src/Routers/FilesRouter.js

import express from 'express';
import BodyParser from 'body-parser';
import * as Middlewares from '../middlewares';
import Parse from 'parse/node';
import Config from '../Config';
import mime from 'mime';
import logger from '../logger';

export class FilesRouter {
  expressRouter({ maxUploadSize = '20Mb' } = {}) {
    var router = express.Router();
    router.get('/files/:appId/:filename', this.getHandler);

    router.post('/files', function(req, res, next) {
      next(
        new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename not provided.')
      );
    });

    router.post(
      '/files/:filename',
      BodyParser.raw({
        type: () => {
          return true;
        },
        limit: maxUploadSize,
      }), // Allow uploads without Content-Type, or with any Content-Type.
      Middlewares.handleParseHeaders,
      this.createHandler
    );

    router.delete(
      '/files/:filename',
      Middlewares.handleParseHeaders,
      Middlewares.enforceMasterKeyAccess,
      this.deleteHandler
    );
    return router;
  }

  getHandler(req, res) {
    const config = Config.get(req.params.appId);
    const filesController = config.filesController;
    const filename = req.params.filename;
    const contentType = mime.getType(filename);
    if (isFileStreamable(req, filesController)) {
      filesController
        .handleFileStream(config, filename, req, res, contentType)
        .catch(() => {
          res.status(404);
          res.set('Content-Type', 'text/plain');
          res.end('File not found.');
        });
    } else {
      filesController
        .getFileData(config, filename)
        .then(data => {
          res.status(200);
          res.set('Content-Type', contentType);
          res.set('Content-Length', data.length);
          res.end(data);
        })
        .catch(() => {
          res.status(404);
          res.set('Content-Type', 'text/plain');
          res.end('File not found.');
        });
    }
  }

  createHandler(req, res, next) {
    if (!req.body || !req.body.length) {
      next(
        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Invalid file upload.')
      );
      return;
    }

    if (req.params.filename.length > 128) {
      next(
        new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename too long.')
      );
      return;
    }

    if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) {
      next(
        new Parse.Error(
          Parse.Error.INVALID_FILE_NAME,
          'Filename contains invalid characters.'
        )
      );
      return;
    }

    const filename = req.params.filename;
    const contentType = req.get('Content-type');
    const config = req.config;
    const filesController = config.filesController;

    filesController
      .createFile(config, filename, req.body, contentType)
      .then(result => {
        res.status(201);
        res.set('Location', result.url);
        res.json(result);
      })
      .catch(e => {
        logger.error('Error creating a file: ', e);
        next(
          new Parse.Error(
            Parse.Error.FILE_SAVE_ERROR,
            `Could not store file: ${filename}.`
          )
        );
      });
  }

  deleteHandler(req, res, next) {
    const filesController = req.config.filesController;
    filesController
      .deleteFile(req.config, req.params.filename)
      .then(() => {
        res.status(200);
        // TODO: return useful JSON here?
        res.end();
      })
      .catch(() => {
        next(
          new Parse.Error(
            Parse.Error.FILE_DELETE_ERROR,
            'Could not delete file.'
          )
        );
      });
  }
}

function isFileStreamable(req, filesController) {
  return (
    req.get('Range') &&
    typeof filesController.adapter.handleFileStream === 'function'
  );
}
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`import express from 'express';`
			`import BodyParser from 'body-parser';`
			`import * as Middlewares from '../middlewares';`
			`import Parse from 'parse/node';`
			`import Config from '../Config';`
			`import mime from 'mime';`
			`import logger from '../logger';`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00
			`export class FilesRouter {`
Finding areas that are untested and need love (#4131) * Makes InstallationRouter like others * Adds testing for Range file requests - Fixes issue with small requests (0-2) * Revert "Makes InstallationRouter like others" This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6. * Better handling of errors in FilesRouter * Fix incorrectness in range requests * Better/simpler logic * Only on mongo at it requires Gridstore * Open file streaming to all adapters supporting it * Improves coverage of parsers * Ensures depreciation warning is effective * Removes unused function * de-duplicate logic * Removes necessity of overriding req.params.className on subclasses routers * Use babel-preset-env to ensure min-version compatible code * removes dead code * Leverage indexes in order to infer which field is duplicated upon signup - A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated * Small nit * Better template to match column name * Restores original implementation for safety * nits 2017-09-05 17:51:11 -04:00			`expressRouter({ maxUploadSize = '20Mb' } = {}) {`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`var router = express.Router();`
			`router.get('/files/:appId/:filename', this.getHandler);`

