2017-07-26 20:03:23 +01:00
|
|
|
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// This software (Documize Community Edition) is licensed under
|
|
|
|
|
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
|
|
|
|
|
//
|
|
|
|
|
// You can operate outside the AGPL restrictions by purchasing
|
|
|
|
|
// Documize Enterprise Edition and obtaining a commercial license
|
|
|
|
|
// by contacting <sales@documize.com>.
|
|
|
|
|
//
|
|
|
|
|
// https://documize.com
|
|
|
|
|
|
|
|
|
|
package attachment
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"database/sql"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"mime"
|
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
|
|
"github.com/documize/community/core/env"
|
|
|
|
|
"github.com/documize/community/core/request"
|
|
|
|
|
"github.com/documize/community/core/response"
|
|
|
|
|
"github.com/documize/community/core/secrets"
|
|
|
|
|
"github.com/documize/community/core/uniqueid"
|
|
|
|
|
"github.com/documize/community/domain"
|
2017-08-31 18:01:07 +01:00
|
|
|
"github.com/documize/community/domain/organization"
|
2017-09-18 17:53:42 +01:00
|
|
|
"github.com/documize/community/domain/permission"
|
2017-08-15 19:41:44 +01:00
|
|
|
indexer "github.com/documize/community/domain/search"
|
2017-07-26 20:03:23 +01:00
|
|
|
"github.com/documize/community/model/attachment"
|
|
|
|
|
"github.com/documize/community/model/audit"
|
2018-03-14 13:38:37 +00:00
|
|
|
"github.com/documize/community/model/workflow"
|
2017-07-26 20:03:23 +01:00
|
|
|
uuid "github.com/nu7hatch/gouuid"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Handler contains the runtime information such as logging and database.
|
|
|
|
|
type Handler struct {
|
|
|
|
|
Runtime *env.Runtime
|
|
|
|
|
Store *domain.Store
|
2017-08-15 19:41:44 +01:00
|
|
|
Indexer indexer.Indexer
|
2017-07-26 20:03:23 +01:00
|
|
|
}
|
|
|
|
|
|
2018-06-25 19:40:04 +01:00
|
|
|
// Download sends requested file to the client/browser.
|
2017-07-26 20:03:23 +01:00
|
|
|
func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "attachment.Download"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
2017-08-31 18:01:07 +01:00
|
|
|
ctx.Subdomain = organization.GetSubdomainFromHost(r)
|
2017-07-26 20:03:23 +01:00
|
|
|
|
|
|
|
|
a, err := h.Store.Attachment.GetAttachment(ctx, request.Param(r, "orgID"), request.Param(r, "attachmentID"))
|
|
|
|
|
|
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
|
response.WriteNotFoundError(w, method, request.Param(r, "fileID"))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("get attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typ := mime.TypeByExtension("." + a.Extension)
|
|
|
|
|
if typ == "" {
|
|
|
|
|
typ = "application/octet-stream"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", typ)
|
|
|
|
|
w.Header().Set("Content-Disposition", `Attachment; filename="`+a.Filename+`" ; `+`filename*="`+a.Filename+`"`)
|
|
|
|
|
w.Header().Set("Content-Length", fmt.Sprintf("%d", len(a.Data)))
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
|
|
|
|
|
_, err = w.Write(a.Data)
|
|
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("write attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDownload)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get is an end-point that returns all of the attachments of a particular documentID.
|
|
|
|
|
func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "attachment.GetAttachments"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 17:53:42 +01:00
|
|
|
if !permission.CanViewDocument(ctx, *h.Store, documentID) {
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
a, err := h.Store.Attachment.GetAttachments(ctx, documentID)
|
|
|
|
|
if err != nil && err != sql.ErrNoRows {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("get attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(a) == 0 {
|
|
|
|
|
a = []attachment.Attachment{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
response.WriteJSON(w, a)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete is an endpoint that deletes a particular document attachment.
