Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(writeapi): file deletion route

Browse Source
This commit is contained in:
Julian Lam
2020-10-08 12:00:06 -04:00
parent a55b381791
commit f870721fca
8 changed files with 115 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
public/openapi/write.yaml
View File

@@ -1048,6 +1048,39 @@ paths:
response: response:
type: object type: object
properties: {} properties: {}
/files:
delete:
tags:
- files
summary: delete uploaded file
description: This operation deletes a file uploaded to NodeBB
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
path:
type: string
description: Path to the file (relative to the configured `upload_path`)
required:
- path
example:
path: files/uploaded_file.jpg
responses:
'200':
description: File deleted
content:
application/json:
schema:
type: object
properties:
status:
$ref: '#/components/schemas/Status'
response:
type: object
properties: {}
components: components:
schemas: schemas:
Status: Status:

12
public/src/admin/manage/uploads.js
View File

@@ -1,7 +1,7 @@
'use strict'; 'use strict';
define('admin/manage/uploads', ['uploader'], function (uploader) { define('admin/manage/uploads', ['uploader', 'api'], function (uploader, api) {
var Uploads = {}; var Uploads = {};
Uploads.init = function () { Uploads.init = function () {
@@ -21,12 +21,12 @@ define('admin/manage/uploads', ['uploader'], function (uploader) {
if (!ok) { if (!ok) {
return; return;
} }
socket.emit('admin.uploads.delete', file.attr('data-path'), function (err) {
if (err) { api.del('/files', {
return app.alertError(err.message); path: file.attr('data-path'),
} }, () => {
file.remove(); file.remove();
}); }, 'default');
}); });
}); });
}; };

11
src/controllers/write/files.js Normal file
View File

@@ -0,0 +1,11 @@
'use strict';
const fs = require('fs').promises;
const helpers = require('../helpers');
const Files = module.exports;
Files.delete = async (req, res) => {
await fs.unlink(res.locals.cleanedPath);
helpers.formatApiResponse(200, res);
};

1
src/controllers/write/index.js
View File

@@ -8,3 +8,4 @@ Write.categories = require('./categories');
Write.topics = require('./topics'); Write.topics = require('./topics');
Write.posts = require('./posts'); Write.posts = require('./posts');
Write.admin = require('./admin'); Write.admin = require('./admin');
Write.files = require('./files');

56
src/middleware/assert.js
View File

@@ -5,44 +5,74 @@
* payload and throw an error otherwise. * payload and throw an error otherwise.
*/ */
const fs = require('fs');
const fsPromises = fs.promises;
const path = require('path');
const nconf = require('nconf');
const user = require('../user'); const user = require('../user');
const groups = require('../groups'); const groups = require('../groups');
const topics = require('../topics'); const topics = require('../topics');
const posts = require('../posts'); const posts = require('../posts');
const helpers = require('../controllers/helpers'); const helpers = require('./helpers');
const controllerHelpers = require('../controllers/helpers');
module.exports = function (middleware) { module.exports = function (middleware) {
middleware.assertUser = async (req, res, next) => { middleware.assertUser = helpers.try(async (req, res, next) => {
if (!await user.exists(req.params.uid)) { if (!await user.exists(req.params.uid)) {
return helpers.formatApiResponse(404, res, new Error('[[error:no-user]]')); return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-user]]'));
} }
next(); next();
}; });
middleware.assertGroup = async (req, res, next) => { middleware.assertGroup = helpers.try(async (req, res, next) => {
const name = await groups.getGroupNameByGroupSlug(req.params.slug); const name = await groups.getGroupNameByGroupSlug(req.params.slug);
if (!name || !await groups.exists(name)) { if (!name || !await groups.exists(name)) {
return helpers.formatApiResponse(404, res, new Error('[[error:no-group]]')); return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-group]]'));
} }
next(); next();
}; });
middleware.assertTopic = async (req, res, next) => { middleware.assertTopic = helpers.try(async (req, res, next) => {
if (!await topics.exists(req.params.tid)) { if (!await topics.exists(req.params.tid)) {
return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]')); return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
} }
next(); next();
}; });
middleware.assertPost = async (req, res, next) => { middleware.assertPost = helpers.try(async (req, res, next) => {
if (!await posts.exists(req.params.pid)) { if (!await posts.exists(req.params.pid)) {
return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]')); return controllerHelpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
} }
next(); next();
}; });
middleware.assertPath = helpers.try(async (req, res, next) => {
// file: URL support
if (req.body.path.startsWith('file:///')) {
req.body.path = new URL(req.body.path).pathname;
}
// Checks file exists and is within bounds of upload_path
const pathToFile = path.join(nconf.get('upload_path'), req.body.path);
res.locals.cleanedPath = pathToFile;
if (!pathToFile.startsWith(nconf.get('upload_path'))) {
return controllerHelpers.formatApiResponse(403, res, new Error('[[error:invalid-path]]'));
}
try {
await fsPromises.access(pathToFile, fs.constants.F_OK);
} catch (e) {
return controllerHelpers.formatApiResponse(404, res, new Error('[[error:invalid-path]]'));
}
next();
});
}; };

16
src/routes/write/files.js Normal file
View File

@@ -0,0 +1,16 @@
'use strict';
const router = require('express').Router();
const middleware = require('../../middleware');
const controllers = require('../../controllers');
const routeHelpers = require('../helpers');
const setupApiRoute = routeHelpers.setupApiRoute;
module.exports = function () {
const middlewares = [middleware.authenticate];
setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['path']), middleware.assertPath], 'delete', controllers.write.files.delete);
return router;
};

1
src/routes/write/index.js
View File

@@ -26,6 +26,7 @@ Write.reload = (params) => {
router.use('/api/v3/topics', require('./topics')()); router.use('/api/v3/topics', require('./topics')());
router.use('/api/v3/posts', require('./posts')()); router.use('/api/v3/posts', require('./posts')());
router.use('/api/v3/admin', require('./admin')()); router.use('/api/v3/admin', require('./admin')());
router.use('/api/v3/files', require('./files')());
router.get('/api/v3/ping', function (req, res) { router.get('/api/v3/ping', function (req, res) {
helpers.formatApiResponse(200, res, { helpers.formatApiResponse(200, res, {

4
src/socket.io/admin/uploads.js
View File

@@ -4,9 +4,13 @@ const fs = require('fs');
const path = require('path'); const path = require('path');
const nconf = require('nconf'); const nconf = require('nconf');
const sockets = require('..');
const Uploads = module.exports; const Uploads = module.exports;
Uploads.delete = function (socket, pathToFile, callback) { Uploads.delete = function (socket, pathToFile, callback) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/files');
pathToFile = path.join(nconf.get('upload_path'), pathToFile); pathToFile = path.join(nconf.get('upload_path'), pathToFile);
if (!pathToFile.startsWith(nconf.get('upload_path'))) { if (!pathToFile.startsWith(nconf.get('upload_path'))) {
return callback(new Error('[[error:invalid-path]]')); return callback(new Error('[[error:invalid-path]]'));