8e2b19dc7a
* save images as private and serve via signed url from images.info api * download private images to directory on export * fix lint errors * private s3 default, AWS.s3 module level scope, default s3 url expiry * combine regex to one, and only replace when there are matches * fix lint * code not needed anymore, remove * updates after pulling master * revert the uploadToS3FromUrl url return * use model gettr to compact code, rename to attachments api * basic checking of document read permission to allow attachment viewing * fix: Continue to upload avatars as public fix: Allow redirect for non-private attachments * add support for publicly shared documents * catch errors which crash the app during zip export and user creation * add tests * enable AWS signature v4 for s3 * switch to use factories to build models for testing * add isDocker flag for local serving of attachment redirect url * fix redirect tests Co-authored-by: Tom Moor <tom.moor@gmail.com>
33 lines
841 B
JavaScript
33 lines
841 B
JavaScript
// @flow
|
|
import Router from 'koa-router';
|
|
import auth from '../middlewares/authentication';
|
|
import { Attachment, Document } from '../models';
|
|
import { getSignedImageUrl } from '../utils/s3';
|
|
|
|
import policy from '../policies';
|
|
|
|
const { authorize } = policy;
|
|
const router = new Router();
|
|
|
|
router.post('attachments.redirect', auth(), async ctx => {
|
|
const { id } = ctx.body;
|
|
ctx.assertPresent(id, 'id is required');
|
|
|
|
const user = ctx.state.user;
|
|
const attachment = await Attachment.findByPk(id);
|
|
|
|
if (attachment.isPrivate) {
|
|
const document = await Document.findByPk(attachment.documentId, {
|
|
userId: user.id,
|
|
});
|
|
authorize(user, 'read', document);
|
|
|
|
const accessUrl = await getSignedImageUrl(attachment.key);
|
|
ctx.redirect(accessUrl);
|
|
} else {
|
|
ctx.redirect(attachment.url);
|
|
}
|
|
});
|
|
|
|
export default router;
|