fix: simplify uploaded file names

See merge request https://ref.ci/fsrvcorp/services/transfer/-/merge_requests/45

handler.go

@@ -120,6 +120,7 @@ func (c *Config) UploadHandler(w http.ResponseWriter, r *http.Request) {
  vars := mux.Vars(r)
  filename, ok := vars["filename"]
  filename = url.QueryEscape(filename)
+ filename = onlyAllowedCharacters(filename)
 
  if cancelRequestIfUnhealthy(w) {
  return

helper.go

@@ -5,6 +5,7 @@ import (
  "mime"
  "net/http"
  "path"
+ "regexp"
  "runtime"
  "time"
 
@@ -61,3 +62,8 @@ func traceLog(logger *log.Logger, msg interface{}) {
  logger.Printf("%v @ %v:%d | %v", details.Name(), path.Base(file), line, msg)
  }
 }
+
+func onlyAllowedCharacters(s string) string {
+ gex := regexp.MustCompile(`[^a-zA-Z.0-9_-]`)
+ return gex.ReplaceAllString(s, "")
+}

helper_test.go

@@ -31,3 +31,39 @@ func TestSelectContentType(t *testing.T) {
  })
  }
 }
+
+func Test_onlyAllowedCharacters(t *testing.T) {
+ for _, test := range []struct {
+ Name string
+ Filename string
+ Expected string
+ }{
+ {
+ Name: "allowed characters",
+ Filename: "test.txt",
+ Expected: "test.txt",
+ },
+ {
+ Name: "not allowed characters",
+ Filename: "test (1).txt",
+ Expected: "test1.txt",
+ },
+ {
+ Name: "not allowed characters with spaces",
+ Filename: "test foo bar.txt",
+ Expected: "testfoobar.txt",
+ },
+ {
+ Name: "capital letters",
+ Filename: "Test.txt",
+ Expected: "Test.txt",
+ },
+ } {
+ t.Run(test.Name, func(t *testing.T) {
+ result := onlyAllowedCharacters(test.Filename)
+ if result != test.Expected {
+ t.Errorf("%+q is expected but %+q is resulting\n", test.Expected, result)
+ }
+ })
+ }
+}