From 18186961c179e226554194ea532821fe481bfd99 Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Mon, 5 Dec 2022 11:22:12 +0000
Subject: [PATCH 1/6] check content-type on handleAdd early

---
 handlers.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/handlers.go b/handlers.go
index c4f30c30..ed052e6b 100644
--- a/handlers.go
+++ b/handlers.go
@@ -857,6 +857,10 @@ func (s *Server) handleAdd(c echo.Context, u *util.User) error {
 	ctx, span := s.tracer.Start(c.Request().Context(), "handleAdd", trace.WithAttributes(attribute.Int("user", int(u.ID))))
 	defer span.End()
 
+	if c.Request().Header.Get("Content-Type") != "multipart/form-data" {
+		return errors.New("request Content-Type isn't multipart/form-data")
+	}
+
 	if err := util.ErrorIfContentAddingDisabled(s.isContentAddingDisabled(u)); err != nil {
 		return err
 	}

From b9682864a5e868adce72116df66a53a0536955b5 Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Mon, 5 Dec 2022 16:38:10 +0000
Subject: [PATCH 2/6] add to shuttle as well

---
 cmd/estuary-shuttle/main.go | 6 +++++-
 handlers.go                 | 4 ++--
 util/content.go             | 8 ++++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/cmd/estuary-shuttle/main.go b/cmd/estuary-shuttle/main.go
index 5b11b113..d76d618a 100644
--- a/cmd/estuary-shuttle/main.go
+++ b/cmd/estuary-shuttle/main.go
@@ -313,7 +313,7 @@ func main() {
 			Value: cfg.Dev,
 		},
 		&cli.StringSliceFlag{
-			Name: "announce-addr",
+			Name:  "announce-addr",
 			Usage: "specify multiaddrs that this node can be connected to	",
 			Value: cli.NewStringSlice(cfg.Node.AnnounceAddrs...),
 		},
@@ -1250,6 +1250,10 @@ func (s *Shuttle) handleLogLevel(c echo.Context) error {
 func (s *Shuttle) handleAdd(c echo.Context, u *User) error {
 	ctx := c.Request().Context()
 
+	if err := util.CheckContentTypeIsMultipartFormData(c.Request().Header); err != nil {
+		return err
+	}
+
 	if err := util.ErrorIfContentAddingDisabled(s.isContentAddingDisabled(u)); err != nil {
 		return err
 	}
diff --git a/handlers.go b/handlers.go
index ed052e6b..fc3589ba 100644
--- a/handlers.go
+++ b/handlers.go
@@ -857,8 +857,8 @@ func (s *Server) handleAdd(c echo.Context, u *util.User) error {
 	ctx, span := s.tracer.Start(c.Request().Context(), "handleAdd", trace.WithAttributes(attribute.Int("user", int(u.ID))))
 	defer span.End()
 
-	if c.Request().Header.Get("Content-Type") != "multipart/form-data" {
-		return errors.New("request Content-Type isn't multipart/form-data")
+	if err := util.CheckContentTypeIsMultipartFormData(c.Request().Header); err != nil {
+		return err
 	}
 
 	if err := util.ErrorIfContentAddingDisabled(s.isContentAddingDisabled(u)); err != nil {
diff --git a/util/content.go b/util/content.go
index 8a3acf65..82eb3dd1 100644
--- a/util/content.go
+++ b/util/content.go
@@ -2,6 +2,7 @@ package util
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"path/filepath"
@@ -213,3 +214,10 @@ func GetContent(contentid string, db *gorm.DB, u *User) (Content, error) {
 	}
 	return content, nil
 }
+
+func CheckContentTypeIsMultipartFormData(header http.Header) error {
+	if header.Get("Content-Type") != "multipart/form-data" {
+		return errors.New("request Content-Type isn't multipart/form-data")
+	}
+	return nil
+}

From 2307b8d59840244eddcde492fb56c00dd9c9dfc9 Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Tue, 6 Dec 2022 09:42:03 +0000
Subject: [PATCH 3/6] middleware

