password is not available".into(),`
			`link: Some("/".into()),`
			`link_text: Some("Go back".into())`
			`};`

			`return Ok(`
			`Box::new(`
			`html(`
			`error.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`)`
			`)`
			`}`
			`}`

just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`let file = File::create(`
			`formdata.file,`
			`formdata.mime,`
			`formdata.filename.clone(),`
			`state.env.clone(),`
			`formdata.delmode,`
attach user ip to the file record 2023-10-26 15:54:47 +02:00			`formdata.password,`
			`ip`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`).await`
			`.map_err(\|x\| HttpReject::StringError(x.to_string()))`
			`?;`

			`state.file_mgr.save(&file, formdata.lookup_kind)`
			`.map_err(\|x\| HttpReject::StringError(x.to_string()))?;`

			`let page = UploadSuccessPage {`
			`env: state.env,`
			`conf: state.config,`
			`link: match formdata.filename {`
			`Some(v) => v,`
			`None => file.hash()`
save delete mode 2023-10-13 01:25:51 +02:00			`}`
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`};`
actually save the files when submitted 2023-10-01 06:44:19 +02:00
just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`return Ok(`
			`Box::new(`
			`html(`
			`page.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`)`
			`)`
			`}`

			`let error = ErrorPage {`
			`env: state.env,`
			`conf: state.config,`
			`error_text: "Form is malformed".into(),`
			`link: None,`
			`link_text: None`
file uploaded page 2023-10-10 13:56:28 +02:00			`};`

just rewrite the fucking upload method, its too buggy to fix 2023-10-22 17:24:38 +02:00			`return Ok(`
			`bad_req_html(`
			`error.render()`
			`.map_err(\|x\| HttpReject::AskamaError(x))?`
			`)`
			`)`
file uploaded page 2023-10-10 13:56:28 +02:00
get it to run with docker 2023-09-30 11:26:47 +02:00			`}`

stateful warp controllers 2023-10-01 02:14:35 +02:00			`pub fn get_routes(state: SharedState) -> impl Filter<Extract = impl Reply, Error = Rejection> + Clone {`
refactor forms to be more readable 2023-10-26 10:27:57 +02:00			`warp::post()`
			`.and(warp::multipart::form())`
get client ip on upload action 2023-10-26 10:30:35 +02:00			`.and(real_ip(vec![state.env.proxy_addr]))`
refactor forms to be more readable 2023-10-26 10:27:57 +02:00			`.and(`
			`warp::any().map(move \|\| state.clone())`
			`)`
			`.and_then(upload)`
get it to run with docker 2023-09-30 11:26:47 +02:00			`}`