From 7e3bbe4008e88592cd98def1fbcc084a2572ce9b Mon Sep 17 00:00:00 2001 From: Peter Papp Date: Mon, 15 Mar 2021 06:59:39 +0100 Subject: [PATCH] get shared via route model binding refactoring --- .../App/AppFunctionsController.php | 12 ++-- .../Sharing/BrowseShareController.php | 33 ++++----- .../Sharing/EditShareItemsController.php | 67 +++++++------------ .../Sharing/FileSharedAccessController.php | 17 ++--- .../Sharing/ServeSharedController.php | 33 ++++----- app/Models/Share.php | 2 + routes/file.php | 4 +- routes/share.php | 26 +++---- routes/web.php | 4 +- 9 files changed, 81 insertions(+), 117 deletions(-) diff --git a/app/Http/Controllers/App/AppFunctionsController.php b/app/Http/Controllers/App/AppFunctionsController.php index 026f3197..dc910c14 100644 --- a/app/Http/Controllers/App/AppFunctionsController.php +++ b/app/Http/Controllers/App/AppFunctionsController.php @@ -9,6 +9,7 @@ use App\Http\Requests\PublicPages\SendContactMessageRequest; use App\Http\Resources\PageResource; use App\Models\Setting; use App\Models\Page; +use App\Models\Share; use App\Services\StripeService; use Doctrine\DBAL\Driver\PDOException; use Illuminate\Contracts\Routing\ResponseFactory; @@ -69,12 +70,11 @@ class AppFunctionsController extends Controller /** * Get og site for web crawlers * - * @param $token + * @param Share $shared + * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View */ - public function og_site($token) + public function og_site(Share $shared) { - $shared = get_shared($token); - // Get file/folder record $item = ('App\\Models\\' . ucfirst($shared->type)) ::where('user_id', $shared->user->id) @@ -82,13 +82,13 @@ class AppFunctionsController extends Controller ->first(); if ($item->thumbnail) { - $item->setPublicUrl($token); + $item->setPublicUrl($shared->token); } return view("vuefilemanager.crawler.og-view") ->with('settings', get_settings_in_json()) ->with('metadata', [ - 'url' => url('/shared', ['token' => $token]), + 'url' => url('/shared', ['token' => $shared->token]), 'is_protected' => $shared->is_protected, 'user' => $shared->user->settings->name, 'name' => $item->name, diff --git a/app/Http/Controllers/Sharing/BrowseShareController.php b/app/Http/Controllers/Sharing/BrowseShareController.php index 87381108..8f3e257e 100644 --- a/app/Http/Controllers/Sharing/BrowseShareController.php +++ b/app/Http/Controllers/Sharing/BrowseShareController.php @@ -5,6 +5,7 @@ namespace App\Http\Controllers\Sharing; use App\Http\Controllers\Controller; use App\Models\File; use App\Models\Folder; +use App\Models\Share; use App\Services\HelperService; use Illuminate\Http\Request; use Illuminate\Support\Arr; @@ -23,13 +24,11 @@ class BrowseShareController extends Controller * Browse public folders * * @param $id - * @param $token + * @param Share $shared * @return Collection */ - public function get_public_folders($id, $token) + public function get_public_folders($id, Share $shared) { - $shared = get_shared($token); - // Abort if folder is protected if ((int)$shared->is_protected) { abort(403, "Sorry, you don't have permission"); @@ -42,26 +41,24 @@ class BrowseShareController extends Controller list($folders, $files) = $this->helper->get_items_under_shared_by_folder_id($id, $shared); // Set thumbnail links for public files - $files->map(function ($file) use ($token) { - $file->setPublicUrl($token); + $files->map(function ($file) use ($shared) { + $file->setPublicUrl($shared->token); }); // Collect folders and files to single array - return collect([$folders, $files])->collapse(); + return collect([$folders, $files]) + ->collapse(); } /** * Search public files * * @param Request $request - * @param $token + * @param Share $shared * @return Collection */ - public function search_public(Request $request, $token) + public function search_public(Request $request, Share $shared) { - // Get shared - $shared = get_shared($token); - // Abort if folder is protected if ((int)$shared->is_protected) { abort(403, "Sorry, you don't have permission"); @@ -85,10 +82,10 @@ class BrowseShareController extends Controller $accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]); // Filter files - $files = $searched_files->filter(function ($file) use ($accessible_folder_ids, $token) { + $files = $searched_files->filter(function ($file) use ($accessible_folder_ids, $shared) { // Set public urls - $file->setPublicUrl($token); + $file->setPublicUrl($shared->token); // check if item is in accessible folders return in_array($file->folder_id, $accessible_folder_ids); @@ -98,7 +95,7 @@ class BrowseShareController extends Controller $folders = $searched_folders->filter(function ($folder) use ($accessible_folder_ids) { // check if item is in accessible folders - return in_array($folder->unique_id, $accessible_folder_ids); + return in_array($folder->id, $accessible_folder_ids); }); // Collect folders and files to single array @@ -108,13 +105,11 @@ class BrowseShareController extends Controller /** * Get navigation tree * - * @param $token + * @param Share $shared * @return array */ - public function get_public_navigation_tree($token) + public function get_public_navigation_tree(Share $shared) { - $shared = get_shared($token); - // Check if user can get directory $this->helper->check_item_access($shared->item_id, $shared); diff --git a/app/Http/Controllers/Sharing/EditShareItemsController.php b/app/Http/Controllers/Sharing/EditShareItemsController.php index d87b9fe2..c13f48d7 100644 --- a/app/Http/Controllers/Sharing/EditShareItemsController.php +++ b/app/Http/Controllers/Sharing/EditShareItemsController.php @@ -10,6 +10,7 @@ use App\Http\Requests\FileFunctions\RenameItemRequest; use App\Http\Requests\FileFunctions\UploadRequest; use App\Models\File; use App\Models\Folder; +use App\Models\Share; use App\Services\DemoService; use App\Services\FileManagerService; use App\Services\HelperService; @@ -29,18 +30,17 @@ class EditShareItemsController extends Controller $this->helper = resolve(HelperService::class); $this->demo = resolve(DemoService::class); } + /** * Create new folder for guest user with edit permission * * @param CreateFolderRequest $request - * @param $token + * @param Share $shared * @return array|\Illuminate\Contracts\Foundation\Application|ResponseFactory|\Illuminate\Http\Response - * @throws Exception + * @throws \Exception */ - public function create_folder(CreateFolderRequest $request, $token) + public function create_folder(CreateFolderRequest $request, Share $shared) { - $shared = get_shared($token); - if (is_demo($shared->user_id)) { return $this->demo->create_folder($request); } @@ -64,15 +64,12 @@ class EditShareItemsController extends Controller * * @param RenameItemRequest $request * @param $id - * @param $token + * @param Share $shared * @return mixed - * @throws Exception + * @throws \Exception */ - public function rename_item(RenameItemRequest $request, $id, $token) + public function rename_item(RenameItemRequest $request, $id, Share $shared) { - // Get shared record - $shared = get_shared($token); - // Demo preview if (is_demo($shared->user_id)) { return $this->demo->rename_item($request, $id); @@ -103,7 +100,7 @@ class EditShareItemsController extends Controller // Set public url if ($item->type !== 'folder') { - $item->setPublicUrl($token); + $item->setPublicUrl($shared->token); } return response($item, 201); @@ -113,16 +110,12 @@ class EditShareItemsController extends Controller * Delete item for guest user with edit permission * * @param DeleteItemRequest $request - * @param $id - * @param $token + * @param Share $shared * @return ResponseFactory|\Illuminate\Http\Response - * @throws Exception + * @throws \Exception */ - public function delete_item(DeleteItemRequest $request, $token) + public function delete_item(DeleteItemRequest $request, Share $shared) { - // Get shared record - $shared = get_shared($token); - // Demo preview if (is_demo($shared->user_id)) { return $this->demo->response_with_no_content(); @@ -156,15 +149,12 @@ class EditShareItemsController extends Controller * Delete