feat: direct file link
This commit is contained in:
Elias Schneider
@@ -14,8 +14,8 @@ import * as contentDisposition from "content-disposition";
|
||||
import { Response } from "express";
|
||||
import { CreateShareGuard } from "src/share/guard/createShare.guard";
|
||||
import { ShareOwnerGuard } from "src/share/guard/shareOwner.guard";
|
||||
import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
|
||||
import { FileService } from "./file.service";
|
||||
import { FileSecurityGuard } from "./guard/fileSecurity.guard";
|
||||
|
||||
@Controller("shares/:shareId/files")
|
||||
export class FileController {
|
||||
@@ -43,7 +43,7 @@ export class FileController {
|
||||
}
|
||||
|
||||
@Get("zip")
|
||||
@UseGuards(ShareSecurityGuard)
|
||||
@UseGuards(FileSecurityGuard)
|
||||
async getZip(
|
||||
@Res({ passthrough: true }) res: Response,
|
||||
@Param("shareId") shareId: string
|
||||
@@ -58,7 +58,7 @@ export class FileController {
|
||||
}
|
||||
|
||||
@Get(":fileId")
|
||||
@UseGuards(ShareSecurityGuard)
|
||||
@UseGuards(FileSecurityGuard)
|
||||
async getFile(
|
||||
@Res({ passthrough: true }) res: Response,
|
||||
@Param("shareId") shareId: string,
|
||||
|
||||
@@ -135,6 +135,4 @@ export class FileService {
|
||||
getZip(shareId: string) {
|
||||
return fs.createReadStream(`./data/uploads/shares/${shareId}/archive.zip`);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
65
backend/src/file/guard/fileSecurity.guard.ts
Normal file
65
backend/src/file/guard/fileSecurity.guard.ts
Normal file
@@ -0,0 +1,65 @@
|
||||
import {
|
||||
ExecutionContext,
|
||||
ForbiddenException,
|
||||
Injectable,
|
||||
NotFoundException,
|
||||
} from "@nestjs/common";
|
||||
import { Request } from "express";
|
||||
import * as moment from "moment";
|
||||
import { PrismaService } from "src/prisma/prisma.service";
|
||||
import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
|
||||
import { ShareService } from "src/share/share.service";
|
||||
|
||||
@Injectable()
|
||||
export class FileSecurityGuard extends ShareSecurityGuard {
|
||||
constructor(
|
||||
private _shareService: ShareService,
|
||||
private _prisma: PrismaService
|
||||
) {
|
||||
super(_shareService, _prisma);
|
||||
}
|
||||
|
||||
async canActivate(context: ExecutionContext) {
|
||||
const request: Request = context.switchToHttp().getRequest();
|
||||
|
||||
const shareId = Object.prototype.hasOwnProperty.call(
|
||||
request.params,
|
||||
"shareId"
|
||||
)
|
||||
? request.params.shareId
|
||||
: request.params.id;
|
||||
|
||||
const shareToken = request.cookies[`share_${shareId}_token`];
|
||||
|
||||
const share = await this._prisma.share.findUnique({
|
||||
where: { id: shareId },
|
||||
include: { security: true },
|
||||
});
|
||||
|
||||
// If there is no share token the user requests a file directly
|
||||
if (!shareToken) {
|
||||
if (
|
||||
!share ||
|
||||
(moment().isAfter(share.expiration) &&
|
||||
!moment(share.expiration).isSame(0))
|
||||
) {
|
||||
throw new NotFoundException("File not found");
|
||||
}
|
||||
|
||||
if (share.security?.password)
|
||||
throw new ForbiddenException("This share is password protected");
|
||||
|
||||
if (share.security?.maxViews && share.security.maxViews <= share.views) {
|
||||
throw new ForbiddenException(
|
||||
"Maximum views exceeded",
|
||||
"share_max_views_exceeded"
|
||||
);
|
||||
}
|
||||
|
||||
await this._shareService.increaseViewCount(share);
|
||||
return true;
|
||||
} else {
|
||||
return super.canActivate(context);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user