src/Routers/FilesRouter.js

import express             from 'express';
import BodyParser          from 'body-parser';
import * as Middlewares    from '../middlewares';
import { randomHexString } from '../cryptoUtils';
import Config              from '../Config';
import mime                from 'mime';

export class FilesRouter {

  expressRouter(options = {}) {
    var router = express.Router();
    router.get('/files/:appId/:filename', this.getHandler);

    router.post('/files', function(req, res, next) {
      next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,
        'Filename not provided.'));
    });

    router.post('/files/:filename',
      Middlewares.allowCrossDomain,
      BodyParser.raw({type: () => { return true; }, limit: options.maxUploadSize || '20mb'}), // Allow uploads without Content-Type, or with any Content-Type.
      Middlewares.handleParseHeaders,
      this.createHandler
    );

    router.delete('/files/:filename',
      Middlewares.allowCrossDomain,
      Middlewares.handleParseHeaders,
      Middlewares.enforceMasterKeyAccess,
      this.deleteHandler
    );
    return router;
  }

  getHandler(req, res) {
    const config = new Config(req.params.appId);
    const filesController = config.filesController;
    const filename = req.params.filename;
    const contentType = mime.lookup(filename);
    if (isFileStreamable(req, filesController)) {
      filesController.getFileStream(config, filename).then((stream) => {
        handleFileStream(stream, req, res, contentType);
      }).catch((err) => {
        res.status(404);
        res.set('Content-Type', 'text/plain');
        res.end('File not found.');
      });
    } else {
      filesController.getFileData(config, filename).then((data) => {
        res.status(200);
        res.set('Content-Type', contentType);
        res.set('Content-Length', data.length);
        res.end(data);
      }).catch((err) => {
        res.status(404);
        res.set('Content-Type', 'text/plain');
        res.end('File not found.');
      });
    }
  }

  createHandler(req, res, next) {
    if (!req.body || !req.body.length) {
      next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR,
        'Invalid file upload.'));
      return;
    }

    if (req.params.filename.length > 128) {
      next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,
        'Filename too long.'));
      return;
    }

    if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) {
      next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,
        'Filename contains invalid characters.'));
      return;
    }

    const filename = req.params.filename;
    const contentType = req.get('Content-type');
    const config = req.config;
    const filesController = config.filesController;

    filesController.createFile(config, filename, req.body, contentType).then((result) => {
      res.status(201);
      res.set('Location', result.url);
      res.json(result);
    }).catch((err) => {
      next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Could not store file.'));
    });
  }

  deleteHandler(req, res, next) {
    const filesController = req.config.filesController;
    filesController.deleteFile(req.config, req.params.filename).then(() => {
      res.status(200);
      // TODO: return useful JSON here?
      res.end();
    }).catch((error) => {
      next(new Parse.Error(Parse.Error.FILE_DELETE_ERROR,
        'Could not delete file.'));
    });
  }
}

function isFileStreamable(req, filesController){
  if (req.get('Range')) {
    if (!(typeof filesController.adapter.getFileStream === 'function')) {
      return false;
    }
    if (typeof filesController.adapter.constructor.name !== 'undefined') {
      if (filesController.adapter.constructor.name == 'GridStoreAdapter') {
        return true;
      }
    }
  }
  return false;
}

// handleFileStream is licenced under Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/).
// Author: LEROIB at weightingformypizza (https://weightingformypizza.wordpress.com/2015/06/24/stream-html5-media-content-like-video-audio-from-mongodb-using-express-and-gridstore/).
function handleFileStream(stream, req, res, contentType) {
  var buffer_size = 1024 * 1024;//1024Kb
  // Range request, partiall stream the file
  var parts = req.get('Range').replace(/bytes=/, "").split("-");
  var partialstart = parts[0];
  var partialend = parts[1];
  var start = partialstart ? parseInt(partialstart, 10) : 0;
  var end = partialend ? parseInt(partialend, 10) : stream.length - 1;
  var chunksize = (end - start) + 1;

  if (chunksize == 1) {
    start = 0;
    partialend = false;
  }

  if (!partialend) {
    if (((stream.length-1) - start) < (buffer_size)) {
        end = stream.length - 1;
    }else{
      end = start + (buffer_size);
    }
    chunksize = (end - start) + 1;
  }

  if (start == 0 && end == 2) {
    chunksize = 1;
  }

  res.writeHead(206, {
    'Content-Range': 'bytes ' + start + '-' + end + '/' + stream.length,
    'Accept-Ranges': 'bytes',
    'Content-Length': chunksize,
    'Content-Type': contentType,
  });

