gosora/routes/panel/backups.go

67 lines
2.3 KiB
Go

package panel
import (
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strconv"
c "git.tuxpa.in/a/gosora/common"
)
func Backups(w http.ResponseWriter, r *http.Request, u *c.User, backupURL string) c.RouteError {
basePage, ferr := buildBasePage(w, r, u, "backups", "backups")
if ferr != nil {
return ferr
}
if backupURL != "" {
// We don't want them trying to break out of this directory, it shouldn't hurt since it's a super admin, but it's always good to practice good security hygiene, especially if this is one of many instances on a managed server not controlled by the superadmin/s
backupURL = c.Stripslashes(backupURL)
ext := filepath.Ext("./backups/" + backupURL)
if ext != ".sql" && ext != ".zip" {
return c.NotFound(w, r, basePage.Header)
}
info, err := os.Stat("./backups/" + backupURL)
if err != nil {
return c.NotFound(w, r, basePage.Header)
}
h := w.Header()
h.Set("Content-Length", strconv.FormatInt(info.Size(), 10))
if ext == ".sql" {
// TODO: Change the served filename to gosora_backup_%timestamp%.sql, the time the file was generated, not when it was modified aka what the name of it should be
h.Set("Content-Disposition", "attachment; filename=gosora_backup.sql")
h.Set("Content-Type", "application/sql")
} else {
// TODO: Change the served filename to gosora_backup_%timestamp%.zip, the time the file was generated, not when it was modified aka what the name of it should be
h.Set("Content-Disposition", "attachment; filename=gosora_backup.zip")
h.Set("Content-Type", "application/zip")
}
// TODO: Fix the problem where non-existent files aren't greeted with custom 404s on ServeFile()'s side
http.ServeFile(w, r, "./backups/"+backupURL)
err = c.AdminLogs.Create("download", 0, "backup", u.GetIP(), u.ID)
if err != nil {
return c.InternalError(err, w, r)
}
return nil
}
var backupList []c.BackupItem
backupFiles, err := ioutil.ReadDir("./backups")
if err != nil {
return c.InternalError(err, w, r)
}
for _, backupFile := range backupFiles {
ext := filepath.Ext(backupFile.Name())
if ext != ".sql" {
continue
}
backupList = append(backupList, c.BackupItem{backupFile.Name(), backupFile.ModTime()})
}
return renderTemplate("panel", w, r, basePage.Header, c.Panel{basePage, "", "", "panel_backups", c.PanelBackupPage{basePage, backupList}})
}