file for guest user with edit permission * * @param UploadRequest $request - * @param $token + * @param Share $shared * @return File|\Illuminate\Contracts\Foundation\Application|ResponseFactory|Model|\Illuminate\Http\Response - * @throws Exception + * @throws \Exception */ - public function upload(UploadRequest $request, $token) + public function upload(UploadRequest $request, Share $shared) { - // Get shared record - $shared = get_shared($token); - // Demo preview if (is_demo($shared->user_id)) { return $this->demo->upload($request); @@ -182,7 +172,7 @@ class EditShareItemsController extends Controller $new_file = $this->filemanager->upload($request, $shared); // Set public access url - $new_file->setPublicUrl($token); + $new_file->setPublicUrl($shared->token); return response($new_file, 201); } @@ -191,15 +181,11 @@ class EditShareItemsController extends Controller * Move item for guest user with edit permission * * @param MoveItemRequest $request - * @param $id - * @param $token + * @param Share $shared * @return ResponseFactory|\Illuminate\Http\Response */ - public function move(MoveItemRequest $request, $token) + public function move(MoveItemRequest $request, Share $shared) { - // Get shared record - $shared = get_shared($token); - // Demo preview if (is_demo(Auth::id())) { return $this->demo->response_with_no_content(); @@ -239,16 +225,13 @@ class EditShareItemsController extends Controller /** * Guest download folder via zip * - * @param Request $request * @param $id - * @param $token + * @param Share $shared * @return string + * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException */ - public function zip_folder($id, $token) + public function zip_folder($id, Share $shared) { - // Get shared record - $shared = get_shared($token); - // Check access to requested folder $this->helper->check_item_access($id, $shared); @@ -276,14 +259,12 @@ class EditShareItemsController extends Controller * Guest download multiple files via zip * * @param Request $request - * @param $token + * @param Share $shared * @return string + * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException */ - public function zip_multiple_files(Request $request, $token) + public function zip_multiple_files(Request $request, Share $shared) { - // Get shared record - $shared = get_shared($token); - $file_parent_folders = File::whereUserId($shared->user_id) ->whereIn('id', $request->items) ->get() diff --git a/app/Http/Controllers/Sharing/FileSharedAccessController.php b/app/Http/Controllers/Sharing/FileSharedAccessController.php index 56b84602..ec9787a3 100644 --- a/app/Http/Controllers/Sharing/FileSharedAccessController.php +++ b/app/Http/Controllers/Sharing/FileSharedAccessController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers\Sharing; use App\Http\Controllers\Controller; use App\Models\File as UserFile; +use App\Models\Share; use App\Models\Zip; use App\Services\HelperService; use Illuminate\Http\Request; @@ -53,15 +54,11 @@ class FileSharedAccessController extends Controller * Get file public * * @param $filename - * @param $token + * @param Share $shared * @return mixed - * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException */ - public function get_file_public($filename, $token) + public function get_file_public($filename, Share $shared) { - // Get sharing record - $shared = get_shared($token); - // Abort if shared is protected if ((int)$shared->is_protected) { abort(403, "Sorry, you don't have permission"); @@ -89,15 +86,11 @@ class FileSharedAccessController extends Controller * Get public image thumbnail * * @param $filename - * @param $token + * @param Share $shared * @return mixed - * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException */ - public function get_thumbnail_public($filename, $token) + public function get_thumbnail_public($filename, Share $shared) { - // Get sharing record - $shared = get_shared($token); - // Abort if thumbnail is protected if ((int)$shared->is_protected) { abort(403, "Sorry, you don't have