|
|
|
|
|
func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "attachment.DeleteAttachment"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
attachmentID := request.Param(r, "attachmentID")
|
|
|
|
|
if len(attachmentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "attachmentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 17:53:42 +01:00
|
|
|
if !permission.CanChangeDocument(ctx, *h.Store, documentID) {
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("transaction", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, err = h.Store.Attachment.Delete(ctx, attachmentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("delete attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Mark references to this document as orphaned
|
|
|
|
|
err = h.Store.Link.MarkOrphanAttachmentLink(ctx, attachmentID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("delete attachment links", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDelete)
|
|
|
|
|
|
2017-08-15 19:41:44 +01:00
|
|
|
a, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
|
|
|
|
|
d, _ := h.Store.Document.Get(ctx, documentID)
|
2018-03-14 13:38:37 +00:00
|
|
|
|
|
|
|
|
if d.Lifecycle == workflow.LifecycleLive {
|
|
|
|
|
go h.Indexer.IndexDocument(ctx, d, a)
|
|
|
|
|
} else {
|
|
|
|
|
go h.Indexer.DeleteDocument(ctx, d.RefID)
|
|
|
|
|
}
|
2017-08-15 19:41:44 +01:00
|
|
|
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteEmpty(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add stores files against a document.
|
|
|
|
|
func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
method := "attachment.Add"
|
|
|
|
|
ctx := domain.GetRequestContext(r)
|
|
|
|
|
|
|
|
|
|
documentID := request.Param(r, "documentID")
|
|
|
|
|
if len(documentID) == 0 {
|
|
|
|
|
response.WriteMissingDataError(w, method, "documentID")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-18 17:53:42 +01:00
|
|
|
if !permission.CanChangeDocument(ctx, *h.Store, documentID) {
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteForbiddenError(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
filedata, filename, err := r.FormFile("attachment")
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteMissingDataError(w, method, "attachment")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b := new(bytes.Buffer)
|
|
|
|
|
_, err = io.Copy(b, filedata)
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("add attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var job = "some-uuid"
|
|
|
|
|
newUUID, err := uuid.NewV4()
|
|
|
|
|
if err != nil {
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("uuid", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteServerError(w, method, err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
job = newUUID.String()
|
|
|
|
|
|
|
|
|
|
var a attachment.Attachment
|
|
|
|
|
refID := uniqueid.Generate()
|
|
|
|
|
a.RefID = refID
|
|
|
|
|
a.DocumentID = documentID
|
|
|
|
|
a.Job = job
|
|
|
|
|
random := secrets.GenerateSalt()
|
|
|
|
|
a.FileID = random[0:9]
|
|
|
|
|
a.Filename = filename.Filename
|
|
|
|
|
a.Data = b.Bytes()
|
|
|
|
|
|
|
|
|
|
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
|
|
|
|
if err != nil {
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("transaction", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.Store.Attachment.Add(ctx, a)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.Transaction.Rollback()
|
|
|
|
|
response.WriteServerError(w, method, err)
|
2017-08-03 10:00:24 +01:00
|
|
|
h.Runtime.Log.Error("add attachment", err)
|
2017-07-26 20:03:23 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.Transaction.Commit()
|
|
|
|
|
|
2018-02-04 15:43:57 +00:00
|
|
|
h.Store.Audit.Record(ctx, audit.EventTypeAttachmentAdd)
|
|
|
|
|
|
2017-08-15 19:41:44 +01:00
|
|
|
all, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
|
|
|
|
|
d, _ := h.Store.Document.Get(ctx, documentID)
|
2018-03-14 13:38:37 +00:00
|
|
|
|
|
|
|
|
if d.Lifecycle == workflow.LifecycleLive {
|
|
|
|
|
go h.Indexer.IndexDocument(ctx, d, all)
|
|
|
|
|
} else {
|
|
|
|
|
go h.Indexer.DeleteDocument(ctx, d.RefID)
|
|
|
|
|
}
|
2017-08-15 19:41:44 +01:00
|
|
|
|
2017-07-26 20:03:23 +01:00
|
|
|
response.WriteEmpty(w)
|
|
|
|
|
}
|
