diff options
Diffstat (limited to 'api4/file.go')
-rw-r--r-- | api4/file.go | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/api4/file.go b/api4/file.go index 924f7e416..6b649918f 100644 --- a/api4/file.go +++ b/api4/file.go @@ -24,6 +24,11 @@ func InitFile() { BaseRoutes.Files.Handle("", ApiSessionRequired(uploadFile)).Methods("POST") BaseRoutes.File.Handle("", ApiSessionRequired(getFile)).Methods("GET") BaseRoutes.File.Handle("/thumbnail", ApiSessionRequired(getFileThumbnail)).Methods("GET") + BaseRoutes.File.Handle("/link", ApiSessionRequired(getFileLink)).Methods("GET") + BaseRoutes.File.Handle("/preview", ApiSessionRequired(getFilePreview)).Methods("GET") + BaseRoutes.File.Handle("/info", ApiSessionRequired(getFileInfo)).Methods("GET") + + BaseRoutes.PublicFile.Handle("", ApiHandler(getPublicFile)).Methods("GET") } @@ -125,6 +130,135 @@ func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.disabled.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + if info.CreatorId != c.Session.UserId && !app.SessionHasPermissionToChannelByPost(c.Session, info.PostId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if len(info.PostId) == 0 { + c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.no_post.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + + resp := make(map[string]string) + resp["link"] = app.GeneratePublicLink(c.GetSiteURL(), info) + + w.Write([]byte(model.MapToJson(resp))) +} + +func getFilePreview(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + if info.CreatorId != c.Session.UserId && !app.SessionHasPermissionToChannelByPost(c.Session, info.PostId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if info.PreviewPath == "" { + c.Err = model.NewLocAppError("getFilePreview", "api.file.get_file_preview.no_preview.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + + if data, err := app.ReadFile(info.PreviewPath); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { + c.Err = err + return + } +} + +func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + if info.CreatorId != c.Session.UserId && !app.SessionHasPermissionToChannelByPost(c.Session, info.PostId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + w.Header().Set("Cache-Control", "max-age=2592000, public") + w.Write([]byte(info.ToJson())) +} + +func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireFileId() + if c.Err != nil { + return + } + + if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_public_link.disabled.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + info, err := app.GetFileInfo(c.Params.FileId) + if err != nil { + c.Err = err + return + } + + hash := r.URL.Query().Get("h") + + if len(hash) == 0 { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if hash != app.GeneratePublicLinkHash(info.Id, *utils.Cfg.FileSettings.PublicLinkSalt) { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if data, err := app.ReadFile(info.Path); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { + c.Err = err + return + } +} + func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError { w.Header().Set("Cache-Control", "max-age=2592000, public") w.Header().Set("Content-Length", strconv.Itoa(len(bytes))) |