github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-02-01 06:55:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6b154e60df62e8a2ca98222983c6d7e57b8a008
directus/api/src/controllers/assets.ts
Rijk van Zanten 77e00b7db4 Don't initialize database on file require (#6003)
2021-06-02 11:41:42 -04:00

166 lines
5.8 KiB
TypeScript
Raw Blame History

import { Range } from '@directus/drive';
import { Router } from 'express';
import { pick } from 'lodash';
import ms from 'ms';
import validate from 'uuid-validate';
import { ASSET_TRANSFORM_QUERY_KEYS, SYSTEM_ASSET_ALLOW_LIST } from '../constants';
import getDatabase from '../database';
import env from '../env';
import { ForbiddenException, InvalidQueryException, RangeNotSatisfiableException } from '../exceptions';
import useCollection from '../middleware/use-collection';
import { AssetsService, PayloadService } from '../services';
import storage from '../storage';
import { Transformation } from '../types/assets';
import asyncHandler from '../utils/async-handler';
const router = Router();
router.use(useCollection('directus_files'));
router.get(
'/:pk',
// Check if file exists and if you have permission to read it
asyncHandler(async (req, res, next) => {
/**
* We ignore everything in the id after the first 36 characters (uuid length). This allows the
* user to add an optional extension, or other identifier for use in external software (#4067)
*/
const id = req.params.pk?.substring(0, 36);
/**
* This is a little annoying. Postgres will error out if you're trying to search in `where`
* with a wrong type. In case of directus_files where id is a uuid, we'll have to verify the
* validity of the uuid ahead of time.
*/
const isValidUUID = validate(id, 4);
if (isValidUUID === false) throw new ForbiddenException();
const database = getDatabase();
const file = await database.select('id', 'storage', 'filename_disk').from('directus_files').where({ id }).first();
if (!file) throw new ForbiddenException();
const { exists } = await storage.disk(file.storage).exists(file.filename_disk);
if (!exists) throw new ForbiddenException();
return next();
}),
// Validate query params
asyncHandler(async (req, res, next) => {
const payloadService = new PayloadService('directus_settings', { schema: req.schema });
const defaults = { storage_asset_presets: [], storage_asset_transform: 'all' };
const database = getDatabase();
const savedAssetSettings = await database
.select('storage_asset_presets', 'storage_asset_transform')
.from('directus_settings')
.first();
if (savedAssetSettings) {
await payloadService.processValues('read', savedAssetSettings);
}
const assetSettings = savedAssetSettings || defaults;
const transformation = pick(req.query, ASSET_TRANSFORM_QUERY_KEYS);
if ('key' in transformation && Object.keys(transformation).length > 1) {
throw new InvalidQueryException(`You can't combine the "key" query parameter with any other transformation.`);
}
if ('quality' in transformation && (Number(transformation.quality) < 1 || Number(transformation.quality) > 100)) {
throw new InvalidQueryException(`"quality" Parameter has to between 1 to 100`);
}
const systemKeys = SYSTEM_ASSET_ALLOW_LIST.map((transformation) => transformation.key);
const allKeys: string[] = [
...systemKeys,
...(assetSettings.storage_asset_presets || []).map((transformation: Transformation) => transformation.key),
];
// For use in the next request handler
res.locals.shortcuts = [...SYSTEM_ASSET_ALLOW_LIST, ...(assetSettings.storage_asset_presets || [])];
res.locals.transformation = transformation;
if (Object.keys(transformation).length === 0) {
return next();
}
if (assetSettings.storage_asset_transform === 'all') {
if (transformation.key && allKeys.includes(transformation.key as string) === false)
throw new InvalidQueryException(`Key "${transformation.key}" isn't configured.`);
return next();
} else if (assetSettings.storage_asset_transform === 'presets') {
if (allKeys.includes(transformation.key as string)) return next();
throw new InvalidQueryException(`Only configured presets can be used in asset generation.`);
} else {
if (transformation.key && systemKeys.includes(transformation.key as string)) return next();
throw new InvalidQueryException(`Dynamic asset generation has been disabled for this project.`);
}
}),
// Return file
asyncHandler(async (req, res) => {
const id = req.params.pk?.substring(0, 36);
const service = new AssetsService({
accountability: req.accountability,
schema: req.schema,
});
const transformation: Transformation = res.locals.transformation.key
? res.locals.shortcuts.find(
(transformation: Transformation) => transformation.key === res.locals.transformation.key
)
: res.locals.transformation;
let range: Range | undefined = undefined;
if (req.headers.range) {
// substring 6 = "bytes="
const rangeParts = req.headers.range.substring(6).split('-');
range = {
start: rangeParts[0] ? Number(rangeParts[0]) : 0,
end: rangeParts[1] ? Number(rangeParts[1]) : undefined,
};
if (Number.isNaN(range.start) || Number.isNaN(range.end)) {
throw new RangeNotSatisfiableException(range);
}
}
const { stream, file, stat } = await service.getAsset(id, transformation, range);
const access = req.accountability?.role ? 'private' : 'public';
res.attachment(file.filename_download);
res.setHeader('Content-Type', file.type);
res.setHeader('Accept-Ranges', 'bytes');
res.setHeader('Cache-Control', `${access}, max-age=${ms(env.ASSETS_CACHE_TTL as string) / 1000}`);
if (range) {
res.setHeader('Content-Range', `bytes ${range.start}-${range.end || stat.size - 1}/${stat.size}`);
res.status(206);
res.setHeader('Content-Length', (range.end ? range.end + 1 : stat.size) - range.start);
} else {
res.setHeader('Content-Length', stat.size);
}
if ('download' in req.query === false) {
res.removeHeader('Content-Disposition');
}
if (req.method.toLowerCase() === 'head') {
res.status(200);
res.setHeader('Accept-Ranges', 'bytes');
res.setHeader('Content-Length', stat.size);
return res.end();
}
stream.pipe(res);
})
);
export default router;
Reference in New Issue View Git Blame Copy Permalink