filipriec/universal_web_loco_rewrite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

audio

Browse Source
This commit is contained in:
Priec
2026-05-17 18:15:22 +02:00
parent 1d51a23bfb
commit d164edf87c
18 changed files with 1159 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@@ -5059,6 +5059,7 @@ dependencies = [
"async-trait",
"axum",
"axum-extra",
"bytes",
"chrono",
"dotenvy",
"fluent-templates",

3
Cargo.toml
View File

@@ -20,7 +20,7 @@ tokio = { version = "1.45", default-features = false, features = [
"rt-multi-thread",
] }
async-trait = { version = "0.1" }
axum = { version = "0.8" }
axum = { version = "0.8", features = ["multipart"] }
tracing = { version = "0.1" }
tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
regex = { version = "1.11" }
@@ -42,6 +42,7 @@ fluent-templates = { version = "0.13", features = ["tera"] }
unic-langid = { version = "0.9" }
# /view engine
axum-extra = { version = "0.10", features = ["form"] }
bytes = { version = "1" }
[[bin]]
name = "universal_web-cli"

10
REWRITE_SPEC.md
View File

@@ -41,11 +41,11 @@ The old app ships these feature modules. Each must exist in the rewrite:
- [ ] **Admin** — dashboard, user management, role assignment, audit log
- [ ] **Blog** — articles CRUD, publish workflow, public listing, view counts
- [ ] **Audio dashboard** — albums + tracks + tags CRUD, publish workflow
- [ ] **Audio streaming** — range-aware track/file streaming, raw upload
- [x] **Audio streaming** — range-aware track/file streaming, raw upload
- [ ] **Audio player** — persistent bottom-bar player (frontend)
- [ ] **Images** — upload + serve, used as cover/featured images
- [x] **Images** — upload + serve, used as cover/featured images
- [ ] **Theme** — per-user light/dark preference
- [ ] **Storage** — pluggable backend (fs default, S3/Azure/GCS capable)
- [x] **Storage** — pluggable backend (fs default, S3/Azure/GCS capable)
- [ ] **Home + layout** — landing page, dynamic navbar, footer
- [ ] **Swagger/OpenAPI** — API docs (optional, lower priority)
@@ -366,11 +366,11 @@ Already generated in this directory — reuse, don't rebuild:
2. **Auth + sessions** — settle §3.1, get register/login/logout/me working,
including admin-bootstrap.
3. **RBAC** — roles/permissions, the permission-loading middleware, guard helpers.
4. **Storage + images** — storage backend, image upload/serve (unblocks blog/audio
4. **Storage + images** — DONE: storage backend, image upload/serve (unblocks blog/audio
cover images).
5. **Blog** — CRUD + publish + public pages.
6. **Audio dashboard** — albums, tracks (multipart upload), tags.
7. **Audio streaming + player** — range-aware endpoints, then the player in the GUI.
7. **Audio streaming + player** — DONE for range-aware endpoints; player remains GUI work.
8. **Admin** — dashboard, user management, role UI, audit log.
9. **Theme**, **home/layout/navbar**.
10. **Swagger/OpenAPI** (optional), tests, polish.

63
assets/views/admin/audio/albums.html Normal file
View File

@@ -0,0 +1,63 @@
{% extends "admin/base.html" %}
{% block title %}Audio Albums{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">Audio Albums</h1>
<p class="text-sm opacity-70">Create albums and upload audio tracks.</p>
</div>
<a href="/admin/audio/albums/create" class="btn btn-neutral btn-sm">New album</a>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
{% if albums | length > 0 %}
<div class="overflow-x-auto">
<table class="table">
<thead>
<tr>
<th>Album</th>
<th>Status</th>
<th>Tracks</th>
<th class="text-right">Actions</th>
</tr>
</thead>
<tbody>
{% for row in albums %}
<tr>
<td class="font-medium">{{ row.album.title }}</td>
<td>
{% if row.album.published %}
<span class="badge">Published</span>
{% else %}
<span class="badge opacity-70">Draft</span>
{% endif %}
</td>
<td>{{ row.track_count }}</td>
<td>
<div class="flex gap-2">
<a href="/admin/audio/albums/{{ row.album.id }}/tracks" class="btn btn-ghost btn-sm">Tracks</a>
<a href="/audio/albums/{{ row.album.slug }}" class="btn btn-ghost btn-sm">View</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% else %}
<div class="text-center">
<p class="font-medium">No albums yet.</p>
<p class="text-sm opacity-70">Create an album before uploading tracks.</p>
<div class="pt-2">
<a href="/admin/audio/albums/create" class="btn btn-neutral btn-sm">New album</a>
</div>
</div>
{% endif %}
</div>
</div>
</div>
{% endblock content %}

