diff options
Diffstat (limited to 'system/api/external.go')
| -rw-r--r-- | system/api/external.go | 230 |
1 files changed, 0 insertions, 230 deletions
diff --git a/system/api/external.go b/system/api/external.go deleted file mode 100644 index 7f13917..0000000 --- a/system/api/external.go +++ /dev/null @@ -1,230 +0,0 @@ -package api - -import ( - "context" - "encoding/json" - "fmt" - "log" - "net/http" - "strings" - "time" - - "github.com/ponzu-cms/ponzu/system/admin/upload" - "github.com/ponzu-cms/ponzu/system/db" - "github.com/ponzu-cms/ponzu/system/item" -) - -// Externalable accepts or rejects external POST requests to endpoints such as: -// /api/content/external?type=Review -type Externalable interface { - // Accept allows external content submissions of a specific type - Accept(http.ResponseWriter, *http.Request) error -} - -// Trustable allows external content to be auto-approved, meaning content sent -// as an Externalable will be stored in the public content bucket -type Trustable interface { - AutoApprove(http.ResponseWriter, *http.Request) error -} - -func externalContentHandler(res http.ResponseWriter, req *http.Request) { - if req.Method != http.MethodPost { - res.WriteHeader(http.StatusMethodNotAllowed) - return - } - - err := req.ParseMultipartForm(1024 * 1024 * 4) // maxMemory 4MB - if err != nil { - log.Println("[External] error:", err) - res.WriteHeader(http.StatusInternalServerError) - return - } - - t := req.URL.Query().Get("type") - if t == "" { - res.WriteHeader(http.StatusBadRequest) - return - } - - p, found := item.Types[t] - if !found { - log.Println("[External] attempt to submit unknown type:", t, "from:", req.RemoteAddr) - res.WriteHeader(http.StatusNotFound) - return - } - - post := p() - - ext, ok := post.(Externalable) - if !ok { - log.Println("[External] rejected non-externalable type:", t, "from:", req.RemoteAddr) - res.WriteHeader(http.StatusBadRequest) - return - } - - ts := fmt.Sprintf("%d", int64(time.Nanosecond)*time.Now().UnixNano()/int64(time.Millisecond)) - req.PostForm.Set("timestamp", ts) - req.PostForm.Set("updated", ts) - - urlPaths, err := upload.StoreFiles(req) - if err != nil { - log.Println(err) - res.WriteHeader(http.StatusInternalServerError) - return - } - - for name, urlPath := range urlPaths { - req.PostForm.Set(name, urlPath) - } - - // check for any multi-value fields (ex. checkbox fields) - // and correctly format for db storage. Essentially, we need - // fieldX.0: value1, fieldX.1: value2 => fieldX: []string{value1, value2} - fieldOrderValue := make(map[string]map[string][]string) - ordVal := make(map[string][]string) - for k, v := range req.PostForm { - if strings.Contains(k, ".") { - fo := strings.Split(k, ".") - - // put the order and the field value into map - field := string(fo[0]) - order := string(fo[1]) - fieldOrderValue[field] = ordVal - - // orderValue is 0:[?type=Thing&id=1] - orderValue := fieldOrderValue[field] - orderValue[order] = v - fieldOrderValue[field] = orderValue - - // discard the post form value with name.N - req.PostForm.Del(k) - } - - } - - // add/set the key & value to the post form in order - for f, ov := range fieldOrderValue { - for i := 0; i < len(ov); i++ { - position := fmt.Sprintf("%d", i) - fieldValue := ov[position] - - if req.PostForm.Get(f) == "" { - for i, fv := range fieldValue { - if i == 0 { - req.PostForm.Set(f, fv) - } else { - req.PostForm.Add(f, fv) - } - } - } else { - for _, fv := range fieldValue { - req.PostForm.Add(f, fv) - } - } - } - } - - hook, ok := post.(item.Hookable) - if !ok { - log.Println("[External] error: Type", t, "does not implement item.Hookable or embed item.Item.") - res.WriteHeader(http.StatusBadRequest) - return - } - - err = hook.BeforeAccept(res, req) - if err != nil { - log.Println("[External] error calling BeforeAccept:", err) - return - } - - err = ext.Accept(res, req) - if err != nil { - log.Println("[External] error calling Accept:", err) - return - } - - err = hook.BeforeSave(res, req) - if err != nil { - log.Println("[External] error calling BeforeSave:", err) - return - } - - // set specifier for db bucket in case content is/isn't Trustable - var spec string - - // check if the content is Trustable should be auto-approved, if so the - // content is immediately added to the public content API. If not, then it - // is added to a "pending" list, only visible to Admins in the CMS and only - // if the type implements editor.Mergable - trusted, ok := post.(Trustable) - if ok { - err := trusted.AutoApprove(res, req) - if err != nil { - log.Println("[External] error calling AutoApprove:", err) - return - } - } else { - spec = "__pending" - } - - id, err := db.SetContent(t+spec+":-1", req.PostForm) - if err != nil { - log.Println("[External] error calling SetContent:", err) - res.WriteHeader(http.StatusInternalServerError) - return - } - - // set the target in the context so user can get saved value from db in hook - ctx := context.WithValue(req.Context(), "target", fmt.Sprintf("%s:%d", t, id)) - req = req.WithContext(ctx) - - err = hook.AfterSave(res, req) - if err != nil { - log.Println("[External] error calling AfterSave:", err) - return - } - - err = hook.AfterAccept(res, req) - if err != nil { - log.Println("[External] error calling AfterAccept:", err) - return - } - - // create JSON response to send data back to client - var data map[string]interface{} - if spec != "" { - spec = strings.TrimPrefix(spec, "__") - data = map[string]interface{}{ - "status": spec, - "type": t, - } - } else { - spec = "public" - data = map[string]interface{}{ - "id": id, - "status": spec, - "type": t, - } - } - - resp := map[string]interface{}{ - "data": []map[string]interface{}{ - data, - }, - } - - j, err := json.Marshal(resp) - if err != nil { - log.Println("[External] error marshalling response to JSON:", err) - res.WriteHeader(http.StatusInternalServerError) - return - } - - res.Header().Set("Content-Type", "application/json") - _, err = res.Write(j) - if err != nil { - log.Println("[External] error writing response:", err) - return - } - -} |