From 0d5d91744f06b9a7a843202f0814953593b6384e Mon Sep 17 00:00:00 2001
From: Mikkel RINGAUD <mikkel@milescode.dev>
Date: Sun, 13 Aug 2023 11:31:02 +0200
Subject: [PATCH 1/2] docs: add cURL info and update parameters

---
 README.md | 69 ++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 48 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index e5c4d43..7c41674 100644
--- a/README.md
+++ b/README.md
@@ -19,24 +19,11 @@ You can use the API as unauthenticated (anonymous) or [authenticated](#how-to-au
 | Remove uploaded file later - with no self destruct option | ❌ No | ✅ Yes |
 | Access private files - if user is allowed | ❌ No | ✅ Yes |
 
-### How to authenticate ?
+### Where to find the API token ?
 
 If you do have an account, head over the "My Account" page and
 grab your "API Token" from there.
 
-Now, if every requests you make to the API, just add the `Authorization` header, where its value is the API token you got from earlier.
-
-#### Simple example using `fetch`
-
-```typescript
-const response = await fetch("https://drive.cattolabs.com/api/...", {
-  // ...
-  headers: {
-    authorization: "api-token-you-got-here"
-  }
-});
-```
-
 ### Get a workspace ID
 
 > TODO
@@ -49,24 +36,28 @@ To use [drive.cattolabs.com](https://drive.cattolabs.com) with ShareX, you have
 
 Head over to "Destinations" > "Custom uploader settings" ;
 
-### Manual
+From here, you can either [create a new custom uploader manually](#manual) or simply use a pre-made one we give you: [anonymous upload](#pre-made-anonymously-upload-public-files).
+
+#### Manual
 
 - Click on "New" to create a new uploader. Name it as you want, we'll go with `drive.cattolabs.com` here ;
 - Set the "Destination type" to `Image uploader` and `File uploader`, we currently don't support `Text uploader` ;
 - Set the "Method" to `PUT` ;
-- Set the "Request URL" to `https://kcpxeoxkmblpivpgwdsm.supabase.co/functions/v1/upload-file`, (for some reason, ShareX throws on redirections so `https://drive.cattolabs.com/api/files` doesn't work) ;
+- Set the "Request URL" to `https://kcpxeoxkmblpivpgwdsm.supabase.co/functions/v1/upload-file`, (for some reason, ShareX throws an error on redirection so `https://drive.cattolabs.com/api/workspace/upload` doesn't work) ;
 - Keep "URL parameters" empty ;
-- For "Headers", leave empty if you want to upload as anonymous, else add `Authorization` and as value, [your API key](#using-the-api) ;
+- For "Headers", leave empty ;
 - Keep "Body" as `Form data (multipart/form-data)`, below you're able to add form data parameters
 
-> `private` as name and `0` as value to make all your uploaded files public.
-> If you're authenticated, uploaded files will be at the root of your drive by default, you can override that behavior by adding `workspace_id` as name and [any workspace ID](#get-a-workspace-id) as value to make all uploads go there.
+> `private` as name and `0` as value to make all your uploaded files public. If you're authenticated to an account, the default value will be `1` and `0` if you're anonymous.
+> If you want to upload to an account, pass the `api_token` parameter followed by the value of the [account's API token](#where-to-find-the-api-token).
+> By default, uploaded files will be in the root workspace of the account.
+> You can override that behavior by adding `workspace_id` as name and [any workspace ID](#get-a-workspace-id) as value to make the upload go there.
 
 - Set the "File form name" to `files` ;
 - Set the "URL" to `https://drive.cattolabs.com/api/file/{json:data.uploaded[0].id}`
 - Set the "Error message" to `{json:message}`
 
-### Pre-made: Anonymously upload public files
+#### Pre-made: Anonymously upload public files
 
 ```json
 {
@@ -85,7 +76,43 @@ Head over to "Destinations" > "Custom uploader settings" ;
 }
 ```
 
-## Developing
+### Integration with cURL
+
+You can simply send files through your terminal using cURL.
+
+In these examples, let's say you want to upload two files located at `./screen1.png` and `/tmp/image.jpg`.
+
+#### Upload as anonymous
+
+```bash
+curl -L \
+  -X PUT \
+  -F 'files=@screen1.png' \
+  -F 'files=@/tmp/image.jpg' \
+  https://drive.cattolabs.com/api/workspace/upload
+```
+
+#### Upload as authenticated to a certain workspace
+
+```bash
+curl -L \
+  -X PUT \
+  -F "api_token=YOUR_API_TOKEN" \
+  -F 'workspace_id=SOME-WORKSPACE-ID-123456789' \
+  -F 'private=0' \
+  -F 'files=@screen1.png' \
+  -F 'files=@/tmp/image.jpg' \
+  https://drive.cattolabs.com/api/workspace/upload
+```
+
+If you want to upload to your root workspace, you can remove the `workspace_id`
+parameter, it'll take the root workspace by default.
+`workspace_id` can be found using [this guide](#get-a-workspace-id).
+
+`private` defaults to `1` if not passed. If you want to make publicly
+accessible uploads, you might have to change it to `private=0`.
+
+## Run locally
 
 ```bash
 pnpm dev

From ecddc34bcce90122dd774a8e36d19a0c3b550a7d Mon Sep 17 00:00:00 2001
From: Mikkel RINGAUD <mikkel@milescode.dev>
Date: Sun, 13 Aug 2023 11:33:35 +0200
Subject: [PATCH 2/2] fix: use `api_token` in body of form data instead of
 headers

- this is because of headers not being forwarded on redirects
---
 src/utils/files.tsx                     | 4 +---
 supabase/functions/upload-file/index.ts | 9 ++++-----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/utils/files.tsx b/src/utils/files.tsx
index 0e76d5d..7812134 100644
--- a/src/utils/files.tsx
+++ b/src/utils/files.tsx
@@ -48,14 +48,12 @@ export const makeFileUpload = async (files: FileList | Array<File>, options?: {
   }
 
   // Only add headers for authenticated users.
-  const headers: Record<string, string> = {};
   if (auth.profile) {
-    headers.authorization = auth.profile.api_token;
+    body.set("api_token", auth.profile.api_token);
   }
 
   const response = await fetch("/api/workspace/upload", {
     method: "PUT",
-    headers,
     body
   });
 
diff --git a/supabase/functions/upload-file/index.ts b/supabase/functions/upload-file/index.ts
index 6f2c4a4..1a837a3 100644
--- a/supabase/functions/upload-file/index.ts
+++ b/supabase/functions/upload-file/index.ts
@@ -24,13 +24,12 @@ const json = <T>(data: T, options?: { status: number }) => new Response(
  */
 serve(async (req: Request) => {
   if (req.method === "PUT") {
-    const api_token = req.headers.get("authorization");
-  
-    let user_profile: UserProfile | undefined;
-    if (api_token) (user_profile = await getUserProfile(api_token));
-  
     const formData = await req.formData();
     const formDataFiles = formData.getAll("files") as File[];
+    const formDataApiToken = formData.get("api_token") as string | undefined;
+    
+    let user_profile: UserProfile | undefined;
+    if (formDataApiToken) (user_profile = await getUserProfile(formDataApiToken));
   
     const workspaceId = (formData.get("workspace_id") as string | undefined) ?? user_profile?.root_workspace_id ?? undefined;