56
assets/views/admin/audio/new_album.html Normal file
View File

@@ -0,0 +1,56 @@
{% extends "admin/base.html" %}
{% block title %}New Audio Album{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">New Audio Album</h1>
<p class="text-sm opacity-70">Create a container for uploaded tracks.</p>
</div>
<a href="/admin/audio/albums" class="btn btn-ghost btn-sm">Back to albums</a>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
<form method="post" action="/admin/audio/albums/create" class="space-y-2">
<div class="form-control">
<label class="label"><span class="label-text">Title</span></label>
<input type="text" name="title" required class="input input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Artist</span></label>
<input type="text" name="artist" class="input input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Release date</span></label>
<input type="date" name="release_date" class="input input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Cover image id</span></label>
<input type="text" name="cover_image_id" class="input input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Description</span></label>
<textarea name="description" rows="6" class="textarea textarea-bordered w-full"></textarea>
</div>
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="published" class="checkbox checkbox-sm">
<span class="label-text">Published</span>
</label>
<div class="flex flex-wrap gap-2 pt-2">
<button type="submit" class="btn btn-neutral btn-sm">Create</button>
<a href="/admin/audio/albums" class="btn btn-ghost btn-sm">Cancel</a>
</div>
</form>
</div>
</div>
</div>
{% endblock content %}

70
assets/views/admin/audio/tracks.html Normal file
View File

@@ -0,0 +1,70 @@
{% extends "admin/base.html" %}
{% block title %}{{ album.title }} Tracks{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">{{ album.title }}</h1>
<p class="text-sm opacity-70">Uploaded tracks for this album.</p>
</div>
<div class="flex flex-wrap gap-2">
<a href="/admin/audio/albums/{{ album.id }}/tracks/upload" class="btn btn-neutral btn-sm">Upload track</a>
<a href="/admin/audio/albums" class="btn btn-ghost btn-sm">Back to albums</a>
</div>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
{% if tracks | length > 0 %}
<div class="overflow-x-auto">
<table class="table">
<thead>
<tr>
<th>Track</th>
<th>File</th>
<th>Featured</th>
<th class="text-right">Actions</th>
</tr>
</thead>
<tbody>
{% for track in tracks %}
<tr>
<td class="font-medium">
{% if track.track_number %}{{ track.track_number }}. {% endif %}{{ track.title }}
</td>
<td class="text-sm">{{ track.audio_file_id }}</td>
<td>
{% if track.featured %}
<span class="badge">Yes</span>
{% else %}
<span class="badge opacity-70">No</span>
{% endif %}
</td>
<td>
<div class="flex gap-2">
<a href="/audio/tracks/{{ track.id }}/stream" class="btn btn-ghost btn-sm">Play</a>
<form method="post" action="/admin/audio/tracks/{{ track.id }}/delete">
<button type="submit" class="btn btn-ghost btn-sm">Delete</button>
</form>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% else %}
<div class="text-center">
<p class="font-medium">No tracks yet.</p>
<p class="text-sm opacity-70">Upload the first audio file for this album.</p>
<div class="pt-2">
<a href="/admin/audio/albums/{{ album.id }}/tracks/upload" class="btn btn-neutral btn-sm">Upload track</a>
</div>
</div>
{% endif %}
</div>
</div>
</div>
{% endblock content %}

46
assets/views/admin/audio/upload_track.html Normal file
View File

@@ -0,0 +1,46 @@
{% extends "admin/base.html" %}
{% block title %}Upload Track{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">Upload Track</h1>
<p class="text-sm opacity-70">{{ album.title }}</p>
</div>
<a href="/admin/audio/albums/{{ album.id }}/tracks" class="btn btn-ghost btn-sm">Back to tracks</a>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
<form method="post" action="/admin/audio/albums/{{ album.id }}/tracks/upload-file" enctype="multipart/form-data" class="space-y-2">
<div class="form-control">
<label class="label"><span class="label-text">Audio file</span></label>
<input type="file" name="file" accept="audio/mpeg,audio/wav,audio/ogg,audio/flac,audio/aac,audio/mp4,audio/webm" required class="file-input file-input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Title</span></label>
<input type="text" name="title" class="input input-bordered w-full">
</div>
<div class="form-control">
<label class="label"><span class="label-text">Track number</span></label>
<input type="number" name="track_number" min="1" class="input input-bordered w-full">
</div>
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="featured" class="checkbox checkbox-sm">
<span class="label-text">Featured</span>
</label>
<div class="flex flex-wrap gap-2 pt-2">
<button type="submit" class="btn btn-neutral btn-sm">Upload</button>
<a href="/admin/audio/albums/{{ album.id }}/tracks" class="btn btn-ghost btn-sm">Cancel</a>
</div>
</form>
</div>
</div>
</div>
{% endblock content %}

4
assets/views/admin/base.html
View File

@@ -65,6 +65,8 @@
<ul class="nav-menu menu menu-sm hidden items-center gap-1 md:flex">
<li><a href="/admin/dashboard">Dashboard</a></li>
<li><a href="/admin/blog/articles">Blog</a></li>
<li><a href="/admin/audio/albums">Audio</a></li>
<li><a href="/admin/images">Images</a></li>
<li><a href="/admin/about">About</a></li>
<li><a href="/">View site</a></li>
<li>
@@ -85,6 +87,8 @@
class="menu dropdown-content z-50 mt-3 w-52 rounded-box border border-base-300 bg-base-100 p-2 shadow-lg">
<li><a href="/admin/dashboard">Dashboard</a></li>
<li><a href="/admin/blog/articles">Blog</a></li>
<li><a href="/admin/audio/albums">Audio</a></li>
<li><a href="/admin/images">Images</a></li>
<li><a href="/admin/about">About</a></li>
<li><a href="/">View site</a></li>
<li>

