From 8a0e649f989a824bb3bbfd1900a5b8e5383b47e1 Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Fri, 30 Sep 2016 11:06:30 -0400 Subject: PLT-3105 Files table migration (#4068) * Implemented initial changes for files table * Removed *_benchmark_test.go files * Re-implemented GetPublicFile and added support for old path * Localization for files table * Moved file system code into utils package * Finished server-side changes and added initial upgrade script * Added getPostFiles api * Re-add Extension and HasPreviewImage fields to FileInfo * Removed unused translation * Fixed merge conflicts left over after permissions changes * Forced FileInfo.extension to be lower case * Changed FileUploadResponse to contain the FileInfos instead of FileIds * Fixed permissions on getFile* calls * Fixed notifications for file uploads * Added initial version of client code for files changes * Permanently added FileIds field to Post object and removed Post.HasFiles * Updated PostStore.Update to be usable in more circumstances * Re-added Filenames field and switched file migration to be entirely lazy-loaded * Increased max listener count for FileStore * Removed unused fileInfoCache * Moved file system code back into api * Removed duplicate test case * Fixed unit test running on ports other than 8065 * Renamed HasPermissionToPostContext to HasPermissionToChannelByPostContext * Refactored handleImages to make it more easily understandable * Renamed getPostFiles to getFileInfosForPost * Re-added pre-FileIds posts to analytics * Changed files to be saved as their ids as opposed to id/filename.ext * Renamed FileInfo.UserId to FileInfo.CreatorId * Fixed detection of language in CodePreview * Fixed switching between threads in the RHS not loading new files * Add serverside protection against a rare bug where the client sends the same file twice for a single post * Refactored the important parts of uploadFile api call into a function that can be called without a web context --- api/api.go | 8 +- api/authorization.go | 36 ++ api/auto_posts.go | 37 +- api/channel_benchmark_test.go | 284 ------------- api/file.go | 649 +++++++++++++++++++----------- api/file_benchmark_test.go | 70 ---- api/file_test.go | 898 ++++++++++++++++++++++++++++++------------ api/post.go | 166 +++++--- api/post_benchmark_test.go | 148 ------- api/post_test.go | 131 +++++- 10 files changed, 1320 insertions(+), 1107 deletions(-) delete mode 100644 api/channel_benchmark_test.go delete mode 100644 api/file_benchmark_test.go delete mode 100644 api/post_benchmark_test.go (limited to 'api') diff --git a/api/api.go b/api/api.go index 492c3b0a9..eea70c9b5 100644 --- a/api/api.go +++ b/api/api.go @@ -33,7 +33,9 @@ type Routes struct { Commands *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/commands' Hooks *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/hooks' - Files *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/files' + TeamFiles *mux.Router // 'api/v3/teams/{team_id:[A-Za-z0-9]+}/files' + Files *mux.Router // 'api/v3/files' + NeedFile *mux.Router // 'api/v3/files/{file_id:[A-Za-z0-9]+}' OAuth *mux.Router // 'api/v3/oauth' @@ -70,7 +72,9 @@ func InitApi() { BaseRoutes.Posts = BaseRoutes.NeedChannel.PathPrefix("/posts").Subrouter() BaseRoutes.NeedPost = BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter() BaseRoutes.Commands = BaseRoutes.NeedTeam.PathPrefix("/commands").Subrouter() - BaseRoutes.Files = BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter() + BaseRoutes.TeamFiles = BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter() + BaseRoutes.Files = BaseRoutes.ApiRoot.PathPrefix("/files").Subrouter() + BaseRoutes.NeedFile = BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter() BaseRoutes.Hooks = BaseRoutes.NeedTeam.PathPrefix("/hooks").Subrouter() BaseRoutes.OAuth = BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter() BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter() diff --git a/api/authorization.go b/api/authorization.go index fb04b069b..5badf244b 100644 --- a/api/authorization.go +++ b/api/authorization.go @@ -114,6 +114,42 @@ func HasPermissionToChannel(user *model.User, teamMember *model.TeamMember, chan return HasPermissionToTeam(user, teamMember, permission) } +func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool { + cmc := Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId) + + var channelRoles []string + if cmcresult := <-cmc; cmcresult.Err == nil { + channelMember := cmcresult.Data.(*model.ChannelMember) + channelRoles = channelMember.GetRoles() + + if CheckIfRolesGrantPermission(channelRoles, permission.Id) { + return true + } + } + + cc := Srv.Store.Channel().GetForPost(postId) + if ccresult := <-cc; ccresult.Err == nil { + channel := ccresult.Data.(*model.Channel) + + if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil { + roles := teamMember.GetRoles() + + if CheckIfRolesGrantPermission(roles, permission.Id) { + return true + } + } + + } + + if HasPermissionToContext(c, permission) { + return true + } + + c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles)) + c.Err.StatusCode = http.StatusForbidden + return false +} + func HasPermissionToUser(c *Context, userId string) bool { // You are the user (users autmaticly have permissions to themselves) if c.Session.UserId == userId { diff --git a/api/auto_posts.go b/api/auto_posts.go index 2e26e513b..6b1207c10 100644 --- a/api/auto_posts.go +++ b/api/auto_posts.go @@ -8,7 +8,6 @@ import ( "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" "io" - "mime/multipart" "os" ) @@ -40,53 +39,31 @@ func NewAutoPostCreator(client *model.Client, channelid string) *AutoPostCreator } func (cfg *AutoPostCreator) UploadTestFile() ([]string, bool) { - body := &bytes.Buffer{} - writer := multipart.NewWriter(body) - filename := cfg.ImageFilenames[utils.RandIntFromRange(utils.Range{0, len(cfg.ImageFilenames) - 1})] - part, err := writer.CreateFormFile("files", filename) - if err != nil { - return nil, false - } - path := utils.FindDir("web/static/images") file, err := os.Open(path + "/" + filename) defer file.Close() - _, err = io.Copy(part, file) - if err != nil { - return nil, false - } - - field, err := writer.CreateFormField("channel_id") - if err != nil { - return nil, false - } - - _, err = field.Write([]byte(cfg.channelid)) - if err != nil { - return nil, false - } - - err = writer.Close() + data := &bytes.Buffer{} + _, err = io.Copy(data, file) if err != nil { return nil, false } - resp, appErr := cfg.client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()) + resp, appErr := cfg.client.UploadPostAttachment(data.Bytes(), cfg.channelid, filename) if appErr != nil { return nil, false } - return resp.Data.(*model.FileUploadResponse).Filenames, true + return []string{resp.FileInfos[0].Id}, true } func (cfg *AutoPostCreator) CreateRandomPost() (*model.Post, bool) { - var filenames []string + var fileIds []string if cfg.HasImage { var err1 bool - filenames, err1 = cfg.UploadTestFile() + fileIds, err1 = cfg.UploadTestFile() if err1 == false { return nil, false } @@ -102,7 +79,7 @@ func (cfg *AutoPostCreator) CreateRandomPost() (*model.Post, bool) { post := &model.Post{ ChannelId: cfg.channelid, Message: postText, - Filenames: filenames} + FileIds: fileIds} result, err2 := cfg.client.CreatePost(post) if err2 != nil { return nil, false diff --git a/api/channel_benchmark_test.go b/api/channel_benchmark_test.go deleted file mode 100644 index 569c2dcc0..000000000 --- a/api/channel_benchmark_test.go +++ /dev/null @@ -1,284 +0,0 @@ -// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. -// See License.txt for license information. - -package api - -import ( - "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" - "github.com/mattermost/platform/utils" - "testing" -) - -const ( - NUM_CHANNELS = 140 - NUM_USERS = 40 -) - -func BenchmarkCreateChannel(b *testing.B) { - th := Setup().InitBasic() - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - - b.ResetTimer() - for i := 0; i < b.N; i++ { - channelCreator.CreateTestChannels(utils.Range{NUM_CHANNELS, NUM_CHANNELS}) - } -} - -func BenchmarkCreateDirectChannel(b *testing.B) { - th := Setup().InitBasic() - - userCreator := NewAutoUserCreator(th.BasicClient, th.BasicTeam) - users, err := userCreator.CreateTestUsers(utils.Range{NUM_USERS, NUM_USERS}) - if err == false { - b.Fatal("Could not create users") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := 0; j < NUM_USERS; j++ { - th.BasicClient.CreateDirectChannel(users[j].Id) - } - } -} - -func BenchmarkUpdateChannel(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - CHANNEL_HEADER_LEN = 50 - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - channels, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - for i := range channels { - channels[i].Header = utils.RandString(CHANNEL_HEADER_LEN, utils.ALPHANUMERIC) - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range channels { - if _, err := th.BasicClient.UpdateChannel(channels[j]); err != nil { - b.Fatal(err) - } - } - } -} - -func BenchmarkGetChannels(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - _, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - th.BasicClient.Must(th.BasicClient.GetChannels("")) - } -} - -func BenchmarkGetMoreChannels(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - _, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - th.BasicClient.Must(th.BasicClient.GetMoreChannels("")) - } -} - -func BenchmarkJoinChannel(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - channels, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - // Secondary test user to join channels created by primary test user - user := &model.User{Email: "success+" + model.NewId() + "@simulator.amazonses.com", Nickname: "That Guy", Password: "pwd"} - user = th.BasicClient.Must(th.BasicClient.CreateUser(user, "")).Data.(*model.User) - LinkUserToTeam(user, th.BasicTeam) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) - th.BasicClient.Login(user.Email, "pwd") - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range channels { - th.BasicClient.Must(th.BasicClient.JoinChannel(channels[j].Id)) - } - } -} - -func BenchmarkDeleteChannel(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - channels, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range channels { - th.BasicClient.Must(th.BasicClient.DeleteChannel(channels[j].Id)) - } - } -} - -func BenchmarkGetChannelExtraInfo(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - channels, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range channels { - th.BasicClient.Must(th.BasicClient.GetChannelExtraInfo(channels[j].Id, -1, "")) - } - } -} - -func BenchmarkAddChannelMember(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_USERS = 100 - NUM_USERS_RANGE = utils.Range{NUM_USERS, NUM_USERS} - ) - - channel := &model.Channel{DisplayName: "Test Channel", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: th.BasicTeam.Id} - channel = th.BasicClient.Must(th.BasicClient.CreateChannel(channel)).Data.(*model.Channel) - - userCreator := NewAutoUserCreator(th.BasicClient, th.BasicTeam) - users, valid := userCreator.CreateTestUsers(NUM_USERS_RANGE) - if valid == false { - b.Fatal("Unable to create test users") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range users { - if _, err := th.BasicClient.AddChannelMember(channel.Id, users[j].Id); err != nil { - b.Fatal(err) - } - } - } -} - -// Is this benchmark failing? Raise your file ulimit! 2048 worked for me. -func BenchmarkRemoveChannelMember(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_USERS = 140 - NUM_USERS_RANGE = utils.Range{NUM_USERS, NUM_USERS} - ) - - channel := &model.Channel{DisplayName: "Test Channel", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: th.BasicTeam.Id} - channel = th.BasicClient.Must(th.BasicClient.CreateChannel(channel)).Data.(*model.Channel) - - userCreator := NewAutoUserCreator(th.BasicClient, th.BasicTeam) - users, valid := userCreator.CreateTestUsers(NUM_USERS_RANGE) - if valid == false { - b.Fatal("Unable to create test users") - } - - for i := range users { - if _, err := th.BasicClient.AddChannelMember(channel.Id, users[i].Id); err != nil { - b.Fatal(err) - } - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range users { - if _, err := th.BasicClient.RemoveChannelMember(channel.Id, users[j].Id); err != nil { - b.Fatal(err) - } - } - } -} - -func BenchmarkUpdateNotifyProps(b *testing.B) { - th := Setup().InitBasic() - - var ( - NUM_CHANNELS_RANGE = utils.Range{NUM_CHANNELS, NUM_CHANNELS} - ) - - channelCreator := NewAutoChannelCreator(th.BasicClient, th.BasicTeam) - channels, valid := channelCreator.CreateTestChannels(NUM_CHANNELS_RANGE) - if valid == false { - b.Fatal("Unable to create test channels") - } - - data := make([]map[string]string, len(channels)) - - for i := range data { - newmap := map[string]string{ - "channel_id": channels[i].Id, - "user_id": th.BasicUser.Id, - "desktop": model.CHANNEL_NOTIFY_MENTION, - "mark_unread": model.CHANNEL_MARK_UNREAD_MENTION, - } - data[i] = newmap - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for j := range channels { - th.BasicClient.Must(th.BasicClient.UpdateNotifyProps(data[j])) - } - } -} diff --git a/api/file.go b/api/file.go index dd99a8caf..9cf513ebf 100644 --- a/api/file.go +++ b/api/file.go @@ -16,6 +16,7 @@ import ( "io" "io/ioutil" "net/http" + "net/url" "os" "path/filepath" "strconv" @@ -57,17 +58,19 @@ const ( MaxImageSize = 6048 * 4032 // 24 megapixels, roughly 36MB as a raw image ) -var fileInfoCache *utils.Cache = utils.NewLru(1000) - func InitFile() { l4g.Debug(utils.T("api.file.init.debug")) - BaseRoutes.Files.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST") - BaseRoutes.Files.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiUserRequiredTrustRequester(getFile)).Methods("GET") - BaseRoutes.Files.Handle("/get_info/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiUserRequired(getFileInfo)).Methods("GET") - BaseRoutes.Files.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("POST") + BaseRoutes.TeamFiles.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST") + + BaseRoutes.NeedFile.Handle("/get", ApiUserRequiredTrustRequester(getFile)).Methods("GET") + BaseRoutes.NeedFile.Handle("/get_thumbnail", ApiUserRequiredTrustRequester(getFileThumbnail)).Methods("GET") + BaseRoutes.NeedFile.Handle("/get_preview", ApiUserRequiredTrustRequester(getFilePreview)).Methods("GET") + BaseRoutes.NeedFile.Handle("/get_info", ApiUserRequired(getFileInfo)).Methods("GET") + BaseRoutes.NeedFile.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("GET") - BaseRoutes.Public.Handle("/files/get/{team_id:[A-Za-z0-9]+}/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandlerTrustRequesterIndependent(getPublicFile)).Methods("GET") + BaseRoutes.Public.Handle("/files/{file_id:[A-Za-z0-9]+}/get", ApiAppHandlerTrustRequesterIndependent(getPublicFile)).Methods("GET") + BaseRoutes.Public.Handle("/files/get/{team_id:[A-Za-z0-9]+}/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandlerTrustRequesterIndependent(getPublicFileOld)).Methods("GET") } func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { @@ -83,8 +86,7 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { return } - err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize) - if err != nil { + if err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -92,7 +94,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { m := r.MultipartForm props := m.Value - if len(props["channel_id"]) == 0 { c.SetInvalidParam("uploadFile", "channel_id") return @@ -103,91 +104,108 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { return } - files := m.File["files"] + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_UPLOAD_FILE) { + return + } resStruct := &model.FileUploadResponse{ - Filenames: []string{}, + FileInfos: []*model.FileInfo{}, ClientIds: []string{}, } - imageNameList := []string{} + previewPathList := []string{} + thumbnailPathList := []string{} imageDataList := [][]byte{} - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_UPLOAD_FILE) { - return - } - - for i := range files { - file, err := files[i].Open() + for i, fileHeader := range m.File["files"] { + file, fileErr := fileHeader.Open() defer file.Close() - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) + if fileErr != nil { + http.Error(w, fileErr.Error(), http.StatusInternalServerError) return } buf := bytes.NewBuffer(nil) io.Copy(buf, file) + data := buf.Bytes() - filename := filepath.Base(files[i].Filename) + info, err := doUploadFile(c.TeamId, channelId, c.Session.UserId, fileHeader.Filename, data) + if err != nil { + c.Err = err + return + } - uid := model.NewId() + if info.PreviewPath != "" || info.ThumbnailPath != "" { + previewPathList = append(previewPathList, info.PreviewPath) + thumbnailPathList = append(thumbnailPathList, info.ThumbnailPath) + imageDataList = append(imageDataList, data) + } - if model.IsFileExtImage(filepath.Ext(files[i].Filename)) { - imageNameList = append(imageNameList, uid+"/"+filename) - imageDataList = append(imageDataList, buf.Bytes()) + resStruct.FileInfos = append(resStruct.FileInfos, info) - // Decode image config first to check dimensions before loading the whole thing into memory later on - config, _, err := image.DecodeConfig(bytes.NewReader(buf.Bytes())) - if err != nil { - c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.image.app_error", nil, err.Error()) - return - } else if config.Width*config.Height > MaxImageSize { - c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.large_image.app_error", nil, c.T("api.file.file_upload.exceeds")) - return - } + if len(m.Value["client_ids"]) > 0 { + resStruct.ClientIds = append(resStruct.ClientIds, m.Value["client_ids"][i]) } + } - path := "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + c.Session.UserId + "/" + uid + "/" + filename + handleImages(previewPathList, thumbnailPathList, imageDataList) - if err := WriteFile(buf.Bytes(), path); err != nil { - c.Err = err - return - } + w.Write([]byte(resStruct.ToJson())) +} - encName := utils.UrlEncode(filename) +func doUploadFile(teamId string, channelId string, userId string, rawFilename string, data []byte) (*model.FileInfo, *model.AppError) { + filename := filepath.Base(rawFilename) - fileUrl := "/" + channelId + "/" + c.Session.UserId + "/" + uid + "/" + encName - resStruct.Filenames = append(resStruct.Filenames, fileUrl) + info, err := model.GetInfoForBytes(filename, data) + if err != nil { + err.StatusCode = http.StatusBadRequest + return nil, err } - for _, clientId := range props["client_ids"] { - resStruct.ClientIds = append(resStruct.ClientIds, clientId) + info.Id = model.NewId() + info.CreatorId = userId + + pathPrefix := "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + info.Id + "/" + info.Path = pathPrefix + filename + + if info.IsImage() { + // Check dimensions before loading the whole thing into memory later on + if info.Width*info.Height > MaxImageSize { + err := model.NewLocAppError("uploadFile", "api.file.upload_file.large_image.app_error", nil, "") + err.StatusCode = http.StatusBadRequest + return nil, err + } + + nameWithoutExtension := filename[:strings.LastIndex(filename, ".")] + info.PreviewPath = pathPrefix + nameWithoutExtension + "_preview.jpg" + info.ThumbnailPath = pathPrefix + nameWithoutExtension + "_thumb.jpg" } - go handleImages(imageNameList, imageDataList, c.TeamId, channelId, c.Session.UserId) + if err := WriteFile(data, info.Path); err != nil { + return nil, err + } - w.Write([]byte(resStruct.ToJson())) -} + if result := <-Srv.Store.FileInfo().Save(info); result.Err != nil { + return nil, result.Err + } -func handleImages(filenames []string, fileData [][]byte, teamId, channelId, userId string) { - dest := "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + return info, nil +} - for i, filename := range filenames { - name := filename[:strings.LastIndex(filename, ".")] +func handleImages(previewPathList []string, thumbnailPathList []string, fileData [][]byte) { + for i := range fileData { go func() { // Decode image bytes into Image object img, imgType, err := image.Decode(bytes.NewReader(fileData[i])) if err != nil { - l4g.Error(utils.T("api.file.handle_images_forget.decode.error"), channelId, userId, filename, err) + l4g.Error(utils.T("api.file.handle_images_forget.decode.error"), err) return } width := img.Bounds().Dx() height := img.Bounds().Dy() - // Get the image's orientation and ignore any errors since not all images will have orientation data - orientation, _ := getImageOrientation(fileData[i]) - + // Fill in the background of a potentially-transparent png file as white if imgType == "png" { dst := image.NewRGBA(img.Bounds()) draw.Draw(dst, dst.Bounds(), image.NewUniform(color.White), image.Point{}, draw.Src) @@ -195,6 +213,9 @@ func handleImages(filenames []string, fileData [][]byte, teamId, channelId, user img = dst } + // Flip the image to be upright + orientation, _ := getImageOrientation(fileData[i]) + switch orientation { case UprightMirrored: img = imaging.FlipH(img) @@ -212,57 +233,8 @@ func handleImages(filenames []string, fileData [][]byte, teamId, channelId, user img = imaging.Rotate90(img) } - // Create thumbnail - go func() { - thumbWidth := float64(utils.Cfg.FileSettings.ThumbnailWidth) - thumbHeight := float64(utils.Cfg.FileSettings.ThumbnailHeight) - imgWidth := float64(width) - imgHeight := float64(height) - - var thumbnail image.Image - if imgHeight < thumbHeight && imgWidth < thumbWidth { - thumbnail = img - } else if imgHeight/imgWidth < thumbHeight/thumbWidth { - thumbnail = imaging.Resize(img, 0, utils.Cfg.FileSettings.ThumbnailHeight, imaging.Lanczos) - } else { - thumbnail = imaging.Resize(img, utils.Cfg.FileSettings.ThumbnailWidth, 0, imaging.Lanczos) - } - - buf := new(bytes.Buffer) - err = jpeg.Encode(buf, thumbnail, &jpeg.Options{Quality: 90}) - if err != nil { - l4g.Error(utils.T("api.file.handle_images_forget.encode_jpeg.error"), channelId, userId, filename, err) - return - } - - if err := WriteFile(buf.Bytes(), dest+name+"_thumb.jpg"); err != nil { - l4g.Error(utils.T("api.file.handle_images_forget.upload_thumb.error"), channelId, userId, filename, err) - return - } - }() - - // Create preview - go func() { - var preview image.Image - if width > int(utils.Cfg.FileSettings.PreviewWidth) { - preview = imaging.Resize(img, utils.Cfg.FileSettings.PreviewWidth, utils.Cfg.FileSettings.PreviewHeight, imaging.Lanczos) - } else { - preview = img - } - - buf := new(bytes.Buffer) - - err = jpeg.Encode(buf, preview, &jpeg.Options{Quality: 90}) - if err != nil { - l4g.Error(utils.T("api.file.handle_images_forget.encode_preview.error"), channelId, userId, filename, err) - return - } - - if err := WriteFile(buf.Bytes(), dest+name+"_preview.jpg"); err != nil { - l4g.Error(utils.T("api.file.handle_images_forget.upload_preview.error"), channelId, userId, filename, err) - return - } - }() + go generateThumbnailImage(img, thumbnailPathList[i], width, height) + go generatePreviewImage(img, previewPathList[i], width) }() } } @@ -284,105 +256,143 @@ func getImageOrientation(imageData []byte) (int, error) { } } -type ImageGetResult struct { - Error error - ImageData []byte -} +func generateThumbnailImage(img image.Image, thumbnailPath string, width int, height int) { + thumbWidth := float64(utils.Cfg.FileSettings.ThumbnailWidth) + thumbHeight := float64(utils.Cfg.FileSettings.ThumbnailHeight) + imgWidth := float64(width) + imgHeight := float64(height) + + var thumbnail image.Image + if imgHeight < thumbHeight && imgWidth < thumbWidth { + thumbnail = img + } else if imgHeight/imgWidth < thumbHeight/thumbWidth { + thumbnail = imaging.Resize(img, 0, utils.Cfg.FileSettings.ThumbnailHeight, imaging.Lanczos) + } else { + thumbnail = imaging.Resize(img, utils.Cfg.FileSettings.ThumbnailWidth, 0, imaging.Lanczos) + } -func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { - if len(utils.Cfg.FileSettings.DriverName) == 0 { - c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.storage.