// Copyright 2017 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package repo import ( "fmt" "net/http" "strconv" "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/storage" "code.gitea.io/gitea/modules/upload" gouuid "github.com/satori/go.uuid" ) func RenderAttachmentSettings(ctx *context.Context) { renderAttachmentSettings(ctx) } func renderAttachmentSettings(ctx *context.Context) { ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled ctx.Data["AttachmentStoreType"] = setting.Attachment.StoreType ctx.Data["AttachmentAllowedTypes"] = setting.Attachment.AllowedTypes ctx.Data["AttachmentMaxSize"] = setting.Attachment.MaxSize ctx.Data["AttachmentMaxFiles"] = setting.Attachment.MaxFiles } // UploadAttachment response for uploading issue's attachment func UploadAttachment(ctx *context.Context) { if !setting.Attachment.Enabled { ctx.Error(404, "attachment is not enabled") return } file, header, err := ctx.Req.FormFile("file") if err != nil { ctx.Error(500, fmt.Sprintf("FormFile: %v", err)) return } defer file.Close() buf := make([]byte, 1024) n, _ := file.Read(buf) if n > 0 { buf = buf[:n] } err = upload.VerifyAllowedContentType(buf, strings.Split(setting.Attachment.AllowedTypes, ",")) if err != nil { ctx.Error(400, err.Error()) return } datasetID, _ := strconv.ParseInt(ctx.Req.FormValue("dataset_id"), 10, 64) attach, err := models.NewAttachment(&models.Attachment{ IsPrivate: true, UploaderID: ctx.User.ID, Name: header.Filename, DatasetID: datasetID, }, buf, file) if err != nil { ctx.Error(500, fmt.Sprintf("NewAttachment: %v", err)) return } log.Trace("New attachment uploaded: %s", attach.UUID) ctx.JSON(200, map[string]string{ "uuid": attach.UUID, }) } func UpdatePublicAttachment(ctx *context.Context) { file := ctx.Query("file") isPrivate, _ := strconv.ParseBool(ctx.Query("is_private")) attach, err := models.GetAttachmentByUUID(file) if err != nil { ctx.Error(404, err.Error()) return } attach.IsPrivate = isPrivate models.UpdateAttachment(attach) } // DeleteAttachment response for deleting issue's attachment func DeleteAttachment(ctx *context.Context) { file := ctx.Query("file") attach, err := models.GetAttachmentByUUID(file) if err != nil { ctx.Error(400, err.Error()) return } if !ctx.IsSigned || (ctx.User.ID != attach.UploaderID) { ctx.Error(403) return } err = models.DeleteAttachment(attach, true) if err != nil { ctx.Error(500, fmt.Sprintf("DeleteAttachment: %v", err)) return } ctx.JSON(200, map[string]string{ "uuid": attach.UUID, }) } // GetAttachment serve attachements func GetAttachment(ctx *context.Context) { attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid")) if err != nil { if models.IsErrAttachmentNotExist(err) { ctx.Error(404) } else { ctx.ServerError("GetAttachmentByUUID", err) } return } repository, unitType, err := attach.LinkedRepository() if err != nil { ctx.ServerError("LinkedRepository", err) return } if repository == nil { //If not linked if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) { //We block if not the uploader ctx.Error(http.StatusNotFound) return } } else { //If we have the repository we check access perm, err := models.GetUserRepoPermission(repository, ctx.User) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error()) return } if !perm.CanRead(unitType) { ctx.Error(http.StatusNotFound) return } } dataSet, err := attach.LinkedDataSet() if err != nil { ctx.ServerError("LinkedDataSet", err) return } if dataSet != nil { isPermit, err := models.GetUserDataSetPermission(dataSet, ctx.User) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserDataSetPermission", err.Error()) return } if !isPermit { ctx.Error(http.StatusNotFound) return } } //If we have matched and access to