38
assets/views/admin/images/index.html Normal file
View File

@@ -0,0 +1,38 @@
{% extends "admin/base.html" %}
{% block title %}Images{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">Images</h1>
<p class="text-sm opacity-70">Upload images for blog posts and audio covers.</p>
</div>
<a href="/admin/dashboard" class="btn btn-ghost btn-sm">Back to dashboard</a>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
{% if uploaded %}
<div class="alert mb-4">
<div>
<p class="font-medium">Uploaded image id: {{ uploaded }}</p>
<p class="text-sm opacity-70">URL: {{ uploaded_url }}</p>
</div>
</div>
{% endif %}
<form method="post" action="/admin/images/upload" enctype="multipart/form-data" class="space-y-2">
<div class="form-control">
<label class="label"><span class="label-text">Image file</span></label>
<input type="file" name="file" accept="image/jpeg,image/png,image/webp,image/gif" required class="file-input file-input-bordered w-full">
</div>
<div class="flex flex-wrap gap-2 pt-2">
<button type="submit" class="btn btn-neutral btn-sm">Upload</button>
</div>
</form>
</div>
</div>
</div>
{% endblock content %}

26
assets/views/admin/index.html
View File

@@ -38,6 +38,32 @@
</div>
</div>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
<div class="flex items-center justify-between gap-2">
<h2 class="card-title text-base">Audio</h2>
<span class="badge">Media</span>
</div>
<p class="text-sm opacity-70">Create albums and upload tracks.</p>
<div class="pt-2">
<a href="/admin/audio/albums" class="btn btn-neutral btn-sm">Manage audio</a>
</div>
</div>
</div>
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
<div class="flex items-center justify-between gap-2">
<h2 class="card-title text-base">Images</h2>
<span class="badge">Uploads</span>
</div>
<p class="text-sm opacity-70">Upload images for covers and articles.</p>
<div class="pt-2">
<a href="/admin/images" class="btn btn-neutral btn-sm">Upload image</a>
</div>
</div>
</div>
</div>
</div>
{% endblock content %}

48
assets/views/audio/album.html Normal file
View File

@@ -0,0 +1,48 @@
{% extends "base.html" %}
{% block title %}{{ album.title }}{% endblock title %}
{% block content %}
<div class="space-y-2">
<div class="flex flex-wrap items-center justify-between gap-3">
<div>
<h1 class="text-2xl font-bold">{{ album.title }}</h1>
{% if album.artist %}
<p class="text-sm opacity-70">{{ album.artist }}</p>
{% endif %}
</div>
<a href="/audio/albums" class="btn btn-ghost btn-sm">Back to albums</a>
</div>
{% if album.cover_image_id %}
<img src="/images/{{ album.cover_image_id }}" alt="" class="mb-4 rounded">
{% endif %}
{% if album.description %}
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
<p class="whitespace-pre-line">{{ album.description }}</p>
</div>
</div>
{% endif %}
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
{% if tracks | length > 0 %}
<div class="space-y-2">
{% for track in tracks %}
<div class="border-t border-base-300 pt-2">
<p class="font-medium">{% if track.track_number %}{{ track.track_number }}. {% endif %}{{ track.title }}</p>
<audio controls preload="metadata" class="mt-2 w-full">
<source src="/audio/tracks/{{ track.id }}/stream">
</audio>
</div>
{% endfor %}
</div>
{% else %}
<p class="text-center font-medium">No tracks yet.</p>
{% endif %}
</div>
</div>
</div>
{% endblock content %}

42
assets/views/audio/albums.html Normal file
View File

@@ -0,0 +1,42 @@
{% extends "base.html" %}
{% block title %}Audio{% endblock title %}
{% block content %}
<div class="space-y-2">
<div>
<h1 class="text-2xl font-bold">Audio</h1>
<p class="text-sm opacity-70">Published albums.</p>
</div>
{% if albums | length > 0 %}
<div class="grid grid-cols-2 gap-4 pt-4">
{% for album in albums %}
<article class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body">
{% if album.cover_image_id %}
<img src="/images/{{ album.cover_image_id }}" alt="" class="mb-3 rounded">
{% endif %}
<h2 class="card-title text-base">{{ album.title }}</h2>
{% if album.artist %}
<p class="text-sm opacity-70">{{ album.artist }}</p>
{% endif %}
{% if album.description %}
<p class="text-sm opacity-80">{{ album.description }}</p>
{% endif %}
<div class="pt-2">
<a href="/audio/albums/{{ album.slug }}" class="btn btn-neutral btn-sm">Open album</a>
</div>
</div>
</article>
{% endfor %}
</div>
{% else %}
<div class="card border border-base-300 bg-base-100 shadow-sm">
<div class="card-body text-center">
<p class="font-medium">No published albums yet.</p>
</div>
</div>
{% endif %}
</div>
{% endblock content %}

