diff --git a/src/web.lisp b/src/web.lisp index 0f9c9d2..4c09ccb 100644 --- a/src/web.lisp +++ b/src/web.lisp @@ -738,6 +738,58 @@ (progn (utils:set-alert "You are not authorised to delete page.") (redirect "/login"))))))) +(defroute ("/storage/upload" :method :POST) () + (destructuring-bind + (&key storage-file authenticity-token &allow-other-keys) + (utils:request-params + (lack.request:request-body-parameters ningle:*request*)) + (if (not (string= authenticity-token (auth:csrf-token))) + `(,+forbidden+ (:content-type "text/plain") ("Denied")) + (hermetic:auth + (:logged-in) + ;; Authorised + (cond ((utils:string-is-nil-or-empty? (cadr storage-file)) + (utils:set-alert "No file provided..") + (redirect "/dashboard")) + + (t (storage:store-file + "" "media" + (utils:slugify (second storage-file)) storage-file) + (utils:set-alert "File uploaded.") + (redirect "/dashboard"))) + ;; Not Authorised + (progn + (utils:set-alert "You are not authorised to view this page.") + (redirect "/login")))))) + +(defroute ("/storage/multi-upload" :method :POST) () + (destructuring-bind + (&key authenticity-token &allow-other-keys) + (utils:request-params + (lack.request:request-body-parameters ningle:*request*)) + (if (not (string= authenticity-token (auth:csrf-token))) + `(,+forbidden+ (:content-type "text/plain") ("Denied")) + (let ((files (utils:separate-files-in-web-request + (lack.request:request-body-parameters ningle:*request*) + "STORAGE-FILES"))) + (format t "[INFO] Files: ~a" (length files)) + (hermetic:auth + (:logged-in) + ;; Authorised + (cond ((utils:string-is-nil-or-empty? (caddr (car files))) + (utils:set-alert "No files provided.") + (redirect "/dashboard")) + (t (loop :for item :in files :do + (storage:store-file + "" "media" + (utils:slugify (caddr item)) (cdr item))) + (utils:set-alert "File uploaded.") + (redirect "/dashboard"))) + ;; Not Authorised + (progn + (utils:set-alert "You are not authorised to view this page.") + (redirect "/login"))))))) + ;; ;; Error pages