nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-05-15 01:35:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

vuefilemanager v1.5-alpha.1

Browse Source
This commit is contained in:
carodej
2020-04-29 11:32:08 +02:00
parent 2614efe601
commit 0f3cbaec3d
50 changed files with 426 additions and 355 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/FileAccessController.php
+5 -16
View File
@@ -3,6 +3,7 @@
namespace App\Http\Controllers;
use App\FileManagerFolder;
use App\Http\Tools\Guardian;
use App\Share;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Auth;
@@ -63,8 +64,7 @@ class FileAccessController extends Controller
if ( ! $request->user()->tokenCan('master') ) {
// Get shared token
$shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
->firstOrFail();
$shared = get_shared($request->cookie('shared_token'));
// Check access to file
$this->check_file_access($shared, $file);
@@ -84,7 +84,7 @@ class FileAccessController extends Controller
public function get_file_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
$shared = get_shared($token);
// Abort if shared is protected
if ($shared->protected) {
@@ -137,7 +137,7 @@ class FileAccessController extends Controller
public function get_thumbnail_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
$shared = get_shared($token);
// Abort if thumbnail is protected
if ($shared->protected) {
@@ -165,18 +165,7 @@ class FileAccessController extends Controller
{
// Check by parent folder permission
if ($shared->type === 'folder') {
// Get all children folders
$foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
->where('user_id', $shared->user_id)
->where('parent_id', $shared->item_id)
->get();
// Get all authorized parent folders by shared folder as root of tree
$accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
// Check user access
if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
Guardian::check_item_access($file->folder_id, $shared);
}
// Check by single file permission
app/Http/Controllers/FileFunctions/EditItemsController.php
+8 -1
View File
@@ -127,7 +127,14 @@ class EditItemsController extends Controller
}
// Rename item
return Editor::rename_item($request, $unique_id, $shared);
$item = Editor::rename_item($request, $unique_id, $shared);
// Set public url
if ($item->type !== 'folder') {
$item->setPublicUrl($token);
}
return $item;
}
/**
app/Http/Controllers/Sharing/FileSharingController.php
+4 -4
View File
@@ -33,7 +33,7 @@ class FileSharingController extends Controller
->firstOrFail();
// Delete old access_token if exist
Cookie::queue('access_token', '', -1);
Cookie::queue('shared_access_token', '', -1);
// Set cookies
if ($shared->protected) {
@@ -61,7 +61,7 @@ class FileSharingController extends Controller
// Check password
if (!Hash::check($request->password, $shared->password)) {
abort(401, 'Sorry, your password is incorrect.');
abort(401, __('vuefilemanager.incorrect_password'));
}
// Get owner of shared content
@@ -71,12 +71,12 @@ class FileSharingController extends Controller
$scope = !is_null($shared->permission) ? $shared->permission : 'visitor';
// Generate token for visitor/editor
$access_token = $user->createToken('access_token', [$scope])->accessToken;
$access_token = $user->createToken('shared_access_token', [$scope])->accessToken;
// Return authorize token with shared options
return response(new ShareResource($shared), 200)
->cookie('shared_token', $shared->token, 43200)
->cookie('access_token', $access_token, 43200);
->cookie('shared_access_token', $access_token, 43200);
}
/**
app/Http/Kernel.php
+4 -1
View File
@@ -4,6 +4,7 @@ namespace App\Http;
use App\Http\Middleware\CookieAuth;
use App\Http\Middleware\LastCheck;
use App\Http\Middleware\SharedAuth;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
@@ -55,7 +56,8 @@ class Kernel extends HttpKernel
* @var array
*/
protected $routeMiddleware = [
'auth.cookie' => CookieAuth::class,
'auth.master' => CookieAuth::class,
'auth.shared' => SharedAuth::class,
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
@@ -81,6 +83,7 @@ class Kernel extends HttpKernel
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
CookieAuth::class,
SharedAuth::class,
\App\Http\Middleware\Authenticate::class,
\Illuminate\Routing\Middleware\ThrottleRequests::class,
\Illuminate\Session\Middleware\AuthenticateSession::class,
app/Http/Middleware/CookieAuth.php
-2
View File
@@ -23,8 +23,6 @@ class CookieAuth
$request->headers->add(['Authorization' => 'Bearer ' . $access_token]);
} else {
abort(401);
}
}
return $next($request);
app/Http/Middleware/SharedAuth.php
+29
View File
@@ -0,0 +1,29 @@
<?php
namespace App\Http\Middleware;
use Closure;
class SharedAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->bearerToken()) {
if ($request->hasCookie('shared_access_token')) {
$shared_access_token = $request->cookie('shared_access_token');
$request->headers->add(['Authorization' => 'Bearer ' . $shared_access_token]);
}
}
return $next($request);
}
}