2
assets/views/base.html
View File

@@ -66,6 +66,7 @@
<li><a href="/">Home</a></li>
<li><a href="/about">About</a></li>
<li><a href="/blog">Blog</a></li>
<li><a href="/audio/albums">Audio</a></li>
{% if logged_in_admin %}
<li><a href="/admin/dashboard">Dashboard</a></li>
<li>
@@ -90,6 +91,7 @@
<li><a href="/">Home</a></li>
<li><a href="/about">About</a></li>
<li><a href="/blog">Blog</a></li>
<li><a href="/audio/albums">Audio</a></li>
{% if logged_in_admin %}
<li><a href="/admin/dashboard">Dashboard</a></li>
<li>

1
config/development.yaml
View File

@@ -104,3 +104,4 @@ auth:
settings:
admin_email: {{ get_env(name="ADMIN_EMAIL", default="admin@example.com") }}
uploads_root: {{ get_env(name="UPLOADS_ROOT", default="uploads") }}

1
config/test.yaml
View File

@@ -101,3 +101,4 @@ auth:
settings:
admin_email: admin@example.com
uploads_root: uploads/test

17
src/app.rs
View File

@@ -7,11 +7,12 @@ use loco_rs::{
controller::AppRoutes,
db::{self, truncate_table},
environment::Environment,
storage::{self, Storage},
task::Tasks,
Result,
};
use migration::Migrator;
use std::path::Path;
use std::{path::Path, sync::Arc};
#[allow(unused_imports)]
use crate::{
@@ -60,9 +61,23 @@ impl Hooks for App {
.add_route(controllers::auth::routes())
.add_route(controllers::admin::routes())
.add_route(controllers::blog::routes())
.add_route(controllers::media::routes())
.add_route(controllers::pages::routes())
.add_route(controllers::frontend::routes())
}
async fn after_context(ctx: AppContext) -> Result<AppContext> {
let upload_root = crate::controllers::media::uploads_root(&ctx.config)?;
tokio::fs::create_dir_all(upload_root.join(controllers::media::AUDIO_STORAGE_DIR)).await?;
tokio::fs::create_dir_all(upload_root.join(controllers::media::IMAGE_STORAGE_DIR)).await?;
let driver = storage::drivers::local::new_with_prefix(&upload_root)?;
Ok(AppContext {
storage: Arc::new(Storage::single(driver)),
..ctx
})
}
async fn connect_workers(ctx: &AppContext, queue: &Queue) -> Result<()> {
queue.register(DownloadWorker::build(ctx)).await?;
Ok(())

