feat: sync — blob upload/download with SHA-256 storage

- POST /api/v1/blobs/ — multipart upload, stored as blobs/ab/cd/sha256 - GET /api/v1/blobs/{sha256} — download by hash - server_blobs table for tracking stored blobs
2026-06-01 22:50:38 +08:00 · 2026-06-01 22:50:38 +08:00 · 10c6d06e38
parent ec928e3be6
commit 10c6d06e38
1 changed files with 78 additions and 1 deletions
--- a/cmd/verstak-server/server.go
+++ b/cmd/verstak-server/server.go
@ -2,10 +2,12 @@ package main
 import (
 	"crypto/rand"
 	"crypto/sha256"
 	"database/sql"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"path/filepath"
@ -167,6 +169,12 @@ CREATE TABLE IF NOT EXISTS server_ops (
    created_at TEXT NOT NULL,
    pushed_at TEXT NOT NULL DEFAULT (datetime('now'))
 );
 CREATE TABLE IF NOT EXISTS server_blobs (
    sha256 TEXT PRIMARY KEY,
    size INTEGER NOT NULL,
    created_at TEXT NOT NULL
 );
 `
 // ============================================================
@ -364,7 +372,76 @@ func (s *Server) handleBlobs(w http.ResponseWriter, r *http.Request) {
 	if !s.requireAPIKey(w, r) {
 		return
 	}
-	jsonOK(w, map[string]string{"status": "ok", "message": "blob endpoint ready (not yet implemented)"})
+	switch r.Method {
 	case "POST":
 		// Upload: accept multipart file, store by SHA-256.
 		if err := r.ParseMultipartForm(200 << 20); err != nil {
 			jsonErr(w, 400, "multipart error: "+err.Error())
 			return
 		}
 		file, header, err := r.FormFile("file")
 		if err != nil {
 			jsonErr(w, 400, "file field required")
 			return
 		}
 		defer file.Close()
 		// Read content and compute SHA-256.
 		data, err := io.ReadAll(file)
 		if err != nil {
 			jsonErr(w, 500, "read error")
 			return
 		}
 		hash := sha256.Sum256(data)
 		shaHex := hex.EncodeToString(hash[:])
 		// Store at blobs/ab/cd/sha256.
 		blobDir := filepath.Join(s.blobsDir, shaHex[:2], shaHex[2:4])
 		if err := os.MkdirAll(blobDir, 0750); err != nil {
 			jsonErr(w, 500, "mkdir error")
 			return
 		}
 		blobPath := filepath.Join(blobDir, shaHex)
 		if err := os.WriteFile(blobPath, data, 0640); err != nil {
 			jsonErr(w, 500, "write error")
 			return
 		}
 		_ = header
 		// Record in blobs table.
 		now := time.Now().UTC().Format(time.RFC3339)
 		s.db.Exec("INSERT OR IGNORE INTO server_blobs (sha256, size, created_at) VALUES (?, ?, ?)",
 			shaHex, len(data), now)
 		jsonOK(w, map[string]interface{}{
 			"sha256": shaHex,
 			"size":   len(data),
 		})
 	case "GET":
 		// Download: GET /api/v1/blobs/{sha256}
 		shaHex := strings.TrimPrefix(r.URL.Path, "/api/v1/blobs/")
 		if len(shaHex) != 64 {
 			jsonErr(w, 400, "invalid SHA-256")
 			return
 		}
 		blobPath := filepath.Join(s.blobsDir, shaHex[:2], shaHex[2:4], shaHex)
 		if _, err := os.Stat(blobPath); os.IsNotExist(err) {
 			jsonErr(w, 404, "blob not found")
 			return
 		}
 		data, err := os.ReadFile(blobPath)
 		if err != nil {
 			jsonErr(w, 500, "read error")
 			return
 		}
 		w.Header().Set("Content-Type", "application/octet-stream")
 		w.Header().Set("Content-Disposition", "attachment; filename=\""+shaHex+"\"")
 		w.Write(data)
 	default:
 		jsonErr(w, 405, "method not allowed")
 	}
 }
 func (s *Server) handleAdminLogin(w http.ResponseWriter, r *http.Request) {