implement certifySharedFileMiddleware

apps/app/src/server/middlewares/certify-shared-file/certify-shared-file.spec.ts

@@ -1,6 +1,8 @@
 import type { Response } from 'express';
 import { mock } from 'vitest-mock-extended';
 
+import { ShareLinkDocument } from '~/server/models/share-link';
+
 import { certifySharedFileMiddleware, type RequestToAllowShareLink } from './certify-shared-file';
 import { ValidReferer } from './interfaces';
 
@@ -8,11 +10,13 @@ const mocks = vi.hoisted(() => {
   return {
     validateRefererMock: vi.fn(),
     retrieveValidShareLinkByRefererMock: vi.fn(),
+    validateAttachmentMock: vi.fn(),
   };
 });
 
 vi.mock('./validate-referer', () => ({ validateReferer: mocks.validateRefererMock }));
 vi.mock('./retrieve-valid-share-link', () => ({ retrieveValidShareLinkByReferer: mocks.retrieveValidShareLinkByRefererMock }));
+vi.mock('./validate-attachment', () => ({ validateAttachment: mocks.validateAttachmentMock }));
 
 
 describe('certifySharedFileMiddleware', () => {
@@ -76,5 +80,32 @@ describe('certifySharedFileMiddleware', () => {
       expect(next).toHaveBeenCalledOnce();
     });
 
+    it('when validateAttachment returns false', async() => {
+      // setup
+      const req = mock<RequestToAllowShareLink>();
+      req.params = { id: 'file id string' };
+      req.headers = { referer: 'referer string' };
+
+      const validReferer = vi.fn();
+      mocks.validateRefererMock.mockImplementation(() => validReferer);
+
+      const shareLinkMock = mock<ShareLinkDocument>();
+      mocks.retrieveValidShareLinkByRefererMock.mockResolvedValue(shareLinkMock);
+
+      mocks.validateAttachmentMock.mockResolvedValue(false);
+
+      // when
+      await certifySharedFileMiddleware(req, res, next);
+
+      // then
+      expect(mocks.validateRefererMock).toHaveBeenCalledOnce();
+      expect(mocks.validateRefererMock).toHaveBeenCalledWith('referer string');
+      expect(mocks.retrieveValidShareLinkByRefererMock).toHaveBeenCalledOnce();
+      expect(mocks.retrieveValidShareLinkByRefererMock).toHaveBeenCalledWith(validReferer);
+      expect(mocks.validateAttachmentMock).toHaveBeenCalledOnce();
+      expect(mocks.validateAttachmentMock).toHaveBeenCalledWith('file id string', shareLinkMock);
+      expect(next).toHaveBeenCalledOnce();
+    });
+
   });
 });

apps/app/src/server/middlewares/certify-shared-file/certify-shared-file.ts

@@ -38,10 +38,10 @@ export const certifySharedFileMiddleware = async(req: RequestToAllowShareLink, r
     return next();
   }
 
-  // if (!validateAttachment(fileId, shareLink)) {
-  //   logger.info(`No valid ShareLink document found by the fileId (${fileId}) and referer (${validReferer.referer}})`);
-  //   return next();
-  // }
+  if (!(await validateAttachment(fileId, shareLink))) {
+    logger.info(`No valid ShareLink document found by the fileId (${fileId}) and referer (${validReferer.referer}})`);
+    return next();
+  }
 
   // const Attachment = getModelSafely<IAttachment>('Attachment');
   // if (Attachment == null) {

apps/app/src/server/middlewares/certify-shared-file/retrieve-valid-share-link.ts

@@ -1,4 +1,4 @@
-import type { ShareLinkModel } from '~/server/models/share-link';
+import type { ShareLinkDocument, ShareLinkModel } from '~/server/models/share-link';
 import { getModelSafely } from '~/server/util/mongoose-utils';
 import loggerFactory from '~/utils/logger';
 
@@ -8,8 +8,8 @@ import type { ValidReferer } from './interfaces';
 const logger = loggerFactory('growi:middleware:certify-shared-fire:retrieve-valid-share-link');
 
 
-export const retrieveValidShareLinkByReferer = async(referer: ValidReferer): Promise<ShareLinkModel | null> => {
-  const ShareLink = getModelSafely<ShareLinkModel>('ShareLink');
+export const retrieveValidShareLinkByReferer = async(referer: ValidReferer): Promise<ShareLinkDocument | null> => {
+  const ShareLink = getModelSafely<ShareLinkDocument, ShareLinkModel>('ShareLink');
   if (ShareLink == null) {
     logger.warn('Could not get ShareLink model. next() will be called without processing anything.');
     return null;

apps/app/src/server/middlewares/certify-shared-file/validate-attachment.ts

@@ -1,7 +1,25 @@
-import type { IShareLink } from '~/interfaces/share-link';
+import { getIdForRef, type IAttachment } from '@growi/core';
 
-export const validateAttachment = (fileId: string, shareLink: IShareLink): boolean => {
-  // count
+import { ShareLinkDocument } from '~/server/models/share-link';
+import { getModelSafely } from '~/server/util/mongoose-utils';
+import loggerFactory from '~/utils/logger';
 
-  return false;
+
+const logger = loggerFactory('growi:middleware:certify-shared-fire:validate-attachment');
+
+
+export const validateAttachment = async(fileId: string, shareLink: ShareLinkDocument): Promise<boolean> => {
+  const Attachment = getModelSafely<IAttachment>('Attachment');
+  if (Attachment == null) {
+    logger.warn('Could not get Attachment model. next() will be called without processing anything.');
+    return false;
+  }
+
+  const relatedPageId = getIdForRef(shareLink.relatedPage);
+  const result = await Attachment.exists({
+    _id: fileId,
+    page: relatedPageId,
+  });
+
+  return result != null;
 };