Added API call to edit and create file requests, improved openapi

Author: Forceu

internal/configuration/database/Database.go

@@ -333,8 +333,9 @@ func GetAllFileRequests() []models.FileRequest {
 }
 
 // SaveFileRequest stores the hotlink associated with the file in the database
-func SaveFileRequest(request models.FileRequest) {
-	db.SaveFileRequest(request)
+// Returns the ID of the new request
+func SaveFileRequest(request models.FileRequest) int {
+	return db.SaveFileRequest(request)
 }
 
 // DeleteFileRequest deletes a file request with the given ID

internal/configuration/database/dbabstraction/DbAbstraction.go

@@ -103,7 +103,8 @@ type Database interface {
 	// GetAllFileRequests returns an array with all file requests
 	GetAllFileRequests() []models.FileRequest
 	// SaveFileRequest stores the hotlink associated with the file in the database
-	SaveFileRequest(request models.FileRequest)
+	// Returns the ID of the new request
+	SaveFileRequest(request models.FileRequest) int
 	// DeleteFileRequest deletes a file request with the given ID
 	DeleteFileRequest(request models.FileRequest)
 }

internal/configuration/database/provider/redis/filerequests.go

@@ -58,7 +58,8 @@ func sortFilerequests(users []models.FileRequest) []models.FileRequest {
 }
 
 // SaveFileRequest stores the hotlink associated with the file in the database
-func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) {
+// Returns the ID of the new request
+func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) int {
 	if request.Id == 0 {
 		id := p.getIncreasedInt(prefixFileRequestCounter)
 		request.Id = id
@@ -69,6 +70,7 @@ func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) {
 		}
 	}
 	p.setHashMap(p.buildArgs(prefixUsers + strconv.Itoa(request.Id)).AddFlat(request))
+	return request.Id
 }
 
 // DeleteFileRequest deletes a file request with the given ID

internal/configuration/database/provider/sqlite/Sqlite.go

@@ -11,7 +11,7 @@ import (
 
 	"github.com/forceu/gokapi/internal/helper"
 	"github.com/forceu/gokapi/internal/models"
-	// Required for sqlite driver
+	// Required for the sqlite driver
 	_ "modernc.org/sqlite"
 )
 

internal/configuration/database/provider/sqlite/filerequests.go

@@ -66,7 +66,8 @@ func (p DatabaseProvider) GetAllFileRequests() []models.FileRequest {
 }
 
 // SaveFileRequest stores the hotlink associated with the file in the database
-func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) {
+// Returns the ID of the new request
+func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) int {
 	newData := schemaFileRequests{
 		Id:       request.Id,
 		Name:     request.Name,
@@ -79,15 +80,18 @@ func (p DatabaseProvider) SaveFileRequest(request models.FileRequest) {
 
 	// If ID is not 0, then an existing file request is being saved and needs to be
 	// replaced in the database
-	if newData.Id == 0 {
-		_, err := p.sqliteDb.Exec("INSERT INTO UploadRequests (name, userid, expiry, maxFiles, maxSize, creation) VALUES  (?, ?, ?, ?, ?, ?)",
-			newData.Name, newData.UserId, newData.Expiry, newData.MaxFiles, newData.MaxSize, newData.Creation)
-		helper.Check(err)
-	} else {
+	if newData.Id != 0 {
 		_, err := p.sqliteDb.Exec("INSERT OR REPLACE INTO UploadRequests (id, name, userid, expiry, maxFiles, maxSize, creation) VALUES  (?, ?, ?, ?, ?, ?, ?)",
 			newData.Id, newData.Name, newData.UserId, newData.Expiry, newData.MaxFiles, newData.MaxSize, newData.Creation)
 		helper.Check(err)
+		return newData.Id
 	}
+	res, err := p.sqliteDb.Exec("INSERT INTO UploadRequests (name, userid, expiry, maxFiles, maxSize, creation) VALUES  (?, ?, ?, ?, ?, ?)",
+		newData.Name, newData.UserId, newData.Expiry, newData.MaxFiles, newData.MaxSize, newData.Creation)
+	helper.Check(err)
+	id, err := res.LastInsertId()
+	helper.Check(err)
+	return int(id)
 }
 
 // DeleteFileRequest deletes a file request with the given ID

internal/models/User.go

@@ -64,23 +64,23 @@ func (u *User) IsSameUser(userId int) bool {
 }
 
 const (
-	// UserPermReplaceUploads allows replacing uploads
+	// UserPermReplaceUploads allows replacing uploads PERM_REPLACE
 	UserPermReplaceUploads UserPermission = 1 << iota
-	// UserPermListOtherUploads allows also listing uploads by other users
+	// UserPermListOtherUploads allows also listing uploads by other users PERM_LIST
 	UserPermListOtherUploads
-	// UserPermEditOtherUploads allows editing of uploads by other users
+	// UserPermEditOtherUploads allows editing of uploads by other users PERM_EDIT
 	UserPermEditOtherUploads
-	// UserPermReplaceOtherUploads allows replacing of uploads by other users
+	// UserPermReplaceOtherUploads allows replacing of uploads by other users PERM_REPLACE_OTHER
 	UserPermReplaceOtherUploads
-	// UserPermDeleteOtherUploads allows deleting uploads by other users
+	// UserPermDeleteOtherUploads allows deleting uploads by other users PERM_DELETE
 	UserPermDeleteOtherUploads
-	// UserPermManageLogs allows viewing and deleting logs
+	// UserPermManageLogs allows viewing and deleting logs PERM_LOGS
 	UserPermManageLogs
-	// UserPermManageApiKeys allows editing and deleting of API keys by other users
+	// UserPermManageApiKeys allows editing and deleting of API keys by other users PERM_API
 	UserPermManageApiKeys
-	// UserPermManageUsers allows creating and editing of users, including granting and revoking permissions
+	// UserPermManageUsers allows creating and editing of users, including granting and revoking permissions PERM_USERS
 	UserPermManageUsers
-	// UserPermGuestUploads allows creating file requests
+	// UserPermGuestUploads allows creating file requests PERM_GUEST_UPLOAD
 	UserPermGuestUploads
 )
 

