From 3fc4da18edfb853c912ec74acb97058213d0d489 Mon Sep 17 00:00:00 2001
From: Ken Fallon <ken@fallon.ie>
Date: Sat, 26 Oct 2024 19:31:07 +0200
Subject: [PATCH] Added support to add/update metadata on multiple assets via a
 json file

---
 cms/assets.php  | 348 ++++++++++++++++++++++++++++++++++++++++++++++++
 cms/say.php     |   6 +-
 ini/include.php |   4 +-
 3 files changed, 353 insertions(+), 5 deletions(-)
 create mode 100644 cms/assets.php

diff --git a/cms/assets.php b/cms/assets.php
new file mode 100644
index 0000000..683f3bd
--- /dev/null
+++ b/cms/assets.php
@@ -0,0 +1,348 @@
+<?php
+require "/home/hpr/php/include.php";
+
+// curl --netrc-file $HOME/.netrc --verbose --request POST https://hub.hackerpublicradio.org/cms/asset.php --data-ascii @assets.json --header "Content-Type: application/json"
+
+//Make sure that it is a POST request.
+if(strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0){
+    throw new Exception('Request method must be POST!');
+}
+
+//Make sure that the content type of the POST request has been set to application/json
+$contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : '';
+if(strcasecmp($contentType, 'application/json') != 0){
+    throw new Exception('Content type must be: application/json');
+}
+
+//Receive the RAW post data.
+$content = trim(file_get_contents("php://input"));
+
+//Attempt to decode the incoming RAW post data from JSON.
+$decoded = json_decode($content, true);
+
+//If json_decode failed, the JSON is invalid.
+if(!is_array($decoded)){
+    logextra( "Received content contained invalid JSON!" );
+    naughty( "0e0e69415750c96f19d234f83270fdea" );    
+}
+
+foreach($decoded['assets'] as $asset) {
+  
+  // Check episode_id
+  
+  if ( isset( $asset['episode_id'] ) ) {
+    
+    $provided_episode_id = $asset['episode_id'];
+    
+    $provided_episode_id = filter_var($provided_episode_id, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+    
+    $result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;');
+    if (!isset($result)) {
+      logextra( "Can't connect to db" );
+      naughty( "4c85d7b9e1d2eb741cdb60fd9f97b852" );
+      die('Could not query:' . mysqli_error());
+    }
+
+    $maxhost_array = mysqli_fetch_row( $result );
+    $maxhost = $maxhost_array[0]; 
+    $num_get_args=0;
+    foreach($_GET as $k => $v) { 
+      ++$num_get_args; 
+    }
+
+    if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) {
+      logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" );
+      naughty( "b2babb5bebde79e08ddf3c780c56615d" );
+    }
+
+    if ( intval($provided_episode_id) <= 0 ){
+      logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" );
+      naughty( "b245522d0582e61612e8b7dcdb0e0f4c" );
+    }
+
+    if ( intval($provided_episode_id) > $maxhost ){
+      logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" );
+      naughty( "c6feadcf0b6eda204cbfba6824aa2c7a" );
+    }
+
+    if ( $num_get_args > 1 ){
+      logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" );
+      naughty( "ba22518c5ced567cd0b855206985f036" );
+    }
+
+    $query = "SELECT id FROM eps WHERE id = '$provided_episode_id'";
+    $result = @mysqli_query($connection, $query);
+    if($result === FALSE) {
+      logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" );
+      naughty( "fa0778750519cb140b4076c844b3ec78" );
+    }
+    else {
+      $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
+      if ( empty($db["id"]) ) {
+        logextra( "No result returned for this id:\"${id}\"" );
+        naughty( "1e09df9f3896da3e80507ea4538a4aca" );
+      }
+    }
+    $episode_id = $provided_episode_id;
+    logextra( "Found Valid \$episode_id: $episode_id" );
+
+  }
+  else {
+    logextra( "No episode_id provided" );
+    naughty( "eae535cc88680a5bdab4e7bb4e54d83e" );
+    exit;
+  }
+    
+  // Check filename
+  
+  if ( isset( $asset['filename'] ) ) {
+    $provided_filename = $asset['filename'];
+    
+    $provided_filename = filter_var($provided_filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+
+    $this_dirname = dirname("$provided_filename", 2);
+    if ( empty($this_dirname) ) {
+      logextra( "no dirname" );
+      naughty("b23ed28377cf4cf36cbf01931377ddc7");
+    }
+  
+    if ( $this_dirname === "/" ) {
+      logextra( "dirname is root" );
+      naughty("b90228a9c4d008eab57304bd36b75a08");
+    }
+    
+    $this_basename = basename($provided_filename);
+    if ( empty($this_basename) ) {
+      logextra( "Cound not extract basename from filename: $provided_filename" );
+      naughty("44b5022e3a32605c6b0afdf7699ed153");
