Create express middleware to determine if it is a brand logo

packages/app/src/server/middlewares/certify-brand-logo.ts

@@ -0,0 +1,28 @@
+import loggerFactory from '~/utils/logger';
+
+
+const logger = loggerFactory('growi:middleware:certify-brand-logo-fire');
+
+module.exports = (crowi) => {
+
+  return async(req, res, next) => {
+
+    const fileId = req.params.id || null;
+
+    const Attachment = crowi.model('Attachment');
+
+    const attachment = await Attachment.findOne({ _id: fileId });
+
+    if (attachment == null) {
+      return next();
+    }
+
+    if (attachment.isBrandLogo()) {
+      req.isBrandLogo = true;
+      return next();
+    }
+
+    next();
+  };
+
+};

packages/app/src/server/middlewares/certify-shared-file.js

@@ -1,4 +1,3 @@
-import { AttachmentType } from '~/server/interfaces/attachment';
 import loggerFactory from '~/utils/logger';
 
 
@@ -34,12 +33,6 @@ module.exports = (crowi) => {
       return next();
     }
 
-    const isBlandLogo = attachment.attachmentType === AttachmentType.BRAND_LOGO;
-    if (isBlandLogo) {
-      req.isSharedPage = true;
-      return next();
-    }
-
     const shareLinks = await ShareLink.find({ relatedPage: attachment.page });
 
     // If sharelinks don't exist, skip it

packages/app/src/server/middlewares/login-required.js

@@ -43,6 +43,12 @@ module.exports = (crowi, isGuestAllowed = false, fallback = null) => {
       return next();
     }
 
+    // Check if it is a Brand logo
+    if (req.isBrandLogo) {
+      logger.debug('Target is Brand logo');
+      return next();
+    }
+
     // is api path
     const baseUrl = req.baseUrl || '';
     if (baseUrl.match(/^\/_api\/.+$/)) {

packages/app/src/server/models/attachment.js

@@ -101,5 +101,9 @@ module.exports = function(crowi) {
     return this.save();
   };
 
+  attachmentSchema.methods.isBrandLogo = function() {
+    return this.attachmentType === AttachmentType.BRAND_LOGO;
+  };
+
   return mongoose.model('Attachment', attachmentSchema);
 };

packages/app/src/server/routes/index.js

@@ -30,6 +30,7 @@ module.exports = function(crowi, app) {
   const loginRequired = require('../middlewares/login-required')(crowi, true);
   const adminRequired = require('../middlewares/admin-required')(crowi);
   const certifySharedFile = require('../middlewares/certify-shared-file')(crowi);
+  const certifyBrandLogo = require('../middlewares/certify-brand-logo')(crowi);
   const rateLimiter = require('../middlewares/rate-limiter')();
   const addActivity = generateAddActivityMiddleware(crowi);
 
@@ -106,7 +107,7 @@ module.exports = function(crowi, app) {
   app.post('/_api/admin/import/qiita'           , loginRequiredStrictly , adminRequired , csrfProtection, addActivity, admin.api.importDataFromQiita);
   app.post('/_api/admin/import/testQiitaAPI'    , loginRequiredStrictly , adminRequired , csrfProtection, addActivity, admin.api.testQiitaAPI);
 
-  app.get('/attachment/brand-logo/:id([0-9a-z]{24})' , loginRequired, attachment.api.get);
+  app.get('/attachment/brand-logo/:id([0-9a-z]{24})' , certifyBrandLogo, loginRequired, attachment.api.get);
 
   /*
    * Routes below are unavailable when maintenance mode