329 lines
9.8 KiB
Rust
329 lines
9.8 KiB
Rust
use axum::{
|
|
extract::{DefaultBodyLimit, Multipart, Path, State},
|
|
http::{HeaderMap, StatusCode},
|
|
response::{IntoResponse, Json},
|
|
routing::{get, post, delete},
|
|
Router,
|
|
};
|
|
use serde::{Deserialize, Serialize};
|
|
use std::{env, fs, path::PathBuf, sync::Arc};
|
|
use tower_http::{
|
|
cors::{Any, CorsLayer},
|
|
services::ServeDir,
|
|
};
|
|
use tracing::{error, info};
|
|
|
|
#[derive(Clone)]
|
|
struct AppState {
|
|
admin_token: String,
|
|
data_dir: PathBuf,
|
|
}
|
|
|
|
#[derive(Serialize, Deserialize, Clone)]
|
|
struct SiteConfig {
|
|
title: String,
|
|
subtitle: String,
|
|
footer: String,
|
|
favicon: String,
|
|
theme: String,
|
|
custom_css: String,
|
|
}
|
|
|
|
impl Default for SiteConfig {
|
|
fn default() -> Self {
|
|
Self {
|
|
title: "Narlblog".to_string(),
|
|
subtitle: "A clean, modern blog".to_string(),
|
|
footer: "Built with Rust & Astro".to_string(),
|
|
favicon: "/favicon.svg".to_string(),
|
|
theme: "mocha".to_string(),
|
|
custom_css: "".to_string(),
|
|
}
|
|
}
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct PostInfo {
|
|
slug: String,
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct PostDetail {
|
|
slug: String,
|
|
content: String,
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct CreatePostRequest {
|
|
slug: String,
|
|
content: String,
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct ErrorResponse {
|
|
error: String,
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct UploadResponse {
|
|
url: String,
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct FileInfo {
|
|
name: String,
|
|
url: String,
|
|
}
|
|
|
|
#[tokio::main]
|
|
async fn main() {
|
|
tracing_subscriber::fmt::init();
|
|
dotenvy::dotenv().ok();
|
|
|
|
let port = env::var("PORT").unwrap_or_else(|_| "3000".to_string());
|
|
let admin_token = env::var("ADMIN_TOKEN").unwrap_or_else(|_| "secret".to_string());
|
|
let data_dir_str = env::var("DATA_DIR").unwrap_or_else(|_| "../data".to_string());
|
|
let data_dir = PathBuf::from(data_dir_str);
|
|
|
|
// Ensure directories exist
|
|
let posts_dir = data_dir.join("posts");
|
|
let uploads_dir = data_dir.join("uploads");
|
|
fs::create_dir_all(&posts_dir).expect("Failed to create posts directory");
|
|
fs::create_dir_all(&uploads_dir).expect("Failed to create uploads directory");
|
|
|
|
let state = Arc::new(AppState {
|
|
admin_token,
|
|
data_dir,
|
|
});
|
|
|
|
let cors = CorsLayer::new()
|
|
.allow_origin(Any)
|
|
.allow_methods(Any)
|
|
.allow_headers(Any);
|
|
|
|
let app = Router::new()
|
|
.route("/api/config", get(get_config).post(update_config))
|
|
.route("/api/posts", get(list_posts).post(create_post))
|
|
.route("/api/posts/{slug}", get(get_post).delete(delete_post))
|
|
.route("/api/uploads", get(list_uploads))
|
|
.route("/api/upload", post(upload_file))
|
|
.nest_service("/uploads", ServeDir::new(uploads_dir))
|
|
.layer(DefaultBodyLimit::max(50 * 1024 * 1024)) // 50MB limit
|
|
.layer(cors)
|
|
.with_state(state);
|
|
|
|
let addr = format!("0.0.0.0:{}", port);
|
|
info!("Starting server on {}", addr);
|
|
let listener = tokio::net::TcpListener::bind(&addr).await.unwrap();
|
|
axum::serve(listener, app).await.unwrap();
