5 лет назад · a30d0c8e16
--- a/src/server/middlewares/certify-shared-file.js
+++ b/src/server/middlewares/certify-shared-file.js
@@ -0,0 +1,32 @@
 
															+const loggerFactory = require('@alias/logger');
														
 
															+
														
 
															+const logger = loggerFactory('growi:middleware:certify-shared-fire');
														
 
															+
														
 
															+module.exports = (crowi) => {
														
 
															+
														
 
															+  return async(req, res, next) => {
														
 
															+    // TODO
														
 
															+    // const pageId = req.query.page_id || req.body.page_id || null;
														
 
															+    // const shareLinkId = req.query.share_link_id || req.body.share_link_id || null;
														
 
															+    // if (pageId == null || shareLinkId == null) {
														
 
															+    //   return next();
														
 
															+    // }
														
 
															+
														
 
															+    // const ShareLink = crowi.model('ShareLink');
														
 
															+    // const sharelink = await ShareLink.findOne({ _id: shareLinkId, relatedPage: pageId });
														
 
															+
														
 
															+    // // check sharelink enabled
														
 
															+    // if (sharelink == null || sharelink.isExpired()) {
														
 
															+    //   return next();
														
 
															+    // }
														
 
															+
														
 
															+    // logger.debug('shareLink id is', sharelink._id);
														
 
															+
														
 
															+    // req.isSharedPage = true;
														
 
															+
														
 
															+    // logger.debug('Confirmed target page id is a share page');
														
 
															+
														
 
															+    next();
														
 
															+  };
														
 
															+
														
 
															+};
														
--- a/src/server/routes/index.js
+++ b/src/server/routes/index.js
@@ -11,6 +11,7 @@ module.exports = function(crowi, app) {
 
															   const loginRequired = require('../middlewares/login-required')(crowi, true);
														
 
															   const adminRequired = require('../middlewares/admin-required')(crowi);
														
 
															   const certifySharedPage = require('../middlewares/certify-shared-page')(crowi);
														
 
															+  const certifySharedFile = require('../middlewares/certify-shared-file')(crowi);
														
 
															   const csrf = require('../middlewares/csrf')(crowi);
														
 
															   const uploads = multer({ dest: `${crowi.tmpDir}uploads` });
														
@@ -121,7 +122,7 @@ module.exports = function(crowi, app) {
 
															   app.get('/:id([0-9a-z]{24})'       , loginRequired , page.redirector);
														
 
															   app.get('/_r/:id([0-9a-z]{24})'    , loginRequired , page.redirector); // alias
														
 
															-  app.get('/attachment/:id([0-9a-z]{24})'  , loginRequired, attachment.api.get);
														
 
															+  app.get('/attachment/:id([0-9a-z]{24})' , certifySharedFile , loginRequired, attachment.api.get);
														
 
															   app.get('/attachment/profile/:id([0-9a-z]{24})' , loginRequired, attachment.api.get);
														
 
															   app.get('/attachment/:pageId/:fileName', loginRequired, attachment.api.obsoletedGetForMongoDB); // DEPRECATED: remains for backward compatibility for v3.3.x or below
														
 
															   app.get('/download/:id([0-9a-z]{24})'    , loginRequired, attachment.api.download);