}
func serveUpload(w http.ResponseWriter, r *http.Request) {
+ // Authentication
username, password, ok := r.BasicAuth()
if !ok {
log.Println(r.RemoteAddr, "unauthenticated", username)
http.Error(w, "unauthenticated", http.StatusUnauthorized)
return
}
+
+ // Form parsing
var err error
if err = r.ParseMultipartForm(1 << 20); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
}
pkgNames, exists := r.MultipartForm.Value["name"]
if !exists || len(pkgNames) != 1 {
- http.Error(w, "name is expected in request", http.StatusBadRequest)
+ http.Error(w, "single name is expected in request", http.StatusBadRequest)
return
}
dir := normalizationRe.ReplaceAllString(pkgNames[0], "-")
}
}
gpgSigsExpected := make(map[string]struct{})
+
+ // Checking is it internal package
+ if _, err = os.Stat(filepath.Join(dirPath, InternalFlag)); err != nil {
+ log.Println(r.RemoteAddr, "non-internal package", dir)
+ http.Error(w, "unknown internal package", http.StatusUnauthorized)
+ return
+ }
+
for _, file := range r.MultipartForm.File["content"] {
filename := file.Filename
gpgSigsExpected[filename+GPGSigExt] = struct{}{}
path := filepath.Join(dirPath, filename)
if _, err = os.Stat(path); err == nil {
log.Println(r.RemoteAddr, "already exists", filename)
- http.Error(w, "Already exists", http.StatusBadRequest)
+ http.Error(w, "already exists", http.StatusBadRequest)
return
}
if !mkdirForPkg(w, r, dir) {
return
}
- internalPath := filepath.Join(dirPath, InternalFlag)
- var dst *os.File
- if _, err = os.Stat(internalPath); os.IsNotExist(err) {
- if dst, err = os.Create(internalPath); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- dst.Close()
- }
src, err := file.Open()
defer src.Close()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
- dst, err = TempFile(dirPath)
+ dst, err := TempFile(dirPath)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
path := filepath.Join(dirPath, filename)
if _, err = os.Stat(path); err == nil {
log.Println(r.RemoteAddr, "already exists", filename)
- http.Error(w, "Already exists", http.StatusBadRequest)
+ http.Error(w, "already exists", http.StatusBadRequest)
return
}
src, err := file.Open()