diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-03-14 06:13:48 +0900 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-03-13 17:13:48 -0400 |
commit | aafc63933a7e213261e28ac7f528cea50b70e1af (patch) | |
tree | a5488a45998df8a3143cd8f4d836b05fbd1e3319 /api4/file.go | |
parent | 24496cd0b278352b44e9411d924185e306fa346b (diff) | |
download | chat-aafc63933a7e213261e28ac7f528cea50b70e1af.tar.gz chat-aafc63933a7e213261e28ac7f528cea50b70e1af.tar.bz2 chat-aafc63933a7e213261e28ac7f528cea50b70e1af.zip |
APIv4: GET /files/{file_id}/public (#5665)
Diffstat (limited to 'api4/file.go')
-rw-r--r-- | api4/file.go | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/api4/file.go b/api4/file.go index d3c7f7a7f..6b649918f 100644 --- a/api4/file.go +++ b/api4/file.go @@ -28,6 +28,8 @@ func InitFile() { BaseRoutes.File.Handle("/preview", ApiSessionRequired(getFilePreview)).Methods("GET") BaseRoutes.File.Handle("/info", ApiSessionRequired(getFileInfo)).Methods("GET") + BaseRoutes.PublicFile.Handle("", ApiHandler(getPublicFile)).Methods("GET") + } func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { @@ -216,6 +218,47 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(info.ToJson())) } +func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_public_link.disabled.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + hash := r.URL.Query().Get("h") + + if len(hash) == 0 { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if hash != app.GeneratePublicLinkHash(info.Id, *utils.Cfg.FileSettings.PublicLinkSalt) { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if data, err := app.ReadFile(info.Path); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { + c.Err = err + return + } +} + func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError { w.Header().Set("Cache-Control", "max-age=2592000, public") w.Header().Set("Content-Length", strconv.Itoa(len(bytes))) |