			`router.post('/files', function(req, res, next) {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`next(`
			`new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename not provided.')`
			`);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`});`

Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`router.post(`
			`'/files/:filename',`
			`BodyParser.raw({`
			`type: () => {`
			`return true;`
			`},`
			`limit: maxUploadSize,`
			`}), // Allow uploads without Content-Type, or with any Content-Type.`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`Middlewares.handleParseHeaders,`
			`this.createHandler`
			`);`

Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`router.delete(`
			`'/files/:filename',`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`Middlewares.handleParseHeaders,`
			`Middlewares.enforceMasterKeyAccess,`
			`this.deleteHandler`
			`);`
			`return router;`
			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
			`getHandler(req, res) {`
Refactors configuration management (#4271) * Adds flow types / Configuration interfaces * Lets call it options * Use a single interface to generate the configurations * Translates options to definitions only if comments are set * improves logic * Moves objects around * Fixes issue affecting logging of circular objects * fixes undefined env * Moves all defaults to defaults * Adds back CLI defaults * Restored defaults in commander.js * Merge provided defaults and platform defaults * Addresses visual nits * Improves Config.js code * Adds ability to pass the default value in trailing comments * Load platform defaults from the definitions file * proper default values on various options * Adds ParseServer.start and server.start(options) as quick startup methods * Moves creating liveQueryServer http into ParseServer.js * removes dead code * Adds tests to guarantee we can start a LQ Server from main module * Fixes incorrect code regading liveQuery init port * Start a http server for LQ if port is specified * ensure we dont fail if config.port is not set * Specify port * ignore other path skipped in tests * Adds test for custom middleware setting * Refactors new Config into Config.get - Hides AppCache from ParseServer.js, use Config.put which validates * Extracts controller creation into Controllers/index.js - This makes the ParseServer init way simpler * Move serverURL inference into ParseServer * review nits 2017-10-23 08:43:05 -04:00			`const config = Config.get(req.params.appId);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`const filesController = config.filesController;`
			`const filename = req.params.filename;`
Bump nodejs version to 6+ (#4272) * let travis build against 3.x * Cleanup dependencies and bump min version to current LTS * Makes npm-git push all branches to -preview * restores releases * Bumps mime to 2.0.3 (requires node 6+) * Bumps express to latest version * Fixes linting issue after upgrade * Use travis-branch for partial releases 2017-11-14 21:08:15 -05:00			`const contentType = mime.getType(filename);`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`if (isFileStreamable(req, filesController)) {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`filesController`
Stream video with GridFSBucketAdapter (implements byte-range requests) (#6028) * Stream video with GridFSBucketAdapter (implements byte-range requests) Closes: https://github.com/parse-community/parse-server/issues/5834 Similar to https://github.com/parse-community/parse-server/pull/2437 I ran into this issue while trying to view a mov file in safari from the dashboard. * Rename getFileStream to handleFileStream 2019-09-11 09:34:39 -05:00			`.handleFileStream(config, filename, req, res, contentType)`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`.catch(() => {`
			`res.status(404);`
			`res.set('Content-Type', 'text/plain');`
			`res.end('File not found.');`
			`});`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`} else {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`filesController`
			`.getFileData(config, filename)`
			`.then(data => {`
			`res.status(200);`
			`res.set('Content-Type', contentType);`
			`res.set('Content-Length', data.length);`
			`res.end(data);`
			`})`
			`.catch(() => {`
			`res.status(404);`
			`res.set('Content-Type', 'text/plain');`
			`res.end('File not found.');`
			`});`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`}`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`createHandler(req, res, next) {`
			`if (!req.body \|\| !req.body.length) {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`next(`
			`new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Invalid file upload.')`
			`);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`return;`
			`}`

