dd3ec070f7
### Security-Fixes (K1–K6, W1–W4, W7, N1, N5–N6, V1, V5–V7)
- K1: CSRF-Schutz via Double-Submit-Cookie (httpapi/csrf.go + csrf_helpers.go)
- K2: requireScreenAccess() in allen manage-Handlern (Tenant-Isolation)
- K3: Tenant-Check bei DELETE /api/v1/media/{id}
- K4: requirePlaylistAccess() + GetByItemID() für JSON-API Playlist-Routen
- K5: Admin-Passwort nur noch als [gesetzt] geloggt
- K6: POST /api/v1/screens/register mit Pre-Shared-Secret (MORZ_INFOBOARD_REGISTER_SECRET)
- W1: Race Condition bei order_index behoben (atomare Subquery in AddItem)
- W2: Graceful Shutdown mit 15s Timeout auf SIGTERM/SIGINT
- W3: http.MaxBytesReader (512 MB) in allen Upload-Handlern
- W4: err.Error() nicht mehr an den Client
- W7: Template-Execution via bytes.Buffer (kein partial write bei Fehler)
- N1: Rate-Limiting auf /login (5 Versuche/Minute pro IP, httpapi/ratelimit.go)
- N5: Directory-Listing auf /uploads/ deaktiviert (neuteredFileSystem)
- N6: Uploads nach Tenant getrennt (uploads/{tenantSlug}/)
- V1: Upload-Logik konsolidiert in internal/fileutil/fileutil.go
- V5: Cookie-Name als Konstante reqcontext.SessionCookieName
- V6: Strukturiertes Logging mit log/slog + JSON-Handler
- V7: DB-Pool wird im Graceful-Shutdown geschlossen
### Phase 6: Screenshot-Erzeugung
- player/agent/internal/screenshot/screenshot.go erstellt
- Integration in app.go mit MORZ_INFOBOARD_SCREENSHOT_EVERY Config
### UX: PDF.js Integration
- pdf.min.js + pdf.worker.min.js als lokale Assets eingebettet
- Automatisches Seitendurchblättern im Player
### Ansible: Neue Rollen
- signage_base, signage_server, signage_provision erstellt
- inventory.yml und site.yml erweitert
### Konzept-Docs
- GRUPPEN-KONZEPT.md, KAMPAGNEN-AKTIVIERUNG.md, MONITORING-KONZEPT.md
- PROVISION-KONZEPT.md, TEMPLATE-EDITOR.md, WATCHDOG-KONZEPT.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
180 lines
5.3 KiB
Go
180 lines
5.3 KiB
Go
package manage
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/fileutil"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/reqcontext"
|
|
"git.az-it.net/az/morz-infoboard/server/backend/internal/store"
|
|
)
|
|
|
|
const maxUploadSize = 512 << 20 // 512 MB
|
|
|
|
// HandleListMedia returns all media assets for a tenant as JSON.
|
|
func HandleListMedia(tenants *store.TenantStore, media *store.MediaStore) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
tenant, err := tenants.Get(r.Context(), r.PathValue("tenantSlug"))
|
|
if err != nil {
|
|
http.Error(w, "tenant not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
assets, err := media.List(r.Context(), tenant.ID)
|
|
if err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
if assets == nil {
|
|
assets = []*store.MediaAsset{}
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
json.NewEncoder(w).Encode(assets) //nolint:errcheck
|
|
}
|
|
}
|
|
|
|
// HandleUploadMedia handles multipart file upload and web-URL registration.
|
|
func HandleUploadMedia(tenants *store.TenantStore, media *store.MediaStore, uploadDir string) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
tenant, err := tenants.Get(r.Context(), r.PathValue("tenantSlug"))
|
|
if err != nil {
|
|
http.Error(w, "tenant not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
tenantID := tenant.ID
|
|
|
|
// W3: MaxBytesReader begrenzt den gesamten Request-Body auf maxUploadSize.