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented + buf := new(bytes.Buffer) + if err := jpeg.Encode(buf, thumbnail, &jpeg.Options{Quality: 90}); err != nil { + l4g.Error(utils.T("api.file.handle_images_forget.encode_jpeg.error"), thumbnailPath, err) return } - params := mux.Vars(r) - - channelId := params["channel_id"] - if len(channelId) != 26 { - c.SetInvalidParam("getFileInfo", "channel_id") + if err := WriteFile(buf.Bytes(), thumbnailPath); err != nil { + l4g.Error(utils.T("api.file.handle_images_forget.upload_thumb.error"), thumbnailPath, err) return } +} - userId := params["user_id"] - if len(userId) != 26 { - c.SetInvalidParam("getFileInfo", "user_id") - return +func generatePreviewImage(img image.Image, previewPath string, width int) { + var preview image.Image + if width > int(utils.Cfg.FileSettings.PreviewWidth) { + preview = imaging.Resize(img, utils.Cfg.FileSettings.PreviewWidth, utils.Cfg.FileSettings.PreviewHeight, imaging.Lanczos) + } else { + preview = img } - filename := params["filename"] - if len(filename) == 0 { - c.SetInvalidParam("getFileInfo", "filename") + buf := new(bytes.Buffer) + + if err := jpeg.Encode(buf, preview, &jpeg.Options{Quality: 90}); err != nil { + l4g.Error(utils.T("api.file.handle_images_forget.encode_preview.error"), previewPath, err) return } - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) { + if err := WriteFile(buf.Bytes(), previewPath); err != nil { + l4g.Error(utils.T("api.file.handle_images_forget.upload_preview.error"), previewPath, err) return } +} - path := "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + userId + "/" + filename - var info *model.FileInfo +func getFile(c *Context, w http.ResponseWriter, r *http.Request) { + info, err := getFileInfoForRequest(c, r, true) + if err != nil { + c.Err = err + return + } - if cached, ok := fileInfoCache.Get(path); ok { - info = cached.(*model.FileInfo) - } else { - fileData := make(chan []byte) - go readFile(path, fileData) + if data, err := ReadFile(info.Path); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + c.Err = err + return + } +} - newInfo, err := model.GetInfoForBytes(filename, <-fileData) - if err != nil { - c.Err = err - return - } else { - fileInfoCache.Add(path, newInfo) - info = newInfo - } +func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) { + info, err := getFileInfoForRequest(c, r, true) + if err != nil { + c.Err = err + return } - w.Header().Set("Cache-Control", "max-age=2592000, public") + if info.ThumbnailPath == "" { + c.Err = model.NewLocAppError("getFileThumbnail", "api.file.get_file_thumbnail.no_thumbnail.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } - w.Write([]byte(info.ToJson())) + if data, err := ReadFile(info.ThumbnailPath); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + c.Err = err + return + } } -func getFile(c *Context, w http.ResponseWriter, r *http.Request) { - params := mux.Vars(r) - - teamId := c.TeamId - channelId := params["channel_id"] - userId := params["user_id"] - filename := params["filename"] +func getFilePreview(c *Context, w http.ResponseWriter, r *http.Request) { + info, err := getFileInfoForRequest(c, r, true) + if err != nil { + c.Err = err + return + } - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) { + if info.PreviewPath == "" { + c.Err = model.NewLocAppError("getFilePreview", "api.file.get_file_preview.no_preview.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest return } - if err, bytes := getFileData(teamId, channelId, userId, filename); err != nil { + if data, err := ReadFile(info.PreviewPath); err != nil { c.Err = err - return - } else if err := writeFileResponse(filename, bytes, w, r); err != nil { + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, data, w, r); err != nil { c.Err = err return } } -func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { - params := mux.Vars(r) +func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { + info, err := getFileInfoForRequest(c, r, true) + if err != nil { + c.Err = err + return + } - teamId := params["team_id"] - channelId := params["channel_id"] - userId := params["user_id"] - filename := params["filename"] + w.Header().Set("Cache-Control", "max-age=2592000, public") - hash := r.URL.Query().Get("h") + w.Write([]byte(info.ToJson())) +} +func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { if !utils.Cfg.FileSettings.EnablePublicLink { c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_disabled.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } + info, err := getFileInfoForRequest(c, r, false) + if err != nil { + c.Err = err + return + } + + hash := r.URL.Query().Get("h") + if len(hash) > 0 { - correctHash := generatePublicLinkHash(filename, *utils.Cfg.FileSettings.PublicLinkSalt) + correctHash := generatePublicLinkHash(info.Id, *utils.Cfg.FileSettings.PublicLinkSalt) if hash != correctHash { c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") @@ -395,49 +405,110 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { return } - if err, bytes := getFileData(teamId, channelId, userId, filename); err != nil { + if data, err := ReadFile(info.Path); err != nil { c.Err = err - return - } else if err := writeFileResponse(filename, bytes, w, r); err != nil { + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, data, w, r); err != nil { c.Err = err return } } -func getFileData(teamId string, channelId string, userId string, filename string) (*model.AppError, []byte) { +func getFileInfoForRequest(c *Context, r *http.Request, requireFileVisible bool) (*model.FileInfo, *model.AppError) { if len(utils.Cfg.FileSettings.DriverName) == 0 { - err := model.NewLocAppError("getFileData", "api.file.upload_file.storage.app_error", nil, "") + err := model.NewLocAppError("getFileInfoForRequest", "api.file.get_file_info_for_request.storage.app_error", nil, "") err.StatusCode = http.StatusNotImplemented - return err, nil + return nil, err } - if len(teamId) != 26 { - return NewInvalidParamError("getFileData", "team_id"), nil + params := mux.Vars(r) + + fileId := params["file_id"] + if len(fileId) != 26 { + return nil, NewInvalidParamError("getFileInfoForRequest", "file_id") } - if len(channelId) != 26 { - return NewInvalidParamError("getFileData", "channel_id"), nil + var info *model.FileInfo + if result := <-Srv.Store.FileInfo().Get(fileId); result.Err != nil { + return nil, result.Err + } else { + info = result.Data.(*model.FileInfo) } - if len(userId) != 26 { - return NewInvalidParamError("getFileData", "user_id"), nil + // only let users access files visible in a channel, unless they're the one who uploaded the file + if info.CreatorId != c.Session.UserId { + if len(info.PostId) == 0 { + err := model.NewLocAppError("getFileInfoForRequest", "api.file.get_file_info_for_request.no_post.app_error", nil, "file_id="+fileId) + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if requireFileVisible { + if !HasPermissionToChannelByPostContext(c, info.PostId, model.PERMISSION_READ_CHANNEL) { + return nil, c.Err + } + } } - if len(filename) == 0 { - return NewInvalidParamError("getFileData", "filename"), nil + return info, nil +} + +func getPublicFileOld(c *Context, w http.ResponseWriter, r *http.Request) { + if len(utils.Cfg.FileSettings.DriverName) == 0 { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_public_file_old.storage.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } else if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_disabled.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return } - path := "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename + params := mux.Vars(r) - fileChan := make(chan []byte) - go readFile(path, fileChan) + teamId := params["team_id"] + channelId := params["channel_id"] + userId := params["user_id"] + filename := params["filename"] - if bytes := <-fileChan; bytes == nil { - err := model.NewLocAppError("writeFileResponse", "api.file.get_file.not_found.app_error", nil, "path="+path) - err.StatusCode = http.StatusNotFound - return err, nil + hash := r.URL.Query().Get("h") + + if len(hash) > 0 { + correctHash := generatePublicLinkHash(filename, *utils.Cfg.FileSettings.PublicLinkSalt) + + if hash != correctHash { + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } } else { - return nil, bytes + c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + path := "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename + + var info *model.FileInfo + if result := <-Srv.Store.FileInfo().GetByPath(path); result.Err != nil { + c.Err = result.Err + return + } else { + info = result.Data.(*model.FileInfo) + } + + if len(info.PostId) == 0 { + c.Err = model.NewLocAppError("getPublicFileOld", "api.file.get_public_file_old.no_post.