src/controllers/uploads.js

"use strict";

var fs = require('fs');
var path = require('path');
var async = require('async');
var nconf = require('nconf');
var validator = require('validator');
var winston = require('winston');

var meta = require('../meta');
var file = require('../file');
var plugins = require('../plugins');
var image = require('../image');

var uploadsController = {};

uploadsController.upload = function(req, res, filesIterator) {
	var files = req.files.files;

	if (!req.user && meta.config.allowGuestUploads !== '1') {
		deleteTempFiles(files);
		return res.status(403).json('[[error:guest-upload-disabled]]');
	}

	if (!Array.isArray(files)) {
		return res.status(500).json('invalid files');
	}

	if (Array.isArray(files[0])) {
		files = files[0];
	}

	async.map(files, filesIterator, function(err, images) {
		deleteTempFiles(files);

		if (err) {
			return res.status(500).send(err.message);
		}

		// IE8 - send it as text/html so browser won't trigger a file download for the json response
		// malsup.com/jquery/form/#file-upload
		res.status(200).send(req.xhr ? images : JSON.stringify(images));
	});
};

uploadsController.uploadPost = function(req, res, next) {
	uploadsController.upload(req, res, function(uploadedFile, next) {
		var isImage = uploadedFile.type.match(/image./);
		if (isImage && plugins.hasListeners('filter:uploadImage')) {
			return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);
		}

		async.waterfall([
			function(next) {
				if (isImage) {
					file.isFileTypeAllowed(uploadedFile.path, next);
				} else {
					next();
				}
			},
			function (next) {
				if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
					return next(new Error('[[error:uploads-are-disabled]]'));
				}
				uploadFile(req.uid, uploadedFile, next);
			},
			function(fileObj, next) {
				if (!isImage || parseInt(meta.config.maximumImageWidth, 10) === 0) {
					// Not an image, or resizing disabled. No need to resize.
					return next(null, fileObj);
				}

				var fullPath = path.join(nconf.get('base_dir'), nconf.get('upload_path'), '..', fileObj.url),
					parsedPath = path.parse(fullPath);

				image.resizeImage({
					path: fullPath,
					target: path.join(parsedPath.dir, parsedPath.name + '-resized' + parsedPath.ext),
					extension: parsedPath.ext,
					width: parseInt(meta.config.maximumImageWidth, 10) || 760
				}, function(err) {
					// Return the resized version to the composer/postData
					var parsedUrl = path.parse(fileObj.url);
					delete parsedUrl.base;
					parsedUrl.name = parsedUrl.name + '-resized';
					fileObj.url = path.format(parsedUrl);

					next(err, fileObj);
				});
			}
		], next);
	}, next);
};

uploadsController.uploadThumb = function(req, res, next) {
	if (parseInt(meta.config.allowTopicsThumbnail, 10) !== 1) {
		deleteTempFiles(req.files.files);
		return next(new Error('[[error:topic-thumbnails-are-disabled]]'));
	}

	uploadsController.upload(req, res, function(uploadedFile, next) {
		file.isFileTypeAllowed(uploadedFile.path, function(err) {
			if (err) {
				return next(err);
			}

			if (!uploadedFile.type.match(/image./)) {
				return next(new Error('[[error:invalid-file]]'));
			}

			var size = parseInt(meta.config.topicThumbSize, 10) || 120;
			image.resizeImage({
				path: uploadedFile.path,
				extension: path.extname(uploadedFile.name),
				width: size,
				height: size
			}, function(err) {
				if (err) {
					return next(err);
				}

				if (plugins.hasListeners('filter:uploadImage')) {
					return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);
				}

				uploadFile(req.uid, uploadedFile, next);
			});
		});
	}, next);
};

uploadsController.uploadGroupCover = function(uid, uploadedFile, callback) {
	if (plugins.hasListeners('filter:uploadImage')) {
		return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: uid}, callback);
	}

