(wrt http.ResponseWriter, req *http.Request)
| 35 | var allowedMimeTypes = []string{"application/", "audio/", "font/", "image/", "text/", "video/"} |
| 36 | |
| 37 | func largeFileServeHTTP(wrt http.ResponseWriter, req *http.Request) { |
| 38 | now := types.TimeNow() |
| 39 | enc := json.NewEncoder(wrt) |
| 40 | mh := store.Store.GetMediaHandler() |
| 41 | statsInc("FileDownloadsTotal", 1) |
| 42 | |
| 43 | writeHttpResponse := func(msg *ServerComMessage, err error) { |
| 44 | // Gorilla CompressHandler requires Content-Type to be set. |
| 45 | wrt.Header().Set("Content-Type", "application/json; charset=utf-8") |
| 46 | wrt.WriteHeader(msg.Ctrl.Code) |
| 47 | enc.Encode(msg) |
| 48 | if err != nil { |
| 49 | logs.Warn.Println("media serve:", req.URL.String(), err) |
| 50 | } |
| 51 | } |
| 52 | |
| 53 | // Preflight request: process before any security checks. |
| 54 | if req.Method == http.MethodOptions { |
| 55 | headers, statusCode, err := mh.Headers(req.Method, req.URL, req.Header, true) |
| 56 | if err != nil { |
| 57 | writeHttpResponse(decodeStoreError(err, "", now, nil), err) |
| 58 | return |
| 59 | } |
| 60 | for name, values := range headers { |
| 61 | for _, value := range values { |
| 62 | wrt.Header().Add(name, value) |
| 63 | } |
| 64 | } |
| 65 | if statusCode <= 0 { |
| 66 | statusCode = http.StatusNoContent |
| 67 | } |
| 68 | wrt.WriteHeader(statusCode) |
| 69 | logs.Info.Println("media serve: preflight completed") |
| 70 | return |
| 71 | } |
| 72 | |
| 73 | // Check if this is a GET/HEAD request. |
| 74 | if req.Method != http.MethodGet && req.Method != http.MethodHead { |
| 75 | writeHttpResponse(ErrOperationNotAllowed("", "", now), errors.New("method '"+req.Method+"' not allowed")) |
| 76 | return |
| 77 | } |
| 78 | |
| 79 | // Check for API key presence |
| 80 | if isValid, _ := checkAPIKey(getAPIKey(req)); !isValid { |
| 81 | writeHttpResponse(ErrAPIKeyRequired(now), errors.New("invalid or missing API key")) |
| 82 | return |
| 83 | } |
| 84 | |
| 85 | // Check authorization: either auth information or SID must be present |
| 86 | authMethod, secret := getHttpAuth(req) |
| 87 | uid, challenge, err := authFileRequest(authMethod, secret, req.FormValue("sid"), getRemoteAddr(req)) |
| 88 | if err != nil { |
| 89 | writeHttpResponse(decodeStoreError(err, "", now, nil), err) |
| 90 | return |
| 91 | } |
| 92 | |
| 93 | if challenge != nil { |
| 94 | writeHttpResponse(InfoChallenge("", now, challenge), nil) |
nothing calls this directly
no test coverage detected
searching dependent graphs…