fabi/Mangalord
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: multipart manga + chapter uploads with magic-byte MIME sniff

Browse Source 
POST /api/v1/mangas and POST /api/v1/mangas/{id}/chapters now accept
multipart/form-data, gated by CurrentUser:

- /mangas: required `metadata` part (NewManga JSON) + optional `cover`
  image part.
- /mangas/{id}/chapters: required `metadata` (NewChapter JSON) + one or
  more `page` parts ordered by arrival. Returns 404 if the parent manga
  doesn't exist, 409 on duplicate (manga_id, number).

MIME is sniffed via the `infer` crate (magic bytes), not the
client-supplied filename or Content-Type. Whitelist:
jpeg / png / webp / gif / avif. Anything else → 415
unsupported_media_type. The stored key's extension is derived from the
sniffed type so a "page1.png" that's actually a JPEG lands as `.jpg`.

Size cap is two-layer:
- Request body cap (config.max_request_bytes, default 200 MiB) enforced
  by axum's DefaultBodyLimit before the handler sees the request.
- Per-image-part cap (config.max_file_bytes, default 20 MiB) enforced
  after reading the part, so a single oversized image can't pass even
  if the total request fits.

Storage keys follow the layout documented in CLAUDE.md:
- mangas/{manga_id}/cover.{ext}
- mangas/{manga_id}/chapters/{chapter_id}/pages/{nnnn}.{ext} (1-indexed).

AppError grows PayloadTooLarge/UnsupportedMediaType/ValidationFailed
(413 / 415 / 422). ValidationFailed carries a `details` JSON object the
client can use to highlight bad fields (e.g. {"title":"required"}).
Top-level matching in code() stays exhaustive.

Backend coverage in tests/api_uploads.rs (10 cases):
- create_manga_with_cover_stores_image — file is reachable via
  /api/v1/files/{key} with the right Content-Type.
- create_manga_without_cover_leaves_path_null.
- create_manga_rejects_non_image_cover_with_415 — PDF claimed as png.
- create_manga_rejects_oversized_cover_with_413.
- create_chapter_with_pages_stores_each — extension derived from
  sniffed MIME, files reachable in arrival order.
- create_chapter_rejects_when_no_pages_with_422 — details.page set.
- create_chapter_rejects_renamed_non_image_page → 415.
- create_chapter_returns_409_on_duplicate_number.
- create_chapter_requires_authentication → 401.
- create_chapter_under_unknown_manga_is_404.

Existing tests/api_mangas.rs is migrated to multipart; the create
response is now 201 Created. tests/common::MultipartBuilder builds the
body by hand so the test crate stays free of HTTP-client deps.

Frontend lib/api/mangas.ts: createManga now sends FormData (metadata +
optional cover Blob). Browser fills in the boundary header automatically.
Vitest asserts the FormData structure via FileReader (jsdom doesn't
implement Blob.text()).

E2E tests wait for the post-hydration nav-login link before
interacting with the login form, fixing a flake where pre-hydration
clicks would submit via the browser default and bypass our handler.

Lockstep version bump to 0.5.0.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
2026-05-16 22:21:10 +02:00
parent 2f9912533f
commit a92f6f70e2
17 changed files with 931 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
backend/src/api/chapters.rs
View File

