diff --git a/Cargo.lock b/Cargo.lock index 2734584..f91df14 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -601,6 +601,7 @@ dependencies = [ "rand_hc", "regex", "rocket", + "rocket_cors", "rocket_db_pools", "sha256", "sqlx", @@ -1672,6 +1673,23 @@ dependencies = [ "version_check", ] +[[package]] +name = "rocket_cors" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfac3a1df83f8d4fc96aa41dba3b86c786417b7fc0f52ec76295df2ba781aa69" +dependencies = [ + "http", + "log", + "regex", + "rocket", + "serde", + "serde_derive", + "unicase", + "unicase_serde", + "url", +] + [[package]] name = "rocket_db_pools" version = "0.1.0" @@ -2546,6 +2564,25 @@ dependencies = [ "version_check", ] +[[package]] +name = "unicase" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d2d4dafb69621809a81864c9c1b864479e1235c0dd4e199924b9742439ed89" +dependencies = [ + "version_check", +] + +[[package]] +name = "unicase_serde" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ef53697679d874d69f3160af80bc28de12730a985d57bdf2b47456ccb8b11f1" +dependencies = [ + "serde", + "unicase", +] + [[package]] name = "unicode-bidi" version = "0.3.14" diff --git a/Cargo.toml b/Cargo.toml index da8c42e..8945372 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,6 +12,7 @@ rand = "0.8.5" rand_hc = "0.3.2" regex = "1.10.3" rocket = {version="0.5.0",features=["secrets","json"]} +rocket_cors = "0.6.0" rocket_db_pools = {version="0.1.0",features=["sqlx_postgres"]} sha256 = "1.5.0" sqlx = { version = "0.7.3", features = ["macros", "postgres"] } diff --git a/src/main.rs b/src/main.rs index e2785a5..8cc187c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,6 +5,7 @@ use rocket::fs::{FileServer, NamedFile}; use rocket::http::Status; use rocket::response::content::{self, RawHtml}; use rocket::serde::Serialize; +use rocket::tokio::io::AsyncReadExt; use rocket::{Build, Request, Rocket}; use rocket_db_pools::sqlx::pool::PoolConnection; use rocket_db_pools::sqlx::Postgres; @@ -21,6 +22,7 @@ use rocket_db_pools::{ use rocket::serde::{json::Json, Deserialize}; use rocket::http::CookieJar; +use rocket::fs::TempFile; use fossil::tables::{Db, Post, User}; @@ -310,6 +312,18 @@ async fn get_image(image: String) -> Result { } } +#[post("/upload", format = "plain", data = "")] +async fn upload(mut file: TempFile<'_>) -> String { + eprintln!("{file:?}"); + let mut content: String = String::new(); + file.open().await.unwrap().read_to_string(&mut content).await.unwrap(); + eprintln!("{content}"); + match file.copy_to("/srv/images/file.txt").await { + Ok(_) => String::from("worked"), + Err(why) => why.to_string() + } +} + #[catch(default)] fn default_catcher(status: Status, _: &Request) -> RawHtml { content::RawHtml( @@ -396,13 +410,23 @@ async fn migrate(rocket: Rocket) -> Rocket { #[rocket::main] async fn main() { +use rocket::http::Method; + use rocket_cors::{AllowedOrigins, CorsOptions}; + let cors = CorsOptions::default().allowed_origins(AllowedOrigins::all()).allowed_methods( + vec![Method::Get, Method::Post, Method::Patch] + .into_iter() + .map(From::from) + .collect(), + ) + .allow_credentials(true); + let _rocket = rocket::build() .attach(Db::init()) - // .attach(Post) .attach(AdHoc::on_ignite("DB Migrations", migrate)) + .attach(cors.to_cors().unwrap()) .mount( "/", - routes![login_page, login, logout, createuser, createuser_page, account, adminpanel, toggleperms, get_image], + routes![login_page, login, logout, createuser, createuser_page, account, adminpanel, toggleperms, get_image, upload], ) .mount("/api", routes![api_perms]) .mount("/css", FileServer::from("/srv/web/css")) diff --git a/src/tables.rs b/src/tables.rs index 83749a2..96cc510 100644 --- a/src/tables.rs +++ b/src/tables.rs @@ -243,8 +243,6 @@ impl Image { pub async fn create(db: &mut Connection, mut image: TempFile<'_>, user: User) -> Status { let uuid = uuid::Uuid::new_v4().to_string(); - // TODO: implement checks to see if it's a png - // not doing this is bad. see any of maia arson crimew's articles as to why. image.persist_to(format!("/images/{uuid}.png")).await.unwrap(); match db