aboutsummaryrefslogtreecommitdiffstats
path: root/library/blueimp_upload/server/gae-go/app/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'library/blueimp_upload/server/gae-go/app/main.go')
-rw-r--r--library/blueimp_upload/server/gae-go/app/main.go297
1 files changed, 181 insertions, 116 deletions
diff --git a/library/blueimp_upload/server/gae-go/app/main.go b/library/blueimp_upload/server/gae-go/app/main.go
index 03af0b1d2..a92d128c0 100644
--- a/library/blueimp_upload/server/gae-go/app/main.go
+++ b/library/blueimp_upload/server/gae-go/app/main.go
@@ -1,59 +1,90 @@
/*
- * jQuery File Upload Plugin GAE Go Example 3.2.0
+ * jQuery File Upload Plugin GAE Go Example
* https://github.com/blueimp/jQuery-File-Upload
*
* Copyright 2011, Sebastian Tschan
* https://blueimp.net
*
* Licensed under the MIT license:
- * http://www.opensource.org/licenses/MIT
+ * https://opensource.org/licenses/MIT
*/
package app
import (
- "appengine"
- "appengine/blobstore"
- "appengine/image"
- "appengine/taskqueue"
+ "bufio"
"bytes"
"encoding/json"
"fmt"
+ "github.com/disintegration/gift"
+ "golang.org/x/net/context"
+ "google.golang.org/appengine"
+ "google.golang.org/appengine/memcache"
+ "hash/crc32"
+ "image"
+ "image/gif"
+ "image/jpeg"
+ "image/png"
"io"
"log"
"mime/multipart"
"net/http"
"net/url"
+ "path/filepath"
"regexp"
"strings"
- "time"
)
const (
- WEBSITE = "https://blueimp.github.io/jQuery-File-Upload/"
- MIN_FILE_SIZE = 1 // bytes
- MAX_FILE_SIZE = 5000000 // bytes
+ WEBSITE = "https://blueimp.github.io/jQuery-File-Upload/"
+ MIN_FILE_SIZE = 1 // bytes
+ // Max file size is memcache limit (1MB) minus key size minus overhead:
+ MAX_FILE_SIZE = 999000 // bytes
IMAGE_TYPES = "image/(gif|p?jpeg|(x-)?png)"
ACCEPT_FILE_TYPES = IMAGE_TYPES
+ THUMB_MAX_WIDTH = 80
+ THUMB_MAX_HEIGHT = 80
EXPIRATION_TIME = 300 // seconds
- THUMBNAIL_PARAM = "=s80"
+ // If empty, only allow redirects to the referer protocol+host.
+ // Set to a regexp string for custom pattern matching:
+ REDIRECT_ALLOW_TARGET = ""
)
var (
imageTypes = regexp.MustCompile(IMAGE_TYPES)
acceptFileTypes = regexp.MustCompile(ACCEPT_FILE_TYPES)
+ thumbSuffix = "." + fmt.Sprint(THUMB_MAX_WIDTH) + "x" +
+ fmt.Sprint(THUMB_MAX_HEIGHT)
)
+func escape(s string) string {
+ return strings.Replace(url.QueryEscape(s), "+", "%20", -1)
+}
+
+func extractKey(r *http.Request) string {
+ // Use RequestURI instead of r.URL.Path, as we need the encoded form:
+ path := strings.Split(r.RequestURI, "?")[0]
+ // Also adjust double encoded slashes:
+ return strings.Replace(path[1:], "%252F", "%2F", -1)
+}
+
+func check(err error) {
+ if err != nil {
+ panic(err)
+ }
+}
+
type FileInfo struct {
- Key appengine.BlobKey `json:"-"`
- Url string `json:"url,omitempty"`
- ThumbnailUrl string `json:"thumbnailUrl,omitempty"`
- Name string `json:"name"`
- Type string `json:"type"`
- Size int64 `json:"size"`
- Error string `json:"error,omitempty"`
- DeleteUrl string `json:"deleteUrl,omitempty"`
- DeleteType string `json:"deleteType,omitempty"`
+ Key string `json:"-"`
+ ThumbnailKey string `json:"-"`
+ Url string `json:"url,omitempty"`
+ ThumbnailUrl string `json:"thumbnailUrl,omitempty"`
+ Name string `json:"name"`
+ Type string `json:"type"`
+ Size int64 `json:"size"`
+ Error string `json:"error,omitempty"`
+ DeleteUrl string `json:"deleteUrl,omitempty"`
+ DeleteType string `json:"deleteType,omitempty"`
}
func (fi *FileInfo) ValidateType() (valid bool) {
@@ -75,50 +106,58 @@ func (fi *FileInfo) ValidateSize() (valid bool) {
return false
}
-func (fi *FileInfo) CreateUrls(r *http.Request, c appengine.Context) {
+func (fi *FileInfo) CreateUrls(r *http.Request, c context.Context) {
u := &url.URL{
Scheme: r.URL.Scheme,
Host: appengine.DefaultVersionHostname(c),
Path: "/",
}
uString := u.String()