internal/webserver/api/Api.go

@@ -773,7 +773,7 @@ func apiURequestDelete(w http.ResponseWriter, r requestParser, user models.User)
 		sendError(w, http.StatusNotFound, "FileRequest does not exist with the given ID")
 		return
 	}
-	if uploadRequest.UserId != user.Id && !user.HasPermission(models.UserPermListOtherUploads) {
+	if uploadRequest.UserId != user.Id && !user.HasPermission(models.UserPermDeleteOtherUploads) {
 		sendError(w, http.StatusUnauthorized, "No permission to delete this upload request")
 		return
 	}
@@ -782,6 +782,55 @@ func apiURequestDelete(w http.ResponseWriter, r requestParser, user models.User)
 	_, _ = w.Write([]byte("{\"result\":\"OK\"}"))
 }
 
+func apiURequestSave(w http.ResponseWriter, r requestParser, user models.User) {
+	request, ok := r.(*paramURequestSave)
+	if !ok {
+		panic("invalid parameter passed")
+	}
+	uploadRequest := models.FileRequest{}
+
+	if !request.IsNewRequest {
+		uploadRequest, ok = database.GetFileRequest(request.Id)
+		if !ok {
+			sendError(w, http.StatusNotFound, "FileRequest does not exist with the given ID")
+			return
+		}
+		if uploadRequest.UserId != user.Id && !user.HasPermission(models.UserPermEditOtherUploads) {
+			sendError(w, http.StatusUnauthorized, "No permission to edit this upload request")
+			return
+		}
+	} else {
+		uploadRequest.UserId = user.Id
+	}
+
+	if request.Name == "" {
+		if request.IsNameSet || uploadRequest.Name == "" {
+			uploadRequest.Name = "Unnamed Request"
+		}
+	} else {
+		uploadRequest.Name = request.Name
+	}
+	if request.IsExpirySet {
+		uploadRequest.Expiry = request.Expiry
+	}
+	if request.IsMaxFilesSet {
+		uploadRequest.MaxFiles = request.MaxFiles
+	}
+	if request.IsMaxSizeSet {
+		uploadRequest.MaxSize = request.MaxSize
+	}
+	id := database.SaveFileRequest(uploadRequest)
+	uploadRequest, ok = database.GetFileRequest(id)
+	if !ok {
+		sendError(w, http.StatusInternalServerError, "Could not save file request")
+		return
+	}
+	uploadRequest.Populate(database.GetAllMetadata())
+	result, err := json.Marshal(uploadRequest)
+	helper.Check(err)
+	_, _ = w.Write(result)
+}
+
 func isAuthorisedForApi(r *http.Request, routing apiRoute) (models.User, bool) {
 	apiKey := r.Header.Get("apikey")
 	user, _, ok := isValidApiKey(apiKey, true, routing.ApiPerm)

internal/webserver/api/routing.go

@@ -157,6 +157,12 @@ var routes = []apiRoute{
 		execution:     apiResetPassword,
 		RequestParser: &paramUserResetPw{},
 	},
+	{
+		Url:           "/uploadrequest/save",
+		ApiPerm:       models.ApiPermManageFileRequests,
+		execution:     apiURequestSave,
+		RequestParser: &paramURequestSave{},
+	},
 	{
 		Url:           "/uploadrequest/delete",
 		ApiPerm:       models.ApiPermManageFileRequests,
@@ -555,6 +561,40 @@ func (p *paramURequestDelete) ProcessParameter(_ *http.Request) error {
 	return nil
 }
 
+type paramURequestSave struct {
+	Id            int    `header:"id"`
+	Name          string `header:"name"`
+	Expiry        int64  `header:"expiry"`
+	MaxFiles      int    `header:"maxfiles"`
+	MaxSize       int    `header:"maxsize"`
+	IsNewRequest  bool
+	IsNameSet     bool
+	IsExpirySet   bool
+	IsMaxFilesSet bool
+	IsMaxSizeSet  bool
+
+	foundHeaders map[string]bool
+}
+
+func (p *paramURequestSave) ProcessParameter(_ *http.Request) error {
+	if !p.foundHeaders["id"] {
+		p.IsNewRequest = true
+	}
+	if p.foundHeaders["name"] {
+		p.IsNameSet = true
+	}
+	if p.foundHeaders["expiry"] {
+		p.IsExpirySet = true
+	}
+	if p.foundHeaders["maxfiles"] {
+		p.IsMaxFilesSet = true
+	}
+	if p.foundHeaders["maxsize"] {
+		p.IsMaxSizeSet = true
+	}
+	return nil
+}
+
 func checkHeaderExists(r *http.Request, key string, isRequired, isString bool) (bool, error) {
 	if r.Header.Get(key) != "" {
 		return true, nil