nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-29 11:15:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

backend update

Browse Source
This commit is contained in:
carodej
2020-04-27 12:38:08 +02:00
parent 65147870fd
commit eb6bd646c8
17 changed files with 20590 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/FileManagerFile.php
+75 -7
View File
@@ -3,17 +3,61 @@
namespace App;
use ByteUnits\Metric;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Str;
use Laravel\Scout\Searchable;
use TeamTNT\TNTSearch\Indexer\TNTIndexer;
use \Illuminate\Database\Eloquent\SoftDeletes;
/**
* App\FileManagerFile
*
* @property int $id
* @property int|null $user_id
* @property int $unique_id
* @property int $folder_id
* @property string $thumbnail
* @property string|null $name
* @property string|null $basename
* @property string|null $mimetype
* @property string $filesize
* @property string|null $type
* @property string $user_scope
* @property string $deleted_at
* @property string $created_at
* @property \Illuminate\Support\Carbon|null $updated_at
* @property-read \App\FileManagerFolder|null $folder
* @property-read string $file_url
* @property-read \App\FileManagerFolder $parent
* @property-read \App\Share|null $shared
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile newModelQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile newQuery()
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFile onlyTrashed()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile query()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereBasename($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereCreatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereDeletedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereFilesize($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereFolderId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereMimetype($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereName($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereThumbnail($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereType($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereUniqueId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereUpdatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereUserId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFile whereUserScope($value)
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFile withTrashed()
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFile withoutTrashed()
* @mixin \Eloquent
*/
class FileManagerFile extends Model
{
use Searchable, SoftDeletes;
public $public_access = null;
protected $guarded = [
'id'
@@ -23,6 +67,15 @@ class FileManagerFile extends Model
'file_url'
];
/**
* Set routes with public access
*
* @param $token
*/
public function setPublicUrl($token) {
$this->public_access = $token;
}
/**
* Format created at date
*
@@ -46,9 +99,8 @@ class FileManagerFile extends Model
}
/**
* Format filesize
* Format fileSize
*
* @param $value
* @return string
*/
public function getFilesizeAttribute()
@@ -59,23 +111,39 @@ class FileManagerFile extends Model
/**
* Format thumbnail url
*
* @param $value
* @return string
*/
public function getThumbnailAttribute()
{
return $this->attributes['thumbnail'] ? route('thumbnail', ['name' => $this->attributes['thumbnail']]) : null;
if ($this->attributes['thumbnail']) {
// Thumbnail route
$route = route('thumbnail', ['name' => $this->attributes['thumbnail']]);
if ($this->public_access) {
return $route . '/public/' . $this->public_access;
}
return $route;
}
return null;
}
/**
* Format file url
*
* @param $value
* @return string
*/
public function getFileUrlAttribute()
{
return route('file', ['name' => $this->attributes['basename']]);
$route = route('file', ['name' => $this->attributes['basename']]);
if ($this->public_access) {
return $route . '/public/' . $this->public_access;
}
return $route;
}
/**
app/FileManagerFolder.php
+47
View File
@@ -12,6 +12,53 @@ use RecursiveIteratorIterator;
use TeamTNT\TNTSearch\Indexer\TNTIndexer;
use \Illuminate\Database\Eloquent\SoftDeletes;
/**
* App\FileManagerFolder
*
* @property int $id
* @property int|null $user_id
* @property int $unique_id
* @property int $parent_id
* @property string|null $name
* @property string|null $type
* @property string $user_scope
* @property string $deleted_at
* @property string $created_at
* @property \Illuminate\Support\Carbon|null $updated_at
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFolder[] $children
* @property-read int|null $children_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFile[] $files
* @property-read int|null $files_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFolder[] $folders
* @property-read int|null $folders_count
* @property-read int $items
* @property-read int $trashed_items
* @property-read \App\FileManagerFolder $parent
* @property-read \App\Share|null $shared
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFolder[] $trashed_children
* @property-read int|null $trashed_children_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFile[] $trashed_files
* @property-read int|null $trashed_files_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFolder[] $trashed_folders
* @property-read int|null $trashed_folders_count
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder newModelQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder newQuery()
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFolder onlyTrashed()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder query()
