BookStack Code Mirror - bookstack/blob - app/Uploads/Controllers/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Uploads\Controllers;
   4
   5 use BookStack\Entities\Queries\PageQueries;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Http\ApiController;
   8 use BookStack\Uploads\Attachment;
   9 use BookStack\Uploads\AttachmentService;
  10 use Exception;
  11 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Validation\ValidationException;
  14
  15 class AttachmentApiController extends ApiController
  16 {
  17     public function __construct(
  18         protected AttachmentService $attachmentService,
  19         protected PageQueries $pageQueries,
  20     ) {
  21     }
  22
  23     /**
  24      * Get a listing of attachments visible to the user.
  25      * The external property indicates whether the attachment is simple a link.
  26      * A false value for the external property would indicate a file upload.
  27      */
  28     public function list()
  29     {
  30         return $this->apiListingResponse(Attachment::visible(), [
  31             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  32         ]);
  33     }
  34
  35     /**
  36      * Create a new attachment in the system.
  37      * An uploaded_to value must be provided containing an ID of the page
  38      * that this upload will be related to.
  39      *
  40      * If you're uploading a file the POST data should be provided via
  41      * a multipart/form-data type request instead of JSON.
  42      *
  43      * @throws ValidationException
  44      * @throws FileUploadException
  45      */
  46     public function create(Request $request)
  47     {
  48         $this->checkPermission('attachment-create-all');
  49         $requestData = $this->validate($request, $this->rules()['create']);
  50
  51         $pageId = $request->get('uploaded_to');
  52         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
  53         $this->checkOwnablePermission('page-update', $page);
  54
  55         if ($request->hasFile('file')) {
  56             $uploadedFile = $request->file('file');
  57             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  58         } else {
  59             $attachment = $this->attachmentService->saveNewFromLink(
  60                 $requestData['name'],
  61                 $requestData['link'],
  62                 $page->id
  63             );
  64         }
  65
  66         $this->attachmentService->updateFile($attachment, $requestData);
  67
  68         return response()->json($attachment);
  69     }
  70
  71     /**
  72      * Get the details & content of a single attachment of the given ID.
  73      * The attachment link or file content is provided via a 'content' property.
  74      * For files the content will be base64 encoded.
  75      *
  76      * @throws FileNotFoundException
  77      */
  78     public function read(string $id)
  79     {
  80         /** @var Attachment $attachment */
  81         $attachment = Attachment::visible()
  82             ->with(['createdBy', 'updatedBy'])
  83             ->findOrFail($id);
  84
  85         $attachment->setAttribute('links', [
  86             'html'     => $attachment->htmlLink(),
  87             'markdown' => $attachment->markdownLink(),
  88         ]);
  89
  90         // Simply return a JSON response of the attachment for link-based attachments
  91         if ($attachment->external) {
  92             $attachment->setAttribute('content', $attachment->path);
  93
  94             return response()->json($attachment);
  95         }
  96
  97         // Build and split our core JSON, at point of content.
  98         $splitter = 'CONTENT_SPLIT_LOCATION_' . time() . '_' . rand(1, 40000);
  99         $attachment->setAttribute('content', $splitter);
 100         $json = $attachment->toJson();
 101         $jsonParts = explode($splitter, $json);
 102         // Get a stream for the file data from storage
 103         $stream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 104
 105         return response()->stream(function () use ($jsonParts, $stream) {
 106             // Output the pre-content JSON data
 107             echo $jsonParts[0];
 108
 109             // Stream out our attachment data as base64 content
 110             stream_filter_append($stream, 'convert.base64-encode', STREAM_FILTER_READ);
 111             fpassthru($stream);
 112             fclose($stream);
 113
 114             // Output our post-content JSON data
 115             echo $jsonParts[1];
 116         }, 200, ['Content-Type' => 'application/json']);
 117     }
 118
 119     /**
 120      * Update the details of a single attachment.
 121      * As per the create endpoint, if a file is being provided as the attachment content
 122      * the request should be formatted as a multipart/form-data request instead of JSON.
 123      *
 124      * @throws ValidationException
 125      * @throws FileUploadException
 126      */
 127     public function update(Request $request, string $id)
 128     {
 129         $requestData = $this->validate($request, $this->rules()['update']);
 130         /** @var Attachment $attachment */
 131         $attachment = Attachment::visible()->findOrFail($id);
 132
 133         $page = $attachment->page;
 134         if ($requestData['uploaded_to'] ?? false) {
 135             $pageId = $request->get('uploaded_to');
 136             $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
 137             $attachment->uploaded_to = $requestData['uploaded_to'];
 138         }
 139
 140         $this->checkOwnablePermission('page-view', $page);
 141         $this->checkOwnablePermission('page-update', $page);
 142         $this->checkOwnablePermission('attachment-update', $attachment);
 143
 144         if ($request->hasFile('file')) {
 145             $uploadedFile = $request->file('file');
 146             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
 147         }
 148
 149         $this->attachmentService->updateFile($attachment, $requestData);
 150
 151         return response()->json($attachment);
 152     }
 153
 154     /**
 155      * Delete an attachment of the given ID.
 156      *
 157      * @throws Exception
 158      */
 159     public function delete(string $id)
 160     {
 161         /** @var Attachment $attachment */
 162         $attachment = Attachment::visible()->findOrFail($id);
 163         $this->checkOwnablePermission('attachment-delete', $attachment);
 164
 165         $this->attachmentService->deleteFile($attachment);
 166
 167         return response('', 204);
 168     }
 169
 170     protected function rules(): array
 171     {
 172         return [
 173             'create' => [
 174                 'name'        => ['required', 'min:1', 'max:255', 'string'],
 175                 'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
 176                 'file'        => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
 177                 'link'        => ['required_without:file', 'min:1', 'max:2000', 'safe_url'],
 178             ],
 179             'update' => [
 180                 'name'        => ['min:1', 'max:255', 'string'],
 181                 'uploaded_to' => ['integer', 'exists:pages,id'],
 182                 'file'        => $this->attachmentService->getFileValidationRules(),
 183                 'link'        => ['min:1', 'max:2000', 'safe_url'],
 184             ],
 185         ];
 186     }
 187 }