Nikolai Papin
f65439fb50
feat: implement file upload handling in controller with size and type validation; feat: add custom validation rules for bio and color hex fields; refactor: enhance request handling with dedicated client info extraction; chore: update profile DTOs with validation tags; docs: profile controller swagger
157 lines
4.2 KiB
Go
157 lines
4.2 KiB
Go
// Copyright (c) 2025 Nikolai Papin
|
|
//
|
|
// This file is part of Easywish
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
|
|
// the GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package controllers
|
|
|
|
import (
|
|
"easywish/internal/dto"
|
|
"easywish/internal/services"
|
|
"easywish/internal/utils/enums"
|
|
"easywish/internal/validation"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/go-playground/validator/v10"
|
|
"github.com/google/uuid"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
var (
|
|
GET = "GET"
|
|
POST = "POST"
|
|
PUT = "PUT"
|
|
PATCH = "PATCH"
|
|
DELETE = "DELETE"
|
|
)
|
|
|
|
type ControllerMethod struct {
|
|
HttpMethod string
|
|
Path string
|
|
Authorization enums.Role
|
|
Middleware []gin.HandlerFunc
|
|
Function func (c *gin.Context)
|
|
}
|
|
|
|
type controllerImpl struct {
|
|
Path string
|
|
Middleware []gin.HandlerFunc
|
|
Methods []ControllerMethod
|
|
}
|
|
|
|
type Controller interface {
|
|
Setup(group *gin.RouterGroup, log *zap.Logger, auth services.AuthService)
|
|
}
|
|
|
|
func (ctrl *controllerImpl) Setup(group *gin.RouterGroup, log *zap.Logger, auth services.AuthService) {
|
|
ctrlGroup := group.Group(ctrl.Path)
|
|
ctrlGroup.Use(ctrl.Middleware...)
|
|
|
|
for _, method := range ctrl.Methods {
|
|
ctrlGroup.Handle(
|
|
method.HttpMethod,
|
|
method.Path,
|
|
append(
|
|
method.Middleware,
|
|
gin.HandlerFunc(func(c *gin.Context) {
|
|
clientInfo, _ := c.Get("client_info")
|
|
if clientInfo.(dto.ClientInfo).Role < method.Authorization {
|
|
c.AbortWithStatusJSON(
|
|
http.StatusForbidden,
|
|
gin.H{"error": "Insufficient authorization for this method"})
|
|
return
|
|
}
|
|
}),
|
|
method.Function)...,
|
|
)
|
|
}
|
|
}
|
|
|
|
func GetFile(c *gin.Context, name string, maxSize int64, allowedTypes map[string]bool) (*string, error) {
|
|
file, err := c.FormFile(name); if err != nil {
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("File '%s': not provided", name)})
|
|
return nil, err
|
|
}
|
|
|
|
if file.Size > int64(maxSize) {
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("File '%s': file too large", name)})
|
|
return nil, fmt.Errorf("File too large")
|
|
}
|
|
|
|
fileType := file.Header.Get("Content-Type")
|
|
if len(allowedTypes) > 0 && !allowedTypes[fileType] {
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("File '%s': forbidden file type: %s", name, fileType)})
|
|
return nil, fmt.Errorf("Wrong file type")
|
|
}
|
|
|
|
folderPath := "/tmp/uploads"
|
|
if _, err := os.Stat(folderPath); os.IsNotExist(err) {
|
|
os.MkdirAll(folderPath, 0700)
|
|
}
|
|
|
|
filePath := fmt.Sprintf("%s/%s-%s", folderPath, uuid.New().String(), filepath.Base(file.Filename))
|
|
if err := c.SaveUploadedFile(file, filePath); err != nil {
|
|
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error": "Error saving file"})
|
|
return nil, err
|
|
}
|
|
|
|
return &filePath, nil
|
|
}
|
|
|
|
func GetRequest[ModelT any](c *gin.Context) (*dto.Request[ModelT], error) {
|
|
|
|
var body ModelT
|
|
|
|
if err := c.ShouldBindJSON(&body); err != nil {
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
|
return nil, err
|
|
}
|
|
|
|
// TODO: Think hard on a singleton for better performance
|
|
validate := validation.NewValidator()
|
|
|
|
if err := validate.Struct(body); err != nil {
|
|
errorList := err.(validator.ValidationErrors)
|
|
c.AbortWithStatusJSON(
|
|
http.StatusBadRequest,
|
|
gin.H{"error": errorList})
|
|
return nil, err
|
|
}
|
|
|
|
cinfo := GetClientInfo(c)
|
|
|
|
return &dto.Request[ModelT]{
|
|
Body: body,
|
|
User: cinfo,
|
|
}, nil
|
|
}
|
|
|
|
func GetClientInfo(c * gin.Context) (dto.ClientInfo) {
|
|
|
|
cinfoFromCtx, ok := c.Get("client_info"); if !ok {
|
|
c.AbortWithStatusJSON(
|
|
http.StatusInternalServerError,
|
|
gin.H{"error": "Client info was not found"})
|
|
panic("No client_info found in gin context. Does the handler use AuthMiddleware?")
|
|
}
|
|
cinfo := cinfoFromCtx.(dto.ClientInfo)
|
|
|
|
return cinfo
|
|
}
|