---
 cmd/estuary-shuttle/main.go |  6 +++---
 handlers.go                 |  4 ++--
 util/content.go             |  8 --------
 util/misc.go                | 13 +++++++++++++
 4 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/cmd/estuary-shuttle/main.go b/cmd/estuary-shuttle/main.go
index d76d618a..c2f51205 100644
--- a/cmd/estuary-shuttle/main.go
+++ b/cmd/estuary-shuttle/main.go
@@ -313,7 +313,7 @@ func main() {
 			Value: cfg.Dev,
 		},
 		&cli.StringSliceFlag{
-			Name:  "announce-addr",
+			Name: "announce-addr",
 			Usage: "specify multiaddrs that this node can be connected to	",
 			Value: cli.NewStringSlice(cfg.Node.AnnounceAddrs...),
 		},
@@ -1145,7 +1145,7 @@ func (s *Shuttle) ServeAPI() error {
 
 	content := e.Group("/content")
 	content.Use(s.AuthRequired(util.PermLevelUpload))
-	content.POST("/add", withUser(s.handleAdd))
+	content.POST("/add", util.WithMultipartFormDataChecker(withUser(s.handleAdd)))
 	content.POST("/add-car", util.WithContentLengthCheck(withUser(s.handleAddCar)))
 	content.GET("/read/:cont", withUser(s.handleReadContent))
 	content.POST("/importdeal", withUser(s.handleImportDeal))
@@ -1250,7 +1250,7 @@ func (s *Shuttle) handleLogLevel(c echo.Context) error {
 func (s *Shuttle) handleAdd(c echo.Context, u *User) error {
 	ctx := c.Request().Context()
 
-	if err := util.CheckContentTypeIsMultipartFormData(c.Request().Header); err != nil {
+	if err := util.WithMultipartFormDataChecker(c.Request().Header); err != nil {
 		return err
 	}
 
diff --git a/handlers.go b/handlers.go
index fc3589ba..af067552 100644
--- a/handlers.go
+++ b/handlers.go
@@ -157,7 +157,7 @@ func (s *Server) ServeAPI() error {
 
 	contmeta := e.Group("/content")
 	uploads := contmeta.Group("", s.AuthRequired(util.PermLevelUpload))
-	uploads.POST("/add", withUser(s.handleAdd))
+	uploads.POST("/add", util.WithMultipartFormDataChecker(withUser(s.handleAdd)))
 	uploads.POST("/add-ipfs", withUser(s.handleAddIpfs))
 	uploads.POST("/add-car", util.WithContentLengthCheck(withUser(s.handleAddCar)))
 	uploads.POST("/create", withUser(s.handleCreateContent))
@@ -857,7 +857,7 @@ func (s *Server) handleAdd(c echo.Context, u *util.User) error {
 	ctx, span := s.tracer.Start(c.Request().Context(), "handleAdd", trace.WithAttributes(attribute.Int("user", int(u.ID))))
 	defer span.End()
 
-	if err := util.CheckContentTypeIsMultipartFormData(c.Request().Header); err != nil {
+	if err := util.WithMultipartFormDataChecker(c.Request().Header); err != nil {
 		return err
 	}
 
diff --git a/util/content.go b/util/content.go
index 82eb3dd1..8a3acf65 100644
--- a/util/content.go
+++ b/util/content.go
@@ -2,7 +2,6 @@ package util
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"net/http"
 	"path/filepath"
@@ -214,10 +213,3 @@ func GetContent(contentid string, db *gorm.DB, u *User) (Content, error) {
 	}
 	return content, nil
 }
-
-func CheckContentTypeIsMultipartFormData(header http.Header) error {
-	if header.Get("Content-Type") != "multipart/form-data" {
-		return errors.New("request Content-Type isn't multipart/form-data")
-	}
-	return nil
-}
diff --git a/util/misc.go b/util/misc.go
index 8144703b..ffc9c5dc 100644
--- a/util/misc.go
+++ b/util/misc.go
@@ -120,6 +120,19 @@ func JSONPayloadMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	}
 }
 
+func WithMultipartFormDataChecker(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		if c.Request().Header.Get("Content-Type") != "multipart/form-data" {
+			return &HttpError{
+				Code:    http.StatusUnsupportedMediaType,
+				Reason:  ERR_UNSUPPORTED_CONTENT_TYPE,
+				Details: "this endpoint only supports multipart/form-data payloads",
+			}
+		}
+		return next(c)
+	}
+}
+
 func DumpBlockstoreTo(ctx context.Context, tc trace.Tracer, from, to blockstore.Blockstore) error {
 	ctx, span := tc.Start(ctx, "blockstoreCopy")
 	defer span.End()

From 4a319d4b5e61ca2668abc94e34b3cdf123158a8c Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Tue, 6 Dec 2022 09:45:21 +0000
Subject: [PATCH 4/6] refactor