@@ -1,22 +1,34 @@
//! Chapter list + get. Reads are public — anyone can browse a manga's
//! table of contents and individual chapter metadata. Uploads land in
//! feat/uploads under POST /api/v1/mangas/{id}/chapters.
//! Chapter list + get + multipart upload.
//!
//! Reads are public. Uploads (POST) require auth and use the same
//! multipart conventions as `POST /api/v1/mangas`:
//! - `metadata` part (JSON) with `{ number, title? }`.
//! - One or more `page` parts (images, ordered by arrival).
use axum::extract::{Path, Query, State};
use axum::extract::{Multipart, Path, Query, State};
use axum::http::StatusCode;
use axum::routing::get;
use axum::{Json, Router};
use serde::Deserialize;
use serde_json::json;
use uuid::Uuid;
use crate::api::mangas::{next_field, read_field_bytes};
use crate::api::pagination::PagedResponse;
use crate::app::AppState;
use crate::auth::extractor::CurrentUser;
use crate::domain::Chapter;
use crate::error::AppResult;
use crate::domain::chapter::NewChapter;
use crate::error::{AppError, AppResult};
use crate::repo;
use crate::upload::{parse_image, UploadedImage};
pub fn routes() -> Router<AppState> {
Router::new()
.route("/mangas/:manga_id/chapters", get(list))
.route(
"/mangas/:manga_id/chapters",
get(list).post(create),
)
.route("/mangas/:manga_id/chapters/:number", get(get_one))
}
@@ -37,8 +49,6 @@ async fn list(
Path(manga_id): Path<Uuid>,
Query(params): Query<ListParams>,
) -> AppResult<Json<PagedResponse<Chapter>>> {
// Surface 404 when the parent manga doesn't exist so an empty result
// can't be mistaken for "no chapters yet" on a real manga.
repo::manga::get(&state.db, manga_id).await?;
let limit = params.limit.clamp(1, 200);
@@ -54,6 +64,77 @@ async fn get_one(
repo::manga::get(&state.db, manga_id).await?;
let chapter = repo::chapter::find_by_manga_and_number(&state.db, manga_id, number)
.await?
.ok_or(crate::error::AppError::NotFound)?;
.ok_or(AppError::NotFound)?;
Ok(Json(chapter))
}
async fn create(
State(state): State<AppState>,
CurrentUser(_user): CurrentUser,
Path(manga_id): Path<Uuid>,
mut multipart: Multipart,
) -> AppResult<(StatusCode, Json<Chapter>)> {
repo::manga::get(&state.db, manga_id).await?;
let mut metadata: Option<NewChapter> = None;
let mut pages: Vec<UploadedImage> = Vec::new();
while let Some(field) = next_field(&mut multipart).await? {
match field.name() {
Some("metadata") => {
let bytes = read_field_bytes(field).await?;
metadata =
Some(serde_json::from_slice(&bytes).map_err(|e| {
AppError::ValidationFailed {
message: "metadata is not valid JSON".into(),
details: json!({ "metadata": e.to_string() }),
}
})?);
}
Some("page") => {
let bytes = read_field_bytes(field).await?.to_vec();
let field_name = format!("page[{}]", pages.len());
pages.push(parse_image(bytes, state.upload.max_file_bytes, &field_name)?);
}
_ => continue,
}
}
let metadata = metadata.ok_or_else(|| AppError::ValidationFailed {
message: "metadata part is required".into(),
details: json!({ "metadata": "required" }),
})?;
if pages.is_empty() {
return Err(AppError::ValidationFailed {
message: "at least one page is required".into(),
details: json!({ "page": "at least one required" }),
});
}
let mut chapter = repo::chapter::create(
&state.db,
manga_id,
metadata.number,
metadata.title.as_deref(),
)
.await?;
for (idx, page) in pages.iter().enumerate() {
let nnnn = format!("{:04}", idx + 1);
let key = format!(
"mangas/{}/chapters/{}/pages/{}.{}",
manga_id, chapter.id, nnnn, page.ext
);
state.storage.put(&key, &page.bytes).await?;
}
let page_count = pages.len() as i32;
sqlx::query("UPDATE chapters SET page_count = $1 WHERE id = $2")
.bind(page_count)
.bind(chapter.id)
.execute(&state.db)
.await?;
chapter.page_count = page_count;
Ok((StatusCode::CREATED, Json(chapter)))
}

