4abc57535e
Delete Account (Plan #2): - DELETE /api/auth/account/ with password or "DELETE" confirmation - Cascade delete across 15+ tables in correct FK order - Auth provider detection (email/apple/google) for /auth/me/ - File cleanup after account deletion - Handler + repository tests (12 tests) Encryption at Rest (Plan #3): - AES-256-GCM envelope encryption (per-file DEK wrapped by KEK) - Encrypt on upload, auto-decrypt on serve via StorageService.ReadFile() - MediaHandler serves decrypted files via c.Blob() - TaskService email image loading uses ReadFile() - cmd/migrate-encrypt CLI tool with --dry-run for existing files - Encryption service + storage service tests (18 tests)
194 lines
5.6 KiB
Go
194 lines
5.6 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
|
|
"github.com/treytartt/honeydue-api/internal/apperrors"
|
|
"github.com/treytartt/honeydue-api/internal/middleware"
|
|
"github.com/treytartt/honeydue-api/internal/repositories"
|
|
"github.com/treytartt/honeydue-api/internal/services"
|
|
)
|
|
|
|
// MediaHandler handles authenticated media serving
|
|
type MediaHandler struct {
|
|
documentRepo *repositories.DocumentRepository
|
|
taskRepo *repositories.TaskRepository
|
|
residenceRepo *repositories.ResidenceRepository
|
|
storageSvc *services.StorageService
|
|
}
|
|
|
|
// NewMediaHandler creates a new media handler
|
|
func NewMediaHandler(
|
|
documentRepo *repositories.DocumentRepository,
|
|
taskRepo *repositories.TaskRepository,
|
|
residenceRepo *repositories.ResidenceRepository,
|
|
storageSvc *services.StorageService,
|
|
) *MediaHandler {
|
|
return &MediaHandler{
|
|
documentRepo: documentRepo,
|
|
taskRepo: taskRepo,
|
|
residenceRepo: residenceRepo,
|
|
storageSvc: storageSvc,
|
|
}
|
|
}
|
|
|
|
// ServeDocument serves a document file with access control
|
|
// GET /api/media/document/:id
|
|
func (h *MediaHandler) ServeDocument(c echo.Context) error {
|
|
user, err := middleware.MustGetAuthUser(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
return apperrors.BadRequest("error.invalid_id")
|
|
}
|
|
|
|
// Get document
|
|
doc, err := h.documentRepo.FindByID(uint(id))
|
|
if err != nil {
|
|
return apperrors.NotFound("error.document_not_found")
|
|
}
|
|
|
|
// Check access to residence
|
|
hasAccess, err := h.residenceRepo.HasAccess(doc.ResidenceID, user.ID)
|
|
if err != nil || !hasAccess {
|
|
return apperrors.Forbidden("error.access_denied")
|
|
}
|
|
|
|
// Serve the file (supports encrypted files transparently)
|
|
data, mimeType, err := h.storageSvc.ReadFile(doc.FileURL)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.file_not_found")
|
|
}
|
|
|
|
// Set caching and disposition headers
|
|
c.Response().Header().Set("Cache-Control", "private, max-age=3600")
|
|
if doc.FileName != "" {
|
|
c.Response().Header().Set("Content-Disposition", "inline; filename=\""+doc.FileName+"\"")
|
|
}
|
|
return c.Blob(http.StatusOK, mimeType, data)
|
|
}
|
|
|
|
// ServeDocumentImage serves a document image with access control
|
|
// GET /api/media/document-image/:id
|
|
func (h *MediaHandler) ServeDocumentImage(c echo.Context) error {
|
|
user, err := middleware.MustGetAuthUser(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
return apperrors.BadRequest("error.invalid_id")
|
|
}
|
|
|
|
// Get document image
|
|
img, err := h.documentRepo.FindImageByID(uint(id))
|
|
if err != nil {
|
|
