2019-03-26 20:17:43 +08:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
const Joi = require('joi');
|
2019-03-26 20:17:43 +08:00
|
|
|
const MongoPaging = require('mongo-cursor-pagination');
|
2021-08-30 16:18:42 +08:00
|
|
|
const ObjectId = require('mongodb').ObjectId;
|
2019-03-26 20:17:43 +08:00
|
|
|
const tools = require('../tools');
|
|
|
|
|
const roles = require('../roles');
|
2019-03-26 22:41:43 +08:00
|
|
|
const consts = require('../consts');
|
2020-07-20 01:51:06 +08:00
|
|
|
const { nextPageCursorSchema, previousPageCursorSchema, pageNrSchema, sessSchema, sessIPSchema } = require('../schemas');
|
2019-03-26 20:17:43 +08:00
|
|
|
|
|
|
|
|
module.exports = (db, server, storageHandler) => {
|
|
|
|
|
server.post(
|
|
|
|
|
'/users/:user/storage',
|
2022-11-24 18:26:10 +08:00
|
|
|
tools.responseWrapper(async (req, res) => {
|
2019-03-26 20:17:43 +08:00
|
|
|
res.charSet('utf-8');
|
|
|
|
|
|
|
|
|
|
const schema = Joi.object().keys({
|
2020-07-16 16:15:04 +08:00
|
|
|
user: Joi.string().hex().lowercase().length(24).required(),
|
|
|
|
|
|
|
|
|
|
filename: Joi.string().empty('').max(255),
|
|
|
|
|
contentType: Joi.string().empty('').max(255),
|
|
|
|
|
encoding: Joi.string().empty('').valid('base64'),
|
2021-11-15 20:22:00 +08:00
|
|
|
|
2020-07-16 16:15:04 +08:00
|
|
|
content: Joi.binary().max(consts.MAX_ALLOWED_MESSAGE_SIZE).empty('').required(),
|
2019-03-26 20:17:43 +08:00
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
sess: sessSchema,
|
|
|
|
|
ip: sessIPSchema
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
|
2019-03-26 22:41:43 +08:00
|
|
|
if (!req.params.content && req.body && (Buffer.isBuffer(req.body) || typeof req.body === 'string')) {
|
|
|
|
|
req.params.content = req.body;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
const result = schema.validate(req.params, {
|
2019-03-26 20:17:43 +08:00
|
|
|
abortEarly: false,
|
|
|
|
|
convert: true
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (result.error) {
|
2019-07-31 21:05:59 +08:00
|
|
|
res.status(400);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: result.error.message,
|
2020-07-16 16:31:58 +08:00
|
|
|
code: 'InputValidationError',
|
|
|
|
|
details: tools.validationErrors(result)
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// permissions check
|
|
|
|
|
if (req.user && req.user === result.value.user) {
|
|
|
|
|
req.validate(roles.can(req.role).createOwn('storage'));
|
|
|
|
|
} else {
|
|
|
|
|
req.validate(roles.can(req.role).createAny('storage'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-30 16:18:42 +08:00
|
|
|
let user = new ObjectId(result.value.user);
|
2019-03-26 20:17:43 +08:00
|
|
|
|
|
|
|
|
let userData;
|
|
|
|
|
try {
|
|
|
|
|
userData = await db.users.collection('users').findOne(
|
|
|
|
|
{
|
|
|
|
|
_id: user
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
projection: {
|
|
|
|
|
address: true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
} catch (err) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(500);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'MongoDB Error: ' + err.message,
|
|
|
|
|
code: 'InternalDatabaseError'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
if (!userData) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(404);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'This user does not exist',
|
|
|
|
|
code: 'UserNotFound'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let id = await storageHandler.add(user, result.value);
|
|
|
|
|
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
success: !!id,
|
|
|
|
|
id
|
|
|
|
|
});
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
server.get(
|
|
|
|
|
'/users/:user/storage',
|
2022-11-24 18:26:10 +08:00
|
|
|
tools.responseWrapper(async (req, res) => {
|
2019-03-26 20:17:43 +08:00
|
|
|
res.charSet('utf-8');
|
|
|
|
|
|
|
|
|
|
const schema = Joi.object().keys({
|
2020-07-16 16:15:04 +08:00
|
|
|
user: Joi.string().hex().lowercase().length(24).required(),
|
|
|
|
|
query: Joi.string().trim().empty('').max(255),
|
|
|
|
|
limit: Joi.number().default(20).min(1).max(250),
|
2020-07-20 01:51:06 +08:00
|
|
|
next: nextPageCursorSchema,
|
|
|
|
|
previous: previousPageCursorSchema,
