still moving codebase to new API (WIP)

domain/attachment/endpoint.go

@@ -0,0 +1,224 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package attachment
+
+import (
+	"bytes"
+	"database/sql"
+	"fmt"
+	"io"
+	"mime"
+	"net/http"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/core/request"
+	"github.com/documize/community/core/response"
+	"github.com/documize/community/core/secrets"
+	"github.com/documize/community/core/uniqueid"
+	"github.com/documize/community/domain"
+	"github.com/documize/community/domain/document"
+	"github.com/documize/community/model/attachment"
+	"github.com/documize/community/model/audit"
+	uuid "github.com/nu7hatch/gouuid"
+)
+
+// Handler contains the runtime information such as logging and database.
+type Handler struct {
+	Runtime *env.Runtime
+	Store   *domain.Store
+}
+
+// Download is the end-point that responds to a request for a particular attachment
+// by sending the requested file to the client.
+func (h *Handler) Download(w http.ResponseWriter, r *http.Request) {
+	method := "attachment.Download"
+	ctx := domain.GetRequestContext(r)
+
+	a, err := h.Store.Attachment.GetAttachment(ctx, request.Param(r, "orgID"), request.Param(r, "attachmentID"))
+
+	if err == sql.ErrNoRows {
+		response.WriteNotFoundError(w, method, request.Param(r, "fileID"))
+		return
+	}
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	typ := mime.TypeByExtension("." + a.Extension)
+	if typ == "" {
+		typ = "application/octet-stream"
+	}
+
+	w.Header().Set("Content-Type", typ)
+	w.Header().Set("Content-Disposition", `Attachment; filename="`+a.Filename+`" ; `+`filename*="`+a.Filename+`"`)
+	w.Header().Set("Content-Length", fmt.Sprintf("%d", len(a.Data)))
+	w.WriteHeader(http.StatusOK)
+
+	_, err = w.Write(a.Data)
+	if err != nil {
+		h.Runtime.Log.Error("writing attachment", err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDownload)
+}
+
+// Get is an end-point that returns all of the attachments of a particular documentID.
+func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
+	method := "attachment.GetAttachments"
+	ctx := domain.GetRequestContext(r)
+
+	documentID := request.Param(r, "documentID")
+	if len(documentID) == 0 {
+		response.WriteMissingDataError(w, method, "documentID")
+		return
+	}
+
+	if !document.CanViewDocument(ctx, *h.Store, documentID) {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	a, err := h.Store.Attachment.GetAttachments(ctx, documentID)
+	if err != nil && err != sql.ErrNoRows {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	if len(a) == 0 {
+		a = []attachment.Attachment{}
+	}
+
+	response.WriteJSON(w, a)
+}
+
+// Delete is an endpoint that deletes a particular document attachment.
+func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
+	method := "attachment.DeleteAttachment"
+	ctx := domain.GetRequestContext(r)
+
+	documentID := request.Param(r, "documentID")
+	if len(documentID) == 0 {
+		response.WriteMissingDataError(w, method, "documentID")
+		return
+	}
+
+	attachmentID := request.Param(r, "attachmentID")
+	if len(attachmentID) == 0 {
+		response.WriteMissingDataError(w, method, "attachmentID")
+		return
+	}
+
+	if !document.CanChangeDocument(ctx, *h.Store, documentID) {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	var err error
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	_, err = h.Store.Attachment.Delete(ctx, attachmentID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	// Mark references to this document as orphaned
+	err = h.Store.Link.MarkOrphanAttachmentLink(ctx, attachmentID)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDelete)
+
+	ctx.Transaction.Commit()
+
+	response.WriteEmpty(w)
+}
+
+// Add stores files against a document.
+func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
+	method := "attachment.Add"
+	ctx := domain.GetRequestContext(r)
+
+	documentID := request.Param(r, "documentID")
+	if len(documentID) == 0 {
+		response.WriteMissingDataError(w, method, "documentID")
+		return
+	}
+
+	if !document.CanChangeDocument(ctx, *h.Store, documentID) {
+		response.WriteForbiddenError(w)
+		return
+	}
+
+	filedata, filename, err := r.FormFile("attachment")
+
+	if err != nil {
+		response.WriteMissingDataError(w, method, "attachment")
+		return
+	}
+
+	b := new(bytes.Buffer)
+	_, err = io.Copy(b, filedata)
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	var job = "some-uuid"
+
+	newUUID, err := uuid.NewV4()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	job = newUUID.String()
+
+	var a attachment.Attachment
+	refID := uniqueid.Generate()
+	a.RefID = refID
+	a.DocumentID = documentID
+	a.Job = job
+	random := secrets.GenerateSalt()
+	a.FileID = random[0:9]
+	a.Filename = filename.Filename
+	a.Data = b.Bytes()
+
+	ctx.Transaction, err = h.Runtime.Db.Beginx()
+	if err != nil {
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	err = h.Store.Attachment.Add(ctx, a)
+	if err != nil {
+		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
+		return
+	}
+
+	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentAdd)
+
+	ctx.Transaction.Commit()
+
+	response.WriteEmpty(w)
+}