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + + if data, err := ReadFile(info.Path); err != nil { + c.Err = err + c.Err.StatusCode = http.StatusNotFound + } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + c.Err = err + return } } @@ -450,9 +521,7 @@ func writeFileResponse(filename string, bytes []byte, w http.ResponseWriter, r * ua := user_agent.New(r.UserAgent()) bname, _ := ua.Browser() - parts := strings.Split(filename, "/") - filePart := strings.Split(parts[len(parts)-1], "?")[0] - w.Header().Set("Content-Disposition", "attachment;filename=\""+filePart+"\"") + w.Header().Set("Content-Disposition", "attachment;filename=\""+filename+"\"") if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" { w.Header().Set("Content-Type", "application/octet-stream") @@ -467,71 +536,183 @@ func writeFileResponse(filename string, bytes []byte, w http.ResponseWriter, r * return nil } -func readFile(path string, fileData chan []byte) { - data, getErr := ReadFile(path) - if getErr != nil { - l4g.Error(getErr) - fileData <- nil - } else { - fileData <- data - } -} - func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) { - if len(utils.Cfg.FileSettings.DriverName) == 0 { - c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.storage.app_error", nil, "") - c.Err.StatusCode = http.StatusNotImplemented - return - } - if !utils.Cfg.FileSettings.EnablePublicLink { c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.disabled.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } - props := model.MapFromJson(r.Body) - - filename := props["filename"] - if len(filename) == 0 { - c.SetInvalidParam("getPublicLink", "filename") + info, err := getFileInfoForRequest(c, r, true) + if err != nil { + c.Err = err return } - matches := model.PartialUrlRegex.FindAllStringSubmatch(filename, -1) - if len(matches) == 0 || len(matches[0]) < 4 { - c.SetInvalidParam("getPublicLink", "filename") + if len(info.PostId) == 0 { + c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.no_post.app_error", nil, "file_id="+info.Id) + c.Err.StatusCode = http.StatusBadRequest return } - channelId := matches[0][1] - userId := matches[0][2] - filename = matches[0][3] + w.Write([]byte(model.StringToJson(generatePublicLink(c.GetSiteURL(), info)))) +} - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_GET_PUBLIC_LINK) { - return +func generatePublicLink(siteURL string, info *model.FileInfo) string { + hash := generatePublicLinkHash(info.Id, *utils.Cfg.FileSettings.PublicLinkSalt) + return fmt.Sprintf("%s%s/public/files/%v/get?h=%s", siteURL, model.API_URL_SUFFIX, info.Id, hash) +} + +func generatePublicLinkHash(fileId, salt string) string { + hash := sha256.New() + hash.Write([]byte(salt)) + hash.Write([]byte(fileId)) + + return base64.RawURLEncoding.EncodeToString(hash.Sum(nil)) +} + +// Creates and stores FileInfos for a post created before the FileInfos table existed. +func migrateFilenamesToFileInfos(post *model.Post) []*model.FileInfo { + if len(post.Filenames) == 0 { + l4g.Warn(utils.T("api.file.migrate_filenames_to_file_infos.no_filenames.warn"), post.Id) + return []*model.FileInfo{} + } + + cchan := Srv.Store.Channel().Get(post.ChannelId) + + // There's a weird bug that rarely happens where a post ends up with duplicate Filenames so remove those + filenames := utils.RemoveDuplicatesFromStringArray(post.Filenames) + + var channel *model.Channel + if result := <-cchan; result.Err != nil { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.channel.app_error"), post.Id, post.ChannelId, result.Err) + return []*model.FileInfo{} + } else { + channel = result.Data.(*model.Channel) + } + + // Find the team that was used to make this post since its part of the file path that isn't saved in the Filename + var teamId string + if channel.TeamId == "" { + // This post was made in a cross-team DM channel so we need to find where its files were saved + teamId = findTeamIdForFilename(post, filenames[0]) + } else { + teamId = channel.TeamId + } + + // Create FileInfo objects for this post + infos := make([]*model.FileInfo, 0, len(filenames)) + fileIds := make([]string, 0, len(filenames)) + if teamId == "" { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.team_id.error"), post.Id, filenames) + } else { + for _, filename := range filenames { + info := getInfoForFilename(post, teamId, filename) + if info == nil { + continue + } + + if result := <-Srv.Store.FileInfo().Save(info); result.Err != nil { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.save_file_info.app_error"), post.Id, info.Id, filename, result.Err) + continue + } + + fileIds = append(fileIds, info.Id) + infos = append(infos, info) + } } - url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename) + // Copy and save the updated post + newPost := &model.Post{} + *newPost = *post - w.Write([]byte(model.StringToJson(url))) + newPost.Filenames = []string{} + newPost.FileIds = fileIds + + // Update Posts to clear Filenames and set FileIds + if result := <-Srv.Store.Post().Update(newPost, post); result.Err != nil { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.save_post.app_error"), post.Id, newPost.FileIds, post.Filenames, result.Err) + return []*model.FileInfo{} + } else { + return infos + } } -func generatePublicLink(siteURL, teamId, channelId, userId, filename string) string { - hash := generatePublicLinkHash(filename, *utils.Cfg.FileSettings.PublicLinkSalt) - return fmt.Sprintf("%s%s/public/files/get/%s/%s/%s/%s?h=%s", siteURL, model.API_URL_SUFFIX, teamId, channelId, userId, filename, hash) +func findTeamIdForFilename(post *model.Post, filename string) string { + split := strings.SplitN(filename, "/", 5) + id := split[3] + name, _ := url.QueryUnescape(split[4]) + + // This post is in a direct channel so we need to figure out what team the files are stored under. + if result := <-Srv.Store.Team().GetTeamsByUserId(post.UserId); result.Err != nil { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.teams.app_error"), post.Id, result.Err) + } else if teams := result.Data.([]*model.Team); len(teams) == 1 { + // The user has only one team so the post must've been sent from it + return teams[0].Id + } else { + for _, team := range teams { + path := fmt.Sprintf("teams/%s/channels/%s/users/%s/%s/%s", team.Id, post.ChannelId, post.UserId, id, name) + if _, err := ReadFile(path); err == nil { + // Found the team that this file was posted from + return team.Id + } + } + } + + return "" } -func generatePublicLinkHash(filename, salt string) string { - hash := sha256.New() - hash.Write([]byte(salt)) - hash.Write([]byte(filename)) +func getInfoForFilename(post *model.Post, teamId string, filename string) *model.FileInfo { + // Find the path from the Filename of the form /{channelId}/{userId}/{uid}/{nameWithExtension} + split := strings.SplitN(filename, "/", 5) + if len(split) < 5 { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.unexpected_filename.error"), post.Id, filename) + return nil + } - return base64.RawURLEncoding.EncodeToString(hash.Sum(nil)) + channelId := split[1] + userId := split[2] + oldId := split[3] + name, _ := url.QueryUnescape(split[4]) + + if split[0] != "" || split[1] != post.ChannelId || split[2] != post.UserId || strings.Contains(split[4], "/") { + l4g.Warn(utils.T("api.file.migrate_filenames_to_file_infos.mismatched_filename.warn"), post.Id, post.ChannelId, post.UserId, filename) + } + + pathPrefix := fmt.Sprintf("teams/%s/channels/%s/users/%s/%s/", teamId, channelId, userId, oldId) + path := pathPrefix + name + + // Open the file and populate the fields of the FileInfo + var info *model.FileInfo + if data, err := ReadFile(path); err != nil { + l4g.Error(utils.T("api.file.migrate_filenames_to_file_infos.file_not_found.error"), post.Id, filename, path, err) + return nil + } else { + var err *model.AppError + info, err = model.GetInfoForBytes(name, data) + if err != nil { + l4g.Warn(utils.T("api.file.migrate_filenames_to_file_infos.info.app_error"), post.Id, filename, err) + } + } + + // Generate a new ID because with the old system, you could very rarely get multiple posts referencing the same file + info.Id = model.NewId() + info.CreatorId = post.UserId + info.PostId = post.Id + info.CreateAt = post.CreateAt + info.UpdateAt = post.UpdateAt + info.Path = path + + if info.IsImage() { + nameWithoutExtension := name[:strings.LastIndex(name, ".")] + info.PreviewPath = pathPrefix + nameWithoutExtension + "_preview.jpg" + info.ThumbnailPath = pathPrefix + nameWithoutExtension + "_thumb.jpg" + } + + return info } func WriteFile(f []byte, path string) *model.AppError { - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { var auth aws.Auth auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId @@ -556,7 +737,7 @@ func WriteFile(f []byte, path string) *model.AppError { return model.NewLocAppError("WriteFile", "api.file.write_file.s3.app_error", nil, err.Error()) } } else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL { - if err := WriteFileLocally(f, utils.Cfg.FileSettings.Directory+path); err != nil { + if err := writeFileLocally(f, utils.Cfg.FileSettings.Directory+path); err != nil { return err } } else { @@ -568,9 +749,7 @@ func WriteFile(f []byte, path string) *model.AppError { func MoveFile(oldPath, newPath string) *model.AppError { if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { - fileData := make(chan []byte) - go readFile(oldPath, fileData) - fileBytes := <-fileData + fileBytes, _ := ReadFile(oldPath) if fileBytes == nil { return model.NewLocAppError("moveFile", "api.file.move_file.get_from_s3.app_error", nil, "") @@ -606,7 +785,7 @@ func MoveFile(oldPath, newPath string) *model.AppError { return nil } -func WriteFileLocally(f []byte, path string) *model.AppError { +func writeFileLocally(f []byte, path string) *model.AppError { if err := os.MkdirAll(filepath.Dir(path), 0774); err != nil { directory, _ := filepath.Abs(filepath.Dir(path)) return model.NewLocAppError("WriteFile", "api.file.write_file_locally.create_dir.app_error", nil, "directory="+directory+", err="+err.Error()) @@ -620,7 +799,6 @@ func WriteFileLocally(f []byte, path string) *model.AppError { } func ReadFile(path string) ([]byte, *model.AppError) { - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { var auth aws.Auth auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId @@ -668,7 +846,6 @@ func openFileWriteStream(path string) (io.Writer, *model.AppError) { fileHandle.Chmod(0644) return fileHandle, nil } - } return nil, model.NewLocAppError("openFileWriteStream", "api.file.open_file_write_stream.configured.app_error", nil, "") diff --git a/api/file_benchmark_test.go b/api/file_benchmark_test.go deleted file mode 100644 index 0e0fc105b..000000000 --- a/api/file_benchmark_test.go +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. -// See License.txt for license information. - -package api - -import ( - "github.com/mattermost/platform/utils" - "testing" - "time" -) - -func BenchmarkUploadFile(b *testing.B) { - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - testPoster.UploadTestFile() - } -} - -func BenchmarkGetFile(b *testing.B) { - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - filenames, err := testPoster.UploadTestFile() - if err == false { - b.Fatal("Unable to upload file for benchmark") - } - - // wait a bit for files to ready - time.Sleep(5 * time.Second) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - if _, downErr := Client.GetFile(filenames[0]+"?h="+generatePublicLinkHash(filenames[0], *utils.Cfg.FileSettings.PublicLinkSalt), true); downErr != nil { - b.Fatal(downErr) - } - } -} - -func BenchmarkGetPublicLink(b *testing.B) { - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - filenames, err := testPoster.UploadTestFile() - if err == false { - b.Fatal("Unable to upload file for benchmark") - } - - // wait a bit for files to ready - time.Sleep(5 * time.Second) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - if _, downErr := Client.GetPublicLink(filenames[0]); downErr != nil { - b.Fatal(downErr) - } - } -} diff --git a/api/file_test.go b/api/file_test.go index 764f326cd..ded866ab6 100644 --- a/api/file_test.go +++ b/api/file_test.go @@ -5,14 +5,14 @@ package api import ( "bytes" - "encoding/base64" "fmt" "github.com/goamz/goamz/aws" "github.com/goamz/goamz/s3" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" "io" - "mime/multipart" + "io/ioutil" "net/http" "os" "strings" @@ -22,373 +22,560 @@ import ( func TestUploadFile(t *testing.T) { th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Logf("skipping because no file driver is enabled") + return + } + Client := th.BasicClient team := th.BasicTeam user := th.BasicUser channel := th.BasicChannel - body := &bytes.Buffer{} - writer := multipart.NewWriter(body) - part, err := writer.CreateFormFile("files", "../test.png") - if err != nil { + var uploadInfo *model.FileInfo + if data, err := readTestFile("test.png"); err != nil { + t.Fatal(err) + } else if resp, err := Client.UploadPostAttachment(data, channel.Id, "test.png"); err != nil { t.Fatal(err) + } else if len(resp.FileInfos) != 1 { + t.Fatal("should've returned a single file infos") + } else { + uploadInfo = resp.FileInfos[0] } - path := utils.FindDir("tests") - file, err := os.Open(path + "/test.png") - if err != nil { + // The returned file info from the upload call will be missing some fields that will be stored in the database + if uploadInfo.CreatorId != user.Id { + t.Fatal("file should be assigned to user") + } else if uploadInfo.PostId != "" { + t.Fatal("file shouldn't have a post") + } else if uploadInfo.Path != "" { + t.Fatal("file path should not be set on returned info") + } else if uploadInfo.ThumbnailPath != "" { + t.Fatal("file thumbnail path should not be set on returned info") + } else if uploadInfo.PreviewPath != "" { + t.Fatal("file preview path should not be set on returned info") + } + + var info *model.FileInfo + if result := <-Srv.Store.FileInfo().Get(uploadInfo.Id); result.Err != nil { + t.Fatal(result.Err) + } else { + info = result.Data.(*model.FileInfo) + } + + if info.Id != uploadInfo.Id { + t.Fatal("file id from response should match one stored in database") + } else if info.CreatorId != user.Id { + t.Fatal("file should be assigned to user") + } else if info.PostId != "" { + t.Fatal("file shouldn't have a post") + } else if info.Path == "" { + t.Fatal("file path should be set in database") + } else if info.ThumbnailPath == "" { + t.Fatal("file thumbnail path should be set in database") + } else if info.PreviewPath == "" { + t.Fatal("file preview path should be set in database") + } + + // This also makes sure that the relative path provided above is sanitized out + expectedPath := fmt.Sprintf("teams/%v/channels/%v/users/%v/%v/test.png", team.Id, channel.Id, user.Id, info.Id) + if info.Path != expectedPath { + t.Logf("file is saved in %v", info.Path) + t.Fatalf("file should've been saved in %v", expectedPath) + } + + expectedThumbnailPath := fmt.Sprintf("teams/%v/channels/%v/users/%v/%v/test_thumb.jpg", team.Id, channel.Id, user.Id, info.Id) + if info.ThumbnailPath != expectedThumbnailPath { + t.Logf("file thumbnail is saved in %v", info.ThumbnailPath) + t.Fatalf("file thumbnail should've been saved in %v", expectedThumbnailPath) + } + + expectedPreviewPath := fmt.Sprintf("teams/%v/channels/%v/users/%v/%v/test_preview.jpg", team.Id, channel.Id, user.Id, info.Id) + if info.PreviewPath != expectedPreviewPath { + t.Logf("file preview is saved in %v", info.PreviewPath) + t.Fatalf("file preview should've been saved in %v", expectedPreviewPath) + } + + // Wait a bit for files to ready + time.Sleep(2 * time.Second) + + if err := cleanupTestFile(info); err != nil { t.Fatal(err) } - defer file.Close() +} - _, err = io.Copy(part, file) - if err != nil { +func TestGetFileInfo(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + Client := th.BasicClient + user := th.BasicUser + channel := th.BasicChannel + + var fileId string + if data, err := readTestFile("test.png"); err != nil { t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id } - field, err := writer.CreateFormField("channel_id") + info, err := Client.GetFileInfo(fileId) if err != nil { t.Fatal(err) + } else if info.Id != fileId { + t.Fatal("got incorrect file") + } else if info.CreatorId != user.Id { + t.Fatal("file should be assigned to user") + } else if info.PostId != "" { + t.Fatal("file shouldn't have a post") + } else if info.Path != "" { + t.Fatal("file path shouldn't have been returned to client") + } else if info.ThumbnailPath != "" { + t.Fatal("file thumbnail path shouldn't have been returned to client") + } else if info.PreviewPath != "" { + t.Fatal("file preview path shouldn't have been returned to client") + } else if info.MimeType != "image/png" { + t.Fatal("mime type should've been image/png") + } + + // Wait a bit for files to ready + time.Sleep(2 * time.Second) + + // Other user shouldn't be able to get file info for this file before it's attached to a post + th.LoginBasic2() + + if _, err := Client.GetFileInfo(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file info before it's attached to a post") } - _, err = field.Write([]byte(channel.Id)) - if err != nil { + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) + + // Other user shouldn't be able to get file info for this file if they're not in the channel for it + if _, err := Client.GetFileInfo(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file info when not in channel") + } + + Client.Must(Client.JoinChannel(channel.Id)) + + // Other user should now be able to get file info + if info2, err := Client.GetFileInfo(fileId); err != nil { t.Fatal(err) + } else if info2.Id != fileId { + t.Fatal("other user got incorrect file") } - err = writer.Close() - if err != nil { + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { t.Fatal(err) } +} - resp, appErr := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()) - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { - if appErr != nil { - t.Fatal(appErr) - } +func TestGetFile(t *testing.T) { + th := Setup().InitBasic() - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - if strings.Contains(filename, "../") { - t.Fatal("relative path should have been sanitized out") - } - fileId := strings.Split(filename, ".")[0] + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } - var auth aws.Auth - auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId - auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey + Client := th.BasicClient + channel := th.BasicChannel - s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region]) - bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket) + var fileId string + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } - // wait a bit for files to ready - time.Sleep(5 * time.Second) + // Wait a bit for files to ready + time.Sleep(2 * time.Second) - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename) + if body, err := Client.GetFile(fileId); err != nil { + t.Fatal(err) + } else { + received, err := ioutil.ReadAll(body) if err != nil { t.Fatal(err) + } else if len(received) != len(data) { + t.Fatal("received file should be the same size as the sent one") } - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg") - if err != nil { - t.Fatal(err) + for i := range data { + if data[i] != received[i] { + t.Fatal("received file didn't match sent one") + } } - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg") + body.Close() + } + + // Other user shouldn't be able to get file for this file before it's attached to a post + th.LoginBasic2() + + if _, err := Client.GetFile(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file before it's attached to a post") + } + + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) + + // Other user shouldn't be able to get file for this file if they're not in the channel for it + if _, err := Client.GetFile(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file when not in channel") + } + + Client.Must(Client.JoinChannel(channel.Id)) + + // Other user should now be able to get file + if body, err := Client.GetFile(fileId); err != nil { + t.Fatal(err) + } else { + received, err := ioutil.ReadAll(body) if err != nil { t.Fatal(err) + } else if len(received) != len(data) { + t.Fatal("received file should be the same size as the sent one") } - } else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL { - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - if strings.Contains(filename, "../") { - t.Fatal("relative path should have been sanitized out") - } - fileId := strings.Split(filename, ".")[0] - - // wait a bit for files to ready - time.Sleep(5 * time.Second) - path := utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) + for i := range data { + if data[i] != received[i] { + t.Fatal("received file didn't match sent one") + } } - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + body.Close() + } - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } - } else { - if appErr == nil { - t.Fatal("S3 and local storage not configured, should have failed") - } + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) } } -func TestGetFile(t *testing.T) { +func TestGetFileThumbnail(t *testing.T) { th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + Client := th.BasicClient - team := th.BasicTeam - user := th.BasicUser channel := th.BasicChannel - if utils.Cfg.FileSettings.DriverName != "" { - body := &bytes.Buffer{} - writer := multipart.NewWriter(body) - part, err := writer.CreateFormFile("files", "test.png") - if err != nil { - t.Fatal(err) - } + var fileId string + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } - path := utils.FindDir("tests") - file, err := os.Open(path + "/test.png") - if err != nil { - t.Fatal(err) - } - defer file.Close() + // Wait a bit for files to ready + time.Sleep(2 * time.Second) - _, err = io.Copy(part, file) - if err != nil { - t.Fatal(err) - } + if body, err := Client.GetFileThumbnail(fileId); err != nil { + t.Fatal(err) + } else { + body.Close() + } - field, err := writer.CreateFormField("channel_id") - if err != nil { - t.Fatal(err) - } + // Other user shouldn't be able to get thumbnail for this file before it's attached to a post + th.LoginBasic2() - _, err = field.Write([]byte(channel.Id)) - if err != nil { - t.Fatal(err) - } + if _, err := Client.GetFileThumbnail(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file before it's attached to a post") + } - err = writer.Close() - if err != nil { - t.Fatal(err) - } + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) - resp, upErr := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()) - if upErr != nil { - t.Fatal(upErr) - } + // Other user shouldn't be able to get thumbnail for this file if they're not in the channel for it + if _, err := Client.GetFileThumbnail(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file when not in channel") + } - filenames := resp.Data.(*model.FileUploadResponse).Filenames + Client.Must(Client.JoinChannel(channel.Id)) - // wait a bit for files to ready - time.Sleep(5 * time.Second) + // Other user should now be able to get thumbnail + if body, err := Client.GetFileThumbnail(fileId); err != nil { + t.Fatal(err) + } else { + body.Close() + } - if _, downErr := Client.GetFile(filenames[0], false); downErr != nil { - t.Fatal(downErr) - } + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) + } +} - if resp, downErr := Client.GetFileInfo(filenames[0]); downErr != nil { - t.Fatal(downErr) - } else { - info := resp.Data.(*model.FileInfo) - if info.Size == 0 { - t.Fatal("No file size returned") - } - } +func TestGetFilePreview(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + Client := th.BasicClient + channel := th.BasicChannel - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { - var auth aws.Auth - auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId - auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey + var fileId string + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } - s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region]) - bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket) + // Wait a bit for files to ready + time.Sleep(2 * time.Second) - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - fileId := strings.Split(filename, ".")[0] + if body, err := Client.GetFilePreview(fileId); err != nil { + t.Fatal(err) + } else { + body.Close() + } - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename) - if err != nil { - t.Fatal(err) - } + // Other user shouldn't be able to get preview for this file before it's attached to a post + th.LoginBasic2() - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg") - if err != nil { - t.Fatal(err) - } + if _, err := Client.GetFilePreview(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file before it's attached to a post") + } - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg") - if err != nil { - t.Fatal(err) - } - } else { - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - fileId := strings.Split(filename, ".")