			`if (req.params.filename.length > 128) {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`next(`
			`new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename too long.')`
			`);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`return;`
			`}`

			`if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) {`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`next(`
			`new Parse.Error(`
			`Parse.Error.INVALID_FILE_NAME,`
			`'Filename contains invalid characters.'`
			`)`
			`);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`return;`
			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Moves some logic from FilesRouter to FilesController for content-type and filename 2016-03-01 10:14:03 -05:00			`const filename = req.params.filename;`
			`const contentType = req.get('Content-type');`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`const config = req.config;`
			`const filesController = config.filesController;`

Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`filesController`
			`.createFile(config, filename, req.body, contentType)`
			`.then(result => {`
			`res.status(201);`
			`res.set('Location', result.url);`
			`res.json(result);`
			`})`
			`.catch(e => {`
Winston 3 upgrade (#5496) * ⚡ Release 3.1.3 (#5267) * ⚡ Release 3.1.3 * Update CHANGELOG.md * :arrow_up: Bump winston and winston-daily-rotate-file Bumps [winston](https://github.com/winstonjs/winston) and [winston-daily-rotate-file](https://github.com/winstonjs/winston-daily-rotate-file). These dependencies needed to be updated together. Updates `winston` from 2.4.4 to 3.1.0 - [Release notes](https://github.com/winstonjs/winston/releases) - [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md) - [Commits](https://github.com/winstonjs/winston/compare/2.4.4...3.1.0) Updates `winston-daily-rotate-file` from 1.7.2 to 3.5.1 - [Release notes](https://github.com/winstonjs/winston-daily-rotate-file/releases) - [Commits](https://github.com/winstonjs/winston-daily-rotate-file/compare/v1.7.2...v3.5.1) Signed-off-by: dependabot[bot] <support@dependabot.com> * Rewrote WinstonLogger to work with winston 3.x api * Changed winston logger test to use winston-transport * Added winston-transport dependency * Close and remove transports before adding them again * Changed to strict equal * Override adapter name * Updated and added getLogs tests * Bump winston and winston-daily-rotate-file Bumps [winston](https://github.com/winstonjs/winston) and [winston-daily-rotate-file](https://github.com/winstonjs/winston-daily-rotate-file). These dependencies needed to be updated together. Updates `winston` from 2.4.4 to 3.2.0 - [Release notes](https://github.com/winstonjs/winston/releases) - [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md) - [Commits](https://github.com/winstonjs/winston/compare/2.4.4...3.2.0) Updates `winston-daily-rotate-file` from 1.7.2 to 3.6.0 - [Release notes](https://github.com/winstonjs/winston-daily-rotate-file/releases) - [Commits](https://github.com/winstonjs/winston-daily-rotate-file/compare/v1.7.2...v3.6.0) Signed-off-by: dependabot[bot] <support@dependabot.com> * Fixed tests, updated parse logging * Fixed tests, better error logging * Fix failing tests * Updates as per review 2019-04-15 09:03:33 +10:00			`logger.error('Error creating a file: ', e);`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`next(`
Winston 3 upgrade (#5496) * ⚡ Release 3.1.3 (#5267) * ⚡ Release 3.1.3 * Update CHANGELOG.md * :arrow_up: Bump winston and winston-daily-rotate-file Bumps [winston](https://github.com/winstonjs/winston) and [winston-daily-rotate-file](https://github.com/winstonjs/winston-daily-rotate-file). These dependencies needed to be updated together. Updates `winston` from 2.4.4 to 3.1.0 - [Release notes](https://github.com/winstonjs/winston/releases) - [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md) - [Commits](https://github.com/winstonjs/winston/compare/2.4.4...3.1.0) Updates `winston-daily-rotate-file` from 1.7.2 to 3.5.1 - [Release