737
src/controllers/media.rs Normal file
View File

@@ -0,0 +1,737 @@
use crate::{
controllers::{admin, auth as auth_controller},
models::{
_entities::{audio_albums, audio_tracks},
users,
},
};
use axum::{
body::Body,
extract::{DefaultBodyLimit, Multipart},
http::{
header::{self, HeaderMap},
StatusCode,
},
};
use axum_extra::extract::cookie::CookieJar;
use bytes::Bytes;
use chrono::{NaiveDate, Utc};
use loco_rs::{config::Config, prelude::*};
use sea_orm::{
ActiveModelTrait, ColumnTrait, EntityTrait, ModelTrait, PaginatorTrait, QueryFilter,
QueryOrder, Set,
};
use serde::{Deserialize, Serialize};
use serde_json::json;
use std::{
collections::HashMap,
path::{Path as StdPath, PathBuf},
str::FromStr,
};
use tokio::io::{AsyncReadExt, AsyncSeekExt, SeekFrom};
use uuid::Uuid;
const AUDIO_MAX_BYTES: usize = 50 * 1024 * 1024;
const IMAGE_MAX_BYTES: usize = 10 * 1024 * 1024;
pub const AUDIO_STORAGE_DIR: &str = "audio";
pub const IMAGE_STORAGE_DIR: &str = "images";
#[derive(Debug, Deserialize)]
struct AlbumForm {
title: String,
description: Option<String>,
cover_image_id: Option<String>,
artist: Option<String>,
release_date: Option<String>,
published: Option<String>,
}
#[derive(Debug, Serialize)]
struct UploadResponse {
filename: String,
url: String,
size: usize,
}
pub fn uploads_root(config: &Config) -> Result<PathBuf> {
config
.settings
.as_ref()
.and_then(|settings| settings.get("uploads_root"))
.and_then(|value| value.as_str())
.filter(|value| !value.trim().is_empty())
.map(PathBuf::from)
.ok_or_else(|| Error::string("settings.uploads_root must be configured"))
}
fn slugify(title: &str) -> String {
let mut slug = String::new();
let mut last_was_dash = false;
for ch in title.chars().flat_map(char::to_lowercase) {
if ch.is_ascii_alphanumeric() {
slug.push(ch);
last_was_dash = false;
} else if !last_was_dash && !slug.is_empty() {
slug.push('-');
last_was_dash = true;
}
}
let slug = slug.trim_matches('-').to_string();
if slug.is_empty() {
Uuid::new_v4().to_string()
} else {
slug
}
}
fn normalize_empty(value: Option<String>) -> Option<String> {
value.and_then(|value| {
let value = value.trim().to_string();
if value.is_empty() {
None
} else {
Some(value)
}
})
}
fn is_checked(value: &Option<String>) -> bool {
value.as_deref().is_some_and(|value| value == "on" || value == "true" || value == "1")
}
fn safe_filename(filename: &str) -> Result<&str> {
if filename.is_empty()
|| filename.contains('/')
|| filename.contains('\\')
|| filename.contains("..")
{
return Err(Error::BadRequest("invalid filename".to_string()));
}
Ok(filename)
}
fn audio_content_type(extension: &str) -> &'static str {
match extension {
"aac" => "audio/aac",
"flac" => "audio/flac",
"m4a" => "audio/mp4",
"ogg" => "audio/ogg",
"wav" => "audio/wav",
"webm" => "audio/webm",
_ => "audio/mpeg",
}
}
fn image_content_type(extension: &str) -> &'static str {
match extension {
"gif" => "image/gif",
"jpg" | "jpeg" => "image/jpeg",
"png" => "image/png",
"webp" => "image/webp",
_ => "application/octet-stream",
}
}
fn detect_audio_extension(data: &[u8]) -> Result<&'static str> {
if data.len() < 12 {
return Err(Error::BadRequest("audio file is too small".to_string()));
}
if data.starts_with(b"ID3") || (data[0] == 0xff && (data[1] & 0xe0) == 0xe0) {
return Ok("mp3");
}
if data.starts_with(b"RIFF") && &data[8..12] == b"WAVE" {
return Ok("wav");
}
if data.starts_with(b"OggS") {
return Ok("ogg");
}
if data.starts_with(b"fLaC") {
return Ok("flac");
}
if data.len() >= 12 && &data[4..8] == b"ftyp" {
return Ok("m4a");
}
if data.starts_with(&[0x1a, 0x45, 0xdf, 0xa3]) {
return Ok("webm");
}
if data.starts_with(&[0xff, 0xf1]) || data.starts_with(&[0xff, 0xf9]) {
return Ok("aac");
}
Err(Error::BadRequest("unsupported audio format".to_string()))
}
fn detect_image_extension(data: &[u8]) -> Result<&'static str> {
if data.len() < 12 {
return Err(Error::BadRequest("image file is too small".to_string()));
}
if data.starts_with(&[0x89, b'P', b'N', b'G', 0x0d, 0x0a, 0x1a, 0x0a]) {
return Ok("png");
}
if data.starts_with(&[0xff, 0xd8, 0xff]) {
return Ok("jpg");
}
if data.starts_with(b"RIFF") && &data[8..12] == b"WEBP" {
return Ok("webp");
}
if data.starts_with(b"GIF87a") || data.starts_with(b"GIF89a") {
return Ok("gif");
}
Err(Error::BadRequest("unsupported image format".to_string()))
}
async fn read_multipart_file(mut multipart: Multipart, max_bytes: usize) -> Result<Vec<u8>> {
while let Some(mut field) = multipart
.next_field()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart data: {err}")))?
{
if field.name() != Some("file") {
continue;
}
let mut data = Vec::new();
while let Some(chunk) = field
.chunk()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart chunk: {err}")))?
{
data.extend_from_slice(&chunk);
if data.len() > max_bytes {
return Err(Error::BadRequest(format!(
"file is larger than {} MB",
max_bytes / 1024 / 1024
)));
}
}
if data.is_empty() {
return Err(Error::BadRequest("empty file upload".to_string()));
}
return Ok(data);
}
Err(Error::BadRequest("multipart field `file` is required".to_string()))
}
