diff --git a/pkg/internal/models/attachments.go b/pkg/internal/models/attachments.go index 1c19a2f..b13a8c9 100644 --- a/pkg/internal/models/attachments.go +++ b/pkg/internal/models/attachments.go @@ -17,6 +17,6 @@ type Attachment struct { Metadata datatypes.JSONMap `json:"metadata"` IsMature bool `json:"is_mature"` - Account Account `json:"account"` - AccountID uint `json:"account_id"` + Account *Account `json:"account"` + AccountID *uint `json:"account_id"` } diff --git a/pkg/internal/server/api/attachment_dir_api.go b/pkg/internal/server/api/attachment_dir_api.go new file mode 100644 index 0000000..778f64e --- /dev/null +++ b/pkg/internal/server/api/attachment_dir_api.go @@ -0,0 +1 @@ +package api diff --git a/pkg/internal/server/api/attachments_api.go b/pkg/internal/server/api/attachments_api.go index b64dbfe..78863d3 100644 --- a/pkg/internal/server/api/attachments_api.go +++ b/pkg/internal/server/api/attachments_api.go @@ -2,11 +2,12 @@ package api import ( "fmt" + "net/url" + "path/filepath" + "git.solsynth.dev/hydrogen/paperclip/pkg/internal/database" "git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap" "git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/exts" - "net/url" - "path/filepath" "git.solsynth.dev/hydrogen/paperclip/pkg/internal/models" "git.solsynth.dev/hydrogen/paperclip/pkg/internal/services" @@ -72,10 +73,13 @@ func getAttachmentMeta(c *fiber.Ctx) error { } func createAttachment(c *fiber.Ctx) error { - if err := gap.H.EnsureAuthenticated(c); err != nil { - return err + var user *models.Account + if gap.H != nil { + if err := gap.H.EnsureAuthenticated(c); err != nil { + return err + } + user = lo.ToPtr(c.Locals("user").(models.Account)) } - user := c.Locals("user").(models.Account) destName := c.Query("destination", viper.GetString("preferred_destination")) @@ -93,8 +97,10 @@ func createAttachment(c *fiber.Ctx) error { return err } - if err := gap.H.EnsureGrantedPerm(c, "CreateAttachments", file.Size); err != nil { - return err + if gap.H != nil { + if err := gap.H.EnsureGrantedPerm(c, "CreateAttachments", file.Size); err != nil { + return err + } } usermeta := make(map[string]any) @@ -130,6 +136,10 @@ func createAttachment(c *fiber.Ctx) error { func updateAttachmentMeta(c *fiber.Ctx) error { id, _ := c.ParamsInt("id", 0) + if gap.H == nil { + return fiber.NewError(fiber.StatusUnprocessableEntity, "server running in independent mode, unable to modify attachment meta") + } + if err := gap.H.EnsureAuthenticated(c); err != nil { return err } @@ -169,6 +179,10 @@ func updateAttachmentMeta(c *fiber.Ctx) error { func deleteAttachment(c *fiber.Ctx) error { id, _ := c.ParamsInt("id", 0) + if gap.H == nil { + return fiber.NewError(fiber.StatusUnprocessableEntity, "server running in independent mode, unable to delete attachment") + } + if err := gap.H.EnsureAuthenticated(c); err != nil { return err } @@ -177,7 +191,7 @@ func deleteAttachment(c *fiber.Ctx) error { attachment, err := services.GetAttachmentByID(uint(id)) if err != nil { return fiber.NewError(fiber.StatusNotFound, err.Error()) - } else if attachment.AccountID != user.ID { + } else if attachment.AccountID == nil || *attachment.AccountID != user.ID { return fiber.NewError(fiber.StatusNotFound, "record not created by you") } diff --git a/pkg/internal/server/api/index.go b/pkg/internal/server/api/index.go index bd13f4a..3bbff4b 100644 --- a/pkg/internal/server/api/index.go +++ b/pkg/internal/server/api/index.go @@ -7,6 +7,7 @@ func MapAPIs(app *fiber.App, baseURL string) { api := app.Group(baseURL).Name("API") { + api.Get("/attachments", list) api.Get("/attachments/:id/meta", getAttachmentMeta) api.Get("/attachments/:id", openAttachment) api.Post("/attachments", createAttachment) diff --git a/pkg/internal/services/attachments.go b/pkg/internal/services/attachments.go index 8a75f93..7b894a6 100644 --- a/pkg/internal/services/attachments.go +++ b/pkg/internal/services/attachments.go @@ -2,12 +2,13 @@ package services import ( "fmt" - "git.solsynth.dev/hydrogen/paperclip/pkg/internal/database" "mime" "mime/multipart" "net/http" "path/filepath" + "git.solsynth.dev/hydrogen/paperclip/pkg/internal/database" + "git.solsynth.dev/hydrogen/paperclip/pkg/internal/models" "github.com/google/uuid" "gorm.io/gorm" @@ -47,7 +48,7 @@ func GetAttachmentByHash(hash string) (models.Attachment, error) { return attachment, nil } -func NewAttachmentMetadata(tx *gorm.DB, user models.Account, file *multipart.FileHeader, attachment models.Attachment) (models.Attachment, bool, error) { +func NewAttachmentMetadata(tx *gorm.DB, user *models.Account, file *multipart.FileHeader, attachment models.Attachment) (models.Attachment, bool, error) { linked := false exists, pickupErr := GetAttachmentByHash(attachment.HashCode) if pickupErr == nil { @@ -57,13 +58,19 @@ func NewAttachmentMetadata(tx *gorm.DB, user models.Account, file *multipart.Fil exists.Metadata = attachment.Metadata attachment = exists attachment.ID = 0 - attachment.AccountID = user.ID + + if user != nil { + attachment.AccountID = &user.ID + } } else { // Upload the new file attachment.Uuid = uuid.NewString() attachment.Size = file.Size attachment.Name = file.Filename - attachment.AccountID = user.ID + + if user != nil { + attachment.AccountID = &user.ID + } // If the user didn't provide file mimetype manually, we have to detect it if len(attachment.MimeType) == 0 { diff --git a/pkg/main.go b/pkg/main.go index 61e61db..a876bec 100644 --- a/pkg/main.go +++ b/pkg/main.go @@ -44,8 +44,12 @@ func main() { } // Connect other services - if err := gap.RegisterService(); err != nil { - log.Error().Err(err).Msg("An error occurred when registering service to dealer...") + if !viper.GetBool("independent_mode") { + if err := gap.RegisterService(); err != nil { + log.Error().Err(err).Msg("An error occurred when registering service to dealer...") + } + } else { + log.Warn().Msg("WATCHOUT! Running in independent mode, everyone with access to API can upload their file without authenticate!") } // Configure timed tasks diff --git a/settings.toml b/settings.toml index 46313dc..6ee83f4 100644 --- a/settings.toml +++ b/settings.toml @@ -5,6 +5,8 @@ grpc_bind = "0.0.0.0:7443" domain = "usercontent.solsynth.dev" secret = "LtTjzAGFLshwXhN4ZD4nG5KlMv1MWcsvfv03TSZYnT1VhiAnLIZFTnHUwR0XhGgi" +independent_mode = false + preferred_destination = "local" accepts_usage = ["p.avatar", "p.banner", "i.attachment", "m.attachment"]