src/controllers/uploads.js

'use strict';

const path = require('path');
const nconf = require('nconf');
const validator = require('validator');
const winston = require('winston');
const util = require('util');

const db = require('../database');
const meta = require('../meta');
const file = require('../file');
const plugins = require('../plugins');
const image = require('../image');
const privileges = require('../privileges');

const uploadsController = module.exports;

uploadsController.upload = async function (req, res, filesIterator) {
	let files = req.files.files;

	if (!Array.isArray(files)) {
		return res.status(500).json('invalid files');
	}

	if (Array.isArray(files[0])) {
		files = files[0];
	}

	// backwards compatibility
	if (filesIterator.constructor && filesIterator.constructor.name !== 'AsyncFunction') {
		winston.warn('[deprecated] uploadsController.upload, use an async function as iterator');
		filesIterator = util.promisify(filesIterator);
	}

	try {
		const images = await Promise.all(files.map(fileObj => filesIterator(fileObj)));
		res.status(200).json(images);
	} catch (err) {
		res.status(500).json({ path: req.path, error: err.message });
	} finally {
		deleteTempFiles(files);
	}
};

uploadsController.uploadPost = async function (req, res) {
	await uploadsController.upload(req, res, async function (uploadedFile) {
		const isImage = uploadedFile.type.match(/image./);
		if (isImage) {
			return await uploadAsImage(req, uploadedFile);
		}
		return await uploadAsFile(req, uploadedFile);
	});
};

async function uploadAsImage(req, uploadedFile) {
	const canUpload = await privileges.global.can('upload:post:image', req.uid);
	if (!canUpload) {
		throw new Error('[[error:no-privileges]]');
	}
	await image.checkDimensions(uploadedFile.path);
	await image.stripEXIF(uploadedFile.path);

	if (plugins.hasListeners('filter:uploadImage')) {
		return await plugins.fireHook('filter:uploadImage', {
			image: uploadedFile,
			uid: req.uid,
			folder: 'files',
		});
	}
	await image.isFileTypeAllowed(uploadedFile.path);

	let fileObj = await uploadsController.uploadFile(req.uid, uploadedFile);

	if (meta.config.resizeImageWidth === 0 || meta.config.resizeImageWidthThreshold === 0) {
		return fileObj;
	}

	fileObj = await resizeImage(fileObj);
	return { url: fileObj.url };
}

async function uploadAsFile(req, uploadedFile) {
	const canUpload = await privileges.global.can('upload:post:file', req.uid);
	if (!canUpload) {
		throw new Error('[[error:no-privileges]]');
	}

	const fileObj = await uploadsController.uploadFile(req.uid, uploadedFile);
	return {
		url: fileObj.url,
		name: fileObj.name,
	};
}

async function resizeImage(fileObj) {
	const imageData = await image.size(fileObj.path);
	if (imageData.width < meta.config.resizeImageWidthThreshold || meta.config.resizeImageWidth > meta.config.resizeImageWidthThreshold) {
		return fileObj;
	}

	await image.resizeImage({
		path: fileObj.path,
		target: file.appendToFileName(fileObj.path, '-resized'),
		width: meta.config.resizeImageWidth,
		quality: meta.config.resizeImageQuality,
	});
	// Return the resized version to the composer/postData
	fileObj.url = file.appendToFileName(fileObj.url, '-resized');

	return fileObj;
}

uploadsController.uploadThumb = async function (req, res, next) {
	if (!meta.config.allowTopicsThumbnail) {
		deleteTempFiles(req.files.files);
		return next(new Error('[[error:topic-thumbnails-are-disabled]]'));
	}

	await uploadsController.upload(req, res, async function (uploadedFile) {
		if (!uploadedFile.type.match(/image./)) {
			throw new Error('[[error:invalid-file]]');
		}
		await image.isFileTypeAllowed(uploadedFile.path);
		await image.resizeImage({
			path: uploadedFile.path,
			width: meta.config.topicThumbSize,
			height: meta.config.topicThumbSize,
		});
		if (plugins.hasListeners('filter:uploadImage')) {
			return await plugins.fireHook('filter:uploadImage', {
				image: uploadedFile,
				uid: req.uid,
				folder: 'files',
			});
		}

