From 7328a719fe45f7c1bb094847c9a0937a4f0e5b8e Mon Sep 17 00:00:00 2001
From: Craig Oates <craig@craigoates.net>
Date: Sun, 25 Sep 2022 18:25:37 +0100
Subject: [PATCH] implement the edit archive thumbnail functionality
 (web.lisp).

This does not include the Meilisearch integration. That will come in
later commits after I've got the base behaviour for the website sorted
out.
---
 src/web.lisp | 76 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 55 insertions(+), 21 deletions(-)

diff --git a/src/web.lisp b/src/web.lisp
index 64781d1..9fe8f62 100644
--- a/src/web.lisp
+++ b/src/web.lisp
@@ -1030,25 +1030,64 @@
 (defroute ("/edit/archive/:slug" :method :GET) (&key slug)
   (if (nera:get-archive-entry :slug slug)
       (progn
-	(hermetic:auth (:logged-in)
-		       ;; Authorised
-		       (let ((alert (utils:get-and-reset-alert)))
-			 (render "/user/edit-archive.html"
-				 (append (auth:auth-user-data)
-					 `(:alert ,alert
-					   :system-data ,(nera:system-data)
-					   :db-data ,(nera:get-archive-entry :slug slug)
-					   :data ,(storage:open-text-file
-						   "" "archive" slug)))))
-		       ;; Not Authorised
-		       (progn
-			 (utils:set-alert "You are not logged in.")
-			 (redirect "/login"))))
+	(hermetic:auth
+	 (:logged-in)
+	 ;; Authorised
+	 (let ((alert (utils:get-and-reset-alert)))
+	   (render "/user/edit-archive.html"
+		   (append (auth:auth-user-data)
+			   `(:alert ,alert
+			     :system-data ,(nera:system-data)
+			     :db-data ,(nera:get-archive-entry :slug slug)
+			     :data ,(storage:open-text-file "" "archive" slug)))))
+	 ;; Not Authorised
+	 (progn
+	   (utils:set-alert "You are not logged in.")
+	   (redirect "/login"))))
       (on-exception *web* 404)))
 
 (defroute ("/edit/archive-thumbnail" :method :POST) ()
-  (utils:set-alert "ROUTE NOT IMPLEMENTED")
-  (redirect "/user/archive"))
+  (destructuring-bind
+      (&key archive-slug thumbnail-file authenticity-token &allow-other-keys)
+      (utils:request-params (lack.request:request-body-parameters ningle:*request*))
+    (cond ((not (string= authenticity-token (auth:csrf-token)))
+	   `(,+forbidden+ (:content-type "text/plain") ("Denied")))
+	  (t (hermetic:auth
+	      (:administrator)
+	      ;; Authorised
+	      (cond ((utils:string-is-nil-or-empty? archive-slug)
+		     (utils:set-alert "No archive slug provided. Thumbnail not updated.")
+		     (redirect "/user/archive"))
+
+		    ((null (nera:get-archive-entry :slug archive-slug))
+		     (utils:set-alert "Cannot file thumbnail's archive entry. Nothing updated.")
+		     (redirect "/user/archive"))
+
+		    ((not (str:contains? "image" (caddr thumbnail-file) :ignore-case t))
+		     (utils:set-alert "File uploaded is not an image. Thumbnail not updated.")
+		     (redirect (format nil "/edit/archive/~a" archive-slug)))
+
+		    (t (utils:set-alert "Thumbnail updated.")
+		       (storage:store-file
+			""
+			"archive"
+			(archive::thumbnail-slug-of
+			 (nera:get-archive-entry :slug archive-slug))
+			thumbnail-file)
+		       (nera:update-archive-entry-property
+			:slug archive-slug
+			:property 'archive::thumbnail-file-type-of
+			:value (caddr thumbnail-file))
+		       (utils:create-thumbnail
+			"archive"
+			(archive::thumbnail-slug-of
+			 (nera:get-archive-entry :slug archive-slug))
+			t)
+		       ;; Integrate updating Meilisearch here.
+		       (redirect (format nil "/edit/archive/~a" archive-slug))))
+	      ;; Not Authorised
+	      (progn (utils:set-alert "You are not authorised to delete this archive entry.")
+		     (redirect "/login")))))))
 
 (defroute ("/rename/archive-entry" :method :POST) ()
   (utils:set-alert "ROUTE NOT IMPLEMENTED")
@@ -1058,11 +1097,6 @@
   (utils:set-alert "ROUTE NOT IMPLEMENTED")
   (redirect "/user/archive"))
 
-
-(defroute ("/edit/archive-thumbnail" :method :POST) ()
-  (utils:set-alert "ROUTE NOT IMPLEMENTED")
-  (redirect "/user/archive"))
-
 (defroute ("/archive/delete/entry" :method :POST) ()
   (destructuring-bind
       (&key slug authenticity-token &allow-other-keys)