|
|
}
|
|
|
|
fn check_auth(headers: &HeaderMap, admin_token: &str) -> Result<(), (StatusCode, Json<ErrorResponse>)> {
|
|
let auth_header = headers.get("Authorization").and_then(|h| h.to_str().ok());
|
|
if auth_header != Some(&format!("Bearer {}", admin_token)) {
|
|
return Err((
|
|
StatusCode::UNAUTHORIZED,
|
|
Json(ErrorResponse { error: "Unauthorized".to_string() }),
|
|
));
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
async fn get_config(State(state): State<Arc<AppState>>) -> impl IntoResponse {
|
|
let config_path = state.data_dir.join("config.json");
|
|
let config = fs::read_to_string(&config_path)
|
|
.ok()
|
|
.and_then(|c| serde_json::from_str::<SiteConfig>(&c).ok())
|
|
.unwrap_or_default();
|
|
|
|
Json(config)
|
|
}
|
|
|
|
async fn update_config(
|
|
State(state): State<Arc<AppState>>,
|
|
headers: HeaderMap,
|
|
Json(payload): Json<SiteConfig>,
|
|
) -> Result<Json<SiteConfig>, (StatusCode, Json<ErrorResponse>)> {
|
|
check_auth(&headers, &state.admin_token)?;
|
|
|
|
let config_path = state.data_dir.join("config.json");
|
|
let config_str = serde_json::to_string_pretty(&payload).map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Serialization error".to_string() }))
|
|
})?;
|
|
|
|
fs::write(&config_path, config_str).map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Write error".to_string() }))
|
|
})?;
|
|
|
|
Ok(Json(payload))
|
|
}
|
|
|
|
async fn create_post(
|
|
State(state): State<Arc<AppState>>,
|
|
headers: HeaderMap,
|
|
Json(payload): Json<CreatePostRequest>,
|
|
) -> Result<Json<PostDetail>, (StatusCode, Json<ErrorResponse>)> {
|
|
check_auth(&headers, &state.admin_token)?;
|
|
|
|
// Validate slug to prevent directory traversal
|
|
if payload.slug.contains('/') || payload.slug.contains('\\') || payload.slug.contains("..") {
|
|
return Err((
|
|
StatusCode::BAD_REQUEST,
|
|
Json(ErrorResponse { error: "Invalid slug".to_string() }),
|
|
));
|
|
}
|
|
|
|
let file_path = state.data_dir.join("posts").join(format!("{}.md", payload.slug));
|
|
|
|
fs::write(&file_path, &payload.content).map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Write error".to_string() }))
|
|
})?;
|
|
|
|
Ok(Json(PostDetail {
|
|
slug: payload.slug,
|
|
content: payload.content,
|
|
}))
|
|
}
|
|
|
|
async fn delete_post(
|
|
State(state): State<Arc<AppState>>,
|
|
headers: HeaderMap,
|
|
Path(slug): Path<String>,
|
|
) -> Result<StatusCode, (StatusCode, Json<ErrorResponse>)> {
|
|
check_auth(&headers, &state.admin_token)?;
|
|
|
|
let file_path = state.data_dir.join("posts").join(format!("{}.md", slug));
|
|
|
|
// Security check to prevent directory traversal
|
|
if file_path.parent() != Some(&state.data_dir.join("posts")) {
|
|
return Err((
|
|
StatusCode::BAD_REQUEST,
|
|
Json(ErrorResponse { error: "Invalid slug".to_string() }),
|
|
));
|
|
}
|
|
|
|
if file_path.exists() {
|
|
fs::remove_file(file_path).map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Delete error".to_string() }))
|
|
})?;
|
|
Ok(StatusCode::NO_CONTENT)
|
|
} else {
|
|
Err((
|
|
StatusCode::NOT_FOUND,
|
|
Json(ErrorResponse { error: "Post not found".to_string() }),
|
|
))
|
|
}
|
|
}
|
|
|
|
async fn list_uploads(
|
|
State(state): State<Arc<AppState>>,
|
|
headers: HeaderMap,