return apperrors.NotFound("error.image_not_found")
|
|
}
|
|
|
|
// Get parent document to check residence access
|
|
doc, err := h.documentRepo.FindByID(img.DocumentID)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.document_not_found")
|
|
}
|
|
|
|
// Check access to residence
|
|
hasAccess, err := h.residenceRepo.HasAccess(doc.ResidenceID, user.ID)
|
|
if err != nil || !hasAccess {
|
|
return apperrors.Forbidden("error.access_denied")
|
|
}
|
|
|
|
// Serve the file (supports encrypted files transparently)
|
|
data, mimeType, err := h.storageSvc.ReadFile(img.ImageURL)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.file_not_found")
|
|
}
|
|
|
|
c.Response().Header().Set("Cache-Control", "private, max-age=3600")
|
|
c.Response().Header().Set("Content-Disposition", "inline; filename=\""+filepath.Base(img.ImageURL)+"\"")
|
|
return c.Blob(http.StatusOK, mimeType, data)
|
|
}
|
|
|
|
// ServeCompletionImage serves a task completion image with access control
|
|
// GET /api/media/completion-image/:id
|
|
func (h *MediaHandler) ServeCompletionImage(c echo.Context) error {
|
|
user, err := middleware.MustGetAuthUser(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
id, err := strconv.ParseUint(c.Param("id"), 10, 32)
|
|
if err != nil {
|
|
return apperrors.BadRequest("error.invalid_id")
|
|
}
|
|
|
|
// Get completion image
|
|
img, err := h.taskRepo.FindCompletionImageByID(uint(id))
|
|
if err != nil {
|
|
return apperrors.NotFound("error.image_not_found")
|
|
}
|
|
|
|
// Get the completion to get the task
|
|
completion, err := h.taskRepo.FindCompletionByID(img.CompletionID)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.completion_not_found")
|
|
}
|
|
|
|
// Get task to check residence access
|
|
task, err := h.taskRepo.FindByID(completion.TaskID)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.task_not_found")
|
|
}
|
|
|
|
// Check access to residence
|
|
hasAccess, err := h.residenceRepo.HasAccess(task.ResidenceID, user.ID)
|
|
if err != nil || !hasAccess {
|
|
return apperrors.Forbidden("error.access_denied")
|
|
}
|
|
|
|
// Serve the file (supports encrypted files transparently)
|
|
data, mimeType, err := h.storageSvc.ReadFile(img.ImageURL)
|
|
if err != nil {
|
|
return apperrors.NotFound("error.file_not_found")
|
|
}
|
|
|
|
c.Response().Header().Set("Cache-Control", "private, max-age=3600")
|
|
c.Response().Header().Set("Content-Disposition", "inline; filename=\""+filepath.Base(img.ImageURL)+"\"")
|
|
return c.Blob(http.StatusOK, mimeType, data)
|
|
}
|
|
|
|
// resolveFilePath converts a stored URL to an actual file path.
|
|
// Returns empty string if the URL is empty or the resolved path would escape
|
|
// the upload directory (path traversal attempt).
|
|
func (h *MediaHandler) resolveFilePath(storedURL string) string {
|
|
if storedURL == "" {
|
|
return ""
|
|
}
|
|
|
|
uploadDir := h.storageSvc.GetUploadDir()
|
|
|
|
// Strip legacy /uploads/ prefix to get relative path
|
|
relativePath := storedURL
|
|
if strings.HasPrefix(storedURL, "/uploads/") {
|
|
relativePath = strings.TrimPrefix(storedURL, "/uploads/")
|
|
}
|
|
|
|
// Use SafeResolvePath to validate containment within upload directory
|
|
resolved, err := services.SafeResolvePath(uploadDir, relativePath)
|
|
if err != nil {
|
|
// Path traversal or invalid path — return empty to signal file not found
|
|
return ""
|
|
}
|
|
|
|
return resolved
|
|
}
|