permission"); diff --git a/app/Http/Controllers/Sharing/ServeSharedController.php b/app/Http/Controllers/Sharing/ServeSharedController.php index ce3cc5da..9a707fdb 100644 --- a/app/Http/Controllers/Sharing/ServeSharedController.php +++ b/app/Http/Controllers/Sharing/ServeSharedController.php @@ -30,13 +30,11 @@ class ServeSharedController extends Controller /** * Show page index and delete access_token & shared_token cookie * + * @param Share $shared * @return \Illuminate\Http\Response */ - public function index($token) + public function index(Share $shared) { - // Get shared token - $shared = get_shared($token); - if (!$shared) { return response() ->view('index', [ @@ -53,7 +51,7 @@ class ServeSharedController extends Controller if ((int)$shared->is_protected) { // Set shared token - Cookie::queue('shared_token', $token, 43200); + Cookie::queue('shared_token', $shared->token, 43200); } // Check if shared is image file and then show it @@ -74,11 +72,11 @@ class ServeSharedController extends Controller } // Get all settings - $settings = Setting::all(); + $settings = get_settings_in_json(); // Return page index return view("index") - ->with('settings', $settings ? json_decode($settings->pluck('value', 'name')->toJson()) : null); + ->with('settings', $settings ?? null); } /** @@ -113,14 +111,11 @@ class ServeSharedController extends Controller * Check Password for protected item * * @param AuthenticateShareRequest $request - * @param $token + * @param Share $shared * @return array */ - public function authenticate(AuthenticateShareRequest $request, $token) + public function authenticate(AuthenticateShareRequest $request, Share $shared) { - // Get sharing record - $shared = get_shared($token); - // Check password if (!Hash::check($request->password, $shared->password)) { @@ -166,14 +161,11 @@ class ServeSharedController extends Controller /** * Get shared public file record * - * @param $token + * @param Share $shared * @return mixed */ - public function file_public($token) + public function file_public(Share $shared) { - // Get sharing record - $shared = get_shared($token); - // Abort if file is protected if ((int)$shared->is_protected) { abort(403, "Sorry, you don't have permission"); @@ -185,7 +177,7 @@ class ServeSharedController extends Controller ->firstOrFail(['name', 'basename', 'thumbnail', 'type', 'filesize', 'mimetype']); // Set urls - $file->setPublicUrl($token); + $file->setPublicUrl($shared->token); // Return record return $file; @@ -194,13 +186,13 @@ class ServeSharedController extends Controller /** * Get shared private file record * - * @param $token * @return mixed */ public function file_private(Request $request) { // Get sharing record - $shared = Share::where('token', $request->cookie('shared_token'))->firstOrFail(); + $shared = Share::where('token', $request->cookie('shared_token')) + ->firstOrFail(); // Return record return File::where('user_id', $shared->user_id) @@ -256,6 +248,7 @@ class ServeSharedController extends Controller $searched_files = File::search($request->input('query')) ->where('user_id', $shared->user_id) ->get(); + $searched_folders = Folder::search($request->input('query')) ->where('user_id', $shared->user_id) ->get(); diff --git a/app/Models/Share.php b/app/Models/Share.php index 90aa0fab..06326ae1 100644 --- a/app/Models/Share.php +++ b/app/Models/Share.php @@ -19,6 +19,8 @@ class Share extends Model protected $keyType = 'string'; + protected $primaryKey = 'token'; + /** * Generate share link * diff --git a/routes/file.php b/routes/file.php index 012f2e40..bcc011c1 100644 --- a/routes/file.php +++ b/routes/file.php @@ -8,8 +8,8 @@ Route::get('/avatars/{avatar}', [FileAccessController::class, 'get_avatar'])->na Route::get('/system/{image}', [FileAccessController::class, 'get_system_image']); // Get public thumbnails and files -Route::get('/thumbnail/{name}/public/{token}', [FileSharedAccessController::class, 'get_thumbnail_public']); -Route::get('/file/{name}/public/{token}', [FileSharedAccessController::class, 