package main import ( "bytes" "database/sql" "encoding/json" "encoding/xml" "fmt" "io" "math" "net/http" "os" "path/filepath" "strconv" "strings" "time" "github.com/microcosm-cc/bluemonday" ) // KML structure for parsing type KML struct { XMLName xml.Name `xml:"kml"` Document KMLDocument `xml:"Document"` } type KMLDocument struct { Name string `xml:"name"` Description string `xml:"description"` Placemarks []KMLPlacemark `xml:"Placemark"` } type KMLPlacemark struct { Name string `xml:"name"` Description string `xml:"description"` LineString KMLLineString `xml:"LineString"` } type KMLLineString struct { Coordinates string `xml:"coordinates"` } // KML Metadata type KMLMetadata struct { Filename string `json:"filename"` UserID string `json:"user_id"` DisplayName string `json:"display_name"` // User's display name Distance float64 `json:"distance"` // in kilometers Description string `json:"description"` // Description from KML or user IsPublic bool `json:"is_public"` UploadedAt time.Time `json:"uploaded_at"` Votes int `json:"votes"` // Net votes (calculated from voting system) } // SetVote sets a user's vote for a KML file in the database func SetVote(kmlID int, userID string, vote int) error { if vote == 0 { _, err := db.Exec("DELETE FROM kml_votes WHERE kml_id = ? AND user_id = ?", kmlID, userID) return err } _, err := db.Exec(` INSERT INTO kml_votes (kml_id, user_id, vote_value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE vote_value = ? `, kmlID, userID, vote, vote) return err } // CalculateNetVotes calculates net votes for a KML file from the database func CalculateNetVotes(kmlID int) int { var total int err := db.QueryRow("SELECT COALESCE(SUM(vote_value), 0) FROM kml_votes WHERE kml_id = ?", kmlID).Scan(&total) if err != nil { return 0 } return total } // Haversine formula to calculate distance between two lat/lng points func haversineDistance(lat1, lon1, lat2, lon2 float64) float64 { const earthRadiusKm = 6371.0 dLat := (lat2 - lat1) * math.Pi / 180.0 dLon := (lon2 - lon1) * math.Pi / 180.0 a := math.Sin(dLat/2)*math.Sin(dLat/2) + math.Cos(lat1*math.Pi/180.0)*math.Cos(lat2*math.Pi/180.0)* math.Sin(dLon/2)*math.Sin(dLon/2) c := 2 * math.Atan2(math.Sqrt(a), math.Sqrt(1-a)) return earthRadiusKm * c } // ParseKML parses a KML file and calculates the total distance and extracts description func ParseKML(kmlData []byte) (float64, string, error) { // 1. Extract Description (Best Effort via Struct) var kml KML // Ignore errors here as we prioritize distance, description is optional/nice-to-have _ = xml.Unmarshal(kmlData, &kml) description := kml.Document.Description // Sanitize description p := bluemonday.UGCPolicy() description = p.Sanitize(description) if len(description) > 2000 { description = description[:1997] + "..." } // 2. Calculate Distance (Robust Streaming) // We re-scan the byte slice using a streaming decoder to find ALL tags, // regardless of nesting (Document -> Folder -> Folder -> Placemark -> LineString). decoder := xml.NewDecoder(bytes.NewReader(kmlData)) totalDistance := 0.0 for { token, err := decoder.Token() if err == io.EOF { break } if err != nil { // If streaming fails, just return what we have so far? // Or return error if it's a fundamental XML error. return totalDistance, description, err } switch se := token.(type) { case xml.StartElement: if se.Name.Local == "coordinates" { var coords string if err := decoder.DecodeElement(&coords, &se); err != nil { continue } // Calculate distance for this segment currentSegmentDistance := 0.0 items := strings.Fields(coords) var prevLat, prevLon float64 first := true for _, item := range items { parts := strings.Split(strings.TrimSpace(item), ",") if len(parts) < 2 { continue } var lon, lat float64 _, err1 := fmt.Sscanf(parts[0], "%f", &lon) _, err2 := fmt.Sscanf(parts[1], "%f", &lat) if err1 != nil || err2 != nil { continue } if !first { currentSegmentDistance += haversineDistance(prevLat, prevLon, lat, lon) } prevLat = lat prevLon = lon first = false } totalDistance += currentSegmentDistance } } } return totalDistance, description, nil } // HandleKMLUpload handles KML file uploads func HandleKMLUpload(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } // Parse multipart form if err := r.ParseMultipartForm(10 << 20); err != nil { // 10 MB limit http.Error(w, "Failed to parse form", http.StatusBadRequest) return } file, handler, err := r.FormFile("kml") if err != nil { http.Error(w, "No file uploaded", http.StatusBadRequest) return } defer file.Close() // Sanitize filename to prevent path traversal handler.Filename = filepath.Base(handler.Filename) // Read file data data, err := io.ReadAll(file) if err != nil { http.Error(w, "Failed to read file", http.StatusInternalServerError) return } // Validate MIME type / Content mimeType := http.DetectContentType(data) // KML