65 lines
1.4 KiB
Go
65 lines
1.4 KiB
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
"os"
|
|
"path/filepath"
|
|
"slices"
|
|
"strconv"
|
|
)
|
|
|
|
func deleteFile(w http.ResponseWriter, req *http.Request) {
|
|
fileId := req.FormValue("id")
|
|
if fileId == "" {
|
|
http.Error(w, "Id is missing", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
localFile := localFiles[fileId]
|
|
if localFile == nil {
|
|
http.Error(w, "No file found for Id", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
if localFile.passwordHash != nil {
|
|
_, password, ok := req.BasicAuth()
|
|
if !ok || password == "" {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
if !ok || password == "" {
|
|
password = req.FormValue("password")
|
|
showPopup, err := strconv.ParseBool(req.FormValue("show-popup"))
|
|
if err != nil {
|
|
showPopup = true
|
|
}
|
|
|
|
if password == "" {
|
|
if showPopup {
|
|
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted area", charset="UTF-8"`)
|
|
}
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
}
|
|
|
|
_, hash, err := hashPasswordWihSalt(password, localFile.passwordSalt)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
if !slices.Equal(hash, localFile.passwordHash) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := os.RemoveAll(filepath.Dir(localFile.path)); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
delete(localFiles, fileId)
|
|
}
|