---
 util/misc.go | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/util/misc.go b/util/misc.go
index ffc9c5dc..c3da56d6 100644
--- a/util/misc.go
+++ b/util/misc.go
@@ -109,30 +109,34 @@ func (b Binder) Bind(i interface{}, c echo.Context) error {
 
 func JSONPayloadMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		if c.Request().Header.Get("Content-Type") != "application/json" {
-			return &HttpError{
-				Code:    http.StatusUnsupportedMediaType,
-				Reason:  ERR_UNSUPPORTED_CONTENT_TYPE,
-				Details: "this endpoint only supports json payloads",
-			}
+		if err := checkContentType(c.Request().Header, "application/json"); err != nil {
+			return err
 		}
 		return next(c)
 	}
+	}
 }
 
 func WithMultipartFormDataChecker(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		if c.Request().Header.Get("Content-Type") != "multipart/form-data" {
-			return &HttpError{
-				Code:    http.StatusUnsupportedMediaType,
-				Reason:  ERR_UNSUPPORTED_CONTENT_TYPE,
-				Details: "this endpoint only supports multipart/form-data payloads",
-			}
+		if err := checkContentType(c.Request().Header, "multipart/form-data"); err != nil {
+			return err
 		}
 		return next(c)
 	}
 }
 
+func checkContentType(header http.Header, expectedContentType string) error {
+	if header.Get("Content-Type") != expectedContentType {
+		return &HttpError{
+			Code: http.StatusUnsupportedMediaType,
+			Reason: ERR_UNSUPPORTED_CONTENT_TYPE,
+			Details: fmt.Sprintf("this endpoint only supports %s paylods", expectedContentType),
+		}
+	}
+	return nil
+}
+
 func DumpBlockstoreTo(ctx context.Context, tc trace.Tracer, from, to blockstore.Blockstore) error {
 	ctx, span := tc.Start(ctx, "blockstoreCopy")
 	defer span.End()

From e0048a2c83e3308829689a94fd5653630ee43e30 Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Tue, 6 Dec 2022 09:46:10 +0000
Subject: [PATCH 5/6] remove checkin in function

---
 cmd/estuary-shuttle/main.go | 4 ----
 handlers.go                 | 4 ----
 2 files changed, 8 deletions(-)

diff --git a/cmd/estuary-shuttle/main.go b/cmd/estuary-shuttle/main.go
index c2f51205..bbf32124 100644
--- a/cmd/estuary-shuttle/main.go
+++ b/cmd/estuary-shuttle/main.go
@@ -1250,10 +1250,6 @@ func (s *Shuttle) handleLogLevel(c echo.Context) error {
 func (s *Shuttle) handleAdd(c echo.Context, u *User) error {
 	ctx := c.Request().Context()
 
-	if err := util.WithMultipartFormDataChecker(c.Request().Header); err != nil {
-		return err
-	}
-
 	if err := util.ErrorIfContentAddingDisabled(s.isContentAddingDisabled(u)); err != nil {
 		return err
 	}
diff --git a/handlers.go b/handlers.go
index af067552..bddbe703 100644
--- a/handlers.go
+++ b/handlers.go
@@ -857,10 +857,6 @@ func (s *Server) handleAdd(c echo.Context, u *util.User) error {
 	ctx, span := s.tracer.Start(c.Request().Context(), "handleAdd", trace.WithAttributes(attribute.Int("user", int(u.ID))))
 	defer span.End()
 
-	if err := util.WithMultipartFormDataChecker(c.Request().Header); err != nil {
-		return err
-	}
-
 	if err := util.ErrorIfContentAddingDisabled(s.isContentAddingDisabled(u)); err != nil {
 		return err
 	}

From 76949f334aa8ab54fd03f218069116a7a348cd10 Mon Sep 17 00:00:00 2001
From: anjor <anjor@umd.edu>
Date: Tue, 6 Dec 2022 10:49:23 +0000
Subject: [PATCH 6/6] blah, extra brace

---
 util/misc.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/util/misc.go b/util/misc.go
index c3da56d6..f28407d9 100644
--- a/util/misc.go
+++ b/util/misc.go
@@ -114,7 +114,6 @@ func JSONPayloadMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
 		}
 		return next(c)
 	}
-	}
 }
 
 func WithMultipartFormDataChecker(next echo.HandlerFunc) echo.HandlerFunc {
@@ -129,8 +128,8 @@ func WithMultipartFormDataChecker(next echo.HandlerFunc) echo.HandlerFunc {
 func checkContentType(header http.Header, expectedContentType string) error {
 	if header.Get("Content-Type") != expectedContentType {
 		return &HttpError{
-			Code: http.StatusUnsupportedMediaType,
-			Reason: ERR_UNSUPPORTED_CONTENT_TYPE,
+			Code:    http.StatusUnsupportedMediaType,
+			Reason:  ERR_UNSUPPORTED_CONTENT_TYPE,
 			Details: fmt.Sprintf("this endpoint only supports %s paylods", expectedContentType),
 		}
 	}