BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Api/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Api;
   4
   5 use BookStack\Entities\Models\Page;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Uploads\Attachment;
   8 use BookStack\Uploads\AttachmentService;
   9 use Exception;
  10 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  11 use Illuminate\Http\Request;
  12 use Illuminate\Validation\ValidationException;
  13
  14 class AttachmentApiController extends ApiController
  15 {
  16     protected $attachmentService;
  17
  18     public function __construct(AttachmentService $attachmentService)
  19     {
  20         $this->attachmentService = $attachmentService;
  21     }
  22
  23     /**
  24      * Get a listing of attachments visible to the user.
  25      * The external property indicates whether the attachment is simple a link.
  26      * A false value for the external property would indicate a file upload.
  27      */
  28     public function list()
  29     {
  30         return $this->apiListingResponse(Attachment::visible(), [
  31             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  32         ]);
  33     }
  34
  35     /**
  36      * Create a new attachment in the system.
  37      * An uploaded_to value must be provided containing an ID of the page
  38      * that this upload will be related to.
  39      *
  40      * If you're uploading a file the POST data should be provided via
  41      * a multipart/form-data type request instead of JSON.
  42      *
  43      * @throws ValidationException
  44      * @throws FileUploadException
  45      */
  46     public function create(Request $request)
  47     {
  48         $this->checkPermission('attachment-create-all');
  49         $requestData = $this->validate($request, $this->rules()['create']);
  50
  51         $pageId = $request->get('uploaded_to');
  52         $page = Page::visible()->findOrFail($pageId);
  53         $this->checkOwnablePermission('page-update', $page);
  54
  55         if ($request->hasFile('file')) {
  56             $uploadedFile = $request->file('file');
  57             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  58         } else {
  59             $attachment = $this->attachmentService->saveNewFromLink(
  60                 $requestData['name'],
  61                 $requestData['link'],
  62                 $page->id
  63             );
  64         }
  65
  66         $this->attachmentService->updateFile($attachment, $requestData);
  67
  68         return response()->json($attachment);
  69     }
  70
  71     /**
  72      * Get the details & content of a single attachment of the given ID.
  73      * The attachment link or file content is provided via a 'content' property.
  74      * For files the content will be base64 encoded.
  75      *
  76      * @throws FileNotFoundException
  77      */
  78     public function read(string $id)
  79     {
  80         /** @var Attachment $attachment */
  81         $attachment = Attachment::visible()
  82             ->with(['createdBy', 'updatedBy'])
  83             ->findOrFail($id);
  84
  85         $attachment->setAttribute('links', [
  86             'html'     => $attachment->htmlLink(),
  87             'markdown' => $attachment->markdownLink(),
  88         ]);
  89
  90         // Simply return a JSON response of the attachment for link-based attachments
  91         if ($attachment->external) {
  92             $attachment->setAttribute('content', $attachment->path);
  93             return response()->json($attachment);
  94         }
  95
  96         // Build and split our core JSON, at point of content.
  97         $splitter = 'CONTENT_SPLIT_LOCATION_' . time() . '_' . rand(1, 40000);
  98         $attachment->setAttribute('content', $splitter);
  99         $json = $attachment->toJson();
 100         $jsonParts = explode($splitter, $json);
 101         // Get a stream for the file data from storage
 102         $stream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 103
 104         return response()->stream(function () use ($jsonParts, $stream) {
 105             // Output the pre-content JSON data
 106             echo $jsonParts[0];
 107
 108             // Stream out our attachment data as base64 content
 109             stream_filter_append($stream, 'convert.base64-encode', STREAM_FILTER_READ);
 110             fpassthru($stream);
 111             fclose($stream);
 112
 113             // Output our post-content JSON data
 114             echo $jsonParts[1];
 115         }, 200, ['Content-Type' => 'application/json']);
 116     }
 117
 118     /**
 119      * Update the details of a single attachment.
 120      * As per the create endpoint, if a file is being provided as the attachment content
 121      * the request should be formatted as a multipart/form-data request instead of JSON.
 122      *
 123      * @throws ValidationException
 124      * @throws FileUploadException
 125      */
 126     public function update(Request $request, string $id)
 127     {
 128         $requestData = $this->validate($request, $this->rules()['update']);
 129         /** @var Attachment $attachment */
 130         $attachment = Attachment::visible()->findOrFail($id);
 131
 132         $page = $attachment->page;
 133         if ($requestData['uploaded_to'] ?? false) {
 134             $pageId = $request->get('uploaded_to');
 135             $page = Page::visible()->findOrFail($pageId);
 136             $attachment->uploaded_to = $requestData['uploaded_to'];
 137         }
 138
 139         $this->checkOwnablePermission('page-view', $page);
 140         $this->checkOwnablePermission('page-update', $page);
 141         $this->checkOwnablePermission('attachment-update', $attachment);
 142
 143         if ($request->hasFile('file')) {
 144             $uploadedFile = $request->file('file');
 145             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
 146         }
 147
 148         $this->attachmentService->updateFile($attachment, $requestData);
 149
 150         return response()->json($attachment);
 151     }
 152
 153     /**
 154      * Delete an attachment of the given ID.
 155      *
 156      * @throws Exception
 157      */
 158     public function delete(string $id)
 159     {
 160         /** @var Attachment $attachment */
 161         $attachment = Attachment::visible()->findOrFail($id);
 162         $this->checkOwnablePermission('attachment-delete', $attachment);
 163
 164         $this->attachmentService->deleteFile($attachment);
 165
 166         return response('', 204);
 167     }
 168
 169     protected function rules(): array
 170     {
 171         return [
 172             'create' => [
 173                 'name'        => ['required', 'min:1', 'max:255', 'string'],
 174                 'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
 175                 'file'        => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
 176                 'link'        => ['required_without:file', 'min:1', 'max:255', 'safe_url'],
 177             ],
 178             'update' => [
 179                 'name'        => ['min:1', 'max:255', 'string'],
 180                 'uploaded_to' => ['integer', 'exists:pages,id'],
 181                 'file'        => $this->attachmentService->getFileValidationRules(),
 182                 'link'        => ['min:1', 'max:255', 'safe_url'],
 183             ],
 184         ];
 185     }
 186 }