96
backend/src/api/mangas.rs
View File

@@ -1,7 +1,9 @@
use axum::extract::{Path, Query, State};
use axum::extract::{Multipart, Path, Query, State};
use axum::http::StatusCode;
use axum::routing::get;
use axum::{Json, Router};
use serde::Deserialize;
use serde_json::json;
use uuid::Uuid;
use crate::api::pagination::PagedResponse;
@@ -10,6 +12,7 @@ use crate::auth::extractor::CurrentUser;
use crate::domain::manga::{Manga, NewManga};
use crate::error::{AppError, AppResult};
use crate::repo;
use crate::upload::{parse_image, UploadedImage};
pub fn routes() -> Router<AppState> {
Router::new()
@@ -53,13 +56,94 @@ async fn get_one(
Ok(Json(repo::manga::get(&state.db, id).await?))
}
/// `POST /api/v1/mangas` is multipart/form-data. Parts:
///
/// - `metadata` (required): JSON body matching `NewManga`.
/// - `cover` (optional): image bytes. MIME is sniffed from magic bytes
/// (jpeg/png/webp/gif/avif); size capped at `upload.max_file_bytes`.
///
/// Anything else is ignored.
async fn create(
State(state): State<AppState>,
CurrentUser(_user): CurrentUser,
Json(input): Json<NewManga>,
) -> AppResult<Json<Manga>> {
if input.title.trim().is_empty() {
return Err(AppError::InvalidInput("title is required".into()));
mut multipart: Multipart,
) -> AppResult<(StatusCode, Json<Manga>)> {
let mut metadata: Option<NewManga> = None;
let mut cover: Option<UploadedImage> = None;
while let Some(field) = next_field(&mut multipart).await? {
match field.name() {
Some("metadata") => {
let bytes = read_field_bytes(field).await?;
metadata = Some(parse_metadata_json(&bytes)?);
}
Some("cover") => {
let bytes = read_field_bytes(field).await?.to_vec();
cover = Some(parse_image(bytes, state.upload.max_file_bytes, "cover")?);
}
_ => continue,
}
}
let metadata = metadata.ok_or_else(|| AppError::ValidationFailed {
message: "metadata part is required".into(),
details: json!({ "metadata": "required" }),
})?;
validate_new_manga(&metadata)?;
let mut manga = repo::manga::create(&state.db, metadata).await?;
if let Some(img) = cover {
let key = format!("mangas/{}/cover.{}", manga.id, img.ext);
state.storage.put(&key, &img.bytes).await?;
sqlx::query("UPDATE mangas SET cover_image_path = $1, updated_at = now() WHERE id = $2")
.bind(&key)
.bind(manga.id)
.execute(&state.db)
.await?;
manga.cover_image_path = Some(key);
}
Ok((StatusCode::CREATED, Json(manga)))
}
fn validate_new_manga(input: &NewManga) -> AppResult<()> {
if input.title.trim().is_empty() {
return Err(AppError::ValidationFailed {
message: "title is required".into(),
details: json!({ "title": "required" }),
});
}
Ok(())
}
fn parse_metadata_json(bytes: &[u8]) -> AppResult<NewManga> {
serde_json::from_slice(bytes).map_err(|e| AppError::ValidationFailed {
message: "metadata is not valid JSON".into(),
details: json!({ "metadata": e.to_string() }),
})
}
pub(crate) async fn next_field(
multipart: &mut Multipart,
) -> AppResult<Option<axum::extract::multipart::Field<'_>>> {
multipart
.next_field()
.await
.map_err(map_multipart_error)
}
pub(crate) async fn read_field_bytes(
field: axum::extract::multipart::Field<'_>,
) -> AppResult<axum::body::Bytes> {
field.bytes().await.map_err(map_multipart_error)
}
fn map_multipart_error(e: axum::extract::multipart::MultipartError) -> AppError {
let status = e.status();
if status == StatusCode::PAYLOAD_TOO_LARGE {
AppError::PayloadTooLarge("upload exceeds the request size limit".into())
} else {
AppError::InvalidInput(format!("multipart parse error: {e}"))
}
Ok(Json(repo::manga::create(&state.db, input).await?))
}