domain/attachment/mysql/store.go

@@ -0,0 +1,104 @@
+// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
+//
+// This software (Documize Community Edition) is licensed under
+// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
+//
+// You can operate outside the AGPL restrictions by purchasing
+// Documize Enterprise Edition and obtaining a commercial license
+// by contacting <sales@documize.com>.
+//
+// https://documize.com
+
+package attachment
+
+import (
+	"strings"
+	"time"
+
+	"github.com/documize/community/domain"
+	"github.com/documize/community/domain/store/mysql"
+	"github.com/pkg/errors"
+
+	"github.com/documize/community/core/env"
+	"github.com/documize/community/core/streamutil"
+	"github.com/documize/community/model/attachment"
+)
+
+// Scope provides data access to MySQL.
+type Scope struct {
+	Runtime *env.Runtime
+}
+
+// Add inserts the given record into the database attachement table.
+func (s Scope) Add(ctx domain.RequestContext, a attachment.Attachment) (err error) {
+	a.OrgID = ctx.OrgID
+	a.Created = time.Now().UTC()
+	a.Revised = time.Now().UTC()
+	bits := strings.Split(a.Filename, ".")
+	a.Extension = bits[len(bits)-1]
+
+	stmt, err := ctx.Transaction.Preparex("INSERT INTO attachment (refid, orgid, documentid, job, fileid, filename, data, extension, created, revised) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, "prepare insert attachment")
+		return
+	}
+
+	_, err = stmt.Exec(a.RefID, a.OrgID, a.DocumentID, a.Job, a.FileID, a.Filename, a.Data, a.Extension, a.Created, a.Revised)
+	if err != nil {
+		err = errors.Wrap(err, "execute insert attachment")
+		return
+	}
+
+	return
+}
+
+// GetAttachment returns the database attachment record specified by the parameters.
+func (s Scope) GetAttachment(ctx domain.RequestContext, orgID, attachmentID string) (a attachment.Attachment, err error) {
+	stmt, err := s.Runtime.Db.Preparex("SELECT id, refid, orgid, documentid, job, fileid, filename, data, extension, created, revised FROM attachment WHERE orgid=? and refid=?")
+	defer streamutil.Close(stmt)
+
+	if err != nil {
+		err = errors.Wrap(err, "prepare select attachment")
+		return
+	}
+
+	err = stmt.Get(&a, orgID, attachmentID)
+	if err != nil {
+		err = errors.Wrap(err, "execute select attachment")
+		return
+	}
+
+	return
+}
+
+// GetAttachments returns a slice containing the attachement records (excluding their data) for document docID, ordered by filename.
+func (s Scope) GetAttachments(ctx domain.RequestContext, docID string) (a []attachment.Attachment, err error) {
+	err = s.Runtime.Db.Select(&a, "SELECT id, refid, orgid, documentid, job, fileid, filename, extension, created, revised FROM attachment WHERE orgid=? and documentid=? order by filename", ctx.OrgID, docID)
+
+	if err != nil {
+		err = errors.Wrap(err, "execute select attachments")
+		return
+	}
+
+	return
+}
+
+// GetAttachmentsWithData returns a slice containing the attachement records (including their data) for document docID, ordered by filename.
+func (s Scope) GetAttachmentsWithData(ctx domain.RequestContext, docID string) (a []attachment.Attachment, err error) {
+	err = s.Runtime.Db.Select(&a, "SELECT id, refid, orgid, documentid, job, fileid, filename, extension, data, created, revised FROM attachment WHERE orgid=? and documentid=? order by filename", ctx.OrgID, docID)
+
+	if err != nil {
+		err = errors.Wrap(err, "execute select attachments with data")
+		return
+	}
+
+	return
+}
+
+// Delete deletes the id record from the database attachment table.
+func (s Scope) Delete(ctx domain.RequestContext, id string) (rows int64, err error) {
+	b := mysql.BaseQuery{}
+	return b.DeleteConstrained(ctx.Transaction, "attachment", ctx.OrgID, id)
+}