|
|
r.Body = http.MaxBytesReader(w, r.Body, maxUploadSize)
|
|
if err := r.ParseMultipartForm(maxUploadSize); err != nil {
|
|
http.Error(w, "request too large or not multipart", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
assetType := strings.TrimSpace(r.FormValue("type"))
|
|
title := strings.TrimSpace(r.FormValue("title"))
|
|
|
|
switch assetType {
|
|
case "web":
|
|
url := strings.TrimSpace(r.FormValue("url"))
|
|
if url == "" {
|
|
http.Error(w, "url required for type=web", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if title == "" {
|
|
title = url
|
|
}
|
|
asset, err := media.Create(r.Context(), tenantID, title, "web", "", url, "", 0)
|
|
if err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusCreated)
|
|
json.NewEncoder(w).Encode(asset) //nolint:errcheck
|
|
return
|
|
|
|
case "image", "video", "pdf":
|
|
file, header, err := r.FormFile("file")
|
|
if err != nil {
|
|
http.Error(w, "file required for type="+assetType, http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
mimeType := header.Header.Get("Content-Type")
|
|
if detectedType := mimeToAssetType(mimeType); detectedType != "" {
|
|
assetType = detectedType
|
|
}
|
|
if title == "" {
|
|
title = strings.TrimSuffix(header.Filename, filepath.Ext(header.Filename))
|
|
}
|
|
|
|
// V1+N6: Gemeinsame Upload-Funktion, tenant-spezifisches Verzeichnis.
|
|
storagePath, size, err := fileutil.SaveUploadedFile(file, header.Filename, title, uploadDir, r.PathValue("tenantSlug"))
|
|
if err != nil {
|
|
http.Error(w, "storage error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
asset, err := media.Create(r.Context(), tenantID, title, assetType, storagePath, "", mimeType, size)
|
|
if err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusCreated)
|
|
json.NewEncoder(w).Encode(asset) //nolint:errcheck
|
|
|
|
default:
|
|
http.Error(w, "type must be one of: image, video, pdf, web", http.StatusBadRequest)
|
|
}
|
|
}
|
|
}
|
|
|
|
// HandleDeleteMedia deletes a media asset from the database (and file if local).
|
|
func HandleDeleteMedia(media *store.MediaStore, uploadDir string) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
id := r.PathValue("id")
|
|
asset, err := media.Get(r.Context(), id)
|
|
if err != nil {
|
|
http.Error(w, "not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
// K3: Tenant-Check — nur der eigene Tenant oder Admin darf löschen.
|
|
u := reqcontext.UserFromContext(r.Context())
|
|
if u == nil {
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
if u.Role != "admin" && u.TenantID != asset.TenantID {
|
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
// Delete physical file if it's a local upload.
|
|
if asset.StoragePath != "" {
|
|
filename := filepath.Base(asset.StoragePath)
|
|
os.Remove(filepath.Join(uploadDir, filename)) //nolint:errcheck
|
|
}
|
|
|
|
if err := media.Delete(r.Context(), id); err != nil {
|
|
http.Error(w, "db error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
}
|
|
|
|
// mimeToAssetType leitet den Asset-Typ aus dem MIME-Type ab.
|
|
func mimeToAssetType(mime string) string {
|
|
mime = strings.ToLower(strings.TrimSpace(mime))
|
|
switch {
|
|
case strings.HasPrefix(mime, "image/"):
|
|
return "image"
|
|
case strings.HasPrefix(mime, "video/"):
|
|
return "video"
|
|
case mime == "application/pdf":
|
|
return "pdf"
|
|
default:
|
|
return ""
|
|
}
|
|
}
|
|
|
|
func sanitize(s string) string {
|
|
var b strings.Builder
|
|
for _, r := range s {
|
|
if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '-' || r == '_' {
|
|
b.WriteRune(r)
|
|
} else {
|
|
b.WriteRune('_')
|
|
}
|
|
}
|
|
out := b.String()
|
|
if len(out) > 40 {
|
|
out = out[:40]
|
|
}
|
|
return out
|
|
}
|