From 70d446b067dd0de95485af093fb136374303dcca Mon Sep 17 00:00:00 2001
From: log101 <ffrknerdm@gmail.com>
Date: Tue, 3 Sep 2024 11:04:57 +0300
Subject: [PATCH] feat: generate random names for uploaded images for better
 security

---
 go.mod               | 2 +-
 handlers/handlers.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 1995bf7..2c9938b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.22.3
 require (
 	github.com/dchest/uniuri v1.2.0
 	github.com/gofiber/fiber/v2 v2.52.5
+	github.com/google/uuid v1.6.0
 	github.com/h2non/bimg v1.1.9
 	github.com/joho/godotenv v1.5.1
 	gorm.io/driver/sqlite v1.5.6
@@ -13,7 +14,6 @@ require (
 
 require (
 	github.com/andybalholm/brotli v1.1.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
diff --git a/handlers/handlers.go b/handlers/handlers.go
index 475dead..14e208c 100644
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@@ -5,13 +5,13 @@ import (
 	"io"
 	"os"
 	"strconv"
-	"strings"
 
 	DB "log101/konulu-konum-backend/db"
 	"log101/konulu-konum-backend/models"
 
 	"github.com/dchest/uniuri"
 	"github.com/gofiber/fiber/v2"
+	"github.com/google/uuid"
 	"github.com/h2non/bimg"
 	"gorm.io/gorm"
 )
@@ -62,9 +62,9 @@ func KonuluKonumCreate(c *fiber.Ctx) error {
 		}
 
 		// Save image file in public folder
-		imageName := strings.Split(file[0].Filename, ".")[0]
+		imageName := uuid.New()
 		imagePath := fmt.Sprintf("./public/%s.webp", imageName)
-		imageURL := fmt.Sprintf("%s.webp", imageName)
+		imageNameWithExtension := fmt.Sprintf("%s.webp", imageName)
 		err = bimg.Write(imagePath, newImage)
 		if err != nil {
 			fmt.Fprintln(os.Stderr, err)
@@ -80,7 +80,7 @@ func KonuluKonumCreate(c *fiber.Ctx) error {
 
 		// Write to DB
 		db := DB.GetDB()
-		db.Create(&models.KonuluKonum{URI: imageUri, ImageURL: imageURL, Coordinates: geolocation, AuthorName: author, Description: description, UnlockedCounter: 0, Radius: radiusInt})
+		db.Create(&models.KonuluKonum{URI: imageUri, ImageURL: imageNameWithExtension, Coordinates: geolocation, AuthorName: author, Description: description, UnlockedCounter: 0, Radius: radiusInt})
 
 		// Return URL
 		redirectURL := fmt.Sprintf("%s/x?id=%s", clientURL, imageUri)