	if (plugins.hasListeners('filter:uploadFile')) {
		return plugins.fireHook('filter:uploadFile', {file: uploadedFile, uid: uid}, callback);
	}

	file.isFileTypeAllowed(uploadedFile.path, function(err) {
		if (err) {
			return callback(err);
		}
		saveFileToLocal(uploadedFile, callback);
	});
};

function uploadFile(uid, uploadedFile, callback) {
	if (plugins.hasListeners('filter:uploadFile')) {
		return plugins.fireHook('filter:uploadFile', {file: uploadedFile, uid: uid}, callback);
	}

	if (!uploadedFile) {
		return callback(new Error('[[error:invalid-file]]'));
	}

	if (uploadedFile.size > parseInt(meta.config.maximumFileSize, 10) * 1024) {
		return callback(new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]'));
	}

	if (meta.config.hasOwnProperty('allowedFileExtensions')) {
		var allowed = file.allowedExtensions();
		var extension = path.extname(uploadedFile.name);
		if (allowed.length > 0 && allowed.indexOf(extension) === -1) {
			return callback(new Error('[[error:invalid-file-type, ' + allowed.join('&#44; ') + ']]'));
		}
	}

	saveFileToLocal(uploadedFile, callback);
}

function saveFileToLocal(uploadedFile, callback) {
	var filename = uploadedFile.name || 'upload';

	filename = Date.now() + '-' + validator.escape(filename).substr(0, 255);
	file.saveFileToLocal(filename, 'files', uploadedFile.path, function(err, upload) {
		if (err) {
			return callback(err);
		}

		callback(null, {
			url: nconf.get('relative_path') + upload.url,
			name: uploadedFile.name
		});
	});
}

function deleteTempFiles(files) {
	async.each(files, function(file, next) {
		fs.unlink(file.path, function(err) {
			if (err) {
				winston.error(err);
			}
			next();
		});
	});
}


module.exports = uploadsController;
uploads controller 2015-01-10 16:40:54 -05:00			`"use strict";`

closes #4011 allow both `.png` and `png` 2015-12-28 15:38:02 +02:00			`var fs = require('fs');`
			`var path = require('path');`
			`var async = require('async');`
			`var nconf = require('nconf');`
			`var validator = require('validator');`
			`var winston = require('winston');`
uploads controller 2015-01-10 16:40:54 -05:00
closes #4011 allow both `.png` and `png` 2015-12-28 15:38:02 +02:00			`var meta = require('../meta');`
			`var file = require('../file');`
			`var plugins = require('../plugins');`
			`var image = require('../image');`
uploads controller 2015-01-10 16:40:54 -05:00
closes #4011 allow both `.png` and `png` 2015-12-28 15:38:02 +02:00			`var uploadsController = {};`
uploads controller 2015-01-10 16:40:54 -05:00
closes #4550 2016-04-20 13:58:25 -04:00			`uploadsController.upload = function(req, res, filesIterator) {`
uploads controller 2015-01-10 16:40:54 -05:00			`var files = req.files.files;`

#3695 2015-12-31 11:36:28 -05:00			`if (!req.user && meta.config.allowGuestUploads !== '1') {`
uploads controller 2015-01-10 16:40:54 -05:00			`deleteTempFiles(files);`
#3695 2015-12-31 11:36:28 -05:00			`return res.status(403).json('[[error:guest-upload-disabled]]');`
uploads controller 2015-01-10 16:40:54 -05:00			`}`

			`if (!Array.isArray(files)) {`
			`return res.status(500).json('invalid files');`
			`}`

			`if (Array.isArray(files[0])) {`
			`files = files[0];`
			`}`

			`async.map(files, filesIterator, function(err, images) {`
			`deleteTempFiles(files);`

			`if (err) {`
			`return res.status(500).send(err.message);`
			`}`

			`// IE8 - send it as text/html so browser won't trigger a file download for the json response`
			`// malsup.com/jquery/form/#file-upload`
			`res.status(200).send(req.xhr ? images : JSON.stringify(images));`
			`});`
			`};`