|
|
) -> Result<Json<Vec<FileInfo>>, (StatusCode, Json<ErrorResponse>)> {
|
|
check_auth(&headers, &state.admin_token)?;
|
|
|
|
let uploads_dir = state.data_dir.join("uploads");
|
|
let mut files = Vec::new();
|
|
|
|
if let Ok(entries) = fs::read_dir(uploads_dir) {
|
|
for entry in entries.flatten() {
|
|
let path = entry.path();
|
|
if path.is_file() {
|
|
if let Some(name) = path.file_name().and_then(|n| n.to_str()) {
|
|
files.push(FileInfo {
|
|
name: name.to_string(),
|
|
url: format!("/uploads/{}", name),
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
Ok(Json(files))
|
|
}
|
|
|
|
async fn list_posts(State(state): State<Arc<AppState>>) -> impl IntoResponse {
|
|
let posts_dir = state.data_dir.join("posts");
|
|
let mut posts = Vec::new();
|
|
|
|
if let Ok(entries) = fs::read_dir(posts_dir) {
|
|
for entry in entries.flatten() {
|
|
let path = entry.path();
|
|
if path.extension().and_then(|e| e.to_str()) == Some("md") {
|
|
if let Some(slug) = path.file_stem().and_then(|s| s.to_str()) {
|
|
posts.push(PostInfo {
|
|
slug: slug.to_string(),
|
|
});
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
Json(posts)
|
|
}
|
|
|
|
async fn get_post(
|
|
State(state): State<Arc<AppState>>,
|
|
Path(slug): Path<String>,
|
|
) -> Result<Json<PostDetail>, (StatusCode, Json<ErrorResponse>)> {
|
|
let file_path = state.data_dir.join("posts").join(format!("{}.md", slug));
|
|
|
|
// Security check to prevent directory traversal
|
|
if file_path.parent() != Some(&state.data_dir.join("posts")) {
|
|
return Err((
|
|
StatusCode::BAD_REQUEST,
|
|
Json(ErrorResponse { error: "Invalid slug".to_string() }),
|
|
));
|
|
}
|
|
|
|
match fs::read_to_string(&file_path) {
|
|
Ok(content) => Ok(Json(PostDetail { slug, content })),
|
|
Err(_) => Err((
|
|
StatusCode::NOT_FOUND,
|
|
Json(ErrorResponse { error: "Post not found".to_string() }),
|
|
)),
|
|
}
|
|
}
|
|
|
|
async fn upload_file(
|
|
State(state): State<Arc<AppState>>,
|
|
headers: HeaderMap,
|
|
mut multipart: Multipart,
|
|
) -> Result<Json<UploadResponse>, (StatusCode, Json<ErrorResponse>)> {
|
|
check_auth(&headers, &state.admin_token)?;
|
|
|
|
while let Ok(Some(field)) = multipart.next_field().await {
|
|
if let Some(file_name) = field.file_name() {
|
|
let file_name = slug::slugify(file_name);
|
|
let uploads_dir = state.data_dir.join("uploads");
|
|
let file_path = uploads_dir.join(&file_name);
|
|
|
|
// Simple conflict resolution
|
|
let final_path = if file_path.exists() {
|
|
let timestamp = chrono::Utc::now().timestamp();
|
|
uploads_dir.join(format!("{}_{}", timestamp, file_name))
|
|
} else {
|
|
file_path
|
|
};
|
|
|
|
let final_name = final_path.file_name().unwrap().to_str().unwrap().to_string();
|
|
|
|
let data = field.bytes().await.map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Read error".to_string() }))
|
|
})?;
|
|
|
|
fs::write(&final_path, &data).map_err(|_| {
|
|
(StatusCode::INTERNAL_SERVER_ERROR, Json(ErrorResponse { error: "Write error".to_string() }))
|
|
})?;
|
|
|
|
return Ok(Json(UploadResponse {
|
|
url: format!("/uploads/{}", final_name),
|
|
}));
|
|
}
|
|
}
|
|
|
|
Err((
|
|
StatusCode::BAD_REQUEST,
|
|
Json(ErrorResponse { error: "No file found".to_string() }),
|
|
))
|
|
}
|