  stream.seek(start, function () {
    // get gridFile stream
    var gridFileStream = stream.stream(true);
    var ended = false;
    var bufferIdx = 0;
    var bufferAvail = 0;
    var range = (end - start) + 1;
    var totalbyteswanted = (end - start) + 1;
    var totalbyteswritten = 0;
    // write to response
    gridFileStream.on('data', function (buff) {
      bufferAvail += buff.length;
      //Ok check if we have enough to cover our range
      if (bufferAvail < range) {
        //Not enough bytes to satisfy our full range
        if (bufferAvail > 0) {
          //Write full buffer
          res.write(buff);
          totalbyteswritten += buff.length;
          range -= buff.length;
          bufferIdx += buff.length;
          bufferAvail -= buff.length;
        }
      } else {
        //Enough bytes to satisfy our full range!
        if (bufferAvail > 0) {
          const buffer = buff.slice(0,range);
          res.write(buffer);
          totalbyteswritten += buffer.length;
          bufferIdx += range;
          bufferAvail -= range;
        }
      }
      if (totalbyteswritten >= totalbyteswanted) {
        //totalbytes = 0;
        stream.close();
        res.end();
        this.destroy();
      }
    });
  });
}
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md 2016-06-10 20:27:21 -07:00			`import express from 'express';`
			`import BodyParser from 'body-parser';`
			`import * as Middlewares from '../middlewares';`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`import { randomHexString } from '../cryptoUtils';`
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md 2016-06-10 20:27:21 -07:00			`import Config from '../Config';`
			`import mime from 'mime';`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00
			`export class FilesRouter {`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Style improvements (#2475) * HooksRouter is enabled by default * Adds middleswares on PromiseRouter, fixes #2410 * Move testing line to helper * Modernize middlewares.js * Moves DB uniqueness initialization to DBController, modernize * Moves testing related code to spec folder * remove unused _removeHook function * Adds tests, docs for Analytics and improvements * nit * moves back TestUtils 2016-08-07 23:02:53 -04:00			`expressRouter(options = {}) {`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`var router = express.Router();`
			`router.get('/files/:appId/:filename', this.getHandler);`

			`router.post('/files', function(req, res, next) {`
			`next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,`
			`'Filename not provided.'));`
			`});`

			`router.post('/files/:filename',`
			`Middlewares.allowCrossDomain,`
Adds maxUploadSize option 2016-02-23 11:49:21 -05:00			`BodyParser.raw({type: () => { return true; }, limit: options.maxUploadSize \|\| '20mb'}), // Allow uploads without Content-Type, or with any Content-Type.`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`Middlewares.handleParseHeaders,`
			`this.createHandler`
			`);`

			`router.delete('/files/:filename',`
			`Middlewares.allowCrossDomain,`
			`Middlewares.handleParseHeaders,`
			`Middlewares.enforceMasterKeyAccess,`
			`this.deleteHandler`
			`);`
			`return router;`
			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
			`getHandler(req, res) {`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`const config = new Config(req.params.appId);`
			`const filesController = config.filesController;`
			`const filename = req.params.filename;`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`const contentType = mime.lookup(filename);`
			`if (isFileStreamable(req, filesController)) {`
			`filesController.getFileStream(config, filename).then((stream) => {`
			`handleFileStream(stream, req, res, contentType);`
			`}).catch((err) => {`
			`res.status(404);`
			`res.set('Content-Type', 'text/plain');`
			`res.end('File not found.');`
			`});`
			`} else {`
			`filesController.getFileData(config, filename).then((data) => {`
			`res.status(200);`
			`res.set('Content-Type', contentType);`
			`res.set('Content-Length', data.length);`
			`res.end(data);`
			`}).catch((err) => {`
			`res.status(404);`
			`res.set('Content-Type', 'text/plain');`
			`res.end('File not found.');`
			`});`
			`}`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`createHandler(req, res, next) {`
			`if (!req.body \|\| !req.body.length) {`
			`next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR,`
			`'Invalid file upload.'));`
			`return;`
			`}`

			`if (req.params.filename.length > 128) {`
			`next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,`
			`'Filename too long.'));`
			`return;`
			`}`

			`if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) {`
			`next(new Parse.Error(Parse.Error.INVALID_FILE_NAME,`
			`'Filename contains invalid characters.'));`
			`return;`
			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Moves some logic from FilesRouter to FilesController for content-type and filename 2016-03-01 10:14:03 -05:00			`const filename = req.params.filename;`
			`const contentType = req.get('Content-type');`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`const config = req.config;`
			`const filesController = config.filesController;`