13
backend/src/app.rs
View File

@@ -1,5 +1,6 @@
use std::sync::Arc;
use axum::extract::DefaultBodyLimit;
use axum::http::{HeaderName, HeaderValue, Method};
use axum::Router;
use sqlx::postgres::PgPoolOptions;
@@ -7,7 +8,7 @@ use sqlx::PgPool;
use tower_http::cors::{AllowOrigin, CorsLayer};
use tower_http::trace::TraceLayer;
use crate::config::{AuthConfig, Config};
use crate::config::{AuthConfig, Config, UploadConfig};
use crate::storage::{LocalStorage, Storage};
#[derive(Clone)]
@@ -15,6 +16,7 @@ pub struct AppState {
pub db: PgPool,
pub storage: Arc<dyn Storage>,
pub auth: AuthConfig,
pub upload: UploadConfig,
}
pub async fn build(config: Config) -> anyhow::Result<Router> {
@@ -26,15 +28,22 @@ pub async fn build(config: Config) -> anyhow::Result<Router> {
let storage: Arc<dyn Storage> = Arc::new(LocalStorage::new(config.storage_dir.clone()));
let state = AppState { db, storage, auth: config.auth.clone() };
let state = AppState {
db,
storage,
auth: config.auth.clone(),
upload: config.upload.clone(),
};
Ok(router(state).layer(cors_layer(&config.cors_allowed_origins)))
}
/// Build a router from a pre-assembled state. Used by integration tests
/// so they can swap in a test DB pool and a `tempfile`-backed storage.
pub fn router(state: AppState) -> Router {
let max_request_bytes = state.upload.max_request_bytes;
Router::new()
.nest("/api/v1", crate::api::routes())
.layer(DefaultBodyLimit::max(max_request_bytes))
.with_state(state)
.layer(TraceLayer::new_for_http())
}

32
backend/src/config.rs
View File

@@ -17,12 +17,33 @@ impl Default for AuthConfig {
}
}
#[derive(Clone, Debug)]
pub struct UploadConfig {
/// Total request size cap, enforced by axum's DefaultBodyLimit on the
/// upload routes. Rejected requests get a 413.
pub max_request_bytes: usize,
/// Per-image-part size cap, enforced after the part is read. Lets us
/// reject a single oversized cover/page without failing the whole
/// request just because the total happens to fit.
pub max_file_bytes: usize,
}
impl Default for UploadConfig {
fn default() -> Self {
Self {
max_request_bytes: 200 * 1024 * 1024, // 200 MiB
max_file_bytes: 20 * 1024 * 1024, // 20 MiB
}
}
}
#[derive(Clone, Debug)]
pub struct Config {
pub database_url: String,
pub bind_address: String,
pub storage_dir: PathBuf,
pub auth: AuthConfig,
pub upload: UploadConfig,
pub cors_allowed_origins: Vec<String>,
}
@@ -43,6 +64,10 @@ impl Config {
.filter(|s| !s.is_empty()),
session_ttl_days: env_i64("SESSION_TTL_DAYS", 30),
},
upload: UploadConfig {
max_request_bytes: env_usize("MAX_REQUEST_BYTES", 200 * 1024 * 1024),
max_file_bytes: env_usize("MAX_FILE_BYTES", 20 * 1024 * 1024),
},
cors_allowed_origins: std::env::var("CORS_ALLOWED_ORIGINS")
.ok()
.map(|s| {
@@ -70,3 +95,10 @@ fn env_i64(name: &str, default: i64) -> i64 {
.and_then(|s| s.parse().ok())
.unwrap_or(default)
}
fn env_usize(name: &str, default: usize) -> usize {
std::env::var(name)
.ok()
.and_then(|s| s.parse().ok())
.unwrap_or(default)
}

