From 26ade731744df3edb42d5497f9691debed0cf263 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 1 Jul 2023 10:54:03 +0000
Subject: [PATCH] docs: Move upload handler

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/templates/docs/files/detail.html |  2 +-
 src/templates/docs/files/index.html  |  2 +-
 src/web/__init__.py                  |  2 +-
 src/web/docs.py                      | 29 ++++++++++++++++++++++++++++
 src/web/wiki.py                      | 29 ----------------------------
 5 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/src/templates/docs/files/detail.html b/src/templates/docs/files/detail.html
index 9527cdae..cd822a45 100644
--- a/src/templates/docs/files/detail.html
+++ b/src/templates/docs/files/detail.html
@@ -86,7 +86,7 @@
 
 			<h6>{{Â _("Upload Newer Revision") }}</h6>
 
-			<form method="POST" action="/actions/upload" enctype="multipart/form-data">
+			<form method="POST" action="/docs/_upload" enctype="multipart/form-data">
 				{% raw xsrf_form_html() %}
 
 				<input type="hidden" name="path" value="{{ file.path }}">
diff --git a/src/templates/docs/files/index.html b/src/templates/docs/files/index.html
index bc6f99bb..3ae638a2 100644
--- a/src/templates/docs/files/index.html
+++ b/src/templates/docs/files/index.html
@@ -54,7 +54,7 @@
 		<div class="card-body">
 			<h6 class="card-title">{{ _("Upload File") }}</h6>
 
-			<form method="POST" action="/actions/upload" enctype="multipart/form-data">
+			<form method="POST" action="/docs/_upload" enctype="multipart/form-data">
 				{% raw xsrf_form_html() %}
 
 				<input type="hidden" name="path" value="{{ path }}">
diff --git a/src/web/__init__.py b/src/web/__init__.py
index 81733e4e..9eb11c0a 100644
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -146,6 +146,7 @@ class Application(tornado.web.Application):
 			(r"/docs/search", docs.SearchHandler),
 			(r"/docs/tree", docs.TreeHandler),
 			(r"/docs/watchlist", docs.WatchlistHandler),
+			(r"/docs/_upload", docs.UploadHandler),
 			(r"/docs/([A-Za-z0-9\-_\/]+)?/_edit", docs.EditHandler),
 			(r"/docs/([A-Za-z0-9\-_\/]+)?/_render", docs.RenderHandler),
 			(r"/docs/([A-Za-z0-9\-_\/]+)?/_(watch|unwatch)", docs.WatchHandler),
@@ -352,7 +353,6 @@ class Application(tornado.web.Application):
 
 			# Actions
 			(r"/actions/restore", wiki.ActionRestoreHandler),
-			(r"/actions/upload", wiki.ActionUploadHandler),
 
 			# Serve any static files
 			(r"/static/(.*)", tornado.web.StaticFileHandler, { "path" : self.settings.get("static_path") }),
diff --git a/src/web/docs.py b/src/web/docs.py
index e3f68475..9cf6ba76 100644
--- a/src/web/docs.py
+++ b/src/web/docs.py
@@ -229,6 +229,35 @@ class RenderHandler(base.BaseHandler):
 		self.finish(html)
 
 
+class UploadHandler(base.BaseHandler):
+	@tornado.web.authenticated
+	@base.ratelimit(minutes=60, requests=24)
+	def post(self):
+		path = self.get_argument("path")
+
+		# Check permissions
+		if not self.backend.wiki.check_acl(path, self.current_user):
+			raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
+
+		try:
+			filename, data, mimetype = self.get_file("file")
+
+			# Use filename from request if any
+			filename = self.get_argument("filename", filename)
+
+			# XXX check valid mimetypes
+
+			with self.db.transaction():
+				file = self.backend.wiki.upload(path, filename, data,
+					mimetype=mimetype, author=self.current_user,
+					address=self.get_remote_ip())
+
+		except TypeError as e:
+			raise e
+
+		self.redirect("%s/_files" % path)
+
+
 class WatchHandler(base.BaseHandler):
 	@tornado.web.authenticated
 	@base.ratelimit(minutes=60, requests=180)
diff --git a/src/web/wiki.py b/src/web/wiki.py
index 8d6faad0..2d94e7d2 100644
--- a/src/web/wiki.py
+++ b/src/web/wiki.py
@@ -5,35 +5,6 @@ import tornado.web
 from . import base
 from . import ui_modules
 
-class ActionUploadHandler(base.BaseHandler):
-	@tornado.web.authenticated
-	@base.ratelimit(minutes=60, requests=24)
-	def post(self):
-		path = self.get_argument("path")
-
-		# Check permissions
-		if not self.backend.wiki.check_acl(path, self.current_user):
-			raise tornado.web.HTTPError(403, "Access to %s not allowed for %s" % (path, self.current_user))
-
-		try:
-			filename, data, mimetype = self.get_file("file")
-
-			# Use filename from request if any
-			filename = self.get_argument("filename", filename)
-
-			# XXX check valid mimetypes
-
-			with self.db.transaction():
-				file = self.backend.wiki.upload(path, filename, data,
-					mimetype=mimetype, author=self.current_user,
-					address=self.get_remote_ip())
-
-		except TypeError as e:
-			raise e
-
-		self.redirect("%s/_files" % path)
-
-
 class ActionRestoreHandler(base.BaseHandler):
 	@tornado.web.authenticated
 	@base.ratelimit(minutes=60, requests=24)
-- 
2.47.3

