Plume/src/routes/medias.rs

184 lines
5.4 KiB
Rust
Raw Normal View History

2020-01-21 07:02:03 +01:00
use crate::routes::{errors::ErrorPage, Page};
use crate::template_utils::{IntoContext, Ructe};
2018-09-02 22:55:42 +02:00
use guid_create::GUID;
2019-03-20 17:56:17 +01:00
use multipart::server::{
save::{SaveResult, SavedData},
Multipart,
};
use plume_models::{db_conn::DbConn, medias::*, users::User, Error, PlumeRocket, CONFIG};
2019-03-20 17:56:17 +01:00
use rocket::{
http::ContentType,
response::{status, Flash, Redirect},
2019-03-20 17:56:17 +01:00
Data,
};
use rocket_i18n::I18n;
use std::fs;
2018-09-02 22:55:42 +02:00
#[get("/medias?<page>")]
2021-01-30 13:44:29 +01:00
pub fn list(
user: User,
page: Option<Page>,
conn: DbConn,
rockets: PlumeRocket,
) -> Result<Ructe, ErrorPage> {
let page = page.unwrap_or_default();
2021-01-30 13:44:29 +01:00
let medias = Media::page_for_user(&conn, &user, page.limits())?;
Ok(render!(medias::index(
2021-01-30 13:44:29 +01:00
&(&conn, &rockets).to_context(),
medias,
page.0,
2021-01-30 13:44:29 +01:00
Page::total(Media::count_for_user(&conn, &user)? as i32)
)))
2018-09-02 22:55:42 +02:00
}
#[get("/medias/new")]
2021-01-30 13:44:29 +01:00
pub fn new(_user: User, conn: DbConn, rockets: PlumeRocket) -> Ructe {
render!(medias::new(&(&conn, &rockets).to_context()))
2018-09-02 22:55:42 +02:00
}
#[post("/medias/new", data = "<data>")]
2019-03-20 17:56:17 +01:00
pub fn upload(
user: User,
data: Data,
ct: &ContentType,
conn: DbConn,
) -> Result<Redirect, status::BadRequest<&'static str>> {
if !ct.is_form_data() {
return Ok(Redirect::to(uri!(new)));
}
2018-09-02 22:55:42 +02:00
let (_, boundary) = ct
.params()
.find(|&(k, _)| k == "boundary")
2021-01-15 15:17:00 +01:00
.ok_or(status::BadRequest(Some("No boundary")))?;
2018-09-02 22:55:42 +02:00
if let SaveResult::Full(entries) = Multipart::with_body(data.open(), boundary).save().temp() {
let fields = entries.fields;
2018-09-02 22:55:42 +02:00
let filename = fields
.get("file")
.and_then(|v| v.iter().next())
2021-01-15 15:17:00 +01:00
.ok_or(status::BadRequest(Some("No file uploaded")))?
.headers
.filename
.clone();
// Remove extension if it contains something else than just letters and numbers
let ext = filename
.and_then(|f| {
f.rsplit('.')
.next()
.and_then(|ext| {
if ext.chars().any(|c| !c.is_alphanumeric()) {
2019-03-20 17:56:17 +01:00
None
} else {
Some(ext.to_lowercase())
}
})
.map(|ext| format!(".{}", ext))
})
.unwrap_or_default();
2021-11-27 23:53:13 +01:00
let dest = format!("{}/{}{}", CONFIG.media_directory, GUID::rand(), ext);
match fields["file"][0].data {
SavedData::Bytes(ref bytes) => fs::write(&dest, bytes)
.map_err(|_| status::BadRequest(Some("Couldn't save upload")))?,
SavedData::File(ref path, _) => {
fs::copy(path, &dest)
.map_err(|_| status::BadRequest(Some("Couldn't copy upload")))?;
}
_ => {
return Ok(Redirect::to(uri!(new)));
2018-09-02 22:55:42 +02:00
}
}
let has_cw = !read(&fields["cw"][0].data)
.map(|cw| cw.is_empty())
.unwrap_or(false);
let media = Media::insert(
2021-01-30 13:44:29 +01:00
&conn,
NewMedia {
file_path: dest,
alt_text: read(&fields["alt"][0].data)?,
is_remote: false,
remote_url: None,
sensitive: has_cw,
content_warning: if has_cw {
Some(read(&fields["cw"][0].data)?)
} else {
None
},
owner_id: user.id,
},
)
.map_err(|_| status::BadRequest(Some("Error while saving media")))?;
Ok(Redirect::to(uri!(details: id = media.id)))
2018-09-02 22:55:42 +02:00
} else {
Ok(Redirect::to(uri!(new)))
2018-09-02 22:55:42 +02:00
}
}
fn read(data: &SavedData) -> Result<String, status::BadRequest<&'static str>> {
2018-09-02 22:55:42 +02:00
if let SavedData::Text(s) = data {
Ok(s.clone())
2018-09-02 22:55:42 +02:00
} else {
Err(status::BadRequest(Some("Error while reading data")))
2018-09-02 22:55:42 +02:00
}
}
#[get("/medias/<id>")]
2021-01-30 13:44:29 +01:00
pub fn details(
id: i32,
user: User,
conn: DbConn,
rockets: PlumeRocket,
) -> Result<Ructe, ErrorPage> {
let media = Media::get(&conn, id)?;
if media.owner_id == user.id {
2021-01-30 13:44:29 +01:00
Ok(render!(medias::details(
&(&conn, &rockets).to_context(),
media
)))
} else {
Err(Error::Unauthorized.into())
}
2018-09-02 22:55:42 +02:00
}
#[post("/medias/<id>/delete")]
pub fn delete(id: i32, user: User, conn: DbConn, intl: I18n) -> Result<Flash<Redirect>, ErrorPage> {
let media = Media::get(&*conn, id)?;
if media.owner_id == user.id {
media.delete(&*conn)?;
Ok(Flash::success(
Redirect::to(uri!(list: page = _)),
i18n!(intl.catalog, "Your media have been deleted."),
))
} else {
Ok(Flash::error(
Redirect::to(uri!(list: page = _)),
i18n!(intl.catalog, "You are not allowed to delete this media."),
))
}
2018-09-02 23:10:15 +02:00
}
#[post("/medias/<id>/avatar")]
pub fn set_avatar(
id: i32,
user: User,
conn: DbConn,
intl: I18n,
) -> Result<Flash<Redirect>, ErrorPage> {
let media = Media::get(&*conn, id)?;
if media.owner_id == user.id {
user.set_avatar(&*conn, media.id)?;
Ok(Flash::success(
Redirect::to(uri!(details: id = id)),
i18n!(intl.catalog, "Your avatar has been updated."),
))
} else {
Ok(Flash::error(
Redirect::to(uri!(details: id = id)),
i18n!(intl.catalog, "You are not allowed to use this media."),
))
}
2018-09-03 14:04:17 +02:00
}