75
backend/src/error.rs
View File

@@ -17,6 +17,17 @@ pub enum AppError {
Forbidden,
#[error("conflict: {0}")]
Conflict(String),
#[error("payload too large: {0}")]
PayloadTooLarge(String),
#[error("unsupported media type: {0}")]
UnsupportedMediaType(String),
/// Semantic per-field validation failure. `details` is rendered into the
/// envelope so the client can highlight the bad field(s).
#[error("validation failed")]
ValidationFailed {
message: String,
details: serde_json::Value,
},
#[error(transparent)]
Database(#[from] sqlx::Error),
#[error(transparent)]
@@ -38,6 +49,9 @@ impl AppError {
AppError::Unauthenticated => "unauthenticated",
AppError::Forbidden => "forbidden",
AppError::Conflict(_) => "conflict",
AppError::PayloadTooLarge(_) => "payload_too_large",
AppError::UnsupportedMediaType(_) => "unsupported_media_type",
AppError::ValidationFailed { .. } => "validation_failed",
AppError::Database(sqlx::Error::RowNotFound) => "not_found",
AppError::Database(_) => "internal_error",
AppError::Storage(StorageError::NotFound) => "not_found",
@@ -51,27 +65,49 @@ impl AppError {
impl IntoResponse for AppError {
fn into_response(self) -> Response {
let code = self.code();
let (status, message) = match &self {
AppError::NotFound => (StatusCode::NOT_FOUND, "not found".to_string()),
AppError::InvalidInput(msg) => (StatusCode::BAD_REQUEST, msg.clone()),
AppError::Unauthenticated => (StatusCode::UNAUTHORIZED, "unauthenticated".to_string()),
AppError::Forbidden => (StatusCode::FORBIDDEN, "forbidden".to_string()),
AppError::Conflict(msg) => (StatusCode::CONFLICT, msg.clone()),
let (status, message, details) = match &self {
AppError::NotFound => (StatusCode::NOT_FOUND, "not found".to_string(), None),
AppError::InvalidInput(msg) => (StatusCode::BAD_REQUEST, msg.clone(), None),
AppError::Unauthenticated => {
(StatusCode::UNAUTHORIZED, "unauthenticated".to_string(), None)
}
AppError::Forbidden => (StatusCode::FORBIDDEN, "forbidden".to_string(), None),
AppError::Conflict(msg) => (StatusCode::CONFLICT, msg.clone(), None),
AppError::PayloadTooLarge(msg) => {
(StatusCode::PAYLOAD_TOO_LARGE, msg.clone(), None)
}
AppError::UnsupportedMediaType(msg) => {
(StatusCode::UNSUPPORTED_MEDIA_TYPE, msg.clone(), None)
}
AppError::ValidationFailed { message, details } => (
StatusCode::UNPROCESSABLE_ENTITY,
message.clone(),
Some(details.clone()),
),
AppError::Database(sqlx::Error::RowNotFound) => {
(StatusCode::NOT_FOUND, "not found".to_string())
(StatusCode::NOT_FOUND, "not found".to_string(), None)
}
AppError::Storage(StorageError::NotFound) => {
(StatusCode::NOT_FOUND, "not found".to_string())
}
AppError::Storage(StorageError::BadKey) => {
(StatusCode::BAD_REQUEST, "invalid file key".to_string())
(StatusCode::NOT_FOUND, "not found".to_string(), None)
}
AppError::Storage(StorageError::BadKey) => (
StatusCode::BAD_REQUEST,
"invalid file key".to_string(),
None,
),
AppError::Database(_) | AppError::Storage(_) | AppError::Other(_) => {
tracing::error!(error = ?self, "internal error");
(StatusCode::INTERNAL_SERVER_ERROR, "internal error".to_string())
(
StatusCode::INTERNAL_SERVER_ERROR,
"internal error".to_string(),
None,
)
}
};
let body = json!({ "error": { "code": code, "message": message } });
let body = match details {
Some(d) => json!({ "error": { "code": code, "message": message, "details": d } }),
None => json!({ "error": { "code": code, "message": message } }),
};
(status, Json(body)).into_response()
}
}
@@ -87,6 +123,19 @@ mod tests {
assert_eq!(AppError::Unauthenticated.code(), "unauthenticated");
assert_eq!(AppError::Forbidden.code(), "forbidden");
assert_eq!(AppError::Conflict("x".into()).code(), "conflict");
assert_eq!(AppError::PayloadTooLarge("x".into()).code(), "payload_too_large");
assert_eq!(
AppError::UnsupportedMediaType("x".into()).code(),
"unsupported_media_type"
);
assert_eq!(
AppError::ValidationFailed {
message: "x".into(),
details: json!({}),
}
.code(),
"validation_failed"
);
assert_eq!(AppError::Storage(StorageError::BadKey).code(), "bad_file_key");
assert_eq!(AppError::Storage(StorageError::NotFound).code(), "not_found");
assert_eq!(AppError::Database(sqlx::Error::RowNotFound).code(), "not_found");

