reference temporary table for uploads

rest/pyapi.py

@@ -46,6 +46,23 @@ def parse_data_uri(content):
     }
 
 
+def parse_upload_placeholder(rowid):
+    rowid = int(rowid)
+    con = connect('util.db')
+    content = None
+    try:
+        content = con.cursor().execute("""
+SELECT content FROM upload_temp WHERE rowid = ? LIMIT 1;
+""", (rowid,)).fetchall()[0][0]
+    finally:
+        con.close()
+    
+    data = parse_data_uri(content)
+    assert data['encoding'] == 'base64', f"unsupported encoding: {data['encoding']}"
+    data = b64decode(data['data'] + '==')
+    return data
+
+
 @route('/goto/preview', method=['GET'])
 def get_goto_preview():
     link = request.params.link
@@ -81,9 +98,7 @@ def get_hash(route):
     data = body['data']
     person = body.get('person', None)
     if route == 'upload':
-        data = parse_data_uri(data)
-        assert data['encoding'] == 'base64', f"unsupported encoding: {data['encoding']}"
-        data = b64decode(data['data'] + '==')
+        data = parse_upload_placeholder(data)
     elif route == 'code':
         data = dumps(loads(body['data']), sort_keys=True).encode('utf-8')
     else:
@@ -107,9 +122,7 @@ def get_qr(route):
     data = body['data']
     fallback = body.get('fallback', None)
     if route == 'upload':
-        data = parse_data_uri(data)
-        assert data['encoding'] == 'base64', f"unsupported encoding: {data['encoding']}"
-        data = b64decode(data['data'] + '==')
+        data = parse_upload_placeholder(data)
     else:
         data = data.encode('utf-8')
 
@@ -140,12 +153,9 @@ def get_upload(hash):
     con = connect('util.db')
     fname, mimetype, content = (None, None, None)
     try:
-        fname, mimetype, content, created = con.cursor().execute(f"""
-SELECT name, mime, content, created
-FROM upload
-WHERE hash = '{hash}'
-LIMIT 1;
-""").fetchall()[0]
+        fname, mimetype, content, created = con.cursor().execute("""
+SELECT name, mime, content, created FROM upload WHERE hash = ? LIMIT 1;
+""", (hash,)).fetchall()[0]
     finally:
         con.close()
 

util-sqlpage/sqlpage/migrations/008_upload_temp.sql

@@ -0,0 +1,6 @@
+DROP TABLE IF EXISTS upload_temp;
+CREATE TABLE IF NOT EXISTS upload_temp(
+  name text,
+  mime text,
+  content text
+);

util-sqlpage/upload.sql

@@ -7,7 +7,6 @@ SET ":tabler_color" = 'yellow';
 SET ":image" = '/static/upload/upload-favicon_square.svg';
 SET ":favicon" = :image;
 SET ":manifest" = '/static/upload/manifest.json';
-SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties;
 SET ":inner" = (CASE COALESCE(:inner, '')
   WHEN 'sqlpage/Open.sql' THEN :inner
   ELSE 'upload/Index.sql'
@@ -17,4 +16,14 @@ END);
 --SET ":file_name" = sqlpage.uploaded_file_name('content');
 SET ":mime_type" = sqlpage.uploaded_file_mime_type('content');
 SET ":content" = sqlpage.read_file_as_data_url(sqlpage.uploaded_file_path('content'));
+
+SELECT 'dynamic' AS component, sqlpage.run_sql('upload/temp.sql') AS properties
+WHERE :content IS NOT NULL AND $rowid IS NULL;
+
+SET ":file_name" = (SELECT name FROM upload_temp WHERE rowid = $rowid);
+SET ":mime_type" = (SELECT mime FROM upload_temp WHERE rowid = $rowid);
+SET ":content" = CAST($rowid AS INTEGER);
+
+SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/theme.sql') AS properties
+WHERE $rowid IS NULL;
 SELECT 'dynamic' AS component, sqlpage.run_sql(:inner) AS properties;

util-sqlpage/upload/Index.sql

@@ -1,5 +1,6 @@
-SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties;
-SET ":inner" = CASE COALESCE(:content, '') <> '' AND COALESCE(:action, '') = 'Upload'
+SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/Style.sql') AS properties
+WHERE $rowid IS NULL;
+SET ":inner" = CASE COALESCE($rowid, '') <> ''
   WHEN TRUE THEN 'sqlpage/save.sql'
   ELSE CASE COALESCE(:hash, '')
     WHEN '' THEN 'sqlpage/Link.sql'

util-sqlpage/upload/form.sql

@@ -2,12 +2,12 @@ SET ":view" = COALESCE(:content, '') <> '';
 SELECT 'button' AS component;
 SELECT 'Open' AS title
 , 1 AS width
-, '/upload/open.sql?' AS link
+, '/upload/open.sql' AS link
 ;
 SELECT 'New' AS title
 , 1 AS width
 , 'gray-500' AS color
-, '/upload.sql?' AS link
+, '/upload.sql' AS link
 ;
 SELECT 'Download' AS title
 , 2 AS width

util-sqlpage/upload/save.sql

@@ -1,3 +1,6 @@
+SET ":rowid" = :content;
+SET ":content" = (SELECT content FROM upload_temp WHERE rowid = :rowid);
+
 INSERT INTO upload (hash, content, name, mime, qr, created)
 VALUES (:hash, :content, :file_name, :mime_type, :qr, CURRENT_TIMESTAMP)
 ON CONFLICT DO
@@ -8,4 +11,10 @@ UPDATE SET
   created = excluded.created,
   qr = excluded.qr
 WHERE excluded.created > upload.created;
+
+DELETE FROM upload_temp WHERE rowid = :rowid;
+
+SELECT 'redirect' AS component, '/upload.sql?hash='||:hash AS link
+WHERE :rowid IS NOT NULL;
+
 SELECT 'dynamic' AS component, sqlpage.run_sql('sqlpage/link.sql') AS properties;

util-sqlpage/upload/temp.sql

@@ -0,0 +1,3 @@
+DELETE FROM upload_temp WHERE name IS NULL OR mime IS NULL;
+INSERT INTO upload_temp(name, mime, content) VALUES (:file_name, :mime_type, :content)
+RETURNING 'redirect' AS component, '/upload.sql?rowid='||rowid AS link;