6 лет назад · 723f9c8fb7
--- a/packages/growi-plugin-attachment-refs/src/server-entry.js
+++ b/packages/growi-plugin-attachment-refs/src/server-entry.js
@@ -1,2 +1,4 @@
 
				 module.exports = (crowi, app) => {
			
 
				+  // add routes
			
 
				+  require('./server/routes')(crowi, app);
			
 
				 };
			
--- a/packages/growi-plugin-attachment-refs/src/server/routes/index.js
+++ b/packages/growi-plugin-attachment-refs/src/server/routes/index.js
@@ -0,0 +1,4 @@
 
				+module.exports = (crowi, app) => {
			
 
				+  // add routes
			
 
				+  app.use('/_api/plugin', require('./refs')(crowi, app));
			
 
				+};
			
--- a/packages/growi-plugin-attachment-refs/src/server/routes/refs.js
+++ b/packages/growi-plugin-attachment-refs/src/server/routes/refs.js
@@ -0,0 +1,55 @@
 
				+const loggerFactory = require('@alias/logger');
			
 
				+
			
 
				+const logger = loggerFactory('growi-plugin:attachment-refs:routes:refs');
			
 
				+
			
 
				+module.exports = (crowi) => {
			
 
				+  const express = crowi.require('express');
			
 
				+  const router = express.Router();
			
 
				+
			
 
				+  const Page = crowi.model('Page');
			
 
				+  const Attachment = crowi.model('Attachment');
			
 
				+
			
 
				+  /**
			
 
				+   * return an Attachment model
			
 
				+   */
			
 
				+  router.get('/ref', async(req, res) => {
			
 
				+    const user = req.user;
			
 
				+    const { pagePath, fileName } = req.query;
			
 
				+    // const options = JSON.parse(req.query.options);
			
 
				+
			
 
				+    if (pagePath == null) {
			
 
				+      res.status(400).send('the param \'pagePath\' must be set.');
			
 
				+      return;
			
 
				+    }
			
 
				+
			
 
				+    try {
			
 
				+      const attachment = await Attachment.findOne({
			
 
				+        originalName: fileName,
			
 
				+      });
			
 
				+
			
 
				+      // not found
			
 
				+      if (attachment == null) {
			
 
				+        res.status(404).send(`fileName: '${fileName}' is not found.`);
			
 
				+        return;
			
 
				+      }
			
 
				+
			
 
				+      logger.debug(`attachment '${attachment.id}' is found from filename '${fileName}'`);
			
 
				+
			
 
				+      // forbidden
			
 
				+      const isAccessible = await Page.isAccessiblePageByViewer(attachment.page, user);
			
 
				+      if (!isAccessible) {
			
 
				+        logger.debug(`attachment '${attachment.id}' is forbidden for user '${user && user.username}'`);
			
 
				+        res.status(403).send(`page '${attachment.page}' is forbidden.`);
			
 
				+        return;
			
 
				+      }
			
 
				+
			
 
				+      res.status(200).send({ status: 'ok', attachment: attachment.toObject() });
			
 
				+    }
			
 
				+    catch (err) {
			
 
				+      logger.error(err);
			
 
				+      res.status(503).send({ err });
			
 
				+    }
			
 
				+  });
			
 
				+
			
 
				+  return router;
			
 
				+};