'get_file_public']); +Route::get('/thumbnail/{name}/public/{shared}', [FileSharedAccessController::class, 'get_thumbnail_public']); +Route::get('/file/{name}/public/{shared}', [FileSharedAccessController::class, 'get_file_public']); Route::get('/zip/{id}/public/{token}', [FileSharedAccessController::class, 'get_zip_public'])->name('zip_public'); // User master,editor,visitor access to image thumbnails and file downloads diff --git a/routes/share.php b/routes/share.php index 6b18c855..7a0a5798 100644 --- a/routes/share.php +++ b/routes/share.php @@ -8,28 +8,28 @@ use App\Http\Controllers\Sharing\ServeSharedController; // Editor functions Route::group(['prefix' => 'editor'], function () { - Route::post('/create-folder/public/{token}', [EditShareItemsController::class, 'create_folder']); - Route::patch('/rename/{id}/public/{token}', [EditShareItemsController::class, 'rename_item']); - Route::post('/remove/public/{token}', [EditShareItemsController::class, 'delete_item']); - Route::post('/upload/public/{token}', [EditShareItemsController::class, 'upload']); - Route::post('/move/public/{token}', [EditShareItemsController::class, 'move']); + Route::post('/create-folder/public/{shared}', [EditShareItemsController::class, 'create_folder']); + Route::patch('/rename/{id}/public/{shared}', [EditShareItemsController::class, 'rename_item']); + Route::post('/remove/public/{shared}', [EditShareItemsController::class, 'delete_item']); + Route::post('/upload/public/{shared}', [EditShareItemsController::class, 'upload']); + Route::post('/move/public/{shared}', [EditShareItemsController::class, 'move']); }); // Editor/Visitor zip functions Route::group(['prefix' => 'zip'], function () { - Route::post('/files/public/{token}', [EditShareItemsController::class, 'zip_multiple_files']); - Route::get('/folder/{id}/public/{token}', [EditShareItemsController::class, 'zip_folder']); + Route::post('/files/public/{shared}', [EditShareItemsController::class, 'zip_multiple_files']); + Route::get('/folder/{id}/public/{shared}', [EditShareItemsController::class, 'zip_folder']); }); // Browse share content Route::group(['prefix' => 'browse'], function () { - Route::get('/navigation/public/{token}', [BrowseShareController::class, 'get_public_navigation_tree']); - Route::get('/folders/{id}/public/{token}', [BrowseShareController::class, 'get_public_folders']); - Route::get('/search/public/{token}', [BrowseShareController::class, 'search_public']); + Route::get('/navigation/public/{shared}', [BrowseShareController::class, 'get_public_navigation_tree']); + Route::get('/folders/{id}/public/{shared}', [BrowseShareController::class, 'get_public_folders']); + Route::get('/search/public/{shared}', [BrowseShareController::class, 'search_public']); - Route::post('/shared/authenticate/{token}', [ServeSharedController::class, 'authenticate']); - Route::get('/files/{token}/public', [ServeSharedController::class, 'file_public']); + Route::post('/shared/authenticate/{shared}', [ServeSharedController::class, 'authenticate']); + Route::get('/files/{shared}/public', [ServeSharedController::class, 'file_public']); Route::get('/shared/{token}', [ShareController::class, 'show']); }); -Route::get('/og-site/{token}', [AppFunctionsController::class, 'og_site']); \ No newline at end of file +Route::get('/og-site/{shared}', [AppFunctionsController::class, 'og_site']); \ No newline at end of file diff --git a/routes/web.php b/routes/web.php index ac6773f2..be325564 100644 --- a/routes/web.php +++ b/routes/web.php @@ -14,9 +14,9 @@ Route::get('/invoice/{customer}/{token}', [InvoiceController::class, 'show'])->m // Get og site for web crawlers if (Crawler::isCrawler()) { - Route::get('/shared/{token}', [AppFunctionsController::class, 'og_site']); + Route::get('/shared/{shared}', [AppFunctionsController::class, 'og_site']); } else { - Route::get('/shared/{token}', [ServeSharedController::class, 'index']); + Route::get('/shared/{shared}', [ServeSharedController::class, 'index']); } // Show index.blade