func fileHandler( db db.DbManager, jar *sessions.CookieStore, dest string, ) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Check client has permission to upload a file session, _ := jar.Get(r, "carton-session") if _, ok := session.Values["user"]; !ok { http.Error(w, "No user logged in", http.StatusUnauthorized) return } if r.Method == "GET" { files, err := db.GetAllFiles() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } b, err := json.Marshal(files) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } var out bytes.Buffer json.Indent(&out, b, "", "\t") out.WriteTo(w) } else if r.Method == "POST" { reader, err := r.MultipartReader() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } c := &common.CartonFile{} user, _ := session.Values["user"].(string) c.Owner = user for { part, err := reader.NextPart() if err == io.EOF { break } if part.FileName() == "" { continue } if fileExists(dest + part.FileName()) { http.Error(w, "File already exists", http.StatusBadRequest) return } filePath := filepath.Join(dest, part.FileName()) f, err := os.Create(filePath) defer f.Close() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } c.Name = part.FileName() c.Path, _ = filepath.Abs(filePath) hasher := md5.New() writer := io.MultiWriter(f, hasher) _, err = io.Copy(writer, part) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } c.Md5Hash = fmt.Sprintf("%x", hasher.Sum(nil)) c.PwdHash = nil } db.AddFile(c) w.WriteHeader(http.StatusCreated) fmt.Fprintln(w, "upload succeeded") } else { return404(w) } }) }