notes](https://github.com/winstonjs/winston-daily-rotate-file/releases) - [Commits](https://github.com/winstonjs/winston-daily-rotate-file/compare/v1.7.2...v3.5.1) Signed-off-by: dependabot[bot] <support@dependabot.com> * Rewrote WinstonLogger to work with winston 3.x api * Changed winston logger test to use winston-transport * Added winston-transport dependency * Close and remove transports before adding them again * Changed to strict equal * Override adapter name * Updated and added getLogs tests * Bump winston and winston-daily-rotate-file Bumps [winston](https://github.com/winstonjs/winston) and [winston-daily-rotate-file](https://github.com/winstonjs/winston-daily-rotate-file). These dependencies needed to be updated together. Updates `winston` from 2.4.4 to 3.2.0 - [Release notes](https://github.com/winstonjs/winston/releases) - [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md) - [Commits](https://github.com/winstonjs/winston/compare/2.4.4...3.2.0) Updates `winston-daily-rotate-file` from 1.7.2 to 3.6.0 - [Release notes](https://github.com/winstonjs/winston-daily-rotate-file/releases) - [Commits](https://github.com/winstonjs/winston-daily-rotate-file/compare/v1.7.2...v3.6.0) Signed-off-by: dependabot[bot] <support@dependabot.com> * Fixed tests, updated parse logging * Fixed tests, better error logging * Fix failing tests * Updates as per review 2019-04-15 09:03:33 +10:00			`new Parse.Error(`
			`Parse.Error.FILE_SAVE_ERROR,`
			`Could not store file: ${filename}.`
			`)`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`);`
			`});`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`deleteHandler(req, res, next) {`
			`const filesController = req.config.filesController;`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`filesController`
			`.deleteFile(req.config, req.params.filename)`
			`.then(() => {`
			`res.status(200);`
			`// TODO: return useful JSON here?`
			`res.end();`
			`})`
			`.catch(() => {`
			`next(`
			`new Parse.Error(`
			`Parse.Error.FILE_DELETE_ERROR,`
			`'Could not delete file.'`
			`)`
			`);`
			`});`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`}`
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md 2016-06-10 20:27:21 -07:00			`}`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`function isFileStreamable(req, filesController) {`
			`return (`
			`req.get('Range') &&`
Stream video with GridFSBucketAdapter (implements byte-range requests) (#6028) * Stream video with GridFSBucketAdapter (implements byte-range requests) Closes: https://github.com/parse-community/parse-server/issues/5834 Similar to https://github.com/parse-community/parse-server/pull/2437 I ran into this issue while trying to view a mov file in safari from the dashboard. * Rename getFileStream to handleFileStream 2019-09-11 09:34:39 -05:00			`typeof filesController.adapter.handleFileStream === 'function'`
Use Prettier JS (#5017) * Adds prettier * Run lint before tests 2018-09-01 13:58:06 -04:00			`);`
Finding areas that are untested and need love (#4131) * Makes InstallationRouter like others * Adds testing for Range file requests - Fixes issue with small requests (0-2) * Revert "Makes InstallationRouter like others" This reverts commit e2d2a16ebf2757db6138c7b5b33c97c56c69ead6. * Better handling of errors in FilesRouter * Fix incorrectness in range requests * Better/simpler logic * Only on mongo at it requires Gridstore * Open file streaming to all adapters supporting it * Improves coverage of parsers * Ensures depreciation warning is effective * Removes unused function * de-duplicate logic * Removes necessity of overriding req.params.className on subclasses routers * Use babel-preset-env to ensure min-version compatible code * removes dead code * Leverage indexes in order to infer which field is duplicated upon signup - A note mentioned that it would be possible to leverage using the indexes on username/email to infer which is duplicated * Small nit * Better template to match column name * Restores original implementation for safety * nits 2017-09-05 17:51:11 -04:00			`}`