Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/text.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJulien Veyssier <eneiluj@posteo.net>2021-12-06 14:31:05 +0300
committerJulien Veyssier <eneiluj@posteo.net>2022-01-03 12:27:37 +0300
commit4f54f4dee2eceae5e0036556a30c7d1dd1aea00b (patch)
treefabb84b8dc70a18712ef034bdcee2e93607a9d23 /lib
parent014d081969423e8bf82341d8ee876d05a8f26580 (diff)
make image upload endpoints public and use session token to authenticate
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Diffstat (limited to 'lib')
-rw-r--r--lib/Controller/ImageController.php107
1 files changed, 48 insertions, 59 deletions
diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php
index b3aa3f111..86111846a 100644
--- a/lib/Controller/ImageController.php
+++ b/lib/Controller/ImageController.php
@@ -26,6 +26,7 @@ declare(strict_types=1);
namespace OCA\Text\Controller;
use Exception;
+use OCA\Text\Service\SessionService;
use OCP\AppFramework\Http;
use OCA\Text\Service\ImageService;
use OCP\AppFramework\Controller;
@@ -59,29 +60,44 @@ class ImageController extends Controller {
* @var LoggerInterface
*/
private $logger;
+ /**
+ * @var SessionService
+ */
+ private $sessionService;
public function __construct(string $appName,
IRequest $request,
LoggerInterface $logger,
ImageService $imageService,
+ SessionService $sessionService,
?string $userId) {
parent::__construct($appName, $request);
$this->userId = $userId;
$this->imageService = $imageService;
$this->request = $request;
$this->logger = $logger;
+ $this->sessionService = $sessionService;
}
/**
* @NoAdminRequired
+ * @PublicPage
*
- * @param int $textFileId
+ * @param int $documentId
+ * @param int $sessionId
+ * @param string $sessionToken
* @param string $imagePath
* @return DataResponse
*/
- public function insertImageFile(int $textFileId, string $imagePath): DataResponse {
+ public function insertImageFile(int $documentId, int $sessionId, string $sessionToken, string $imagePath): DataResponse {
+ if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) {
+ return new DataResponse([], 500);
+ }
+ $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
+ $userId = $session->getUserId();
+
try {
- $insertResult = $this->imageService->insertImageFile($textFileId, $imagePath, $this->userId);
+ $insertResult = $this->imageService->insertImageFile($documentId, $imagePath, $userId);
if (isset($insertResult['error'])) {
return new DataResponse($insertResult, Http::STATUS_BAD_REQUEST);
} else {
@@ -95,14 +111,28 @@ class ImageController extends Controller {
/**
* @NoAdminRequired
+ * @PublicPage
*
- * @param int $textFileId
* @param string $link
+ * @param int $documentId
+ * @param int $sessionId
+ * @param string $sessionToken
+ * @param string|null $shareToken
* @return DataResponse
*/
- public function insertImageLink(int $textFileId, string $link): DataResponse {
+ public function insertImageLink(string $link, int $documentId, int $sessionId, string $sessionToken, ?string $shareToken = null): DataResponse {
+ if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) {
+ return new DataResponse([], 500);
+ }
+
try {
- $downloadResult = $this->imageService->insertImageLink($textFileId, $link, $this->userId);
+ if ($shareToken) {
+ $downloadResult = $this->imageService->insertImageLinkPublic($documentId, $link, $shareToken);
+ } else {
+ $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
+ $userId = $session->getUserId();
+ $downloadResult = $this->imageService->insertImageLink($documentId, $link, $userId);
+ }
if (isset($downloadResult['error'])) {
return new DataResponse($downloadResult, Http::STATUS_BAD_REQUEST);
} else {
@@ -118,32 +148,17 @@ class ImageController extends Controller {
* @NoAdminRequired
* @PublicPage
*
- * @param int|null $textFileId can be null with public file share
- * @param string $link
- * @param string $shareToken
+ * @param int $documentId
+ * @param int $sessionId
+ * @param string $sessionToken
+ * @param string|null $shareToken
* @return DataResponse
*/
- public function insertImageLinkPublic(?int $textFileId, string $link, string $shareToken): DataResponse {
- try {
- $downloadResult = $this->imageService->insertImageLinkPublic($textFileId, $link, $shareToken);
- if (isset($downloadResult['error'])) {
- return new DataResponse($downloadResult, Http::STATUS_BAD_REQUEST);
- } else {
- return new DataResponse($downloadResult);
- }
- } catch (Exception $e) {
- $this->logger->error('Link insertion error', ['exception' => $e]);
- return new DataResponse(['error' => 'Link insertion error'], Http::STATUS_BAD_REQUEST);
+ public function uploadImage(int $documentId, int $sessionId, string $sessionToken, ?string $shareToken = null): DataResponse {
+ if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) {
+ return new DataResponse([], 500);
}
- }
- /**
- * @NoAdminRequired
- *
- * @param int $textFileId
- * @return DataResponse
- */
- public function uploadImage(int $textFileId): DataResponse {
try {
$file = $this->request->getUploadedFile('image');
if ($file !== null && isset($file['tmp_name'], $file['name'], $file['type'])) {
@@ -152,39 +167,13 @@ class ImageController extends Controller {
}
$newFileContent = file_get_contents($file['tmp_name']);
$newFileName = $file['name'];
- $uploadResult = $this->imageService->uploadImage($textFileId, $newFileName, $newFileContent, $this->userId);
- if (isset($uploadResult['error'])) {
- return new DataResponse($uploadResult, Http::STATUS_BAD_REQUEST);
+ if ($shareToken) {
+ $uploadResult = $this->imageService->uploadImagePublic($documentId, $newFileName, $newFileContent, $shareToken);
} else {
- return new DataResponse($uploadResult);
- }
- } else {
- return new DataResponse(['error' => 'No uploaded file'], Http::STATUS_BAD_REQUEST);
- }
- } catch (Exception $e) {
- $this->logger->error('Upload error', ['exception' => $e]);
- return new DataResponse(['error' => 'Upload error'], Http::STATUS_BAD_REQUEST);
- }
- }
-
- /**
- * @NoAdminRequired
- * @PublicPage
- *
- * @param int|null $textFileId can be null with public file share
- * @param string $shareToken
- * @return DataResponse
- */
- public function uploadImagePublic(?int $textFileId, string $shareToken): DataResponse {
- try {
- $file = $this->request->getUploadedFile('image');
- if ($file !== null && isset($file['tmp_name'], $file['name'], $file['type'])) {
- if (!in_array($file['type'], self::IMAGE_MIME_TYPES)) {
- return new DataResponse(['error' => 'Image type not supported'], Http::STATUS_BAD_REQUEST);
+ $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken);
+ $userId = $session->getUserId();
+ $uploadResult = $this->imageService->uploadImage($documentId, $newFileName, $newFileContent, $userId);
}
- $newFileContent = file_get_contents($file['tmp_name']);
- $newFileName = $file['name'];
- $uploadResult = $this->imageService->uploadImagePublic($textFileId, $newFileName, $newFileContent, $shareToken);
if (isset($uploadResult['error'])) {
return new DataResponse($uploadResult, Http::STATUS_BAD_REQUEST);
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 18:27:56 +0300