|
|
|
|
|
page: pageNrSchema,
|
|
|
|
|
sess: sessSchema,
|
|
|
|
|
ip: sessIPSchema
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
const result = schema.validate(req.params, {
|
2019-03-26 20:17:43 +08:00
|
|
|
abortEarly: false,
|
|
|
|
|
convert: true,
|
|
|
|
|
allowUnknown: true
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (result.error) {
|
2019-07-31 21:05:59 +08:00
|
|
|
res.status(400);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: result.error.message,
|
2020-07-16 16:31:58 +08:00
|
|
|
code: 'InputValidationError',
|
|
|
|
|
details: tools.validationErrors(result)
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// permissions check
|
|
|
|
|
if (req.user && req.user === result.value.user) {
|
|
|
|
|
req.validate(roles.can(req.role).readOwn('storage'));
|
|
|
|
|
} else {
|
|
|
|
|
req.validate(roles.can(req.role).readAny('storage'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-30 16:18:42 +08:00
|
|
|
let user = new ObjectId(result.value.user);
|
2019-03-26 20:17:43 +08:00
|
|
|
|
|
|
|
|
let userData;
|
|
|
|
|
try {
|
|
|
|
|
userData = await db.users.collection('users').findOne(
|
|
|
|
|
{
|
|
|
|
|
_id: user
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
projection: {
|
|
|
|
|
address: true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
} catch (err) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(500);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'MongoDB Error: ' + err.message,
|
|
|
|
|
code: 'InternalDatabaseError'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
if (!userData) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(404);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'This user does not exist',
|
|
|
|
|
code: 'UserNotFound'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let query = result.value.query;
|
|
|
|
|
let limit = result.value.limit;
|
|
|
|
|
let page = result.value.page;
|
|
|
|
|
let pageNext = result.value.next;
|
|
|
|
|
let pagePrevious = result.value.previous;
|
|
|
|
|
|
|
|
|
|
let filter = (query && {
|
|
|
|
|
'metadata.user': user,
|
|
|
|
|
filename: {
|
2021-10-04 16:57:43 +08:00
|
|
|
$regex: tools.escapeRegexStr(query),
|
2019-03-26 20:17:43 +08:00
|
|
|
$options: ''
|
|
|
|
|
}
|
|
|
|
|
}) || {
|
|
|
|
|
'metadata.user': user
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let total = await db.gridfs.collection('storage.files').countDocuments(filter);
|
|
|
|
|
|
|
|
|
|
let opts = {
|
|
|
|
|
limit,
|
|
|
|
|
query: filter,
|
|
|
|
|
paginatedField: 'filename',
|
|
|
|
|
sortAscending: true
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (pageNext) {
|
|
|
|
|
opts.next = pageNext;
|
|
|
|
|
} else if ((!page || page > 1) && pagePrevious) {
|
|
|
|
|
opts.previous = pagePrevious;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let listing;
|
|
|
|
|
try {
|
|
|
|
|
listing = await MongoPaging.find(db.gridfs.collection('storage.files'), opts);
|
|
|
|
|
} catch (err) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(500);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'MongoDB Error: ' + err.message,
|
|
|
|
|
code: 'InternalDatabaseError'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!listing.hasPrevious) {
|
|
|
|
|
page = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let response = {
|
|
|
|
|
success: true,
|
|
|
|
|
query,
|
|
|
|
|
total,
|
|
|
|
|
page,
|
|
|
|
|
previousCursor: listing.hasPrevious ? listing.previous : false,
|
|
|
|
|
nextCursor: listing.hasNext ? listing.next : false,
|
|
|
|
|
results: (listing.results || []).map(fileData => ({
|
|
|
|
|
id: fileData._id.toString(),
|
|
|
|
|
filename: fileData.filename || false,
|
|
|
|
|
contentType: fileData.contentType || false,
|
|
|
|
|
size: fileData.length,
|
|
|
|
|
created: fileData.uploadDate.toISOString(),
|
|
|
|
|
md5: fileData.md5
|
|
|
|
|
}))
|
|
|
|
|
};
|
|
|
|
|
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json(response);
|
2019-03-26 20:17:43 +08:00
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
server.del(
|
|
|
|
|
'/users/:user/storage/:file',
|
2022-11-24 18:26:10 +08:00
|
|
|
tools.responseWrapper(async (req, res) => {
|
2019-03-26 20:17:43 +08:00
|
|
