From 25a6ffc8b2310f8b4ad645dffa53ab3da78194f9 Mon Sep 17 00:00:00 2001
From: Suraj <sapatil@live.com>
Date: Fri, 29 Jan 2016 22:36:49 +0530
Subject: [PATCH] randomized filenames & stored them in db

---
 db/db.go       | 43 ++++++++++++++++++++++++++++++++++++++++++-
 main.go        |  1 +
 views/views.go | 43 ++++++++++++++++++++++++++++++++++---------
 3 files changed, 77 insertions(+), 10 deletions(-)

diff --git a/db/db.go b/db/db.go
index 4090e9b..dcb7e50 100644
--- a/db/db.go
+++ b/db/db.go
@@ -3,8 +3,8 @@ package db
 import (
 	"database/sql"
 	_ "github.com/mattn/go-sqlite3" //we want to use sqlite natively
-	"github.com/thewhitetulip/Tasks/types"
 	md "github.com/shurcooL/github_flavored_markdown"
+	"github.com/thewhitetulip/Tasks/types"
 	"log"
 	"strings"
 	"time"
@@ -276,3 +276,44 @@ func SearchTask(query string) types.Context {
 	context = types.Context{Tasks: task, Search: query}
 	return context
 }
+
+// AddFile is used to add the md5 of a file name which is uploaded to our application
+// this will enable us to randomize the URL without worrying about the file names
+func AddFile(fileName, token string) error {
+	SQL, err := database.Prepare("insert into files values(?,?)")
+	if err != nil {
+		log.Println(err)
+	}
+	tx, err := database.Begin()
+
+	if err != nil {
+		log.Println(err)
+	}
+	_, err = tx.Stmt(SQL).Exec(fileName, token)
+	if err != nil {
+		log.Println(err)
+		tx.Rollback()
+	} else {
+		log.Println(tx.Commit())
+	}
+	return err
+}
+
+// GetFileName is used to fetch the name according to the md5 checksum from the db
+func GetFileName(token string) (string, error) {
+	sql := "select name from files where autoName=?"
+	var fileName string
+	rows, err := database.Query(sql, fileName)
+	if rows.Next() {
+		err := rows.Scan(&fileName)
+		if err != nil {
+			log.Println(err)
+			return "", err
+		}
+	}
+	if err != nil {
+		return "", err
+	}
+
+	return fileName, nil
+}
diff --git a/main.go b/main.go
index 243ae83..45b0194 100644
--- a/main.go
+++ b/main.go
@@ -17,6 +17,7 @@ func main() {
 	http.HandleFunc("/", views.ShowAllTasksFunc)
 	http.HandleFunc("/complete/", views.CompleteTaskFunc)
 	http.HandleFunc("/delete/", views.DeleteTaskFunc)
+	http.HandleFunc("/files/", views.UploadedFileHandler)
 	http.HandleFunc("/deleted/", views.ShowTrashTaskFunc)
 	http.HandleFunc("/trash/", views.TrashTaskFunc)
 	http.HandleFunc("/edit/", views.EditTaskFunc)
diff --git a/views/views.go b/views/views.go
index e9fc0a1..52511ae 100644
--- a/views/views.go
+++ b/views/views.go
@@ -2,6 +2,8 @@ package views
 
 import (
 	"bufio"
+	"crypto/md5"
+	"fmt"
 	"github.com/thewhitetulip/Tasks/db"
 	"io"
 	"io/ioutil"
@@ -12,7 +14,6 @@ import (
 	"strings"
 	"text/template"
 	"time"
-
 )
 
 var homeTemplate *template.Template
@@ -31,7 +32,8 @@ func PopulateTemplates() {
 	templatesDir := "./public/templates/"
 	files, err := ioutil.ReadDir(templatesDir)
 	if err != nil {
-		log.Println("Error reading template dir")
+		log.Println(err)
+		os.Exit(1) // No point in running app if templates aren't read
 	}
 	for _, file := range files {
 		filename := file.Name()
@@ -78,6 +80,20 @@ func ShowAllTasksFunc(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// UploadedFileHandler is used to handle the uploaded file related requests
+func UploadedFileHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "GET" {
+		log.Println("into the handler")
+		token := r.URL.Path[len("/files/"):]
+
+		//file, err := db.GetFileName(token)
+		//if err != nil {
+		log.Println("serving file ./files/" + token)
+		http.ServeFile(w, r, "./files/"+token)
+		//}
+	}
+}
+
 //ShowTrashTaskFunc is used to handle the "/trash" URL which is used to show the deleted tasks
 func ShowTrashTaskFunc(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "GET" {
@@ -105,9 +121,8 @@ func SearchTaskFunc(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/", http.StatusFound)
 	}
 
+	//AddTaskFunc is used to handle the addition of new task, "/add" URL
 }
-
-//AddTaskFunc is used to handle the addition of new task, "/add" URL
 func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
 	if r.Method == "POST" { // Will work only for POST requests, will redirect to home
 		r.ParseForm()
@@ -129,7 +144,7 @@ func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
 		}
 		//If someone gives us incorrect priority number, we give the priority
 		//to that task as 1 i.e. Low
-		if found {
+		if !found {
 			taskPriority = 1
 		}
 		title := template.HTMLEscapeString(r.Form.Get("title"))
@@ -141,7 +156,11 @@ func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
 			if handler != nil {
 				r.ParseMultipartForm(32 << 20) //defined maximum size of file
 				defer file.Close()
-				f, err := os.OpenFile("./files/"+handler.Filename, os.O_WRONLY|os.O_CREATE, 0666)
+				randomFileName := md5.New()
+				io.WriteString(randomFileName, strconv.FormatInt(time.Now().Unix(), 10))
+				io.WriteString(randomFileName, handler.Filename)
+				token := fmt.Sprintf("%x", randomFileName.Sum(nil))
+				f, err := os.OpenFile("./files/"+token, os.O_WRONLY|os.O_CREATE, 0666)
 				if err != nil {
 					log.Println(err)
 					return
@@ -149,13 +168,19 @@ func AddTaskFunc(w http.ResponseWriter, r *http.Request) {
 				defer f.Close()
 				io.Copy(f, file)
 
-				filelink := "<br> <a href=/files/" + handler.Filename + ">" + handler.Filename + "</a>"
+				filelink := "<br> <a href=/files/" + token + ">" + handler.Filename + "</a>"
 				content = content + filelink
+
+				fileTruth := db.AddFile(handler.Filename, token)
+				if fileTruth != nil {
+					message = "Error adding filename in db"
+					log.Println("error adding task to db")
+				}
 			}
 
-			truth := db.AddTask(title, content, taskPriority)
+			taskTruth := db.AddTask(title, content, taskPriority)
 
-			if truth != nil {
+			if taskTruth != nil {
 				message = "Error adding task"
 				log.Println("error adding task to db")
 			} else {