Make upload endpoint static

author: Julian Hurst <julian.hurst@digdash.com> 2025-01-23 12:12:59 +0100
committer: Julian Hurst <julian.hurst@digdash.com> 2025-01-23 12:12:59 +0100
commit: cc5587319b411fc6896f18c8d174d6034f4ee5e5 (patch)
tree: 0ef4c194c6f12e615aaf0b1f38a22d53c83cb881
parent: fccb6c6a78aaa197ad21a81df49a33882b942cbf (diff)
download: box-cc5587319b411fc6896f18c8d174d6034f4ee5e5.tar.gz
2 files changed, 5 insertions, 1 deletions
diff --git a/main.go b/main.go
index 949d2f3..3e2cd86 100644
--- a/main.go
+++ b/main.go
@@ -69,6 +69,10 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 		w.WriteHeader(http.StatusNoContent)
 	case http.MethodPost:
+		if r.URL.Path != "/upload" {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
 		token := r.Header.Get("X-Upload-Token")
 		if token != handler.token {
 			log.Println("unauthorized")
diff --git a/templates/index.html b/templates/index.html
index c487165..9264991 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -36,7 +36,7 @@
 						resourceId = xhr.getResponseHeader("X-Resource-ID");
 					}
 				}
-				xhr.open("POST", "/" + f.name, true);
+				xhr.open("POST", "/upload", true);
 				xhr.setRequestHeader("X-Upload-Token", token)
 				xhr.send(f)
 			}
author	Julian Hurst <julian.hurst@digdash.com>	2025-01-23 12:12:59 +0100
committer	Julian Hurst <julian.hurst@digdash.com>	2025-01-23 12:12:59 +0100
commit	cc5587319b411fc6896f18c8d174d6034f4ee5e5 (patch)
tree	0ef4c194c6f12e615aaf0b1f38a22d53c83cb881
parent	fccb6c6a78aaa197ad21a81df49a33882b942cbf (diff)
download	box-cc5587319b411fc6896f18c8d174d6034f4ee5e5.tar.gz