BookStack Code Mirror - bookstack/blob - app/Uploads/Controllers/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Uploads\Controllers;
   4
   5 use BookStack\Entities\Models\Page;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Http\Controllers\ApiController;
   8 use BookStack\Uploads\Attachment;
   9 use BookStack\Uploads\AttachmentService;
  10 use Exception;
  11 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Validation\ValidationException;
  14
  15 class AttachmentApiController extends ApiController
  16 {
  17     public function __construct(
  18         protected AttachmentService $attachmentService
  19     ) {
  20     }
  21
  22     /**
  23      * Get a listing of attachments visible to the user.
  24      * The external property indicates whether the attachment is simple a link.
  25      * A false value for the external property would indicate a file upload.
  26      */
  27     public function list()
  28     {
  29         return $this->apiListingResponse(Attachment::visible(), [
  30             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  31         ]);
  32     }
  33
  34     /**
  35      * Create a new attachment in the system.
  36      * An uploaded_to value must be provided containing an ID of the page
  37      * that this upload will be related to.
  38      *
  39      * If you're uploading a file the POST data should be provided via
  40      * a multipart/form-data type request instead of JSON.
  41      *
  42      * @throws ValidationException
  43      * @throws FileUploadException
  44      */
  45     public function create(Request $request)
  46     {
  47         $this->checkPermission('attachment-create-all');
  48         $requestData = $this->validate($request, $this->rules()['create']);
  49
  50         $pageId = $request->get('uploaded_to');
  51         $page = Page::visible()->findOrFail($pageId);
  52         $this->checkOwnablePermission('page-update', $page);
  53
  54         if ($request->hasFile('file')) {
  55             $uploadedFile = $request->file('file');
  56             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  57         } else {
  58             $attachment = $this->attachmentService->saveNewFromLink(
  59                 $requestData['name'],
  60                 $requestData['link'],
  61                 $page->id
  62             );
  63         }
  64
  65         $this->attachmentService->updateFile($attachment, $requestData);
  66
  67         return response()->json($attachment);
  68     }
  69
  70     /**
  71      * Get the details & content of a single attachment of the given ID.
  72      * The attachment link or file content is provided via a 'content' property.
  73      * For files the content will be base64 encoded.
  74      *
  75      * @throws FileNotFoundException
  76      */
  77     public function read(string $id)
  78     {
  79         /** @var Attachment $attachment */
  80         $attachment = Attachment::visible()
  81             ->with(['createdBy', 'updatedBy'])
  82             ->findOrFail($id);
  83
  84         $attachment->setAttribute('links', [
  85             'html'     => $attachment->htmlLink(),
  86             'markdown' => $attachment->markdownLink(),
  87         ]);
  88
  89         // Simply return a JSON response of the attachment for link-based attachments
  90         if ($attachment->external) {
  91             $attachment->setAttribute('content', $attachment->path);
  92
  93             return response()->json($attachment);
  94         }
  95
  96         // Build and split our core JSON, at point of content.
  97         $splitter = 'CONTENT_SPLIT_LOCATION_' . time() . '_' . rand(1, 40000);
  98         $attachment->setAttribute('content', $splitter);
  99         $json = $attachment->toJson();
 100         $jsonParts = explode($splitter, $json);
 101         // Get a stream for the file data from storage
 102         $stream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 103
 104         return response()->stream(function () use ($jsonParts, $stream) {
 105             // Output the pre-content JSON data
 106             echo $jsonParts[0];
 107
 108             // Stream out our attachment data as base64 content
 109             stream_filter_append($stream, 'convert.base64-encode', STREAM_FILTER_READ);
 110             fpassthru($stream);
 111             fclose($stream);
 112
 113             // Output our post-content JSON data
 114             echo $jsonParts[1];
 115         }, 200, ['Content-Type' => 'application/json']);
 116     }
 117
 118     /**
 119      * Update the details of a single attachment.
 120      * As per the create endpoint, if a file is being provided as the attachment content
 121      * the request should be formatted as a multipart/form-data request instead of JSON.
 122      *
 123      * @throws ValidationException
 124      * @throws FileUploadException
 125      */
 126     public function update(Request $request, string $id)
 127     {
 128         $requestData = $this->validate($request, $this->rules()['update']);
 129         /** @var Attachment $attachment */
 130         $attachment = Attachment::visible()->findOrFail($id);
 131
 132         $page = $attachment->page;
 133         if ($requestData['uploaded_to'] ?? false) {
 134             $pageId = $request->get('uploaded_to');
 135             $page = Page::visible()->findOrFail($pageId);
 136             $attachment->uploaded_to = $requestData['uploaded_to'];
 137         }
 138
 139         $this->checkOwnablePermission('page-view', $page);
 140         $this->checkOwnablePermission('page-update', $page);
 141         $this->checkOwnablePermission('attachment-update', $attachment);
 142
 143         if ($request->hasFile('file')) {
 144             $uploadedFile = $request->file('file');
 145             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
 146         }
 147
 148         $this->attachmentService->updateFile($attachment, $requestData);
 149
 150         return response()->json($attachment);
 151     }
 152
 153     /**
 154      * Delete an attachment of the given ID.
 155      *
 156      * @throws Exception
 157      */
 158     public function delete(string $id)
 159     {
 160         /** @var Attachment $attachment */
 161         $attachment = Attachment::visible()->findOrFail($id);
 162         $this->checkOwnablePermission('attachment-delete', $attachment);
 163
 164         $this->attachmentService->deleteFile($attachment);
 165
 166         return response('', 204);
 167     }
 168
 169     protected function rules(): array
 170     {
 171         return [
 172             'create' => [
 173                 'name'        => ['required', 'min:1', 'max:255', 'string'],
 174                 'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
 175                 'file'        => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
 176                 'link'        => ['required_without:file', 'min:1', 'max:2000', 'safe_url'],
 177             ],
 178             'update' => [
 179                 'name'        => ['min:1', 'max:255', 'string'],
 180                 'uploaded_to' => ['integer', 'exists:pages,id'],
 181                 'file'        => $this->attachmentService->getFileValidationRules(),
 182                 'link'        => ['min:1', 'max:2000', 'safe_url'],
 183             ],
 184         ];
 185     }
 186 }