uploading stuff sorta works but also permissions dont, i'll fix that later when i'm not fighting with my parents

Cargo.lock

@@ -601,6 +601,7 @@ dependencies = [
  "rand_hc",
  "regex",
  "rocket",
+ "rocket_cors",
  "rocket_db_pools",
  "sha256",
  "sqlx",
@@ -1672,6 +1673,23 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "rocket_cors"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfac3a1df83f8d4fc96aa41dba3b86c786417b7fc0f52ec76295df2ba781aa69"
+dependencies = [
+ "http",
+ "log",
+ "regex",
+ "rocket",
+ "serde",
+ "serde_derive",
+ "unicase",
+ "unicase_serde",
+ "url",
+]
+
 [[package]]
 name = "rocket_db_pools"
 version = "0.1.0"
@@ -2546,6 +2564,25 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "unicase"
+version = "2.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7d2d4dafb69621809a81864c9c1b864479e1235c0dd4e199924b9742439ed89"
+dependencies = [
+ "version_check",
+]
+
+[[package]]
+name = "unicase_serde"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ef53697679d874d69f3160af80bc28de12730a985d57bdf2b47456ccb8b11f1"
+dependencies = [
+ "serde",
+ "unicase",
+]
+
 [[package]]
 name = "unicode-bidi"
 version = "0.3.14"

Cargo.toml

@@ -12,6 +12,7 @@ rand = "0.8.5"
 rand_hc = "0.3.2"
 regex = "1.10.3"
 rocket = {version="0.5.0",features=["secrets","json"]}
+rocket_cors = "0.6.0"
 rocket_db_pools = {version="0.1.0",features=["sqlx_postgres"]}
 sha256 = "1.5.0"
 sqlx = { version = "0.7.3", features = ["macros", "postgres"] }

src/main.rs

@@ -5,6 +5,7 @@ use rocket::fs::{FileServer, NamedFile};
 use rocket::http::Status;
 use rocket::response::content::{self, RawHtml};
 use rocket::serde::Serialize;
+use rocket::tokio::io::AsyncReadExt;
 use rocket::{Build, Request, Rocket};
 use rocket_db_pools::sqlx::pool::PoolConnection;
 use rocket_db_pools::sqlx::Postgres;
@@ -21,6 +22,7 @@ use rocket_db_pools::{
 
 use rocket::serde::{json::Json, Deserialize};
 use rocket::http::CookieJar;
+use rocket::fs::TempFile;
 
 use fossil::tables::{Db, Post, User};
 
@@ -310,6 +312,18 @@ async fn get_image(image: String) -> Result<NamedFile, Status> {
     }
 }
 
+#[post("/upload", format = "plain", data = "<file>")]
+async fn upload(mut file: TempFile<'_>) -> String {
+    eprintln!("{file:?}");
+    let mut content: String = String::new();
+    file.open().await.unwrap().read_to_string(&mut content).await.unwrap();
+    eprintln!("{content}");
+    match file.copy_to("/srv/images/file.txt").await {
+        Ok(_) => String::from("worked"),
+        Err(why) => why.to_string()
+    }
+}
+
 #[catch(default)]
 fn default_catcher(status: Status, _: &Request) -> RawHtml<String> {
     content::RawHtml(
@@ -396,13 +410,23 @@ async fn migrate(rocket: Rocket<Build>) -> Rocket<Build> {
 
 #[rocket::main]
 async fn main() {
+use rocket::http::Method;
+    use rocket_cors::{AllowedOrigins, CorsOptions};
+    let cors = CorsOptions::default().allowed_origins(AllowedOrigins::all()).allowed_methods(
+        vec![Method::Get, Method::Post, Method::Patch]
+            .into_iter()
+            .map(From::from)
+            .collect(),
+    )
+    .allow_credentials(true);
+
     let _rocket = rocket::build()
         .attach(Db::init())
-        // .attach(Post)
         .attach(AdHoc::on_ignite("DB Migrations", migrate))
+        .attach(cors.to_cors().unwrap())
         .mount(
             "/",
-            routes![login_page, login, logout, createuser, createuser_page, account, adminpanel, toggleperms, get_image],
+            routes![login_page, login, logout, createuser, createuser_page, account, adminpanel, toggleperms, get_image, upload],
         )
         .mount("/api", routes![api_perms])
         .mount("/css", FileServer::from("/srv/web/css"))

src/tables.rs

@@ -243,8 +243,6 @@ impl Image {
     pub async fn create(db: &mut Connection<Db>, mut image: TempFile<'_>, user: User) -> Status<String> {
         let uuid = uuid::Uuid::new_v4().to_string();
 
-        // TODO: implement checks to see if it's a png
-        // not doing this is bad. see any of maia arson crimew's articles as to why.
         image.persist_to(format!("/images/{uuid}.png")).await.unwrap();
 
         match db