Add mime types and continue on api implementation

apps/app/src/server/routes/apiv3/configurable-mime-types.ts

@@ -0,0 +1,15 @@
+export const CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION = [
+  'image/png',
+  'image/jpeg',
+  'image/gif',
+  'image/webp',
+  'image/bmp',
+  'image/x-icon',
+  'application/pdf',
+  'video/mp4',
+  'audio/mpeg',
+  'text/plain',
+  'text/html', // Likely default to false
+  'application/javascript', // Likely default to false
+  'image/svg+xml', // Likely default to false
+];

apps/app/src/server/routes/apiv3/content-disposition-settings.js

@@ -7,13 +7,14 @@ import loggerFactory from '~/utils/logger';
 import { generateAddActivityMiddleware } from '../../middlewares/add-activity';
 import { apiV3FormValidator } from '../../middlewares/apiv3-form-validator';
 
+import { CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION } from './configurable-mime-types';
 
+// set config definitions
+// change to content disposition settings
 const logger = loggerFactory('growi:routes:apiv3:markdown-setting');
-
 const express = require('express');
 
 const router = express.Router();
-
 const { body } = require('express-validator');
 
 
@@ -24,23 +25,70 @@ module.exports = (crowi) => {
   const activityEvent = crowi.event('activity');
 
 
-  router.get('/', loginRequiredStrictly, adminRequired, async(req, res) => {
-    const contentDispositionSettings = {
-      // change to mime types
-      isEnabledLinebreaks: await crowi.configManager.getConfig('markdown:isEnabledLinebreaks'),
-      isEnabledLinebreaksInComments: await crowi.configManager.getConfig('markdown:isEnabledLinebreaksInComments'),
-      adminPreferredIndentSize: await crowi.configManager.getConfig('markdown:adminPreferredIndentSize'),
-      isIndentSizeForced: await crowi.configManager.getConfig('markdown:isIndentSizeForced'),
-      isEnabledXss: await crowi.configManager.getConfig('markdown:rehypeSanitize:isEnabledPrevention'),
-      xssOption: await crowi.configManager.getConfig('markdown:rehypeSanitize:option'),
-      tagWhitelist: await crowi.configManager.getConfig('markdown:rehypeSanitize:tagNames'),
-      attrWhitelist: await crowi.configManager.getConfig('markdown:rehypeSanitize:attributes'),
-    };
+  router.get('/content-disposition', loginRequiredStrictly, adminRequired, async(req, res) => {
+    const promises = CONFIGURABLE_MIME_TYPES_FOR_DISPOSITION.map(async(mimeType) => {
+      const configKey = `attachments:contentDisposition:${mimeType}:inline`;
+      try {
+        const value = await crowi.configManager.getConfig(configKey);
+        return { mimeType, value };
+      }
+
+      catch (err) {
+        logger.warn(`Could not retrieve config for ${configKey}: ${err.message}`);
+        return { mimeType, value: false };
+      }
+    });
+
+    const results = await Promise.all(promises);
+
+    const contentDispositionSettings = {};
+    for (const result of results) {
+      contentDispositionSettings[result.mimeType] = result.value;
+    }
 
     return res.apiv3({ contentDispositionSettings });
   });
 
-  // add functions for adding and removing allowed mime types
+  // sets any specified mime type
+  // needs body { isInline: boolean }
+  router.put('/content-disposition/:mimeType',
+    loginRequiredStrictly,
+    adminRequired,
+    addActivity,
+    // validator.updateContentDisposition, // Validate path and body
+    apiV3FormValidator,
+    async(req, res) => {
+      const { mimeType } = req.params; // Get mimeType from URL path
+      const { isInline } = req.body; // Get isInline from request body
+
+      const configKey = `attachments:contentDisposition:${mimeType}:inline`;
+
+      try {
+        // Update the configuration in the database
+        await configManager.updateConfigs({ [configKey]: isInline });
+
+        // Retrieve the updated value to send back in the response (best practice)
+        const updatedIsInline = await crowi.configManager.getConfig(configKey);
+
+        // Emit activity event for auditing
+        const parameters = {
+          action: SupportedAction.ACTION_ADMIN_ATTACHMENT_DISPOSITION_UPDATE, // need to define this SupportedAction
+          mimeType,
+          isInline: updatedIsInline,
+        };
+        activityEvent.emit('update', res.locals.activity._id, parameters);
+
+        // Return success response
+        return res.apiv3({ mimeType, isInline: updatedIsInline });
+      }
+      // Moved catch to new line for brace-style
+      catch (err) {
+        const msg = `Error occurred in updating content disposition for MIME type: ${mimeType}`;
+        logger.error(msg, err);
+        return res.apiv3Err(new ErrorV3(msg, 'update-content-disposition-failed'));
+      }
+    });
+
   // add function for setting predetermined allowed mime types in lists
   // Recommended, Strict, Moderately strict, Lax, etc