2018-05-27 09:36:35 +00:00
package panel
import (
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strconv"
2019-04-19 06:36:26 +00:00
c "github.com/Azareal/Gosora/common"
2018-05-27 09:36:35 +00:00
)
2020-03-18 09:21:34 +00:00
func Backups ( w http . ResponseWriter , r * http . Request , user * c . User , backupURL string ) c . RouteError {
basePage , ferr := buildBasePage ( w , r , user , "backups" , "backups" )
2018-05-27 09:36:35 +00:00
if ferr != nil {
return ferr
}
if backupURL != "" {
// We don't want them trying to break out of this directory, it shouldn't hurt since it's a super admin, but it's always good to practice good security hygiene, especially if this is one of many instances on a managed server not controlled by the superadmin/s
2019-04-19 06:36:26 +00:00
backupURL = c . Stripslashes ( backupURL )
2018-05-27 09:36:35 +00:00
2019-09-29 05:10:05 +00:00
ext := filepath . Ext ( "./backups/" + backupURL )
2019-04-06 01:08:49 +00:00
if ext != ".sql" && ext != ".zip" {
2019-04-19 06:36:26 +00:00
return c . NotFound ( w , r , basePage . Header )
2019-04-06 01:08:49 +00:00
}
info , err := os . Stat ( "./backups/" + backupURL )
if err != nil {
2019-04-19 06:36:26 +00:00
return c . NotFound ( w , r , basePage . Header )
2019-04-06 01:08:49 +00:00
}
2019-11-08 21:46:50 +00:00
h := w . Header ( )
h . Set ( "Content-Length" , strconv . FormatInt ( info . Size ( ) , 10 ) )
2018-05-27 09:36:35 +00:00
if ext == ".sql" {
2019-11-08 21:46:50 +00:00
// TODO: Change the served filename to gosora_backup_%timestamp%.sql, the time the file was generated, not when it was modified aka what the name of it should be
h . Set ( "Content-Disposition" , "attachment; filename=gosora_backup.sql" )
h . Set ( "Content-Type" , "application/sql" )
2019-04-06 01:08:49 +00:00
} else {
2019-11-08 21:46:50 +00:00
// TODO: Change the served filename to gosora_backup_%timestamp%.zip, the time the file was generated, not when it was modified aka what the name of it should be
h . Set ( "Content-Disposition" , "attachment; filename=gosora_backup.zip" )
h . Set ( "Content-Type" , "application/zip" )
2018-05-27 09:36:35 +00:00
}
2019-04-06 01:08:49 +00:00
// TODO: Fix the problem where non-existent files aren't greeted with custom 404s on ServeFile()'s side
http . ServeFile ( w , r , "./backups/" + backupURL )
2019-12-31 21:57:54 +00:00
err = c . AdminLogs . Create ( "download" , 0 , "backup" , user . GetIP ( ) , user . ID )
2019-11-08 21:46:50 +00:00
if err != nil {
return c . InternalError ( err , w , r )
}
2019-04-06 01:08:49 +00:00
return nil
2018-05-27 09:36:35 +00:00
}
2019-04-19 06:36:26 +00:00
var backupList [ ] c . BackupItem
2018-05-27 09:36:35 +00:00
backupFiles , err := ioutil . ReadDir ( "./backups" )
if err != nil {
2019-04-19 06:36:26 +00:00
return c . InternalError ( err , w , r )
2018-05-27 09:36:35 +00:00
}
for _ , backupFile := range backupFiles {
2019-09-29 05:10:05 +00:00
ext := filepath . Ext ( backupFile . Name ( ) )
2018-05-27 09:36:35 +00:00
if ext != ".sql" {
continue
}
2019-04-19 06:36:26 +00:00
backupList = append ( backupList , c . BackupItem { backupFile . Name ( ) , backupFile . ModTime ( ) } )
2018-05-27 09:36:35 +00:00
}
2019-09-29 05:10:05 +00:00
return renderTemplate ( "panel" , w , r , basePage . Header , c . Panel { basePage , "" , "" , "panel_backups" , c . PanelBackupPage { basePage , backupList } } )
2018-05-27 09:36:35 +00:00
}