async fn read_track_upload(mut multipart: Multipart) -> Result<(Vec<u8>, Option<String>, Option<i32>, bool)> {
let mut data = None;
let mut title = None;
let mut track_number = None;
let mut featured = false;
while let Some(mut field) = multipart
.next_field()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart data: {err}")))?
{
let name = field.name().unwrap_or("").to_string();
if name == "file" {
let mut file = Vec::new();
while let Some(chunk) = field
.chunk()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart chunk: {err}")))?
{
file.extend_from_slice(&chunk);
if file.len() > AUDIO_MAX_BYTES {
return Err(Error::BadRequest("file is larger than 50 MB".to_string()));
}
}
data = Some(file);
} else {
let value = field
.text()
.await
.map_err(|err| Error::BadRequest(format!("invalid multipart field: {err}")))?;
match name.as_str() {
"title" => title = normalize_empty(Some(value)),
"track_number" => {
track_number = value.trim().parse::<i32>().ok().filter(|number| *number > 0)
}
"featured" => featured = value == "on" || value == "true" || value == "1",
_ => {}
}
}
}
let data = data.ok_or_else(|| Error::BadRequest("multipart field `file` is required".to_string()))?;
if data.is_empty() {
return Err(Error::BadRequest("empty file upload".to_string()));
}
Ok((data, title, track_number, featured))
}
async fn unique_album_slug(ctx: &AppContext, title: &str) -> Result<String> {
let base = slugify(title);
let mut slug = base.clone();
let mut suffix = 2;
while audio_albums::Entity::find()
.filter(audio_albums::Column::Slug.eq(&slug))
.count(&ctx.db)
.await?
> 0
{
slug = format!("{base}-{suffix}");
suffix += 1;
}
Ok(slug)
}
async fn unique_track_slug(ctx: &AppContext, album_id: Uuid, title: &str) -> Result<String> {
let base = slugify(title);
let mut slug = base.clone();
let mut suffix = 2;
while audio_tracks::Entity::find()
.filter(audio_tracks::Column::AlbumId.eq(album_id))
.filter(audio_tracks::Column::Slug.eq(&slug))
.count(&ctx.db)
.await?
> 0
{
slug = format!("{base}-{suffix}");
suffix += 1;
}
Ok(slug)
}
async fn logged_in_admin(ctx: &AppContext, jar: &CookieJar) -> bool {
let Some(cookie) = jar.get(auth_controller::AUTH_COOKIE) else {
return false;
};
let Ok(jwt_config) = ctx.config.get_jwt_config() else {
return false;
};
let Ok(claims) = loco_rs::auth::jwt::JWT::new(&jwt_config.secret).validate(cookie.value())
else {
return false;
};
let Ok(user) = users::Model::find_by_pid(&ctx.db, &claims.claims.pid).await else {
return false;
};
admin::is_admin(ctx, &user)
}
async fn album_by_id(ctx: &AppContext, id: Uuid) -> Result<audio_albums::Model> {
audio_albums::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)
}
async fn track_by_id(ctx: &AppContext, id: Uuid) -> Result<audio_tracks::Model> {
audio_tracks::Entity::find_by_id(id)
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)
}
async fn store_upload(ctx: &AppContext, folder: &str, extension: &str, data: Vec<u8>) -> Result<String> {
let filename = format!("{}.{}", Uuid::new_v4(), extension);
let key = format!("{folder}/{filename}");
ctx.storage
.upload(StdPath::new(&key), &Bytes::from(data))
.await?;
Ok(filename)
}
#[debug_handler]
async fn image_upload(auth: auth::JWT, State(ctx): State<AppContext>, multipart: Multipart) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let data = read_multipart_file(multipart, IMAGE_MAX_BYTES).await?;
let extension = detect_image_extension(&data)?;
let size = data.len();
let filename = store_upload(&ctx, IMAGE_STORAGE_DIR, extension, data).await?;
format::json(UploadResponse {
url: format!("/images/{filename}"),
filename,
size,
})
}
#[debug_handler]
async fn admin_images(
auth: auth::JWT,
ViewEngine(v): ViewEngine<TeraView>,
Query(query): Query<HashMap<String, String>>,
State(ctx): State<AppContext>,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let uploaded = query.get("uploaded");
format::view(
&v,
"admin/images/index.html",
json!({
"uploaded": uploaded,
"uploaded_url": uploaded.map(|filename| format!("/images/{filename}")),
}),
)
}
#[debug_handler]
async fn admin_image_upload(auth: auth::JWT, State(ctx): State<AppContext>, multipart: Multipart) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let data = read_multipart_file(multipart, IMAGE_MAX_BYTES).await?;
let extension = detect_image_extension(&data)?;
let filename = store_upload(&ctx, IMAGE_STORAGE_DIR, extension, data).await?;
format::redirect(&format!("/admin/images?uploaded={filename}"))
}
#[debug_handler]
async fn image_serve(Path(filename): Path<String>, State(ctx): State<AppContext>) -> Result<Response> {
let filename = safe_filename(&filename)?;
let extension = filename.rsplit('.').next().unwrap_or("");
let key = format!("{IMAGE_STORAGE_DIR}/{filename}");
let body: Vec<u8> = ctx.storage.download(StdPath::new(&key)).await?;
Response::builder()
.header(header::CONTENT_TYPE, image_content_type(extension))
.header(header::CACHE_CONTROL, "public, max-age=31536000, immutable")
.body(Body::from(body))
.map_err(Error::from)
}
#[debug_handler]
