134 lines
3.4 KiB
Go
134 lines
3.4 KiB
Go
package routes
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/viktorstrate/photoview/api/graphql/auth"
|
|
"github.com/viktorstrate/photoview/api/graphql/models"
|
|
)
|
|
|
|
func RegisterPhotoRoutes(db *sql.DB, router *mux.Router) {
|
|
|
|
router.HandleFunc("/{name}", func(w http.ResponseWriter, r *http.Request) {
|
|
image_name := mux.Vars(r)["name"]
|
|
|
|
row := db.QueryRow("SELECT photo_url.purpose, photo.path, photo.photo_id, photo.album_id, photo_url.content_type FROM photo_url, photo WHERE photo_url.photo_name = ? AND photo_url.photo_id = photo.photo_id", image_name)
|
|
|
|
var purpose models.PhotoPurpose
|
|
var path string
|
|
var content_type string
|
|
var album_id int
|
|
var photo_id int
|
|
|
|
if err := row.Scan(&purpose, &path, &photo_id, &album_id, &content_type); err != nil {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
w.Write([]byte("404"))
|
|
return
|
|
}
|
|
|
|
user := auth.UserFromContext(r.Context())
|
|
if user != nil {
|
|
row := db.QueryRow("SELECT owner_id FROM album WHERE album.album_id = ?", album_id)
|
|
var owner_id int
|
|
|
|
if err := row.Scan(&owner_id); err != nil {
|
|
log.Printf("WARN: %s", err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte("internal server error"))
|
|
return
|
|
}
|
|
|
|
if owner_id != user.UserID {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
w.Write([]byte("invalid credentials"))
|
|
return
|
|
}
|
|
} else {
|
|
|
|
token := r.URL.Query().Get("token")
|
|
if token == "" {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
w.Write([]byte("unauthorized"))
|
|
return
|
|
}
|
|
|
|
row := db.QueryRow("SELECT * FROM share_token WHERE value = ?", token)
|
|
|
|
shareToken, err := models.NewShareTokenFromRow(row)
|
|
if err != nil {
|
|
log.Printf("WARN: %s", err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte("internal server error"))
|
|
return
|
|
}
|
|
|
|
if shareToken.AlbumID != nil && album_id != *shareToken.AlbumID {
|
|
// Check child albums
|
|
row := db.QueryRow(`
|
|
WITH recursive child_albums AS (
|
|
SELECT * FROM album WHERE parent_album = ?
|
|
UNION ALL
|
|
SELECT child.* FROM album child JOIN child_albums parent ON parent.album_id = child.parent_album
|
|
)
|
|
SELECT * FROM child_albums WHERE album_id = ?
|
|
`, *shareToken.AlbumID, album_id)
|
|
|
|
_, err := models.NewAlbumFromRow(row)
|
|
if err != nil {
|
|
if err == sql.ErrNoRows {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
w.Write([]byte("unauthorized"))
|
|
return
|
|
}
|
|
log.Printf("WARN: %s", err)
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte("internal server error"))
|
|
return
|
|
}
|
|
}
|
|
|
|
if shareToken.PhotoID != nil && photo_id != *shareToken.PhotoID {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
w.Write([]byte("unauthorized"))
|
|
return
|
|
}
|
|
|
|
}
|
|
|
|
w.Header().Set("Content-Type", content_type)
|
|
|
|
var file *os.File
|
|
|
|
if purpose == models.PhotoThumbnail || purpose == models.PhotoHighRes {
|
|
var err error
|
|
file, err = os.Open(fmt.Sprintf("./image-cache/%d/%d/%s", album_id, photo_id, image_name))
|
|
if err != nil {
|
|
w.Write([]byte("Error: " + err.Error()))
|
|
return
|
|
}
|
|
}
|
|
|
|
if purpose == models.PhotoOriginal {
|
|
var err error
|
|
file, err = os.Open(path)
|
|
if err != nil {
|
|
w.Write([]byte("Error: " + err.Error()))
|
|
return
|
|
}
|
|
}
|
|
|
|
if stats, err := file.Stat(); err == nil {
|
|
w.Header().Set("Content-Length", fmt.Sprintf("%d", stats.Size()))
|
|
}
|
|
|
|
io.Copy(w, file)
|
|
})
|
|
}
|