From 68db930049e690c0b02fb4f0b9bf0a343c66ce67 Mon Sep 17 00:00:00 2001
From: Adam French <adam.a.french@outlook.com>
Date: Mon, 9 Mar 2026 17:21:26 +0000
Subject: [PATCH] Don't use SaveUploadedFile (causing permission issues)

---
 backend/handlers/handle_message_upload.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/backend/handlers/handle_message_upload.go b/backend/handlers/handle_message_upload.go
index e6fd107..85b117a 100644
--- a/backend/handlers/handle_message_upload.go
+++ b/backend/handlers/handle_message_upload.go
@@ -3,7 +3,9 @@ package handlers
 import (
 	"crypto/rand"
 	"encoding/hex"
+	"io"
 	"net/http"
+	"os"
 	"path/filepath"
 	"strings"
 
@@ -71,7 +73,22 @@ func (store *Store) UploadMessageFile(ctx *gin.Context) {
 
 	uploadDir := "/backend/uploads/"
 	dest := filepath.Join(uploadDir, filename)
-	if err := ctx.SaveUploadedFile(file, dest); err != nil {
+
+	src, err := file.Open()
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to read file"})
+		return
+	}
+	defer src.Close()
+
+	out, err := os.OpenFile(dest, os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save file"})
+		return
+	}
+	defer out.Close()
+
+	if _, err := io.Copy(out, src); err != nil {
 		ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save file"})
 		return
 	}