async fn audio_upload(auth: auth::JWT, State(ctx): State<AppContext>, multipart: Multipart) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let data = read_multipart_file(multipart, AUDIO_MAX_BYTES).await?;
let extension = detect_audio_extension(&data)?;
let size = data.len();
let filename = store_upload(&ctx, AUDIO_STORAGE_DIR, extension, data).await?;
format::json(UploadResponse {
url: format!("/audio/stream/{filename}"),
filename,
size,
})
}
#[debug_handler]
async fn public_albums(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let albums = audio_albums::Entity::find()
.filter(audio_albums::Column::Published.eq(true))
.order_by_desc(audio_albums::Column::PublishedAt)
.all(&ctx.db)
.await?;
format::view(
&v,
"audio/albums.html",
json!({ "albums": albums, "logged_in_admin": logged_in_admin(&ctx, &jar).await }),
)
}
#[debug_handler]
async fn public_album(
jar: CookieJar,
ViewEngine(v): ViewEngine<TeraView>,
Path(slug): Path<String>,
State(ctx): State<AppContext>,
) -> Result<Response> {
let album = audio_albums::Entity::find()
.filter(audio_albums::Column::Slug.eq(slug))
.filter(audio_albums::Column::Published.eq(true))
.one(&ctx.db)
.await?
.ok_or_else(|| Error::NotFound)?;
let mut active = album.clone().into_active_model();
active.view_count = Set(album.view_count + 1);
let album = active.update(&ctx.db).await?;
let tracks = audio_tracks::Entity::find()
.filter(audio_tracks::Column::AlbumId.eq(album.id))
.order_by_asc(audio_tracks::Column::TrackNumber)
.order_by_asc(audio_tracks::Column::Title)
.all(&ctx.db)
.await?;
format::view(
&v,
"audio/album.html",
json!({
"album": album,
"tracks": tracks,
"logged_in_admin": logged_in_admin(&ctx, &jar).await,
}),
)
}
#[debug_handler]
async fn admin_albums(
auth: auth::JWT,
ViewEngine(v): ViewEngine<TeraView>,
State(ctx): State<AppContext>,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let albums = audio_albums::Entity::find()
.order_by_desc(audio_albums::Column::CreatedAt)
.all(&ctx.db)
.await?;
let mut rows = Vec::new();
for album in albums {
let track_count = audio_tracks::Entity::find()
.filter(audio_tracks::Column::AlbumId.eq(album.id))
.count(&ctx.db)
.await?;
rows.push(json!({ "album": album, "track_count": track_count }));
}
format::view(&v, "admin/audio/albums.html", json!({ "albums": rows }))
}
#[debug_handler]
async fn admin_album_new(auth: auth::JWT, ViewEngine(v): ViewEngine<TeraView>, State(ctx): State<AppContext>) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
format::view(&v, "admin/audio/new_album.html", json!({}))
}
#[debug_handler]
async fn admin_album_create(
auth: auth::JWT,
State(ctx): State<AppContext>,
Form(params): Form<AlbumForm>,
) -> Result<Response> {
let admin_user = admin::current_admin(auth, &ctx).await?;
let published = is_checked(&params.published);
let release_date = normalize_empty(params.release_date)
.and_then(|date| NaiveDate::parse_from_str(&date, "%Y-%m-%d").ok());
audio_albums::ActiveModel {
id: Set(Uuid::new_v4()),
title: Set(params.title.clone()),
slug: Set(unique_album_slug(&ctx, &params.title).await?),
description: Set(normalize_empty(params.description)),
cover_image_id: Set(normalize_empty(params.cover_image_id)),
artist: Set(normalize_empty(params.artist)),
release_date: Set(release_date),
published: Set(published),
uploader_id: Set(admin_user.id),
view_count: Set(0),
published_at: Set(published.then(|| Utc::now().into())),
..Default::default()
}
.insert(&ctx.db)
.await?;
format::redirect("/admin/audio/albums")
}
#[debug_handler]
async fn admin_album_tracks(
auth: auth::JWT,
ViewEngine(v): ViewEngine<TeraView>,
Path(album_id): Path<Uuid>,
State(ctx): State<AppContext>,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let album = album_by_id(&ctx, album_id).await?;
let tracks = audio_tracks::Entity::find()
.filter(audio_tracks::Column::AlbumId.eq(album_id))
.order_by_asc(audio_tracks::Column::TrackNumber)
.order_by_asc(audio_tracks::Column::Title)
.all(&ctx.db)
.await?;
format::view(
&v,
"admin/audio/tracks.html",
json!({ "album": album, "tracks": tracks }),
)
}
#[debug_handler]
async fn admin_track_upload_form(
auth: auth::JWT,
ViewEngine(v): ViewEngine<TeraView>,
Path(album_id): Path<Uuid>,
State(ctx): State<AppContext>,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
format::view(
&v,
"admin/audio/upload_track.html",
json!({ "album": album_by_id(&ctx, album_id).await? }),
)
}
#[debug_handler]
async fn admin_track_upload(
auth: auth::JWT,
Path(album_id): Path<Uuid>,
State(ctx): State<AppContext>,
multipart: Multipart,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
album_by_id(&ctx, album_id).await?;
let (data, title, track_number, featured) = read_track_upload(multipart).await?;
let extension = detect_audio_extension(&data)?;
let filename = store_upload(&ctx, AUDIO_STORAGE_DIR, extension, data).await?;
let title = title.unwrap_or_else(|| filename.trim_end_matches(&format!(".{extension}")).to_string());
audio_tracks::ActiveModel {
id: Set(Uuid::new_v4()),
album_id: Set(album_id),
title: Set(title.clone()),
slug: Set(unique_track_slug(&ctx, album_id, &title).await?),
audio_file_id: Set(filename),
track_number: Set(track_number),
