1 files changed, 44 insertions, 17 deletions

diff --git a/public/upload.php b/public/upload.php
index 1ca5559..d73a975 100644
--- a/public/upload.php
+++ b/public/upload.php
@@ -2,6 +2,11 @@
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../config.php';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/utils.php';
 
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    json_response(null, 'Method not allowed', 405);
+    exit;
+}
+
 if (!isset($_FILES['file'])) {
     json_response(null, "No 'file' specified!", 400);
     exit();
@@ -12,24 +17,46 @@ if (!is_dir(FILE_DIRECTORY) && !mkdir(FILE_DIRECTORY, 0777, true)) {
     exit();
 }
 
-$file = $_FILES['file'];
+try {
+    $file = $_FILES['file'];
 
-// checking file mimetype
-$finfo = new finfo(FILEINFO_MIME_TYPE);
-if (false === $file_ext = array_search($finfo->file($file['tmp_name']), FILE_ACCEPTED_MIME_TYPES, true)) {
-    json_response(null, 'Invalid file format', 400);
-    exit();
-}
+    if (
+        !isset($file['error']) ||
+        is_array($file['error'])
+    ) {
+        throw new RuntimeException('Invalid parameters.');
+    }
 
-$file_id = generate_random_char_sequence(FILE_ID_CHARACTERS, FILE_ID_LENGTH);
+    // checking file size
+    switch ($file['error']) {
+        case UPLOAD_ERR_OK:
+            break;
+        case UPLOAD_ERR_NO_FILE:
+            throw new RuntimeException('No file sent.');
+        case UPLOAD_ERR_INI_SIZE:
+        case UPLOAD_ERR_FORM_SIZE:
+            throw new RuntimeException('Exceeded filesize limit.');
+        default:
+            throw new RuntimeException('Unknown errors.');
+    }
 
-if (!move_uploaded_file($file['tmp_name'], FILE_DIRECTORY . sprintf('/%s.%s', $file_id, $file_ext))) {
-    json_response(null, 'Failed to save the file. Try again later.', 500);
-    exit();
-}
+    // checking file mimetype
+    $finfo = new finfo(FILEINFO_MIME_TYPE);
+    if (false === $file_ext = array_search($finfo->file($file['tmp_name']), FILE_ACCEPTED_MIME_TYPES, true)) {
+        throw new RuntimeException("Invalid file format.");
+    }
+
+    $file_id = generate_random_char_sequence(FILE_ID_CHARACTERS, FILE_ID_LENGTH);
+
+    if (!move_uploaded_file($file['tmp_name'], FILE_DIRECTORY . sprintf('/%s.%s', $file_id, $file_ext))) {
+        throw new RuntimeException("Failed to save the file. Try again later.");
+    }
 
-json_response([
-    'id' => $file_id,
-    'ext' => $file_ext,
-    'mime' => FILE_ACCEPTED_MIME_TYPES[$file_ext]
-], null, 201);
\ No newline at end of file
+    json_response([
+        'id' => $file_id,
+        'ext' => $file_ext,
+        'mime' => FILE_ACCEPTED_MIME_TYPES[$file_ext]
+    ], null, 201);
+} catch (RuntimeException $e) {
+    json_response(null, $e->getMessage(), 400);
+}
\ No newline at end of file