|
res.charSet('utf-8');
|
|
|
|
|
|
|
|
|
|
const schema = Joi.object().keys({
|
2020-07-16 16:15:04 +08:00
|
|
|
user: Joi.string().hex().lowercase().length(24).required(),
|
|
|
|
|
file: Joi.string().hex().lowercase().length(24).required(),
|
2020-07-20 01:51:06 +08:00
|
|
|
sess: sessSchema,
|
|
|
|
|
ip: sessIPSchema
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
const result = schema.validate(req.params, {
|
2019-03-26 20:17:43 +08:00
|
|
|
abortEarly: false,
|
|
|
|
|
convert: true
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (result.error) {
|
2019-07-31 21:05:59 +08:00
|
|
|
res.status(400);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: result.error.message,
|
2020-07-16 16:31:58 +08:00
|
|
|
code: 'InputValidationError',
|
|
|
|
|
details: tools.validationErrors(result)
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-30 16:18:42 +08:00
|
|
|
let user = new ObjectId(result.value.user);
|
2019-03-26 20:17:43 +08:00
|
|
|
|
|
|
|
|
// permissions check
|
|
|
|
|
if (req.user && req.user === result.value.user) {
|
|
|
|
|
req.validate(roles.can(req.role).deleteOwn('storage'));
|
|
|
|
|
} else {
|
|
|
|
|
req.validate(roles.can(req.role).deleteAny('storage'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-30 16:18:42 +08:00
|
|
|
let file = new ObjectId(result.value.file);
|
2019-03-26 20:17:43 +08:00
|
|
|
await storageHandler.delete(user, file);
|
|
|
|
|
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
success: true
|
|
|
|
|
});
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
server.get(
|
|
|
|
|
{ name: 'storagefile', path: '/users/:user/storage/:file' },
|
2022-11-24 18:26:10 +08:00
|
|
|
tools.responseWrapper(async (req, res) => {
|
2019-03-26 20:17:43 +08:00
|
|
|
const schema = Joi.object().keys({
|
2020-07-16 16:15:04 +08:00
|
|
|
user: Joi.string().hex().lowercase().length(24).required(),
|
|
|
|
|
file: Joi.string().hex().lowercase().length(24).required()
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
|
2020-07-20 01:51:06 +08:00
|
|
|
const result = schema.validate(req.params, {
|
2019-03-26 20:17:43 +08:00
|
|
|
abortEarly: false,
|
|
|
|
|
convert: true
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (result.error) {
|
2019-07-31 21:05:59 +08:00
|
|
|
res.status(400);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: result.error.message,
|
2020-07-16 16:31:58 +08:00
|
|
|
code: 'InputValidationError',
|
|
|
|
|
details: tools.validationErrors(result)
|
2019-03-26 20:17:43 +08:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// permissions check
|
|
|
|
|
if (req.user && req.user === result.value.user) {
|
|
|
|
|
req.validate(roles.can(req.role).readOwn('storage'));
|
|
|
|
|
} else {
|
|
|
|
|
req.validate(roles.can(req.role).readAny('storage'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-30 16:18:42 +08:00
|
|
|
let user = new ObjectId(result.value.user);
|
|
|
|
|
let file = new ObjectId(result.value.file);
|
2019-03-26 20:17:43 +08:00
|
|
|
|
|
|
|
|
let fileData;
|
|
|
|
|
try {
|
|
|
|
|
fileData = await db.gridfs.collection('storage.files').findOne({
|
|
|
|
|
_id: file,
|
|
|
|
|
'metadata.user': user
|
|
|
|
|
});
|
|
|
|
|
} catch (err) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(500);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'MongoDB Error: ' + err.message,
|
|
|
|
|
code: 'InternalDatabaseError'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!fileData) {
|
2021-05-20 19:47:20 +08:00
|
|
|
res.status(404);
|
2022-11-24 18:26:10 +08:00
|
|
|
return res.json({
|
2019-03-26 20:17:43 +08:00
|
|
|
error: 'This file does not exist',
|
|
|
|
|
code: 'FileNotFound'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res.writeHead(200, {
|
|
|
|
|
'Content-Type': fileData.contentType || 'application/octet-stream'
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
let stream = storageHandler.gridstore.openDownloadStream(file);
|
|
|
|
|
|
|
|
|
|
stream.once('error', err => {
|
|
|
|
|
try {
|
|
|
|
|
res.end(err.message);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
//ignore
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
stream.pipe(res);
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
};
|