+    }
+    
+    if ( $this_basename !== $provided_filename ) {
+      logextra( "filename: $provided_filename does not match name:$this_basename" );
+      naughty("832f0283544692bd6691e3802e67099c");
+    }
+    
+    $this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION);
+    if ( empty($this_ext) ) {
+      logextra( "The extension for \"$provided_filename\" is empty" );
+      naughty("63166ba6572ac51b47804d9787152903");
+    }
+
+    $this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME);
+    if ( empty($this_prefix) ) {
+      logextra( "The prefix for \"$provided_filename\" is empty" );
+      naughty("9ad9a6b9e47e6960ff30442c3c808609");
+    }
+
+    if ( strlen($provided_filename) < 5 ) {
+      logextra( "The length of \"$provided_filename\" is less than 5" );
+      naughty("e131ae01530f4098c299aaca0a6ee8e1");
+    }
+
+    if ( strlen($provided_filename) > 60 ) {
+      logextra( "The length of \"$provided_filename\" is greater than 60" );
+      naughty("d90560ef4cac05954c93523d529ed20e");
+    }
+    
+    if (!in_array( $this_ext, $allowed_extensions, true )) {
+      logextra( "This extension $this_ext, is not in the list of allowed_extensions" );
+      naughty("dd98c84719083fb80fecbd0405504038");
+    }
+    
+    $filename = $provided_filename;
+    logextra( "Found Valid \$filename: $filename" );
+  }
+  else {
+    logextra( "No filename provided" );
+    naughty( "1edd3bcd2a16c152f0a97106372862f9" );
+    exit;
+  }
+  
+  // Check extension
+
+  if ( isset( $asset['extension'] ) ) {
+    $provided_extension = $asset['extension'];
+    
+    $provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);  
+    if ( $provided_extension !== $this_ext ) {
+      logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" );
+      naughty("ed58e1493aa56e0eaf50362cc6f64425");
+    }
+    
+    if (!in_array( $provided_extension, $allowed_extensions, true )) {
+      logextra( "This extension $this_ext, is not in the list of allowed_extensions" );
+      naughty("dc406b9151871e38ac69c2bf44fa74da");
+    }
+    $extension = $provided_extension;
+    logextra( "Found Valid \$extension: $extension" );
+  }
+  else {
+    logextra( "No extension provided" );
+    naughty( "04b53ecd0ffa3faa68db1e541554903d" );
+    exit;
+  }
+
+  // Check size
+
+  if ( isset( $asset['size'] ) ) {
+    
+    $provided_size = $asset['size'];
+    
+    $provided_size = filter_var($provided_size, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+    
+    if (strval(intval($provided_size)) != strval($provided_size)) {
+      logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" );
+      naughty( "cc349935f0d80b40d5593b0fd54eaf58" );
+    }
+
+    if ( intval($provided_size) <= 0 ){
+      logextra( "The provided size is not a valid number because intval($provided_size) <= 0" );
+      naughty( "91c54771bcf68f974c9aa8959f953dd8" );
+    }
+    
+    if ( intval($provided_size) > 3000000000 ){
+      logextra( "The provided size is not a valid number because it's a lot larger than any show so far" );
+      naughty( "8c085ec045b062e3a864e6fc22fceee4" );
+    }
+    
+    $size = $provided_size;
+    logextra( "Found Valid \$size: $size" );
+  }
+  else {
+    logextra( "No size provided" );
+    naughty( "a6d661c483c6d62d4df1df88a64118ce" );
+    exit;
+  }
+
+  // Check sha1sum
+  
+  if ( isset( $asset['sha1sum'] ) ) {
+    
+    $provided_sha1sum = $asset['sha1sum'];
+    
+    $provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+    if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) {
+      logextra( "The format of the sha1sum is invalid $provided_sha1sum" );
+      naughty( "e30c8db8a7e07ba69ef18f957f3e8843" );
+    }
+    
+    $sha1sum = $provided_sha1sum;
+    logextra( "Found Valid \$sha1sum: $sha1sum" );
+  }
+  else {
+    logextra( "No sha1sum provided" );
+    naughty( "cd3d303dbefec08016d567080116ef77" );
+    exit;
+  }
+  
+  // Check mime_type
+
+  if ( isset( $asset['mime_type'] ) ) {
+    
+    $provided_mime_type = $asset['mime_type'];
+    
+    $provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+    if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) {
+      logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" );
+      naughty( "b36041a7d959730a9a541404db3b5025" );
+    }
+    
+    list($content_type, $charset_type) = explode('; charset=', $provided_mime_type);
+    
+    if ( !isset( $content_type ) ) {
+      logextra( "Can't find content_type in \"$provided_mime_type\"" );
+      naughty( "c28ac580f5281ab2d97cbf052c92a25c" );
+    }
+