- fi.Url = uString + escape(string(fi.Key)) + "/" +
- escape(string(fi.Name))
- fi.DeleteUrl = fi.Url + "?delete=true"
+ fi.Url = uString + fi.Key
+ fi.DeleteUrl = fi.Url
fi.DeleteType = "DELETE"
- if imageTypes.MatchString(fi.Type) {
- servingUrl, err := image.ServingURL(
- c,
- fi.Key,
- &image.ServingURLOptions{
- Secure: strings.HasSuffix(u.Scheme, "s"),
- Size: 0,
- Crop: false,
- },
- )
- check(err)
- fi.ThumbnailUrl = servingUrl.String() + THUMBNAIL_PARAM
+ if fi.ThumbnailKey != "" {
+ fi.ThumbnailUrl = uString + fi.ThumbnailKey
}
}
-func check(err error) {
- if err != nil {
- panic(err)
- }
-}
-
-func escape(s string) string {
- return strings.Replace(url.QueryEscape(s), "+", "%20", -1)
+func (fi *FileInfo) SetKey(checksum uint32) {
+ fi.Key = escape(string(fi.Type)) + "/" +
+ escape(fmt.Sprint(checksum)) + "/" +
+ escape(string(fi.Name))
}
-func delayedDelete(c appengine.Context, fi *FileInfo) {
- if key := string(fi.Key); key != "" {
- task := &taskqueue.Task{
- Path: "/" + escape(key) + "/-",
- Method: "DELETE",
- Delay: time.Duration(EXPIRATION_TIME) * time.Second,
+func (fi *FileInfo) createThumb(buffer *bytes.Buffer, c context.Context) {
+ if imageTypes.MatchString(fi.Type) {
+ src, _, err := image.Decode(bytes.NewReader(buffer.Bytes()))
+ check(err)
+ filter := gift.New(gift.ResizeToFit(
+ THUMB_MAX_WIDTH,
+ THUMB_MAX_HEIGHT,
+ gift.LanczosResampling,
+ ))
+ dst := image.NewNRGBA(filter.Bounds(src.Bounds()))
+ filter.Draw(dst, src)
+ buffer.Reset()
+ bWriter := bufio.NewWriter(buffer)
+ switch fi.Type {
+ case "image/jpeg", "image/pjpeg":
+ err = jpeg.Encode(bWriter, dst, nil)
+ case "image/gif":
+ err = gif.Encode(bWriter, dst, nil)
+ default:
+ err = png.Encode(bWriter, dst)
+ }
+ check(err)
+ bWriter.Flush()
+ thumbnailKey := fi.Key + thumbSuffix + filepath.Ext(fi.Name)
+ item := &memcache.Item{
+ Key: thumbnailKey,
+ Value: buffer.Bytes(),
}
- taskqueue.Add(c, task, "")
+ err = memcache.Set(c, item)
+ check(err)
+ fi.ThumbnailKey = thumbnailKey
}
}
@@ -136,24 +175,26 @@ func handleUpload(r *http.Request, p *multipart.Part) (fi *FileInfo) {
fi.Error = rec.(error).Error()
}
}()
+ var buffer bytes.Buffer
+ hash := crc32.NewIEEE()
+ mw := io.MultiWriter(&buffer, hash)
lr := &io.LimitedReader{R: p, N: MAX_FILE_SIZE + 1}
+ _, err := io.Copy(mw, lr)
+ check(err)
+ fi.Size = MAX_FILE_SIZE + 1 - lr.N
+ if !fi.ValidateSize() {
+ return
+ }
+ fi.SetKey(hash.Sum32())
+ item := &memcache.Item{
+ Key: fi.Key,
+ Value: buffer.Bytes(),
+ }
context := appengine.NewContext(r)
- w, err := blobstore.Create(context, fi.Type)
- defer func() {
- w.Close()
- fi.Size = MAX_FILE_SIZE + 1 - lr.N
- fi.Key, err = w.Key()
- check(err)
- if !fi.ValidateSize() {
- err := blobstore.Delete(context, fi.Key)
- check(err)
- return
- }
- delayedDelete(context, fi)
- fi.CreateUrls(r, context)
- }()
+ err = memcache.Set(context, item)
check(err)
- _, err = io.Copy(w, lr)
+ fi.createThumb(&buffer, context)
+ fi.CreateUrls(r, context)
return
}
@@ -183,49 +224,70 @@ func handleUploads(r *http.Request) (fileInfos []*FileInfo) {
return
}
+func validateRedirect(r *http.Request, redirect string) bool {
+ if redirect != "" {
+ var redirectAllowTarget *regexp.Regexp
+ if REDIRECT_ALLOW_TARGET != "" {
+ redirectAllowTarget = regexp.MustCompile(REDIRECT_ALLOW_TARGET)
+ } else {
+ referer := r.Referer()
+ if referer == "" {
+ return false
+ }
+ refererUrl, err := url.Parse(referer)
+ if err != nil {
+ return false
+ }
+ redirectAllowTarget = regexp.MustCompile("^" + regexp.QuoteMeta(
+ refererUrl.Scheme+"://"+refererUrl.Host+"/",
+ ))
+ }
+ return redirectAllowTarget.MatchString(redirect)
+ }
+ return false
+}
+
func get(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/" {
http.Redirect(w, r, WEBSITE, http.StatusFound)
return
}
- parts := strings.Split(r.URL.Path, "/")