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereCreatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereDeletedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereName($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereParentId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereType($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereUniqueId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereUpdatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereUserId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\FileManagerFolder whereUserScope($value)
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFolder withTrashed()
* @method static \Illuminate\Database\Query\Builder|\App\FileManagerFolder withoutTrashed()
* @mixin \Eloquent
*/
class FileManagerFolder extends Model
{
use Searchable, SoftDeletes;
app/Http/Controllers/FileAccessController.php
+136 -53
View File
@@ -20,6 +20,7 @@ class FileAccessController extends Controller
*
* @param $basename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_avatar($basename)
{
@@ -45,6 +46,7 @@ class FileAccessController extends Controller
* @param Request $request
* @param $filename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_file(Request $request, $filename)
{
@@ -59,9 +61,139 @@ class FileAccessController extends Controller
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_access($request, $file);
// Get shared token
$shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
->firstOrFail();
// Check access to file
$this->check_file_access($shared, $file);
}
return $this->download_file($file);
}
/**
* Get file public
*
* @param $filename
* @param $token
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_file_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
// Abort if shared is protected
if ($shared->protected) {
abort(403, "Sorry, you don't have permission");
}
// Get file record
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('basename', $filename)
->firstOrFail();
// Check file access
$this->check_file_access($shared, $file);
return $this->download_file($file);
}
/**
* Get image thumbnail
*
* @param Request $request
* @param $filename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail(Request $request, $filename)
{
// Get file record
$file = FileManagerFile::withTrashed()
->where('user_id', $request->user()->id)
->where('thumbnail', $filename)
->firstOrFail();
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_file_access($request, $file);
}
return $this->thumbnail_file($file);
}
/**
* Get public image thumbnail
*
* @param $filename
* @param $token
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
// Abort if thumbnail is protected
if ($shared->protected) {
abort(403, "Sorry, you don't have permission");
}
// Get file record
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('thumbnail', $filename)
->firstOrFail();
// Check file access
$this->check_file_access($shared, $file);
return $this->thumbnail_file($file);
}
/**
* Check user file access
*
* @param $shared
* @param $file
*/
protected function check_file_access($shared, $file): void
{
// Check by parent folder permission
if ($shared->type === 'folder') {
// Get all children folders
$foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
->where('user_id', $shared->user_id)
->where('parent_id', $shared->item_id)
->get();
// Get all authorized parent folders by shared folder as root of tree
$accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
// Check user access
if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
}
// Check by single file permission
if ($shared->type === 'file') {
if ($shared->item_id !== $file->unique_id) abort(403);
}
}
/**
* Call and download file
*
* @param $file
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
private function download_file($file)
{
// Format pretty filename
$file_pretty_name = $file->name . '.' . $file->mimetype;
@@ -87,25 +219,12 @@ class FileAccessController extends Controller
}
/**
* Get image thumbnail
*
* @param Request $request
* @param $filename
* @param $file
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail(Request $request, $filename)
private function thumbnail_file($file)
{
// Get file record
$file = FileManagerFile::withTrashed()
->where('user_id', $request->user()->id)
->where('thumbnail', $filename)
->firstOrFail();
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_access($request, $file);
}
// Get file path
$path = storage_path() . '/app/file-manager/' . $file->getOriginal('thumbnail');
@@ -121,40 +240,4 @@ class FileAccessController extends Controller
return $response;
}
/**
* Check user file access
*
* @param $request
*/
protected function check_access($request, $file): void
{
// check if shared_token cookie exist
if (! $request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
->first();
// Check by parent folder permission
if ($shared->type === 'folder') {
// Get all children folders
$foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
->where('user_id', $shared->user_id)
->where('parent_id', $shared->item_id)
->get();
// Get all authorized parent folders by shared folder as root of tree
$accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
// Check user access
if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
}
// Check by single file permission
if ($shared->type === 'file') {
if ($shared->item_id !== $file->unique_id) abort(403);
}
}
}
app/Http/Controllers/Sharing/FileSharingController.php
+15 -18
View File
@@ -70,12 +70,12 @@ class FileSharingController extends Controller
$scope = !is_null($shared->permission) ? $shared->permission : 'visitor';
// Generate token for visitor/editor
$token = $user->createToken('access_token', [$scope])->accessToken;
$access_token = $user->createToken('access_token', [$scope])->accessToken;
// Return authorize token with shared options
return response(new ShareResource($shared), 200)
->cookie('shared_token', $shared->token, 43200)