release or issue if setting.Attachment.StoreType == storage.MinioStorageType { url, err := storage.Attachments.PresignedGetURL(attach.RelativePath(), attach.Name) if err != nil { ctx.ServerError("PresignedGetURL", err) return } if err = increaseDownloadCount(attach, dataSet); err != nil { ctx.ServerError("Update", err) return } http.Redirect(ctx.Resp, ctx.Req.Request, url, http.StatusMovedPermanently) } else { fr, err := storage.Attachments.Open(attach.RelativePath()) if err != nil { ctx.ServerError("Open", err) return } defer fr.Close() if err = increaseDownloadCount(attach, dataSet); err != nil { ctx.ServerError("Update", err) return } if err = ServeData(ctx, attach.Name, fr); err != nil { ctx.ServerError("ServeData", err) return } } } func increaseDownloadCount(attach *models.Attachment, dataSet *models.Dataset) error { if err := attach.IncreaseDownloadCount(); err != nil { return err } if dataSet != nil { if err := models.IncreaseDownloadCount(dataSet.ID); err != nil { return err } } return nil } // Get a presigned url for put object func GetPresignedPutObjectURL(ctx *context.Context) { if !setting.Attachment.Enabled { ctx.Error(404, "attachment is not enabled") return } err := upload.VerifyFileType(ctx.Params("file_type"), strings.Split(setting.Attachment.AllowedTypes, ",")) if err != nil { ctx.Error(400, err.Error()) return } if setting.Attachment.StoreType == storage.MinioStorageType { uuid := gouuid.NewV4().String() url, err := storage.Attachments.PresignedPutURL(models.AttachmentRelativePath(uuid)) if err != nil { ctx.ServerError("PresignedPutURL", err) return } ctx.JSON(200, map[string]string{ "uuid": uuid, "url": url, }) } else { ctx.Error(404, "storage type is not enabled") return } } // AddAttachment response for add attachment record func AddAttachment(ctx *context.Context) { uuid := ctx.Query("uuid") has, err := storage.Attachments.HasObject(models.AttachmentRelativePath(uuid)) if err != nil { ctx.ServerError("HasObject", err) return } if !has { ctx.Error(404, "attachment has not been uploaded") return } _, err = models.InsertAttachment(&models.Attachment{ UUID: uuid, UploaderID: ctx.User.ID, IsPrivate: true, Name: ctx.Query("file_name"), Size: ctx.QueryInt64("size"), DatasetID: ctx.QueryInt64("dataset_id"), }) if err != nil { ctx.Error(500, fmt.Sprintf("InsertAttachment: %v", err)) return } ctx.JSON(200, map[string]string{ "result_code": "0", }) } func NewMultipart(ctx *context.Context) { if !setting.Attachment.Enabled { ctx.Error(404, "attachment is not enabled") return } err := upload.VerifyFileType(ctx.Params("file_type"), strings.Split(setting.Attachment.AllowedTypes, ",")) if err != nil { ctx.Error(400, err.Error()) return } if setting.Attachment.StoreType == storage.MinioStorageType { uuid := gouuid.NewV4().String() url, err := storage.NewMultiPartUpload(uuid) if err != nil { ctx.ServerError("NewMultipart", err) return } ctx.JSON(200, map[string]string{ "uuid": uuid, "url": url, }) } else { ctx.Error(404, "storage type is not enabled") return } } func CompleteMultipart(ctx *context.Context) { uuid := ctx.Query("uuid") uploadID := ctx.Query("uploadID") completedParts := ctx.Query("completedParts") _, err := storage.CompleteMultiPartUpload(uuid, uploadID, completedParts) if err != nil { ctx.Error(500, fmt.Sprintf("CompleteMultiPartUpload failed: %v", err)) return } _, err = models.InsertAttachment(&models.Attachment{ UUID: uuid, UploaderID: ctx.User.ID, IsPrivate: true, Name: ctx.Query("file_name"), Size: ctx.QueryInt64("size"), DatasetID: ctx.QueryInt64("dataset_id"), }) if err != nil { ctx.Error(500, fmt.Sprintf("InsertAttachment: %v", err)) return } ctx.JSON(200, map[string]string{ "result_code": "0", }) }