You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

102 lines
2.6 KiB

  1. const express = require('express')
  2. const router = express.Router()
  3. const _ = require('lodash')
  4. const multer = require('multer')
  5. const path = require('path')
  6. const sanitize = require('sanitize-filename')
  7. /* global WIKI */
  8. /**
  9. * Upload files
  10. */
  11. router.post('/u', multer({
  12. dest: path.join(WIKI.ROOTPATH, 'data/uploads'),
  13. limits: {
  14. fileSize: WIKI.config.uploads.maxFileSize,
  15. files: WIKI.config.uploads.maxFiles
  16. }
  17. }).array('mediaUpload'), async (req, res, next) => {
  18. if (!_.some(req.user.permissions, pm => _.includes(['write:assets', 'manage:system'], pm))) {
  19. return res.status(403).json({
  20. succeeded: false,
  21. message: 'You are not authorized to upload files.'
  22. })
  23. } else if (req.files.length < 1) {
  24. return res.status(400).json({
  25. succeeded: false,
  26. message: 'Missing upload payload.'
  27. })
  28. } else if (req.files.length > 1) {
  29. return res.status(400).json({
  30. succeeded: false,
  31. message: 'You cannot upload multiple files within the same request.'
  32. })
  33. }
  34. const fileMeta = _.get(req, 'files[0]', false)
  35. if (!fileMeta) {
  36. return res.status(500).json({
  37. succeeded: false,
  38. message: 'Missing upload file metadata.'
  39. })
  40. }
  41. // Get folder Id
  42. let folderId = null
  43. try {
  44. const folderRaw = _.get(req, 'body.mediaUpload', false)
  45. if (folderRaw) {
  46. folderId = _.get(JSON.parse(folderRaw), 'folderId', null)
  47. if (folderId === 0) {
  48. folderId = null
  49. }
  50. } else {
  51. throw new Error('Missing File Metadata')
  52. }
  53. } catch (err) {
  54. return res.status(400).json({
  55. succeeded: false,
  56. message: 'Missing upload folder metadata.'
  57. })
  58. }
  59. // Build folder hierarchy
  60. let hierarchy = []
  61. if (folderId) {
  62. try {
  63. hierarchy = await WIKI.models.assetFolders.getHierarchy(folderId)
  64. } catch (err) {
  65. return res.status(400).json({
  66. succeeded: false,
  67. message: 'Failed to fetch folder hierarchy.'
  68. })
  69. }
  70. }
  71. // Check if user can upload at path
  72. const assetPath = (folderId) ? hierarchy.map(h => h.slug).join('/') + `/${fileMeta.originalname}` : fileMeta.originalname
  73. if (!WIKI.auth.checkAccess(req.user, ['write:assets'], { path: assetPath })) {
  74. return res.status(403).json({
  75. succeeded: false,
  76. message: 'You are not authorized to upload files to this folder.'
  77. })
  78. }
  79. // Process upload file
  80. await WIKI.models.assets.upload({
  81. ...fileMeta,
  82. originalname: sanitize(fileMeta.originalname).toLowerCase(),
  83. folderId: folderId,
  84. assetPath,
  85. userId: req.user.id
  86. })
  87. res.send('ok')
  88. })
  89. router.get('/u', async (req, res, next) => {
  90. res.json({
  91. ok: true
  92. })
  93. })
  94. module.exports = router