			`uploadsController.uploadPost = function(req, res, next) {`
closes #725 2015-02-18 21:09:33 -05:00			`uploadsController.upload(req, res, function(uploadedFile, next) {`
closes #4392 2016-03-23 12:19:29 +02:00			`var isImage = uploadedFile.type.match(/image./);`
			`if (isImage && plugins.hasListeners('filter:uploadImage')) {`
			`return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);`
fixes #3863 :trollface: 2015-11-11 13:52:29 -05:00			`}`
closes #4392 2016-03-23 12:19:29 +02:00
			`async.waterfall([`
			`function(next) {`
			`if (isImage) {`
			`file.isFileTypeAllowed(uploadedFile.path, next);`
			`} else {`
			`next();`
			`}`
			`},`
			`function (next) {`
			`if (parseInt(meta.config.allowFileUploads, 10) !== 1) {`
			`return next(new Error('[[error:uploads-are-disabled]]'));`
			`}`
			`uploadFile(req.uid, uploadedFile, next);`
closes #4550 2016-04-20 13:58:25 -04:00			`},`
			`function(fileObj, next) {`
			`if (!isImage \|\| parseInt(meta.config.maximumImageWidth, 10) === 0) {`
			`// Not an image, or resizing disabled. No need to resize.`
			`return next(null, fileObj);`
			`}`

			`var fullPath = path.join(nconf.get('base_dir'), nconf.get('upload_path'), '..', fileObj.url),`
			`parsedPath = path.parse(fullPath);`

			`image.resizeImage({`
			`path: fullPath,`
			`target: path.join(parsedPath.dir, parsedPath.name + '-resized' + parsedPath.ext),`
			`extension: parsedPath.ext,`
			`width: parseInt(meta.config.maximumImageWidth, 10) \|\| 760`
			`}, function(err) {`
			`// Return the resized version to the composer/postData`
			`var parsedUrl = path.parse(fileObj.url);`
			`delete parsedUrl.base;`
			`parsedUrl.name = parsedUrl.name + '-resized';`
			`fileObj.url = path.format(parsedUrl);`

			`next(err, fileObj);`
			`});`
closes #4392 2016-03-23 12:19:29 +02:00			`}`
			`], next);`
uploads controller 2015-01-10 16:40:54 -05:00			`}, next);`
			`};`

			`uploadsController.uploadThumb = function(req, res, next) {`
			`if (parseInt(meta.config.allowTopicsThumbnail, 10) !== 1) {`
			`deleteTempFiles(req.files.files);`
			`return next(new Error('[[error:topic-thumbnails-are-disabled]]'));`
			`}`

closes #725 2015-02-18 21:09:33 -05:00			`uploadsController.upload(req, res, function(uploadedFile, next) {`
closes #4325 2016-03-08 19:01:45 +02:00			`file.isFileTypeAllowed(uploadedFile.path, function(err) {`
closes #725 2015-02-18 21:09:33 -05:00			`if (err) {`
			`return next(err);`
			`}`

closes #4392 2016-03-23 12:19:29 +02:00			`if (!uploadedFile.type.match(/image./)) {`
			`return next(new Error('[[error:invalid-file]]'));`
closes #725 2015-02-18 21:09:33 -05:00			`}`
closes #4392 2016-03-23 12:19:29 +02:00
			`var size = parseInt(meta.config.topicThumbSize, 10) \|\| 120;`
			`image.resizeImage({`
			`path: uploadedFile.path,`
			`extension: path.extname(uploadedFile.name),`
			`width: size,`
			`height: size`
			`}, function(err) {`
			`if (err) {`
			`return next(err);`
			`}`

			`if (plugins.hasListeners('filter:uploadImage')) {`
			`return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);`
			`}`

