2018-02-15 12:31:20 +08:00
|
|
|
"use strict";
|
|
|
|
|
|
|
|
|
|
const express = require('express');
|
|
|
|
|
const router = express.Router();
|
|
|
|
|
const sql = require('../../services/sql');
|
|
|
|
|
const auth = require('../../services/auth');
|
|
|
|
|
const notes = require('../../services/notes');
|
2018-02-19 10:28:24 +08:00
|
|
|
const attributes = require('../../services/attributes');
|
2018-02-24 11:58:24 +08:00
|
|
|
const protected_session = require('../../services/protected_session');
|
2018-02-15 12:31:20 +08:00
|
|
|
const multer = require('multer')();
|
|
|
|
|
const wrap = require('express-promise-wrap').wrap;
|
|
|
|
|
|
|
|
|
|
router.post('/upload/:parentNoteId', auth.checkApiAuthOrElectron, multer.single('upload'), wrap(async (req, res, next) => {
|
|
|
|
|
const sourceId = req.headers.source_id;
|
|
|
|
|
const parentNoteId = req.params.parentNoteId;
|
|
|
|
|
const file = req.file;
|
2018-02-19 10:28:24 +08:00
|
|
|
const originalName = file.originalname;
|
|
|
|
|
const size = file.size;
|
2018-02-15 12:31:20 +08:00
|
|
|
|
|
|
|
|
const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [parentNoteId]);
|
|
|
|
|
|
|
|
|
|
if (!note) {
|
|
|
|
|
return res.status(404).send(`Note ${parentNoteId} doesn't exist.`);
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-19 10:28:24 +08:00
|
|
|
await sql.doInTransaction(async () => {
|
|
|
|
|
const noteId = (await notes.createNewNote(parentNoteId, {
|
|
|
|
|
title: originalName,
|
|
|
|
|
content: file.buffer,
|
|
|
|
|
target: 'into',
|
|
|
|
|
isProtected: false,
|
|
|
|
|
type: 'file',
|
|
|
|
|
mime: file.mimetype
|
|
|
|
|
}, req, sourceId)).noteId;
|
|
|
|
|
|
2018-02-19 11:55:36 +08:00
|
|
|
await attributes.createAttribute(noteId, "original_file_name", originalName, sourceId);
|
|
|
|
|
await attributes.createAttribute(noteId, "file_size", size, sourceId);
|
2018-02-19 10:28:24 +08:00
|
|
|
|
|
|
|
|
res.send({
|
|
|
|
|
noteId: noteId
|
|
|
|
|
});
|
2018-02-15 12:31:20 +08:00
|
|
|
});
|
|
|
|
|
}));
|
|
|
|
|
|
2018-02-19 10:28:24 +08:00
|
|
|
router.get('/download/:noteId', auth.checkApiAuthOrElectron, wrap(async (req, res, next) => {
|
|
|
|
|
const noteId = req.params.noteId;
|
|
|
|
|
const note = await sql.getRow("SELECT * FROM notes WHERE noteId = ?", [noteId]);
|
2018-02-24 11:58:24 +08:00
|
|
|
const protectedSessionId = req.query.protectedSessionId;
|
2018-02-19 10:28:24 +08:00
|
|
|
|
|
|
|
|
if (!note) {
|
2018-02-24 11:58:24 +08:00
|
|
|
return res.status(404).send(`Note ${noteId} doesn't exist.`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (note.isProtected) {
|
|
|
|
|
const dataKey = protected_session.getDataKeyForProtectedSessionId(protectedSessionId);
|
|
|
|
|
|
|
|
|
|
if (!dataKey) {
|
|
|
|
|
res.status(401).send("Protected session not available");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected_session.decryptNote(dataKey, note);
|
2018-02-19 10:28:24 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const attributeMap = await attributes.getNoteAttributeMap(noteId);
|
|
|
|
|
const fileName = attributeMap.original_file_name ? attributeMap.original_file_name : note.title;
|
|
|
|
|
|
|
|
|
|
res.setHeader('Content-Disposition', 'attachment; filename=' + fileName);
|
|
|
|
|
res.setHeader('Content-Type', note.mime);
|
|
|
|
|
|
|
|
|
|
res.send(note.content);
|
|
|
|
|
}));
|
|
|
|
|
|
2018-02-15 12:31:20 +08:00
|
|
|
module.exports = router;
|