1
backend/src/lib.rs
View File

@@ -6,3 +6,4 @@ pub mod domain;
pub mod error;
pub mod repo;
pub mod storage;
pub mod upload;

92
backend/src/upload/mod.rs Normal file
View File

@@ -0,0 +1,92 @@
//! Shared helpers for multipart upload handlers.
//!
//! `parse_image` enforces the per-file size cap, sniffs the MIME by
//! magic bytes (not by the client-supplied Content-Type or filename),
//! and rejects anything outside the jpeg / png / webp / gif / avif
//! whitelist with 415. Filename and extension never reach the storage
//! key — we derive both from the sniffed type.
use crate::error::{AppError, AppResult};
#[derive(Debug, Clone)]
pub struct UploadedImage {
pub bytes: Vec<u8>,
pub mime: &'static str,
pub ext: &'static str,
}
pub fn parse_image(bytes: Vec<u8>, max_size: usize, field_name: &str) -> AppResult<UploadedImage> {
if bytes.len() > max_size {
return Err(AppError::PayloadTooLarge(format!(
"{field_name} exceeds {max_size}-byte cap"
)));
}
let kind = infer::get(&bytes).ok_or_else(|| {
AppError::UnsupportedMediaType(format!("{field_name}: unrecognised image format"))
})?;
let (mime, ext) = match kind.mime_type() {
"image/jpeg" => ("image/jpeg", "jpg"),
"image/png" => ("image/png", "png"),
"image/webp" => ("image/webp", "webp"),
"image/gif" => ("image/gif", "gif"),
"image/avif" => ("image/avif", "avif"),
other => {
return Err(AppError::UnsupportedMediaType(format!(
"{field_name}: unsupported image type {other}"
)));
}
};
Ok(UploadedImage { bytes, mime, ext })
}
#[cfg(test)]
mod tests {
use super::*;
fn png_bytes() -> Vec<u8> {
// PNG magic + minimum padding so infer can identify it.
vec![0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0, 0, 0, 0]
}
fn jpeg_bytes() -> Vec<u8> {
vec![0xff, 0xd8, 0xff, 0xe0, 0, 0x10, b'J', b'F', b'I', b'F', 0, 0]
}
fn pdf_bytes() -> Vec<u8> {
b"%PDF-1.4\n%\xc4\xe5".to_vec()
}
#[test]
fn accepts_png() {
let img = parse_image(png_bytes(), 1024, "cover").unwrap();
assert_eq!(img.mime, "image/png");
assert_eq!(img.ext, "png");
}
#[test]
fn accepts_jpeg() {
let img = parse_image(jpeg_bytes(), 1024, "cover").unwrap();
assert_eq!(img.mime, "image/jpeg");
assert_eq!(img.ext, "jpg");
}
#[test]
fn rejects_non_image_with_unsupported_media_type() {
let err = parse_image(pdf_bytes(), 1024, "cover").unwrap_err();
assert!(matches!(err, AppError::UnsupportedMediaType(_)));
assert_eq!(err.code(), "unsupported_media_type");
}
#[test]
fn rejects_garbage_with_unsupported_media_type() {
let err = parse_image(b"just some text".to_vec(), 1024, "cover").unwrap_err();
assert!(matches!(err, AppError::UnsupportedMediaType(_)));
}
#[test]
fn rejects_oversized() {
let err = parse_image(png_bytes(), 4, "cover").unwrap_err();
assert!(matches!(err, AppError::PayloadTooLarge(_)));
assert_eq!(err.code(), "payload_too_large");
}
}