->cookie('access_token', $token, 43200);
->cookie('access_token', $access_token, 43200);
}
/**
@@ -87,10 +87,6 @@ class FileSharingController extends Controller
*/
public function get_private_folders(Request $request, $unique_id)
{
// Check if token exist
if (! $request->hasCookie('shared_token') )
abort(404, "Sorry, you don't request any content");
// Get sharing record
$shared = Share::where('token', $request->cookie('shared_token'))->firstOrFail();
@@ -126,6 +122,11 @@ class FileSharingController extends Controller
// Get files and folders
list($folders, $files) = $this->get_items($unique_id, $shared);
// Set thumbnail links for public files
$files->map(function ($item) use ($token) {
$item->setPublicUrl($token);
});
// Collect folders and files to single array
return collect([$folders, $files])->collapse();
}
@@ -146,10 +147,16 @@ class FileSharingController extends Controller
abort(403, "Sorry, you don't have permission");
}
// Return record
return FileManagerFile::where('user_id', $shared->user_id)
// Get file
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('unique_id', $shared->item_id)
->firstOrFail(['name', 'basename', 'thumbnail', 'type', 'filesize', 'mimetype']);
// Set urls
$file->setPublicUrl($token);
// Return record
return $file;
}
/**
@@ -190,16 +197,6 @@ class FileSharingController extends Controller
if (!in_array($unique_id, $accessible_folder_ids)) abort(401);
}
/**
* @param Request $request
*/
protected function check_authenticated_access(Request $request): void
{
// Check directory permission
if ($request->cookie('shared_token') !== $request->token)
abort(401, "Sorry, you don't have permission");
}
/**
* Get folders and files
*
app/Http/Requests/Share/UpdateShareRequest.php
+1 -1
View File
@@ -26,7 +26,7 @@ class UpdateShareRequest extends FormRequest
{
return [
'protected' => 'required|boolean',
'permission' => 'required|string',
'permission' => 'nullable|string',
'password' => 'string',
];
}
app/Share.php
+29
View File
@@ -4,6 +4,35 @@ namespace App;
use Illuminate\Database\Eloquent\Model;
/**
* App\Share
*
* @property int $id
* @property int $user_id
* @property string $token
* @property int $item_id
* @property string $type
* @property string|null $permission
* @property int $protected
* @property string|null $password
* @property \Illuminate\Support\Carbon|null $created_at
* @property \Illuminate\Support\Carbon|null $updated_at
* @property-read string $link
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share newModelQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share newQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share query()
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereCreatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereItemId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share wherePassword($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share wherePermission($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereProtected($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereToken($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereType($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereUpdatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\Share whereUserId($value)
* @mixin \Eloquent
*/
class Share extends Model
{
protected $guarded = ['id'];
app/User.php
+41
View File
@@ -12,6 +12,47 @@ use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Notification;
use Laravel\Passport\HasApiTokens;
/**
* App\User
*
* @property int $id
* @property string $name
* @property string $email
* @property \Illuminate\Support\Carbon|null $email_verified_at
* @property string $password
* @property \Illuminate\Contracts\Routing\UrlGenerator|string $avatar
* @property string|null $remember_token
* @property \Illuminate\Support\Carbon|null $created_at
* @property \Illuminate\Support\Carbon|null $updated_at
* @property-read \Illuminate\Database\Eloquent\Collection|\Laravel\Passport\Client[] $clients
* @property-read int|null $clients_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFolder[] $favourites
* @property-read int|null $favourites_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFile[] $files
* @property-read int|null $files_count
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFile[] $files_with_trashed
* @property-read int|null $files_with_trashed_count
* @property-read mixed $used_capacity
* @property-read \Illuminate\Database\Eloquent\Collection|\App\FileManagerFile[] $latest_uploads
* @property-read int|null $latest_uploads_count
* @property-read \Illuminate\Notifications\DatabaseNotificationCollection|\Illuminate\Notifications\DatabaseNotification[] $notifications
* @property-read int|null $notifications_count
* @property-read \Illuminate\Database\Eloquent\Collection|\Laravel\Passport\Token[] $tokens
* @property-read int|null $tokens_count
* @method static \Illuminate\Database\Eloquent\Builder|\App\User newModelQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\User newQuery()
* @method static \Illuminate\Database\Eloquent\Builder|\App\User query()
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereAvatar($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereCreatedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereEmail($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereEmailVerifiedAt($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereId($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereName($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User wherePassword($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereRememberToken($value)
* @method static \Illuminate\Database\Eloquent\Builder|\App\User whereUpdatedAt($value)
* @mixin \Eloquent
*/
class User extends Authenticatable
{
use HasApiTokens, Notifiable;