Главная Обзор Помощь
Вход
wiki
/
weseek__growi
зеркало из https://github.com/weseek/growi
2
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 7cd4eedf5f
Ветки Метки
weseek__growi
/
src
/
server
/
middlewares
/
certify-shared-file.js

certify-shared-file.js 1.2 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. const loggerFactory = require('@alias/logger');
    2. 

  2. const url = require('url');
    3. 

  3. 

  4. const logger = loggerFactory('growi:middleware:certify-shared-fire');
    5. 

  5. 

  6. module.exports = (crowi) => {
    7. 

  7. 

  8.   return async(req, res, next) => {
    9. 

  9.     const { referer } = req.headers;
    10. 

  10. 

  11.     // Attachments cannot be viewed by clients who do not send referer.
    12. 

  12.     // https://github.com/weseek/growi/issues/2819
    13. 

  13.     if (referer == null) {
    14. 

  14.       return next();
    15. 

  15.     }
    16. 

  16. 

  17.     const { path } = url.parse(referer);
    18. 

  18. 

  19.     if (!path.startsWith('/share/')) {
    20. 

  20.       return next();
    21. 

  21.     }
    22. 

  22. 

  23.     const fileId = req.params.id || null;
    24. 

  24. 

  25.     const Attachment = crowi.model('Attachment');
    26. 

  26.     const ShareLink = crowi.model('ShareLink');
    27. 

  27. 

  28.     const attachment = await Attachment.findOne({ _id: fileId });
    29. 

  29. 

  30.     if (attachment == null) {
    31. 

  31.       return next();
    32. 

  32.     }
    33. 

  33. 

  34.     const shareLinks = await ShareLink.find({ relatedPage: attachment.page });
    35. 

  35. 

  36.     // If sharelinks don't exist, skip it
    37. 

  37.     if (shareLinks.length === 0) {
    38. 

  38.       return next();
    39. 

  39.     }
    40. 

  40. 

  41.     // Is there a valid share link
    42. 

  42.     shareLinks.map((sharelink) => {
    43. 

  43.       if (!sharelink.isExpired()) {
    44. 

  44.         logger.debug('Confirmed target file belong to a share page');
    45. 

  45.         req.isSharedPage = true;
    46. 

  46.       }
    47. 

  47.       return;
    48. 

  48.     });
    49. 

  49. 

  50.     next();
    51. 

  51.   };
    52. 

  52. 

  53. };
    54.