BookStack Code Mirror - bookstack/blob - app/Uploads/Controllers/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Uploads\Controllers;
   4
   5 use BookStack\Entities\EntityExistsRule;
   6 use BookStack\Entities\Queries\PageQueries;
   7 use BookStack\Exceptions\FileUploadException;
   8 use BookStack\Http\ApiController;
   9 use BookStack\Permissions\Permission;
  10 use BookStack\Uploads\Attachment;
  11 use BookStack\Uploads\AttachmentService;
  12 use Exception;
  13 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  14 use Illuminate\Http\Request;
  15 use Illuminate\Validation\ValidationException;
  16
  17 class AttachmentApiController extends ApiController
  18 {
  19     public function __construct(
  20         protected AttachmentService $attachmentService,
  21         protected PageQueries $pageQueries,
  22     ) {
  23     }
  24
  25     /**
  26      * Get a listing of attachments visible to the user.
  27      * The external property indicates whether the attachment is simple a link.
  28      * A false value for the external property would indicate a file upload.
  29      */
  30     public function list()
  31     {
  32         return $this->apiListingResponse(Attachment::visible(), [
  33             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  34         ]);
  35     }
  36
  37     /**
  38      * Create a new attachment in the system.
  39      * An uploaded_to value must be provided containing an ID of the page
  40      * that this upload will be related to.
  41      *
  42      * If you're uploading a file the POST data should be provided via
  43      * a multipart/form-data type request instead of JSON.
  44      *
  45      * @throws ValidationException
  46      * @throws FileUploadException
  47      */
  48     public function create(Request $request)
  49     {
  50         $this->checkPermission(Permission::AttachmentCreateAll);
  51         $requestData = $this->validate($request, $this->rules()['create']);
  52
  53         $pageId = $request->get('uploaded_to');
  54         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
  55         $this->checkOwnablePermission(Permission::PageUpdate, $page);
  56
  57         if ($request->hasFile('file')) {
  58             $uploadedFile = $request->file('file');
  59             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  60         } else {
  61             $attachment = $this->attachmentService->saveNewFromLink(
  62                 $requestData['name'],
  63                 $requestData['link'],
  64                 $page->id
  65             );
  66         }
  67
  68         $this->attachmentService->updateFile($attachment, $requestData);
  69
  70         return response()->json($attachment);
  71     }
  72
  73     /**
  74      * Get the details & content of a single attachment of the given ID.
  75      * The attachment link or file content is provided via a 'content' property.
  76      * For files the content will be base64 encoded.
  77      *
  78      * @throws FileNotFoundException
  79      */
  80     public function read(string $id)
  81     {
  82         /** @var Attachment $attachment */
  83         $attachment = Attachment::visible()
  84             ->with(['createdBy', 'updatedBy'])
  85             ->findOrFail($id);
  86
  87         $attachment->setAttribute('links', [
  88             'html'     => $attachment->htmlLink(),
  89             'markdown' => $attachment->markdownLink(),
  90         ]);
  91
  92         // Simply return a JSON response of the attachment for link-based attachments
  93         if ($attachment->external) {
  94             $attachment->setAttribute('content', $attachment->path);
  95
  96             return response()->json($attachment);
  97         }
  98
  99         // Build and split our core JSON, at point of content.
 100         $splitter = 'CONTENT_SPLIT_LOCATION_' . time() . '_' . rand(1, 40000);
 101         $attachment->setAttribute('content', $splitter);
 102         $json = $attachment->toJson();
 103         $jsonParts = explode($splitter, $json);
 104         // Get a stream for the file data from storage
 105         $stream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 106
 107         return response()->stream(function () use ($jsonParts, $stream) {
 108             // Output the pre-content JSON data
 109             echo $jsonParts[0];
 110
 111             // Stream out our attachment data as base64 content
 112             stream_filter_append($stream, 'convert.base64-encode', STREAM_FILTER_READ);
 113             fpassthru($stream);
 114             fclose($stream);
 115
 116             // Output our post-content JSON data
 117             echo $jsonParts[1];
 118         }, 200, ['Content-Type' => 'application/json']);
 119     }
 120
 121     /**
 122      * Update the details of a single attachment.
 123      * As per the create endpoint, if a file is being provided as the attachment content
 124      * the request should be formatted as a multipart/form-data request instead of JSON.
 125      *
 126      * @throws ValidationException
 127      * @throws FileUploadException
 128      */
 129     public function update(Request $request, string $id)
 130     {
 131         $requestData = $this->validate($request, $this->rules()['update']);
 132         /** @var Attachment $attachment */
 133         $attachment = Attachment::visible()->findOrFail($id);
 134
 135         $page = $attachment->page;
 136         if ($requestData['uploaded_to'] ?? false) {
 137             $pageId = $request->get('uploaded_to');
 138             $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
 139             $attachment->uploaded_to = $requestData['uploaded_to'];
 140         }
 141
 142         $this->checkOwnablePermission(Permission::PageView, $page);
 143         $this->checkOwnablePermission(Permission::PageUpdate, $page);
 144         $this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
 145
 146         if ($request->hasFile('file')) {
 147             $uploadedFile = $request->file('file');
 148             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
 149         }
 150
 151         $this->attachmentService->updateFile($attachment, $requestData);
 152
 153         return response()->json($attachment);
 154     }
 155
 156     /**
 157      * Delete an attachment of the given ID.
 158      *
 159      * @throws Exception
 160      */
 161     public function delete(string $id)
 162     {
 163         /** @var Attachment $attachment */
 164         $attachment = Attachment::visible()->findOrFail($id);
 165         $this->checkOwnablePermission(Permission::AttachmentDelete, $attachment);
 166
 167         $this->attachmentService->deleteFile($attachment);
 168
 169         return response('', 204);
 170     }
 171
 172     protected function rules(): array
 173     {
 174         return [
 175             'create' => [
 176                 'name'        => ['required', 'string', 'min:1', 'max:255'],
 177                 'uploaded_to' => ['required', 'integer', new EntityExistsRule('page')],
 178                 'file'        => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
 179                 'link'        => ['required_without:file', 'string', 'min:1', 'max:2000', 'safe_url'],
 180             ],
 181             'update' => [
 182                 'name'        => ['string', 'min:1', 'max:255'],
 183                 'uploaded_to' => ['integer', new EntityExistsRule('page')],
 184                 'file'        => $this->attachmentService->getFileValidationRules(),
 185                 'link'        => ['string', 'min:1', 'max:2000', 'safe_url'],
 186             ],
 187         ];
 188     }
 189 }