		return await uploadsController.uploadFile(req.uid, uploadedFile);
	});
};

uploadsController.uploadFile = async function (uid, uploadedFile) {
	if (plugins.hasListeners('filter:uploadFile')) {
		return await plugins.fireHook('filter:uploadFile', {
			file: uploadedFile,
			uid: uid,
			folder: 'files',
		});
	}

	if (!uploadedFile) {
		throw new Error('[[error:invalid-file]]');
	}

	if (uploadedFile.size > meta.config.maximumFileSize * 1024) {
		throw new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]');
	}

	const allowed = file.allowedExtensions();

	const extension = path.extname(uploadedFile.name).toLowerCase();
	if (allowed.length > 0 && (!extension || extension === '.' || !allowed.includes(extension))) {
		throw new Error('[[error:invalid-file-type, ' + allowed.join('&#44; ') + ']]');
	}

	return await saveFileToLocal(uid, 'files', uploadedFile);
};

async function saveFileToLocal(uid, folder, uploadedFile) {
	const name = uploadedFile.name || 'upload';
	const extension = path.extname(name) || '';

	const filename = Date.now() + '-' + validator.escape(name.substr(0, name.length - extension.length)).substr(0, 255) + extension;

	const upload = await file.saveFileToLocal(filename, folder, uploadedFile.path);
	const storedFile = {
		url: nconf.get('relative_path') + upload.url,
		path: upload.path,
		name: uploadedFile.name,
	};
	const fileKey = upload.url.replace(nconf.get('upload_url'), '');
	await db.sortedSetAdd('uid:' + uid + ':uploads', Date.now(), fileKey);
	const data = await plugins.fireHook('filter:uploadStored', { uid: uid, uploadedFile: uploadedFile, storedFile: storedFile });
	return data.storedFile;
}

function deleteTempFiles(files) {
	files.forEach(fileObj => file.delete(fileObj.path));
}

require('../promisify')(uploadsController, ['upload', 'uploadPost', 'uploadThumb']);
ESlint quotes 2017-02-18 01:56:23 -07:00			`'use strict';`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const path = require('path');`
			`const nconf = require('nconf');`
			`const validator = require('validator');`
			`const winston = require('winston');`
			`const util = require('util');`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const db = require('../database');`
			`const meta = require('../meta');`
			`const file = require('../file');`
			`const plugins = require('../plugins');`
			`const image = require('../image');`
			`const privileges = require('../privileges');`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const uploadsController = module.exports;`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`uploadsController.upload = async function (req, res, filesIterator) {`
			`let files = req.files.files;`
uploads controller 2015-01-10 16:40:54 -05:00
			`if (!Array.isArray(files)) {`
			`return res.status(500).json('invalid files');`
			`}`

			`if (Array.isArray(files[0])) {`
			`files = files[0];`
			`}`

refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`// backwards compatibility`
			`if (filesIterator.constructor && filesIterator.constructor.name !== 'AsyncFunction') {`
			`winston.warn('[deprecated] uploadsController.upload, use an async function as iterator');`
			`filesIterator = util.promisify(filesIterator);`
			`}`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`try {`
			`const images = await Promise.all(files.map(fileObj => filesIterator(fileObj)));`
closes #5484 2017-04-14 12:59:36 -04:00			`res.status(200).json(images);`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`} catch (err) {`
			`res.status(500).json({ path: req.path, error: err.message });`
			`} finally {`
			`deleteTempFiles(files);`
			`}`
uploads controller 2015-01-10 16:40:54 -05:00			`};`

refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`uploadsController.uploadPost = async function (req, res) {`
			`await uploadsController.upload(req, res, async function (uploadedFile) {`
			`const isImage = uploadedFile.type.match(/image./);`
new priv for uploads 2016-07-12 19:58:59 +03:00			`if (isImage) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`return await uploadAsImage(req, uploadedFile);`
fixes #3863 :trollface: 2015-11-11 13:52:29 -05:00			`}`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`return await uploadAsFile(req, uploadedFile);`
			`});`
new priv for uploads 2016-07-12 19:58:59 +03:00			`};`
closes #4392 2016-03-23 12:19:29 +02:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`async function uploadAsImage(req, uploadedFile) {`
			`const canUpload = await privileges.global.can('upload:post:image', req.uid);`
			`if (!canUpload) {`
			`throw new Error('[[error:no-privileges]]');`
			`}`
			`await image.checkDimensions(uploadedFile.path);`
			`await image.stripEXIF(uploadedFile.path);`