+    if ( empty( $content_type ) ) {
+      logextra( "Empty content_type in \"$provided_mime_type\"" );
+      naughty( "fcec6e4039bc60daede3434e24c97a9f" );
+    }
+    
+    $allowed_content_type = array( "application/json", "application/octet-stream", "application/ogg", "audio/flac", "audio/mpeg", "audio/ogg", "audio/x-flac", "audio/x-wav", "image/jpeg", "image/png", "text/plain");
+    if (!in_array( $content_type, $allowed_content_type, true )) {
+      logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" );
+      naughty("4f29dcd2b3ef7efc5c4bc65be7a787ca");
+    }
+    
+    if ( !isset( $charset_type ) ) {
+      logextra( "Can't find charset_type in \"$provided_mime_type\"" );
+      naughty( "" );
+    }
+
+    if ( empty( $charset_type ) ) {
+      logextra( "Empty charset_type in \"$provided_mime_type\"" );
+      naughty( "" );
+    }
+    
+    $allowed_charset_type = array( "binary", "us-ascii", "utf-8");
+    if (!in_array( $charset_type, $allowed_charset_type, true )) {
+      logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" );
+      naughty("");
+    }
+    
+    $mime_type = $provided_mime_type;
+    logextra( "Found Valid \$mime_type: $mime_type" );
+  }
+  else {
+    logextra( "No mime_type provided" );
+    naughty( "0c85eb982665a4978fea8f85611fbe88" );
+    exit;
+  }
+  
+  // Check file_type
+  
+  if ( isset( $asset['file_type'] ) ) {
+    $provided_file_type = $asset['file_type'];
+    
+    $provided_file_type = filter_var($provided_file_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
+
+    if ( strlen($provided_file_type) < 5 ) {
+      logextra( "The length of \"$provided_file_type\" is less than 5" );
+      naughty("60839aaddc82e0fbe4f5da269c361cf6");
+    }
+
+    if ( strlen($provided_file_type) > 140 ) {
+      logextra( "The length of \"$provided_file_type\" is greater than 140" );
+      naughty("cafbb1b0c9955b92303fe34102890fa3");
+    }
+    
+    $file_type = $provided_file_type;
+    logextra( "Found Valid \$file_type: $file_type" );
+  }
+  else {
+    logextra( "No file_type provided" );
+    naughty( "a1b6a02d68533f9749da16164cbe704e" );
+    exit;
+  }
+
+  // Write values to db
+  
+  //$episode_id is a number
+  $filename = mysqli_real_escape_string( $connection, $filename );
+  $extension = mysqli_real_escape_string( $connection, $extension );
+  //$size is a number
+  $sha1sum = mysqli_real_escape_string( $connection, $sha1sum );
+  $mime_type = mysqli_real_escape_string( $connection, $mime_type );
+  $file_type = mysqli_real_escape_string( $connection, $file_type );
+  
+  $query_replace = "REPLACE INTO assets  VALUES ('$episode_id','{$filename}','{$extension}','$size','{$sha1sum}','{$mime_type}','{$file_type}')";
+
+  $result = mysqli_query($connection, $query_replace );
+  if(!$result) {
+    problem("ERROR: DB problem - The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db.");
+  }
+  else{
+    logextra( "mysql_query.result: \"$result\"\n" );
+  }
+  if (mysqli_errno( $connection )) {
+    $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n";
+    problem("ERROR: MySQL error- The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db.\n$error");
+  }
+
+  logextra( "Finished ." );
+}
+
+http_response_code(200);
+?>
+
diff --git a/cms/say.php b/cms/say.php
index 1d261ec..fb4f039 100644
--- a/cms/say.php
+++ b/cms/say.php
@@ -19,17 +19,17 @@ if (isset($_GET['id'])) {
   $query = "SELECT id FROM eps WHERE id = '$id'";
   $result = @mysqli_query($connection, $query);
   if($result === FALSE) {
-    call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+    call412( "dc5b8dae7ea2a7e70ac0b7ea65ce2d12" );
   }
   else {
     $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
     if ( empty($db["id"]) ) {
-      call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+      call412( "2b6462ff2389405a796066dfc73ccf55" );
     }
   }
 }
 else {
-  call412( "a9564ebc3289b7a14551baf8ad5ec60a" );
+  call412( "ae1f3471af22d32d3bf2efc9130a00ae" );
   exit;
 }
 Header('Content-type: text/tab-separated-values');
diff --git a/ini/include.php b/ini/include.php
index 6198fa0..851428d 100644
--- a/ini/include.php
+++ b/ini/include.php
@@ -17,8 +17,6 @@ if ( ! $pos === false) {
 
 date_default_timezone_set("UTC"); 
 
-
-
 if (!($connection = @ mysqli_connect("$databaseHostName", "$databaseUsername", "$databasePassword")))
 die("Could not connect to database");
 
@@ -334,4 +332,6 @@ if ($pos !== false) {
     $HPR_Names = "Hackers";
 }
 
+$allowed_extensions = array("flac", "opus", "ogg", "spx", "mp3", "jpg", "png", "json", "srt", "tsv", "txt", "vtt");
+
 ?>
-- 
2.43.5