nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-05-16 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

- public sharing refactored part 1

Browse Source
This commit is contained in:
Peter Papp
2021-03-19 07:27:15 +01:00
parent 816c8c3e07
commit db9900fcfb
27 changed files with 563 additions and 435 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Sharing/BrowseShareController.php
+10 -11
View File
@@ -27,12 +27,10 @@ class BrowseShareController extends Controller
* @param Share $shared
* @return Collection
*/
public function get_public_folders($id, Share $shared)
public function browse_folder($id, Share $shared)
{
// Abort if folder is protected
if ($shared->is_protected) {
abort(403, "Sorry, you don't have permission");
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check if user can get directory
$this->helper->check_item_access($id, $shared);
@@ -57,12 +55,10 @@ class BrowseShareController extends Controller
* @param Share $shared
* @return Collection
*/
public function search_public(Request $request, Share $shared)
public function search(Request $request, Share $shared)
{
// Abort if folder is protected
if ($shared->is_protected) {
abort(403, "Sorry, you don't have permission");
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Search files id db
$searched_files = File::search($request->input('query'))
@@ -108,8 +104,11 @@ class BrowseShareController extends Controller
* @param Share $shared
* @return array
*/
public function get_public_navigation_tree(Share $shared)
public function navigation_tree(Share $shared)
{
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check if user can get directory
$this->helper->check_item_access($shared->item_id, $shared);
app/Http/Controllers/Sharing/FileSharedAccessController.php
+8 -10
View File
@@ -54,15 +54,14 @@ class FileSharedAccessController extends Controller
* Get file public
*
* @param $filename
* @param $permission
* @param Share $shared
* @return mixed
*/
public function get_file_public($filename, Share $shared)
public function get_file_public($filename, $permission, Share $shared)
{
// Abort if shared is protected
if ($shared->is_protected) {
abort(403, "Sorry, you don't have permission");
}
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared, $permission);
// Get file record
$file = UserFile::where('user_id', $shared->user_id)
@@ -86,15 +85,14 @@ class FileSharedAccessController extends Controller
* Get public image thumbnail
*
* @param $filename
* @param $permission
* @param Share $shared
* @return mixed
*/
public function get_thumbnail_public($filename, Share $shared)
public function get_thumbnail_public($filename, $permission, Share $shared)
{
// Abort if thumbnail is protected
if ($shared->is_protected) {
abort(403, "Sorry, you don't have permission");
}
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared, $permission);
// Get file record
$file = UserFile::where('user_id', $shared->user_id)
app/Http/Controllers/Sharing/ServeSharedController.php
+6 -8
View File
@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Sharing;
use App\Http\Controllers\Controller;
use App\Http\Requests\Share\AuthenticateShareRequest;
use App\Http\Resources\FileResource;
use App\Http\Resources\ShareResource;
use App\Models\Share;
use App\Models\Setting;
@@ -118,20 +119,17 @@ class ServeSharedController extends Controller
*/
public function file_public(Share $shared)
{
// Abort if file is protected
if ($shared->is_protected) {
abort(403, "Sorry, you don't have permission");
}
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared);
// Get file
$file = File::where('user_id', $shared->user_id)
->where('id', $shared->item_id)
->firstOrFail(['name', 'basename', 'thumbnail', 'type', 'filesize', 'mimetype']);
->firstOrFail();
// Set urls
// Set access urls
$file->setPublicUrl($shared->token);
// Return record
return $file;
return response(new FileResource($file), 200);
}
}
app/Http/Kernel.php
+1
View File
@@ -15,6 +15,7 @@ class Kernel extends HttpKernel
* @var array
*/
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
app/Http/Middleware/SharedAuth.php
-29
View File
@@ -1,29 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
class SharedAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->bearerToken()) {
if ($request->hasCookie('shared_access_token')) {
$shared_access_token = $request->cookie('shared_access_token');
$request->headers->add(['Authorization' => 'Bearer ' . $shared_access_token]);