			`if (plugins.hasListeners('filter:uploadImage')) {`
			`return await plugins.fireHook('filter:uploadImage', {`
			`image: uploadedFile,`
			`uid: req.uid,`
feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`folder: 'files',`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`});`
			`}`
feat: deprecate file.isFileTypeAllowed use image.isFileTypeAllowed, this function was always meant for images 2019-09-29 19:53:03 -04:00			`await image.isFileTypeAllowed(uploadedFile.path);`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00
			`let fileObj = await uploadsController.uploadFile(req.uid, uploadedFile);`

			`if (meta.config.resizeImageWidth === 0 \|\| meta.config.resizeImageWidthThreshold === 0) {`
			`return fileObj;`
			`}`

			`fileObj = await resizeImage(fileObj);`
			`return { url: fileObj.url };`
new priv for uploads 2016-07-12 19:58:59 +03:00			`}`
closes #4550 2016-04-20 13:58:25 -04:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`async function uploadAsFile(req, uploadedFile) {`
			`const canUpload = await privileges.global.can('upload:post:file', req.uid);`
			`if (!canUpload) {`
			`throw new Error('[[error:no-privileges]]');`
			`}`

			`const fileObj = await uploadsController.uploadFile(req.uid, uploadedFile);`
			`return {`
			`url: fileObj.url,`
			`name: fileObj.name,`
			`};`
new priv for uploads 2016-07-12 19:58:59 +03:00			`}`
uploads controller 2015-01-10 16:40:54 -05:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`async function resizeImage(fileObj) {`
			`const imageData = await image.size(fileObj.path);`
			`if (imageData.width < meta.config.resizeImageWidthThreshold \|\| meta.config.resizeImageWidth > meta.config.resizeImageWidthThreshold) {`
			`return fileObj;`
			`}`

			`await image.resizeImage({`
			`path: fileObj.path,`
			`target: file.appendToFileName(fileObj.path, '-resized'),`
			`width: meta.config.resizeImageWidth,`
			`quality: meta.config.resizeImageQuality,`
			`});`
			`// Return the resized version to the composer/postData`
			`fileObj.url = file.appendToFileName(fileObj.url, '-resized');`

			`return fileObj;`
closes #4590 2016-05-01 12:44:43 +03:00			`}`

refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`uploadsController.uploadThumb = async function (req, res, next) {`
Parse int (#6853) * Store config fields as JSON in the db Fewer parseInts * Remove unnecessary parseInts * remove some dupe code add tests * remove console.log * remove more parseInts * WIP: read meta.configs defaults from defaults.json remove more parseInts * more work * add log for failing test * update admin pwd * fix tests, dont require posts/cache before configs are initialized * handle saves * Test boolean conditions * remove more parseInts * Fix boolean values * remove lots more parseInts * removed json parsing * renamed var to number * categories dont have timestamp 2018-10-21 16:47:51 -04:00			`if (!meta.config.allowTopicsThumbnail) {`
uploads controller 2015-01-10 16:40:54 -05:00			`deleteTempFiles(req.files.files);`
			`return next(new Error('[[error:topic-thumbnails-are-disabled]]'));`
			`}`

refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`await uploadsController.upload(req, res, async function (uploadedFile) {`
			`if (!uploadedFile.type.match(/image./)) {`
			`throw new Error('[[error:invalid-file]]');`
			`}`
feat: deprecate file.isFileTypeAllowed use image.isFileTypeAllowed, this function was always meant for images 2019-09-29 19:53:03 -04:00			`await image.isFileTypeAllowed(uploadedFile.path);`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`await image.resizeImage({`
			`path: uploadedFile.path,`
			`width: meta.config.topicThumbSize,`
			`height: meta.config.topicThumbSize,`
			`});`
			`if (plugins.hasListeners('filter:uploadImage')) {`
			`return await plugins.fireHook('filter:uploadImage', {`
			`image: uploadedFile,`
			`uid: req.uid,`
feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`folder: 'files',`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`});`
			`}`

