import express from 'express'; import BodyParser from 'body-parser'; import * as Middlewares from '../middlewares'; import Parse from 'parse/node'; import Config from '../Config'; import mime from 'mime'; import logger from '../logger'; export class FilesRouter { expressRouter({ maxUploadSize = '20Mb' } = {}) { var router = express.Router(); router.get('/files/:appId/:filename', this.getHandler); router.post('/files', function(req, res, next) { next(new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename not provided.')); }); router.post('/files/:filename', Middlewares.allowCrossDomain, BodyParser.raw({type: () => { return true; }, limit: maxUploadSize }), // Allow uploads without Content-Type, or with any Content-Type. Middlewares.handleParseHeaders, this.createHandler ); router.delete('/files/:filename', Middlewares.allowCrossDomain, Middlewares.handleParseHeaders, Middlewares.enforceMasterKeyAccess, this.deleteHandler ); return router; } getHandler(req, res) { const config = new Config(req.params.appId); const filesController = config.filesController; const filename = req.params.filename; const contentType = mime.lookup(filename); if (isFileStreamable(req, filesController)) { filesController.getFileStream(config, filename).then((stream) => { handleFileStream(stream, req, res, contentType); }).catch(() => { res.status(404); res.set('Content-Type', 'text/plain'); res.end('File not found.'); }); } else { filesController.getFileData(config, filename).then((data) => { res.status(200); res.set('Content-Type', contentType); res.set('Content-Length', data.length); res.end(data); }).catch(() => { res.status(404); res.set('Content-Type', 'text/plain'); res.end('File not found.'); }); } } createHandler(req, res, next) { if (!req.body || !req.body.length) { next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Invalid file upload.')); return; } if (req.params.filename.length > 128) { next(new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename too long.')); return; } if (!req.params.filename.match(/^[_a-zA-Z0-9][a-zA-Z0-9@\.\ ~_-]*$/)) { next(new Parse.Error(Parse.Error.INVALID_FILE_NAME, 'Filename contains invalid characters.')); return; } const filename = req.params.filename; const contentType = req.get('Content-type'); const config = req.config; const filesController = config.filesController; filesController.createFile(config, filename, req.body, contentType).then((result) => { res.status(201); res.set('Location', result.url); res.json(result); }).catch((e) => { logger.error(e.message, e); next(new Parse.Error(Parse.Error.FILE_SAVE_ERROR, 'Could not store file.')); }); } deleteHandler(req, res, next) { const filesController = req.config.filesController; filesController.deleteFile(req.config, req.params.filename).then(() => { res.status(200); // TODO: return useful JSON here? res.end(); }).catch(() => { next(new Parse.Error(Parse.Error.FILE_DELETE_ERROR, 'Could not delete file.')); }); } } function isFileStreamable(req, filesController){ return req.get('Range') && typeof filesController.adapter.getFileStream === 'function'; } function getRange(req) { const parts = req.get('Range').replace(/bytes=/, "").split("-"); return { start: parseInt(parts[0], 10), end: parseInt(parts[1], 10) }; } // handleFileStream is licenced under Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). // Author: LEROIB at weightingformypizza (https://weightingformypizza.wordpress.com/2015/06/24/stream-html5-media-content-like-video-audio-from-mongodb-using-express-and-gridstore/). function handleFileStream(stream, req, res, contentType) { const buffer_size = 1024 * 1024; //1024Kb // Range request, partiall stream the file let { start, end } = getRange(req); const notEnded = (!end && end !== 0); const notStarted = (!start && start !== 0); // No end provided, we want all bytes if (notEnded) { end = stream.length - 1; } // No start provided, we're reading backwards if (notStarted) { start = stream.length - end; end = start + end - 1; } // Data exceeds the buffer_size, cap if (end - start >= buffer_size) { end = start + buffer_size - 1; } const contentLength = (end - start) + 1; res.writeHead(206, { 'Content-Range': 'bytes ' + start + '-' + end + '/' + stream.length, 'Accept-Ranges': 'bytes', 'Content-Length': contentLength, 'Content-Type': contentType, }); stream.seek(start, function () { // get gridFile stream const gridFileStream = stream.stream(true); let bufferAvail = 0; let remainingBytesToWrite = contentLength; let totalBytesWritten = 0; // write to response gridFileStream.on('data', function (data) { bufferAvail += data.length; if (bufferAvail > 0) { // slice returns the same buffer if overflowing // safe to call in any case const buffer = data.slice(0, remainingBytesToWrite); // write the buffer res.write(buffer); // increment total totalBytesWritten += buffer.length; // decrement remaining remainingBytesToWrite -= data.length; // decrement the avaialbe buffer bufferAvail -= buffer.length; } // in case of small slices, all values will be good at that point // we've written enough, end... if (totalBytesWritten >= contentLength) { stream.close(); res.end(); this.destroy(); } }); }); }