mirror of
https://github.com/VueFileManager/vuefilemanager.git
synced 2026-04-26 10:30:38 +00:00
security of request upload item
This commit is contained in:
Čarodej
@@ -1,13 +1,12 @@
|
||||
<?php
|
||||
|
||||
namespace Domain\UploadRequest\Controllers;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Auth;
|
||||
use Domain\UploadRequest\Notifications\UploadRequestNotification;
|
||||
use Notification;
|
||||
use App\Http\Controllers\Controller;
|
||||
use Domain\UploadRequest\Requests\StoreUploadRequest;
|
||||
use Domain\UploadRequest\Resources\UploadRequestResource;
|
||||
use Notification;
|
||||
use Domain\UploadRequest\Notifications\UploadRequestNotification;
|
||||
|
||||
class CreateUploadRequestController extends Controller
|
||||
{
|
||||
@@ -27,4 +26,4 @@ class CreateUploadRequestController extends Controller
|
||||
|
||||
return response(new UploadRequestResource($uploadRequest), 201);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+12
-9
@@ -1,16 +1,13 @@
|
||||
<?php
|
||||
namespace Domain\UploadRequest\Controllers\FileAccess;
|
||||
|
||||
use Domain\Files\Actions\DownloadFileAction;
|
||||
use Domain\Sharing\Actions\ProtectShareRecordAction;
|
||||
use Domain\Sharing\Actions\VerifyAccessToItemWithinAction;
|
||||
use Domain\Traffic\Actions\RecordDownloadAction;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use Gate;
|
||||
use Domain\Files\Models\File;
|
||||
use Illuminate\Http\Response;
|
||||
use Domain\Sharing\Models\Share;
|
||||
use Domain\Files\Resources\FileResource;
|
||||
use Domain\Files\Actions\DownloadFileAction;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use Domain\Traffic\Actions\RecordDownloadAction;
|
||||
use Illuminate\Contracts\Foundation\Application;
|
||||
use Illuminate\Contracts\Routing\ResponseFactory;
|
||||
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
||||
|
||||
/**
|
||||
@@ -27,10 +24,16 @@ class GetFileFromUploadRequestController
|
||||
public function __invoke(
|
||||
string $filename,
|
||||
UploadRequest $uploadRequest
|
||||
): BinaryFileResponse {
|
||||
): Application|ResponseFactory|Response|BinaryFileResponse {
|
||||
// Check if upload request is active
|
||||
if ($uploadRequest->status !== 'active') {
|
||||
return response('Gone', 410);
|
||||
}
|
||||
|
||||
// Get file
|
||||
$file = File::where('user_id', $uploadRequest->user_id)
|
||||
->where('basename', $filename)
|
||||
->where('parent_id', $uploadRequest->id)
|
||||
->firstOrFail();
|
||||
|
||||
// Store user download size
|
||||
|
||||
+14
-7
@@ -1,11 +1,14 @@
|
||||
<?php
|
||||
namespace Domain\UploadRequest\Controllers\FileAccess;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use Domain\Files\Actions\DownloadThumbnailAction;
|
||||
use Domain\Traffic\Actions\RecordDownloadAction;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use Domain\Files\Models\File;
|
||||
use Illuminate\Http\Response;
|
||||
use App\Http\Controllers\Controller;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use Domain\Traffic\Actions\RecordDownloadAction;
|
||||
use Illuminate\Contracts\Foundation\Application;
|
||||
use Domain\Files\Actions\DownloadThumbnailAction;
|
||||
use Illuminate\Contracts\Routing\ResponseFactory;
|
||||
use Symfony\Component\HttpFoundation\StreamedResponse;
|
||||
|
||||
/**
|
||||
@@ -22,12 +25,16 @@ class GetThumbnailFromUploadRequestController extends Controller
|
||||
public function __invoke(
|
||||
string $filename,
|
||||
UploadRequest $uploadRequest
|
||||
): StreamedResponse {
|
||||
$originalFileName = substr($filename, 3);
|
||||
): Application|ResponseFactory|Response|StreamedResponse {
|
||||
// Check if upload request is active
|
||||
if ($uploadRequest->status !== 'active') {
|
||||
return response('Gone', 410);
|
||||
}
|
||||
|
||||
// Get file
|
||||
$file = File::where('user_id', $uploadRequest->user_id)
|
||||
->where('basename', $originalFileName)
|
||||
->where('basename', substr($filename, 3))
|
||||
->where('parent_id', $uploadRequest->id)
|
||||
->firstOrFail();
|
||||
|
||||
// Store user download size
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
<?php
|
||||
|
||||
namespace Domain\UploadRequest\Controllers;
|
||||
|
||||
use App\Users\Exceptions\InvalidUserActionException;
|
||||
use Domain\Files\Resources\FileResource;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use Domain\Files\Actions\UploadFileAction;
|
||||
use Domain\Folders\Models\Folder;
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
use DB;
|
||||
use Domain\Folders\Models\Folder;
|
||||
use Domain\Files\Resources\FileResource;
|
||||
use Domain\Files\Actions\UploadFileAction;
|
||||
use Domain\UploadRequest\Models\UploadRequest;
|
||||
use App\Users\Exceptions\InvalidUserActionException;
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
|
||||
class UploadFilesForUploadRequestController
|
||||
{
|
||||
public function __construct(
|
||||
private UploadFileAction $uploadFile,
|
||||
) {}
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws FileNotFoundException
|
||||
@@ -48,7 +48,6 @@ class UploadFilesForUploadRequestController
|
||||
|
||||
// Return new uploaded file
|
||||
return response(new FileResource($file), 201);
|
||||
|
||||
} catch (InvalidUserActionException $e) {
|
||||
return response([
|
||||
'type' => 'error',
|
||||
@@ -71,4 +70,4 @@ class UploadFilesForUploadRequestController
|
||||
'name' => "Upload Request from $timestampName",
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user