Adds content type support in S3 2016-03-01 09:02:33 -05:00			`filesController.createFile(config, filename, req.body, contentType).then((result) => {`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00			`res.status(201);`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`res.set('Location', result.url);`
			`res.json(result);`
			`}).catch((err) => {`
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md 2016-06-10 20:27:21 -07:00			`next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Could not store file.'));`
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`});`
			`}`
Allow uploading files without content-type. 2016-02-22 13:59:24 -08:00
Refactors FilesController in FilesRouter and FilesController 2016-02-20 12:25:43 -05:00			`deleteHandler(req, res, next) {`
			`const filesController = req.config.filesController;`
			`filesController.deleteFile(req.config, req.params.filename).then(() => {`
			`res.status(200);`
			`// TODO: return useful JSON here?`
			`res.end();`
			`}).catch((error) => {`
			`next(new Parse.Error(Parse.Error.FILE_DELETE_ERROR,`
			`'Could not delete file.'));`
			`});`
			`}`
Unique indexes (#1971) * Add unique indexing * Add unique indexing for username/email * WIP * Finish unique indexes * Notes on how to upgrade to 2.3.0 safely * index on unique-indexes: c454180 Revert "Log objects rather than JSON stringified objects (#1922)" * reconfigure username/email tests * Start dealing with test shittyness * Remove tests for files that we are removing * most tests passing * fix failing test * Make specific server config for tests async * Fix more tests * fix more tests * Fix another test * fix more tests * Fix email validation * move some stuff around * Destroy server to ensure all connections are gone * Fix broken cloud code * Save callback to variable * no need to delete non existant cloud * undo * Fix all tests where connections are left open after server closes. * Fix issues caused by missing gridstore adapter * Update guide for 2.3.0 and fix final tests * use strict * don't use features that won't work in node 4 * Fix syntax error * Fix typos * Add duplicate finding command * Update 2.3.0.md 2016-06-10 20:27:21 -07:00			`}`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00
			`function isFileStreamable(req, filesController){`
Fixed 'undefined' when getting request header (#2635) 2016-09-01 14:12:30 +02:00			`if (req.get('Range')) {`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`if (!(typeof filesController.adapter.getFileStream === 'function')) {`
			`return false;`
			`}`
			`if (typeof filesController.adapter.constructor.name !== 'undefined') {`
			`if (filesController.adapter.constructor.name == 'GridStoreAdapter') {`
			`return true;`
			`}`
			`}`
			`}`
			`return false;`
			`}`

			`// handleFileStream is licenced under Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/).`
			`// Author: LEROIB at weightingformypizza (https://weightingformypizza.wordpress.com/2015/06/24/stream-html5-media-content-like-video-audio-from-mongodb-using-express-and-gridstore/).`
			`function handleFileStream(stream, req, res, contentType) {`
			`var buffer_size = 1024 * 1024;//1024Kb`
			`// Range request, partiall stream the file`
Fixed 'undefined' when getting request header (#2635) 2016-09-01 14:12:30 +02:00			`var parts = req.get('Range').replace(/bytes=/, "").split("-");`
Stream video with GridStoreAdapter (implements byte-range requests) (#2437) * Stream video with GridStoreAdapter * fixing nits. Removing test(Range not accepted as header) * nit * Changed names. Added function to check if stream-requirements is fulfilled. 2016-08-12 21:58:18 +02:00			`var partialstart = parts[0];`
			`var partialend = parts[1];`
			`var start = partialstart ? parseInt(partialstart, 10) : 0;`
			`var end = partialend ? parseInt(partialend, 10) : stream.length - 1;`
			`var chunksize = (end - start) + 1;`

			`if (chunksize == 1) {`
			`start = 0;`
			`partialend = false;`
			`}`

			`if (!partialend) {`
			`if (((stream.length-1) - start) < (buffer_size)) {`
			`end = stream.length - 1;`
			`}else{`
			`end = start + (buffer_size);`
			`}`
			`chunksize = (end - start) + 1;`
			`}`

			`if (start == 0 && end == 2) {`
			`chunksize = 1;`
			`}`

			`res.writeHead(206, {`
			`'Content-Range': 'bytes ' + start + '-' + end + '/' + stream.length,`
			`'Accept-Ranges': 'bytes',`
			`'Content-Length': chunksize,`
			`'Content-Type': contentType,`
			`});`

			`stream.seek(start, function () {`
			`// get gridFile stream`
			`var gridFileStream = stream.stream(true);`
			`var ended = false;`
			`var bufferIdx = 0;`
			`var bufferAvail = 0;`
			`var range = (end - start) + 1;`
			`var totalbyteswanted = (end - start) + 1;`
			`var totalbyteswritten = 0;`
			`// write to response`
			`gridFileStream.on('data', function (buff) {`
			`bufferAvail += buff.length;`
			`//Ok check if we have enough to cover our range`
			`if (bufferAvail < range) {`
			`//Not enough bytes to satisfy our full range`
			`if (bufferAvail > 0) {`
			`//Write full buffer`
			`res.write(buff);`
			`totalbyteswritten += buff.length;`
			`range -= buff.length;`
			`bufferIdx += buff.length;`
			`bufferAvail -= buff.length;`
			`}`
			`} else {`
			`//Enough bytes to satisfy our full range!`
			`if (bufferAvail > 0) {`
			`const buffer = buff.slice(0,range);`
			`res.write(buffer);`
			`totalbyteswritten += buffer.length;`
			`bufferIdx += range;`
			`bufferAvail -= range;`
			`}`
			`}`
			`if (totalbyteswritten >= totalbyteswanted) {`
			`//totalbytes = 0;`
			`stream.close();`
			`res.end();`
			`this.destroy();`
			`}`
			`});`
			`});`
			`}`