is XML, so valid types are text/xml, application/xml, or text/plain (often detected for simple XML) if !strings.Contains(mimeType, "xml") && !strings.Contains(mimeType, "text") { http.Error(w, fmt.Sprintf("Invalid file type: %s. Expected KML/XML.", mimeType), http.StatusBadRequest) return } // Calculate distance and extract description distance, description, err := ParseKML(data) if err != nil { http.Error(w, fmt.Sprintf("Failed to parse KML: %v", err), http.StatusBadRequest) return } // Save KML file kmlDir := fmt.Sprintf("data/users/%s/kml", userID) if err := os.MkdirAll(kmlDir, 0755); err != nil { http.Error(w, "Failed to create directory", http.StatusInternalServerError) return } kmlPath := filepath.Join(kmlDir, handler.Filename) if err := os.WriteFile(kmlPath, data, 0644); err != nil { http.Error(w, "Failed to save file", http.StatusInternalServerError) return } // Save metadata to database _, err = db.Exec(` INSERT INTO kml_metadata (filename, user_id, distance, description, is_public, uploaded_at) VALUES (?, ?, ?, ?, ?, NOW()) ON DUPLICATE KEY UPDATE distance = ?, description = ?, uploaded_at = NOW() `, handler.Filename, userID, distance, description, false, distance, description) if err != nil { http.Error(w, fmt.Sprintf("Failed to save metadata: %v", err), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, "filename": handler.Filename, "distance": distance, }) } // HandleKMLList lists KML files with pagination and sorting func HandleKMLList(w http.ResponseWriter, r *http.Request) { userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } // Parse parameters for My Files myLimit, _ := strconv.Atoi(r.URL.Query().Get("my_limit")) if myLimit <= 0 { myLimit = 10 } myPage, _ := strconv.Atoi(r.URL.Query().Get("my_page")) if myPage <= 0 { myPage = 1 } mySortBy := r.URL.Query().Get("my_sort_by") if mySortBy == "" { mySortBy = "date" } // Parse parameters for Public Files publicLimit, _ := strconv.Atoi(r.URL.Query().Get("public_limit")) if publicLimit <= 0 { publicLimit = 10 } publicPage, _ := strconv.Atoi(r.URL.Query().Get("public_page")) if publicPage <= 0 { publicPage = 1 } publicSortBy := r.URL.Query().Get("public_sort_by") if publicSortBy == "" { publicSortBy = "votes" } // 1. Get My Files myFiles, myTotal, err := fetchKMLList(userID, true, myPage, myLimit, mySortBy) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } // 2. Get Public Files publicFiles, publicTotal, err := fetchKMLList(userID, false, publicPage, publicLimit, publicSortBy) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "my_files": myFiles, "my_total": myTotal, "my_page": myPage, "public_files": publicFiles, "public_total": publicTotal, "public_page": publicPage, "limit": 10, // Default limit reference for UI }) } func fetchKMLList(userID string, mineOnly bool, page, limit int, sortBy string) ([]KMLMetadata, int, error) { offset := (page - 1) * limit var whereClause string var args []interface{} if mineOnly { whereClause = "WHERE m.user_id = ?" args = append(args, userID) } else { whereClause = "WHERE m.is_public = 1" } // Get total count first var total int err := db.QueryRow(fmt.Sprintf("SELECT COUNT(*) FROM kml_metadata m %s", whereClause), args...).Scan(&total) if err != nil { return nil, 0, err } sortClause := "votes" order := "DESC" switch sortBy { case "date": sortClause = "m.uploaded_at" case "distance": sortClause = "m.distance" case "votes": sortClause = "votes" case "filename": sortClause = "m.filename" order = "ASC" } query := fmt.Sprintf(` SELECT m.filename, m.user_id, u.display_name, m.distance, m.description, m.is_public, m.uploaded_at, (SELECT COALESCE(SUM(v.vote_value), 0) FROM kml_votes v WHERE v.kml_id = m.id) as votes FROM kml_metadata m JOIN users u ON m.user_id = u.fitbit_user_id %s ORDER BY %s %s LIMIT ? OFFSET ? `, whereClause, sortClause, order) args = append(args, limit, offset) files, err := queryKMLMetadata(query, args...) return files, total, err } func queryKMLMetadata(query string, args ...interface{}) ([]KMLMetadata, error) { rows, err := db.Query(query, args...) if err != nil { return nil, err } defer rows.Close() var files []KMLMetadata for rows.Next() { var m KMLMetadata var desc sql.NullString // Handle null description err := rows.Scan(&m.Filename, &m.UserID, &m.DisplayName, &m.Distance, &desc, &m.IsPublic, &m.UploadedAt, &m.Votes) if err != nil { return nil, err } m.Description = desc.String files = append(files, m) } return files, nil } // HandleKMLEdit handles editing KML metadata (description) func HandleKMLEdit(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req struct { Filename string `json:"filename"` Description string `json:"description"` } if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request", http.StatusBadRequest) return } // Sanitize description p := bluemonday.UGCPolicy() req.Description = p.Sanitize(req.Description) if len(req.Description) > 2000 { req.Description = req.Description[:1997] + "..." } // Update description in database res, err := db.Exec("UPDATE kml_metadata SET description = ? WHERE filename = ? AND user_id = ?", req.Description, req.Filename, userID) if err != nil { http.Error(w, "Failed to update metadata", http.StatusInternalServerError) return } rowsAffected, _ := res.RowsAffected() if rowsAffected == 0 { // Could mean file doesn't exist or description didn't change, check existence var exists bool err := db.QueryRow("SELECT EXISTS(SELECT 1 FROM kml_metadata WHERE filename = ? AND user_id = ?)", req.Filename, userID).Scan(&exists) if err == nil && !exists { http.Error(w, "File not found", http.StatusNotFound) return } } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, }) } // HandleKMLPrivacyToggle toggles the privacy setting of a KML file func HandleKMLPrivacyToggle(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req struct { Filename string `json:"filename"` } if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request", http.StatusBadRequest) return } // Toggle privacy in database if _, err := db.Exec("UPDATE kml_metadata SET is_public = NOT is_public WHERE filename = ? AND user_id = ?", req.Filename, userID); err != nil { http.Error(w, "Failed to update metadata", http.StatusInternalServerError) return } var isPublic bool if err := db.QueryRow("SELECT is_public FROM kml_metadata WHERE filename = ? AND user_id = ?", req.Filename, userID).Scan(&isPublic); err != nil { http.Error(w, "Failed to fetch updated metadata", http.StatusInternalServerError) return } w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, "is_public": isPublic, }) } // HandleKMLVote handles voting on KML files (toggle upvote/downvote/none) func HandleKMLVote(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req struct { OwnerID string `json:"owner_id"` Filename string `json:"filename"` Vote int `json:"vote"` // +1, -1, or 0 to remove vote } if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request", http.StatusBadRequest) return } // Validate vote value if req.Vote != -1 && req.Vote != 0 && req.Vote != 1 { http.Error(w, "Invalid vote value (must be -1, 0, or 1)", http.StatusBadRequest) return } // Get KML ID var kmlID int err := db.QueryRow("SELECT id FROM kml_metadata WHERE user_id = ? AND filename = ?", req.OwnerID, req.Filename).Scan(&kmlID) if err != nil { http.Error(w, "KML not found", http.StatusNotFound) return } // Set the vote if err := SetVote(kmlID, userID, req.Vote); err != nil { http.Error(w, "Failed to save vote", http.StatusInternalServerError) return } // Calculate new net votes netVotes := CalculateNetVotes(kmlID) w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, "net_votes": netVotes, }) } // HandleKMLDelete deletes a KML file with ownership verification func HandleKMLDelete(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodDelete && r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } var req struct { Filename string `json:"filename"` } if err := json.NewDecoder(r.Body).Decode(&req); err != nil { http.Error(w, "Invalid request", http.StatusBadRequest) return } // Verify ownership and delete metadata from database if _, err := db.Exec("DELETE FROM kml_metadata WHERE filename = ? AND user_id = ?", req.Filename, userID); err != nil { http.Error(w, "Failed to delete metadata or file not found", http.StatusInternalServerError) return } // Delete KML file kmlPath := fmt.Sprintf("data/users/%s/kml/%s", userID, req.Filename) os.Remove(kmlPath) w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(map[string]interface{}{ "success": true, }) } // HandleKMLDownload serves a KML file for downloading/viewing func HandleKMLDownload(w http.ResponseWriter, r *http.Request) { userID, ok := getUserID(r.Context()) if !ok { http.Error(w, "Unauthorized", http.StatusUnauthorized) return } ownerID := r.URL.Query().Get("owner_id") filename := r.URL.Query().Get("filename") if ownerID == "" || filename == "" { http.Error(w, "Missing owner_id or filename", http.StatusBadRequest) return } // Verify permission: ownerID == userID OR file is public if ownerID != userID { var isPublic bool err := db.QueryRow("SELECT is_public FROM kml_metadata WHERE user_id = ? AND filename = ?", ownerID, filename).Scan(&isPublic) if err != nil { http.Error(w, "File not found", http.StatusNotFound) return } if !isPublic { http.Error(w, "Forbidden", http.StatusForbidden) return } } kmlPath := fmt.Sprintf("data/users/%s/kml/%s", ownerID, filename) data, err := os.ReadFile(kmlPath) if err != nil { http.Error(w, "File not found", http.StatusNotFound) return } w.Header().Set("Content-Type", "application/vnd.google-earth.kml+xml") w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s", filename)) w.Write(data) }