nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-17 07:42:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

backend update

Browse Source
This commit is contained in:
carodej
2020-04-27 12:38:08 +02:00
parent 65147870fd
commit eb6bd646c8
17 changed files with 20590 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
app/Http/Controllers/FileAccessController.php
View File

@@ -20,6 +20,7 @@ class FileAccessController extends Controller
*
* @param $basename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_avatar($basename)
{
@@ -45,6 +46,7 @@ class FileAccessController extends Controller
* @param Request $request
* @param $filename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_file(Request $request, $filename)
{
@@ -59,9 +61,139 @@ class FileAccessController extends Controller
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_access($request, $file);
// Get shared token
$shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
->firstOrFail();
// Check access to file
$this->check_file_access($shared, $file);
}
return $this->download_file($file);
}
/**
* Get file public
*
* @param $filename
* @param $token
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_file_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
// Abort if shared is protected
if ($shared->protected) {
abort(403, "Sorry, you don't have permission");
}
// Get file record
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('basename', $filename)
->firstOrFail();
// Check file access
$this->check_file_access($shared, $file);
return $this->download_file($file);
}
/**
* Get image thumbnail
*
* @param Request $request
* @param $filename
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail(Request $request, $filename)
{
// Get file record
$file = FileManagerFile::withTrashed()
->where('user_id', $request->user()->id)
->where('thumbnail', $filename)
->firstOrFail();
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_file_access($request, $file);
}
return $this->thumbnail_file($file);
}
/**
* Get public image thumbnail
*
* @param $filename
* @param $token
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail_public($filename, $token)
{
// Get sharing record
$shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
// Abort if thumbnail is protected
if ($shared->protected) {
abort(403, "Sorry, you don't have permission");
}
// Get file record
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('thumbnail', $filename)
->firstOrFail();
// Check file access
$this->check_file_access($shared, $file);
return $this->thumbnail_file($file);
}
/**
* Check user file access
*
* @param $shared
* @param $file
*/
protected function check_file_access($shared, $file): void
{
// Check by parent folder permission
if ($shared->type === 'folder') {
// Get all children folders
$foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
->where('user_id', $shared->user_id)
->where('parent_id', $shared->item_id)
->get();
// Get all authorized parent folders by shared folder as root of tree
$accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
// Check user access
if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
}
// Check by single file permission
if ($shared->type === 'file') {
if ($shared->item_id !== $file->unique_id) abort(403);
}
}
/**
* Call and download file
*
* @param $file
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
private function download_file($file)
{
// Format pretty filename
$file_pretty_name = $file->name . '.' . $file->mimetype;
@@ -87,25 +219,12 @@ class FileAccessController extends Controller
}
/**
* Get image thumbnail
*
* @param Request $request
* @param $filename
* @param $file
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function get_thumbnail(Request $request, $filename)
private function thumbnail_file($file)
{
// Get file record
$file = FileManagerFile::withTrashed()
->where('user_id', $request->user()->id)
->where('thumbnail', $filename)
->firstOrFail();
// Check user permission
if ( ! $request->user()->tokenCan('master') ) {
$this->check_access($request, $file);
}
// Get file path
$path = storage_path() . '/app/file-manager/' . $file->getOriginal('thumbnail');
@@ -121,40 +240,4 @@ class FileAccessController extends Controller
return $response;
}
/**
* Check user file access
*
* @param $request
*/
protected function check_access($request, $file): void
{
// check if shared_token cookie exist
if (! $request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
->first();
// Check by parent folder permission
if ($shared->type === 'folder') {
// Get all children folders
$foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
->where('user_id', $shared->user_id)
->where('parent_id', $shared->item_id)
->get();
// Get all authorized parent folders by shared folder as root of tree
$accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
// Check user access
if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
}
// Check by single file permission
if ($shared->type === 'file') {
if ($shared->item_id !== $file->unique_id) abort(403);
}
}
}

33
app/Http/Controllers/Sharing/FileSharingController.php
View File

@@ -70,12 +70,12 @@ class FileSharingController extends Controller
$scope = !is_null($shared->permission) ? $shared->permission : 'visitor';
// Generate token for visitor/editor
$token = $user->createToken('access_token', [$scope])->accessToken;
$access_token = $user->createToken('access_token', [$scope])->accessToken;
// Return authorize token with shared options
return response(new ShareResource($shared), 200)
->cookie('shared_token', $shared->token, 43200)
->cookie('access_token', $token, 43200);
->cookie('access_token', $access_token, 43200);
}
/**
@@ -87,10 +87,6 @@ class FileSharingController extends Controller
*/
public function get_private_folders(Request $request, $unique_id)
{
// Check if token exist
if (! $request->hasCookie('shared_token') )
abort(404, "Sorry, you don't request any content");
// Get sharing record
$shared = Share::where('token', $request->cookie('shared_token'))->firstOrFail();
@@ -126,6 +122,11 @@ class FileSharingController extends Controller
// Get files and folders
list($folders, $files) = $this->get_items($unique_id, $shared);
// Set thumbnail links for public files
$files->map(function ($item) use ($token) {
$item->setPublicUrl($token);
});
// Collect folders and files to single array
return collect([$folders, $files])->collapse();
}
@@ -146,10 +147,16 @@ class FileSharingController extends Controller
abort(403, "Sorry, you don't have permission");
}
// Return record
return FileManagerFile::where('user_id', $shared->user_id)
// Get file
$file = FileManagerFile::where('user_id', $shared->user_id)
->where('unique_id', $shared->item_id)
->firstOrFail(['name', 'basename', 'thumbnail', 'type', 'filesize', 'mimetype']);
// Set urls
$file->setPublicUrl($token);
// Return record
return $file;
}
/**
@@ -190,16 +197,6 @@ class FileSharingController extends Controller
if (!in_array($unique_id, $accessible_folder_ids)) abort(401);
}
/**
* @param Request $request
*/
protected function check_authenticated_access(Request $request): void
{
// Check directory permission
if ($request->cookie('shared_token') !== $request->token)
abort(401, "Sorry, you don't have permission");
}
/**
* Get folders and files
*