+ // Use RequestURI instead of r.URL.Path, as we need the encoded form:
+ key := extractKey(r)
+ parts := strings.Split(key, "/")
if len(parts) == 3 {
- if key := parts[1]; key != "" {
- blobKey := appengine.BlobKey(key)
- bi, err := blobstore.Stat(appengine.NewContext(r), blobKey)
- if err == nil {
- w.Header().Add("X-Content-Type-Options", "nosniff")
- if !imageTypes.MatchString(bi.ContentType) {
- w.Header().Add("Content-Type", "application/octet-stream")
- w.Header().Add(
- "Content-Disposition",
- fmt.Sprintf("attachment; filename=\"%s\"", parts[2]),
- )
- }
- w.Header().Add(
- "Cache-Control",
- fmt.Sprintf("public,max-age=%d", EXPIRATION_TIME),
- )
- blobstore.Send(w, blobKey)
- return
+ context := appengine.NewContext(r)
+ item, err := memcache.Get(context, key)
+ if err == nil {
+ w.Header().Add("X-Content-Type-Options", "nosniff")
+ contentType, _ := url.QueryUnescape(parts[0])
+ if !imageTypes.MatchString(contentType) {
+ contentType = "application/octet-stream"
}
+ w.Header().Add("Content-Type", contentType)
+ w.Header().Add(
+ "Cache-Control",
+ fmt.Sprintf("public,max-age=%d", EXPIRATION_TIME),
+ )
+ w.Write(item.Value)
+ return
}
}
http.Error(w, "404 Not Found", http.StatusNotFound)
}
func post(w http.ResponseWriter, r *http.Request) {
- result := make(map[string][]*FileInfo, 1)
- result["files"] = handleUploads(r)
+ result := make(map[string][]*FileInfo, 1)
+ result["files"] = handleUploads(r)
b, err := json.Marshal(result)
check(err)
- if redirect := r.FormValue("redirect"); redirect != "" {
- if strings.Contains(redirect, "%s") {
- redirect = fmt.Sprintf(
- redirect,
- escape(string(b)),
- )
- }
+ if redirect := r.FormValue("redirect"); validateRedirect(r, redirect) {
+ if strings.Contains(redirect, "%s") {
+ redirect = fmt.Sprintf(
+ redirect,
+ escape(string(b)),
+ )
+ }
http.Redirect(w, r, redirect, http.StatusFound)
return
}
@@ -238,27 +300,30 @@ func post(w http.ResponseWriter, r *http.Request) {
}
func delete(w http.ResponseWriter, r *http.Request) {
- parts := strings.Split(r.URL.Path, "/")
- if len(parts) != 3 {
- return
- }
- result := make(map[string]bool, 1)
- if key := parts[1]; key != "" {
- c := appengine.NewContext(r)
- blobKey := appengine.BlobKey(key)
- err := blobstore.Delete(c, blobKey)
- check(err)
- err = image.DeleteServingURL(c, blobKey)
+ key := extractKey(r)
+ parts := strings.Split(key, "/")
+ if len(parts) == 3 {
+ result := make(map[string]bool, 1)
+ context := appengine.NewContext(r)
+ err := memcache.Delete(context, key)
+ if err == nil {
+ result[key] = true
+ contentType, _ := url.QueryUnescape(parts[0])
+ if imageTypes.MatchString(contentType) {
+ thumbnailKey := key + thumbSuffix + filepath.Ext(parts[2])
+ err := memcache.Delete(context, thumbnailKey)
+ if err == nil {
+ result[thumbnailKey] = true
+ }
+ }
+ }
+ w.Header().Set("Content-Type", "application/json")
+ b, err := json.Marshal(result)
check(err)
- result[key] = true
- }
- jsonType := "application/json"
- if strings.Index(r.Header.Get("Accept"), jsonType) != -1 {
- w.Header().Set("Content-Type", jsonType)
+ fmt.Fprintln(w, string(b))
+ } else {
+ http.Error(w, "405 Method not allowed", http.StatusMethodNotAllowed)
}
- b, err := json.Marshal(result)
- check(err)
- fmt.Fprintln(w, string(b))
}
func handle(w http.ResponseWriter, r *http.Request) {
@@ -267,15 +332,15 @@ func handle(w http.ResponseWriter, r *http.Request) {
w.Header().Add("Access-Control-Allow-Origin", "*")
w.Header().Add(
"Access-Control-Allow-Methods",
- "OPTIONS, HEAD, GET, POST, PUT, DELETE",
+ "OPTIONS, HEAD, GET, POST, DELETE",
)
w.Header().Add(
"Access-Control-Allow-Headers",
"Content-Type, Content-Range, Content-Disposition",
)
switch r.Method {
- case "OPTIONS":
- case "HEAD":
+ case "OPTIONS", "HEAD":
+ return
case "GET":
get(w, r)
case "POST":