duration: Set(None),
featured: Set(featured),
play_count: Set(0),
..Default::default()
}
.insert(&ctx.db)
.await?;
format::redirect(&format!("/admin/audio/albums/{album_id}/tracks"))
}
#[debug_handler]
async fn admin_track_delete(
auth: auth::JWT,
Path(id): Path<Uuid>,
State(ctx): State<AppContext>,
) -> Result<Response> {
admin::current_admin(auth, &ctx).await?;
let track = track_by_id(&ctx, id).await?;
let album_id = track.album_id;
let _ = ctx
.storage
.delete(StdPath::new(&format!("{AUDIO_STORAGE_DIR}/{}", track.audio_file_id)))
.await;
track.delete(&ctx.db).await?;
format::redirect(&format!("/admin/audio/albums/{album_id}/tracks"))
}
async fn stream_audio_file(config: &Config, filename: &str, headers: &HeaderMap) -> Result<Response> {
let filename = safe_filename(filename)?;
let path = uploads_root(config)?.join(AUDIO_STORAGE_DIR).join(filename);
let mut file = tokio::fs::File::open(&path).await.map_err(|_| Error::NotFound)?;
let total_len = file.metadata().await?.len();
let extension = filename.rsplit('.').next().unwrap_or("mp3");
let content_type = audio_content_type(extension);
let (status, start, end) = parse_range(headers, total_len)?;
let len = end.saturating_sub(start) + 1;
file.seek(SeekFrom::Start(start)).await?;
let mut body = vec![0; len as usize];
file.read_exact(&mut body).await?;
let mut builder = Response::builder()
.status(status)
.header(header::CONTENT_TYPE, content_type)
.header(header::ACCEPT_RANGES, "bytes")
.header(header::CONTENT_LENGTH, len.to_string());
if status == StatusCode::PARTIAL_CONTENT {
builder = builder.header(
header::CONTENT_RANGE,
format!("bytes {start}-{end}/{total_len}"),
);
}
builder.body(Body::from(body)).map_err(Error::from)
}
fn parse_range(headers: &HeaderMap, total_len: u64) -> Result<(StatusCode, u64, u64)> {
if total_len == 0 {
return Ok((StatusCode::OK, 0, 0));
}
let Some(range_header) = headers.get(header::RANGE) else {
return Ok((StatusCode::OK, 0, total_len - 1));
};
let range = range_header
.to_str()
.map_err(|_| Error::BadRequest("invalid range header".to_string()))?;
let Some(range) = range.strip_prefix("bytes=") else {
return Err(Error::BadRequest("invalid range header".to_string()));
};
let Some((start, end)) = range.split_once('-') else {
return Err(Error::BadRequest("invalid range header".to_string()));
};
let suffix_range = start.is_empty();
let start = if suffix_range {
let suffix = u64::from_str(end).map_err(|_| Error::BadRequest("invalid range header".to_string()))?;
total_len.saturating_sub(suffix)
} else {
u64::from_str(start).map_err(|_| Error::BadRequest("invalid range header".to_string()))?
};
let end = if suffix_range || end.is_empty() {
total_len - 1
} else {
u64::from_str(end).map_err(|_| Error::BadRequest("invalid range header".to_string()))?
};
if start >= total_len || end >= total_len || start > end {
return Err(Error::CustomError(
StatusCode::RANGE_NOT_SATISFIABLE,
loco_rs::controller::ErrorDetail::new("range-not-satisfiable", "range not satisfiable"),
));
}
Ok((StatusCode::PARTIAL_CONTENT, start, end))
}
#[debug_handler]
async fn raw_audio_stream(
Path(filename): Path<String>,
headers: HeaderMap,
State(ctx): State<AppContext>,
) -> Result<Response> {
stream_audio_file(&ctx.config, &filename, &headers).await
}
#[debug_handler]
async fn track_stream(
Path(id): Path<Uuid>,
headers: HeaderMap,
State(ctx): State<AppContext>,
) -> Result<Response> {
let track = track_by_id(&ctx, id).await?;
let album = album_by_id(&ctx, track.album_id).await?;
if !album.published {
return Err(Error::NotFound);
}
let mut active = track.clone().into_active_model();
active.play_count = Set(track.play_count + 1);
let track = active.update(&ctx.db).await?;
stream_audio_file(&ctx.config, &track.audio_file_id, &headers).await
}
pub fn routes() -> Routes {
Routes::new()
.add("/images/upload", post(image_upload).layer(DefaultBodyLimit::max(IMAGE_MAX_BYTES + 1024 * 1024)))
.add("/images/{filename}", get(image_serve))
.add("/audio/upload", post(audio_upload).layer(DefaultBodyLimit::max(AUDIO_MAX_BYTES + 1024 * 1024)))
.add("/audio/stream/{filename}", get(raw_audio_stream))
.add("/audio/albums", get(public_albums))
.add("/audio/albums/{slug}", get(public_album))
.add("/audio/tracks/{id}/stream", get(track_stream))
.add("/admin/images", get(admin_images))
.add("/admin/images/upload", post(admin_image_upload).layer(DefaultBodyLimit::max(IMAGE_MAX_BYTES + 1024 * 1024)))
.add("/admin/audio/albums", get(admin_albums))
.add("/admin/audio/albums/create", get(admin_album_new))
.add("/admin/audio/albums/create", post(admin_album_create))
.add("/admin/audio/albums/{album_id}/tracks", get(admin_album_tracks))
.add("/admin/audio/albums/{album_id}/tracks/upload", get(admin_track_upload_form))
.add("/admin/audio/albums/{album_id}/tracks/upload-file", post(admin_track_upload).layer(DefaultBodyLimit::max(AUDIO_MAX_BYTES + 1024 * 1024)))
.add("/admin/audio/tracks/{id}/delete", post(admin_track_delete))
}

1
src/controllers/mod.rs
View File

@@ -2,4 +2,5 @@ pub mod admin;
pub mod auth;
pub mod blog;
pub mod frontend;
pub mod media;
pub mod pages;