			`uploadFile(req.uid, uploadedFile, next);`
			`});`
closes #725 2015-02-18 21:09:33 -05:00			`});`
uploads controller 2015-01-10 16:40:54 -05:00			`}, next);`
			`};`

closes #4006 2016-01-11 10:27:26 +02:00			`uploadsController.uploadGroupCover = function(uid, uploadedFile, callback) {`
			`if (plugins.hasListeners('filter:uploadImage')) {`
			`return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: uid}, callback);`
			`}`

			`if (plugins.hasListeners('filter:uploadFile')) {`
			`return plugins.fireHook('filter:uploadFile', {file: uploadedFile, uid: uid}, callback);`
			`}`

closes #4325 2016-03-08 19:01:45 +02:00			`file.isFileTypeAllowed(uploadedFile.path, function(err) {`
			`if (err) {`
			`return callback(err);`
			`}`
			`saveFileToLocal(uploadedFile, callback);`
			`});`
profile cover photos 2015-10-28 17:42:42 -04:00			`};`

closes #725 2015-02-18 21:09:33 -05:00			`function uploadFile(uid, uploadedFile, callback) {`
uploads controller 2015-01-10 16:40:54 -05:00			`if (plugins.hasListeners('filter:uploadFile')) {`
closes #725 2015-02-18 21:09:33 -05:00			`return plugins.fireHook('filter:uploadFile', {file: uploadedFile, uid: uid}, callback);`
uploads controller 2015-01-10 16:40:54 -05:00			`}`

closes #725 2015-02-18 21:09:33 -05:00			`if (!uploadedFile) {`
uploads controller 2015-01-10 16:40:54 -05:00			`return callback(new Error('[[error:invalid-file]]'));`
			`}`

closes #725 2015-02-18 21:09:33 -05:00			`if (uploadedFile.size > parseInt(meta.config.maximumFileSize, 10) * 1024) {`
uploads controller 2015-01-10 16:40:54 -05:00			`return callback(new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]'));`
			`}`
fix image url in relative_path install in post 2015-04-07 15:37:20 -04:00
Re-added file extension restriction ACP option Closes #3918 2015-12-14 14:56:28 -05:00			`if (meta.config.hasOwnProperty('allowedFileExtensions')) {`
closes #4011 allow both `.png` and `png` 2015-12-28 15:38:02 +02:00			`var allowed = file.allowedExtensions();`
			`var extension = path.extname(uploadedFile.name);`
Re-added file extension restriction ACP option Closes #3918 2015-12-14 14:56:28 -05:00			`if (allowed.length > 0 && allowed.indexOf(extension) === -1) {`
			`return callback(new Error('[[error:invalid-file-type, ' + allowed.join(', ') + ']]'));`
			`}`
			`}`

closes #4006 2016-01-11 10:27:26 +02:00			`saveFileToLocal(uploadedFile, callback);`
			`}`

			`function saveFileToLocal(uploadedFile, callback) {`
#2738 2015-02-19 16:46:00 -05:00			`var filename = uploadedFile.name \|\| 'upload';`

			`filename = Date.now() + '-' + validator.escape(filename).substr(0, 255);`
closes #725 2015-02-18 21:09:33 -05:00			`file.saveFileToLocal(filename, 'files', uploadedFile.path, function(err, upload) {`
uploads controller 2015-01-10 16:40:54 -05:00			`if (err) {`
			`return callback(err);`
			`}`

			`callback(null, {`
fix image url in relative_path install in post 2015-04-07 15:37:20 -04:00			`url: nconf.get('relative_path') + upload.url,`
closes #725 2015-02-18 21:09:33 -05:00			`name: uploadedFile.name`
uploads controller 2015-01-10 16:40:54 -05:00			`});`
			`});`
			`}`

			`function deleteTempFiles(files) {`
check and log all fs.unlink errors 2015-09-06 00:49:39 -04:00			`async.each(files, function(file, next) {`
			`fs.unlink(file.path, function(err) {`
			`if (err) {`
			`winston.error(err);`
			`}`
			`next();`
			`});`
			`});`
uploads controller 2015-01-10 16:40:54 -05:00			`}`



			`module.exports = uploadsController;`