			`return await uploadsController.uploadFile(req.uid, uploadedFile);`
			`});`
uploads controller 2015-01-10 16:40:54 -05:00			`};`

refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`uploadsController.uploadFile = async function (uid, uploadedFile) {`
uploads controller 2015-01-10 16:40:54 -05:00			`if (plugins.hasListeners('filter:uploadFile')) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`return await plugins.fireHook('filter:uploadFile', {`
Use typeToExtension from file.js 2017-02-17 19:57:18 +00:00			`file: uploadedFile,`
Resolve merge conflicts 2017-02-18 19:14:39 -07:00			`uid: uid,`
feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`folder: 'files',`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`});`
uploads controller 2015-01-10 16:40:54 -05:00			`}`

closes #725 2015-02-18 21:09:33 -05:00			`if (!uploadedFile) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`throw new Error('[[error:invalid-file]]');`
uploads controller 2015-01-10 16:40:54 -05:00			`}`

Parse int (#6853) * Store config fields as JSON in the db Fewer parseInts * Remove unnecessary parseInts * remove some dupe code add tests * remove console.log * remove more parseInts * WIP: read meta.configs defaults from defaults.json remove more parseInts * more work * add log for failing test * update admin pwd * fix tests, dont require posts/cache before configs are initialized * handle saves * Test boolean conditions * remove more parseInts * Fix boolean values * remove lots more parseInts * removed json parsing * renamed var to number * categories dont have timestamp 2018-10-21 16:47:51 -04:00			`if (uploadedFile.size > meta.config.maximumFileSize * 1024) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`throw new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]');`
uploads controller 2015-01-10 16:40:54 -05:00			`}`
fix image url in relative_path install in post 2015-04-07 15:37:20 -04:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const allowed = file.allowedExtensions();`
closes #5641 2017-05-01 20:58:34 -04:00
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const extension = path.extname(uploadedFile.name).toLowerCase();`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`if (allowed.length > 0 && (!extension \|\| extension === '.' \|\| !allowed.includes(extension))) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`throw new Error('[[error:invalid-file-type, ' + allowed.join(', ') + ']]');`
Re-added file extension restriction ACP option Closes #3918 2015-12-14 14:56:28 -05:00			`}`

feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`return await saveFileToLocal(uid, 'files', uploadedFile);`
make uploadFile public 2017-03-02 20:51:03 +03:00			`};`
closes #4006 2016-01-11 10:27:26 +02:00
feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`async function saveFileToLocal(uid, folder, uploadedFile) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const name = uploadedFile.name \|\| 'upload';`
			`const extension = path.extname(name) \|\| '';`

			`const filename = Date.now() + '-' + validator.escape(name.substr(0, name.length - extension.length)).substr(0, 255) + extension;`

feat: add folder to filter:uploadImage and filter:uploadFile 2020-05-22 10:00:24 -04:00			`const upload = await file.saveFileToLocal(filename, folder, uploadedFile.path);`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`const storedFile = {`
			`url: nconf.get('relative_path') + upload.url,`
			`path: upload.path,`
			`name: uploadedFile.name,`
			`};`
			`const fileKey = upload.url.replace(nconf.get('upload_url'), '');`
			`await db.sortedSetAdd('uid:' + uid + ':uploads', Date.now(), fileKey);`
			`const data = await plugins.fireHook('filter:uploadStored', { uid: uid, uploadedFile: uploadedFile, storedFile: storedFile });`
			`return data.storedFile;`
uploads controller 2015-01-10 16:40:54 -05:00			`}`

			`function deleteTempFiles(files) {`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00			`files.forEach(fileObj => file.delete(fileObj.path));`
uploads controller 2015-01-10 16:40:54 -05:00			`}`
refactor: async/await uploads 2019-09-12 12:41:59 -04:00
			`require('../promisify')(uploadsController, ['upload', 'uploadPost', 'uploadThumb']);`