kami-parse-server/src/Routers/FilesRouter.js

import express from 'express';
import BodyParser from 'body-parser';
import * as Middlewares from '../middlewares';
import Parse from 'parse/node';
import Config from '../Config';
import mime from 'mime';
import logger from '../logger';

export class FilesRouter {
  expressRouter({ maxUploadSize = '20Mb' } = {}) {
    var router = express.Router();
    router.get('/files/:appId/:filename', this.getHandler);

    router.post('/files', function(req, res, next) {
      next(
        new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename not provided.')
      );
    });

    router.post(
      '/files/:filename',
      Middlewares.allowCrossDomain,
      BodyParser.raw({
        type: () => {
          return true;
        },
        limit: maxUploadSize,
      }), // Allow uploads without Content-Type, or with any Content-Type.
      Middlewares.handleParseHeaders,
      this.createHandler
    );

    router.delete(
      '/files/:filename',
      Middlewares.allowCrossDomain,
      Middlewares.handleParseHeaders,
      Middlewares.enforceMasterKeyAccess,
      this.deleteHandler
    );
    return router;
  }

  getHandler(req, res) {
    const config = Config.get(req.params.appId);
    const filesController = config.filesController;
    const filename = req.params.filename;
    const contentType = mime.getType(filename);
    if (isFileStreamable(req, filesController)) {
      filesController
        .getFileStream(config, filename)
        .then(stream => {
          handleFileStream(stream, req, res, contentType);
        })
        .catch(() => {
          res.status(404);
          res.set('Content-Type', 'text/plain');
          res.end('File not found.');
        });
    } else {
      filesController
        .getFileData(config, filename)
        .then(data => {
          res.status(200);
          res.set('Content-Type', contentType);
          res.set('Content-Length', data.length);
          res.end(data);
        })
        .catch(() => {
          res.status(404);
          res.set('Content-Type', 'text/plain');
          res.end('File not found.');
        });
    }
  }

  createHandler(req, res, next) {
    if (!req.body || !req.body.length) {
      next(
        new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Invalid file upload.')
      );
      return;
    }

    if (req.params.filename.length > 128) {
      next(
        new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename too long.')
      );
      return;
    }

    if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) {
      next(
        new Parse.Error(
          Parse.Error.INVALID_FILE_NAME,
          'Filename contains invalid characters.'
        )
      );
      return;
    }

    const filename = req.params.filename;
    const contentType = req.get('Content-type');
    const config = req.config;
    const filesController = config.filesController;

    filesController
      .createFile(config, filename, req.body, contentType)
      .then(result => {
        res.status(201);
        res.set('Location', result.url);
        res.json(result);
      })
      .catch(e => {
        logger.error(e.message, e);
        next(
          new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Could not store file.')
        );
      });
  }

  deleteHandler(req, res, next) {
    const filesController = req.config.filesController;
    filesController
      .deleteFile(req.config, req.params.filename)
      .then(() => {
        res.status(200);
        // TODO: return useful JSON here?
        res.end();
      })
      .catch(() => {
        next(
          new Parse.Error(
            Parse.Error.FILE_DELETE_ERROR,
            'Could not delete file.'
          )
        );
      });
  }
}

function isFileStreamable(req, filesController) {
  return (
    req.get('Range') &&
    typeof filesController.adapter.getFileStream === 'function'
  );
}

function getRange(req) {
  const parts = req
    .get('Range')
    .replace(/bytes=/, '')
    .split('-');
  return { start: parseInt(parts[0], 10), end: parseInt(parts[1], 10) };
}

// handleFileStream is licenced under Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/).
// Author: LEROIB at weightingformypizza (https://weightingformypizza.wordpress.com/2015/06/24/stream-html5-media-content-like-video-audio-from-mongodb-using-express-and-gridstore/).
function handleFileStream(stream, req, res, contentType) {
  const buffer_size = 1024 * 1024; //1024Kb
  // Range request, partiall stream the file
  let { start, end } = getRange(req);

  const notEnded = !end && end !== 0;
  const notStarted = !start && start !== 0;
  // No end provided, we want all bytes
  if (notEnded) {
    end = stream.length - 1;
  }
  // No start provided, we're reading backwards
  if (notStarted) {
    start = stream.length - end;
    end = start + end - 1;
  }

  // Data exceeds the buffer_size, cap
  if (end - start >= buffer_size) {
    end = start + buffer_size - 1;
  }

  const contentLength = end - start + 1;

  res.writeHead(206, {
    'Content-Range': 'bytes ' + start + '-' + end + '/' + stream.length,
    'Accept-Ranges': 'bytes',
    'Content-Length': contentLength,
    'Content-Type': contentType,
  });

  stream.seek(start, function() {
    // get gridFile stream
    const gridFileStream = stream.stream(true);
    let bufferAvail = 0;
    let remainingBytesToWrite = contentLength;
    let totalBytesWritten = 0;
    // write to response
    gridFileStream.on('data', function(data) {
      bufferAvail += data.length;
      if (bufferAvail > 0) {
        // slice returns the same buffer if overflowing
        // safe to call in any case
        const buffer = data.slice(0, remainingBytesToWrite);
        // write the buffer
        res.write(buffer);
        // increment total
        totalBytesWritten += buffer.length;
        // decrement remaining
        remainingBytesToWrite -= data.length;
        // decrement the avaialbe buffer
        bufferAvail -= buffer.length;
      }
      // in case of small slices, all values will be good at that point
      // we've written enough, end...
      if (totalBytesWritten >= contentLength) {
        stream.close();
        res.end();
        this.destroy();
      }
    });
  });
}