}
}
return $next($request);
}
}
app/Http/Resources/FileResource.php
+35
View File
@@ -0,0 +1,35 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class FileResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'data' => [
'id' => $this->id,
'type' => 'file',
'attributes' => [
'name' => $this->name,
'basename' => $this->basename,
'mimetype' => $this->mimetype,
'filesize' => $this->filesize,
'type' => $this->type,
'file_url' => $this->file_url,
'thumbnail' => $this->thumbnail,
'created_at' => $this->created_at,
'updated_at' => $this->created_at,
]
],
];
}
}
app/Http/Resources/GatewayCollection.php
-23
View File
@@ -1,23 +0,0 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\ResourceCollection;
class GatewayCollection extends ResourceCollection
{
public $collects = GatewayResource::class;
/**
* Transform the resource collection into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'data' => $this->collection,
];
}
}
app/Http/Resources/GatewayResource.php
-36
View File
@@ -1,36 +0,0 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class GatewayResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'data' => [
'id' => (string)$this->id,
'type' => 'gateways',
'attributes' => [
'status' => $this->status,
'sandbox' => $this->sandbox,
'name' => $this->name,
'slug' => $this->slug,
'logo' => $this->logo,
'client_id' => $this->client_id,
'secret' => $this->secret,
'webhook' => $this->webhook,
'payment_processed' => $this->payment_processed,
'optional' => $this->optional,
]
]
];
}
}
app/Models/File.php
+7 -7
View File
@@ -94,9 +94,9 @@ class File extends Model
public function getThumbnailAttribute()
{
// Get thumbnail from external storage
if ($this->attributes['thumbnail'] && is_storage_driver(['s3', 'spaces', 'wasabi', 'backblaze'])) {
if ($this->attributes['thumbnail'] && ! is_storage_driver(['local'])) {
return Storage::temporaryUrl('file-manager/' . $this->attributes['thumbnail'], now()->addHour());
return Storage::temporaryUrl('files/' . $this->attributes['thumbnail'], now()->addHour());
}
// Get thumbnail from local storage
@@ -106,7 +106,7 @@ class File extends Model
$route = route('thumbnail', ['name' => $this->attributes['thumbnail']]);
if ($this->public_access) {
return $route . '/public/' . $this->public_access;
return "$route/$this->public_access";
}
return $route;
@@ -123,7 +123,7 @@ class File extends Model
public function getFileUrlAttribute()
{
// Get file from external storage
if (is_storage_driver(['s3', 'spaces', 'wasabi', 'backblaze'])) {
if (! is_storage_driver(['local'])) {
$file_pretty_name = is_storage_driver('backblaze')
? Str::snake(mb_strtolower($this->attributes['name']))
@@ -144,7 +144,7 @@ class File extends Model
$route = route('file', ['name' => $this->attributes['basename']]);
if ($this->public_access) {
return $route . '/public/' . $this->public_access;
return "$route/$this->public_access";
}
return $route;
@@ -198,8 +198,8 @@ class File extends Model
{
parent::boot();
static::creating(function ($model) {
$model->id = (string)Str::uuid();
static::creating(function ($file) {
$file->id = (string)Str::uuid();
});
}
}
app/Providers/AppServiceProvider.php
-2
View File
@@ -25,8 +25,6 @@ class AppServiceProvider extends ServiceProvider
*/
public function boot()
{
Schema::defaultStringLength(191);
$get_time_locale = App::getLocale() . '_' . mb_strtoupper(App::getLocale());
// Set locale for carbon dates
app/Services/HelperService.php
+32
View File
@@ -4,9 +4,11 @@ namespace App\Services;
use App\Models\File;
use App\Models\Folder;
use App\Models\Share;
use Aws\Exception\MultipartUploadException;
use Aws\S3\MultipartUploader;
use DB;
use Illuminate\Http\Request;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Storage;
@@ -291,4 +293,34 @@ class HelperService
return [$folders, $files];
}
/**
* @param Share $shared
*/
function check_protected_share_record(Share $shared): void
{
if ($shared->is_protected) {
$abort_message = "Sorry, you don't have permission";
if (!request()->hasCookie('share_session')) {
abort(403, $abort_message);
}
// Get shared session
$share_session = json_decode(
request()->cookie('share_session')
);
// Check if is requested same share record
if ($share_session->token !== $shared->token) {
abort(403, $abort_message);
}
// Check if share record was authenticated previously via ServeSharedController@authenticate
if (!$share_session->authenticated) {
abort(403, $abort_message);
}
}
}
}