diff options
| author | Julian Hurst <julian.hurst@digdash.com> | 2025-04-09 15:03:05 +0200 |
|---|---|---|
| committer | Julian Hurst <julian.hurst@digdash.com> | 2025-04-09 15:08:41 +0200 |
| commit | 51d758f0ccb33567458003a01ddd49e0356f0f61 (patch) | |
| tree | a13fea02f2c2f76169ca97177d7d0f69f829fd54 /main.go | |
| parent | ad130f94bdca7edcfc5a9951eb5da1e4ce75c385 (diff) | |
| download | box-51d758f0ccb33567458003a01ddd49e0356f0f61.tar.gz | |
Add header and option to preserve the filename
When uploading it's now possible to specify a X-ResourceMeta-Filename
header to specify the final filename of the file. This supercedes the
X-ResourceMeta-Extension header.
Note: this option can make it easier to guess the resource url so if
uploading a sensitive file (which is not recommended anyway) an easy to
guess filename could make it easier for an "attacker" to get the file.
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 19 |
1 files changed, 11 insertions, 8 deletions
@@ -116,15 +116,18 @@ func (handler BoxHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusUnauthorized) return } - ext := r.Header.Get("X-ResourceMeta-Extension") - u, err := uuid.NewRandom() - if err != nil { - log.Println(err) - fmt.Fprint(w, err.Error()) - w.WriteHeader(http.StatusInternalServerError) - return + filename := r.Header.Get("X-ResourceMeta-Filename") + if filename == "" { + ext := r.Header.Get("X-ResourceMeta-Extension") + u, err := uuid.NewRandom() + if err != nil { + log.Println(err) + fmt.Fprint(w, err.Error()) + w.WriteHeader(http.StatusInternalServerError) + return + } + filename = filepath.Join(handler.filesPath, u.String()) + ext } - filename := filepath.Join(handler.filesPath, u.String()) + ext log.Printf("Boxing %s...\n", filename) f, err := os.Create(filename) if err != nil { |