[0] - - path := utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + // Other user shouldn't be able to get preview for this file if they're not in the channel for it + if _, err := Client.GetFilePreview(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file when not in channel") + } - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } - } + Client.Must(Client.JoinChannel(channel.Id)) + + // Other user should now be able to get preview + if body, err := Client.GetFilePreview(fileId); err != nil { + t.Fatal(err) } else { - if _, downErr := Client.GetFile("/files/get/yxebdmbz5pgupx7q6ez88rw11a/n3btzxu9hbnapqk36iwaxkjxhc/junk.jpg", false); downErr.StatusCode != http.StatusNotImplemented { - t.Fatal("Status code should have been 501 - Not Implemented") - } + body.Close() + } + + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) } } func TestGetPublicFile(t *testing.T) { th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink - driverName := utils.Cfg.FileSettings.DriverName + publicLinkSalt := *utils.Cfg.FileSettings.PublicLinkSalt defer func() { utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink - utils.Cfg.FileSettings.DriverName = driverName + *utils.Cfg.FileSettings.PublicLinkSalt = publicLinkSalt }() utils.Cfg.FileSettings.EnablePublicLink = true - if driverName == "" { - driverName = model.IMAGE_DRIVER_LOCAL - } + *utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() + + Client := th.BasicClient + channel := th.BasicChannel - filenames, err := uploadTestFile(Client, channel.Id) + var fileId string + data, err := readTestFile("test.png") if err != nil { - t.Fatal("failed to upload test file", err) + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id } - post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames} + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) - if rpost1, postErr := Client.CreatePost(post1); postErr != nil { - t.Fatal(postErr) - } else { - post1 = rpost1.Data.(*model.Post) - } + link := Client.MustGeneric(Client.GetPublicLink(fileId)).(string) - var link string - if result, err := Client.GetPublicLink(filenames[0]); err != nil { - t.Fatal("failed to get public link") - } else { - link = result.Data.(string) - } + // Wait a bit for files to ready + time.Sleep(2 * time.Second) - // test a user that's logged in - if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK { - t.Fatal("failed to get image with public link while logged in", err) + if resp, err := http.Get(link); err != nil || resp.StatusCode != http.StatusOK { + t.Fatal("failed to get image with public link", err) } if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest { - t.Fatal("should've failed to get image with public link while logged in without hash", resp.Status) + t.Fatal("should've failed to get image with public link without hash", resp.Status) } utils.Cfg.FileSettings.EnablePublicLink = false if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented { - t.Fatal("should've failed to get image with disabled public link while logged in") + t.Fatal("should've failed to get image with disabled public link") } utils.Cfg.FileSettings.EnablePublicLink = true - // test a user that's logged out - Client.Must(Client.Logout()) + // test after the salt has changed + *utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() + + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link after salt changed") + } + + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link after salt changed") + } - if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK { - t.Fatal("failed to get image with public link while not logged in", err) + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) + } +} + +func TestGetPublicFileOld(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink + publicLinkSalt := *utils.Cfg.FileSettings.PublicLinkSalt + defer func() { + utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink + *utils.Cfg.FileSettings.PublicLinkSalt = publicLinkSalt + }() + utils.Cfg.FileSettings.EnablePublicLink = true + *utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() + + Client := th.BasicClient + channel := th.BasicChannel + + var fileId string + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } + + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) + + // reconstruct old style of link + siteURL := *utils.Cfg.ServiceSettings.SiteURL + if siteURL == "" { + siteURL = "http://localhost" + utils.Cfg.ServiceSettings.ListenAddress + } + link := generatePublicLinkOld(siteURL, th.BasicTeam.Id, channel.Id, th.BasicUser.Id, fileId+"/test.png") + + // Wait a bit for files to ready + time.Sleep(2 * time.Second) + + if resp, err := http.Get(link); err != nil || resp.StatusCode != http.StatusOK { + t.Fatalf("failed to get image with public link err=%v resp=%v", err, resp) } if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest { - t.Fatal("should've failed to get image with public link while not logged in without hash") + t.Fatal("should've failed to get image with public link without hash", resp.Status) } utils.Cfg.FileSettings.EnablePublicLink = false if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented { - t.Fatal("should've failed to get image with disabled public link while not logged in") + t.Fatal("should've failed to get image with disabled public link") } utils.Cfg.FileSettings.EnablePublicLink = true - // test a user that's logged in after the salt has changed + // test after the salt has changed *utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() - th.LoginBasic() if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { - t.Fatal("should've failed to get image with public link while logged in after salt changed") + t.Fatal("should've failed to get image with public link after salt changed") } - Client.Must(Client.Logout()) if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { - t.Fatal("should've failed to get image with public link while not logged in after salt changed") + t.Fatal("should've failed to get image with public link after salt changed") } - if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil { - t.Fatal("failed to cleanup test file", err) + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) } } +func generatePublicLinkOld(siteURL, teamId, channelId, userId, filename string) string { + hash := generatePublicLinkHash(filename, *utils.Cfg.FileSettings.PublicLinkSalt) + return fmt.Sprintf("%s%s/public/files/get/%s/%s/%s/%s?h=%s", siteURL, model.API_URL_SUFFIX, teamId, channelId, userId, filename, hash) +} + func TestGetPublicLink(t *testing.T) { th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink - driverName := utils.Cfg.FileSettings.DriverName defer func() { utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink - utils.Cfg.FileSettings.DriverName = driverName }() - if driverName == "" { - driverName = model.IMAGE_DRIVER_LOCAL - } + utils.Cfg.FileSettings.EnablePublicLink = true - filenames, err := uploadTestFile(Client, channel.Id) + Client := th.BasicClient + channel := th.BasicChannel + + var fileId string + data, err := readTestFile("test.png") if err != nil { - t.Fatal("failed to upload test file", err) + t.Fatal(err) + } else { + fileId = Client.MustGeneric(Client.UploadPostAttachment(data, channel.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id } - post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames} - - if rpost1, postErr := Client.CreatePost(post1); postErr != nil { - t.Fatal(postErr) - } else { - post1 = rpost1.Data.(*model.Post) + if _, err := Client.GetPublicLink(fileId); err == nil { + t.Fatal("should've failed to get public link before file is attached to a post") } + // Hacky way to assign file to a post (usually would be done by CreatePost call) + store.Must(Srv.Store.FileInfo().AttachToPost(fileId, th.BasicPost.Id)) + utils.Cfg.FileSettings.EnablePublicLink = false - if _, err := Client.GetPublicLink(filenames[0]); err == nil || err.StatusCode != http.StatusNotImplemented { - t.Fatal("should've failed when public links are disabled", err) + + if _, err := Client.GetPublicLink(fileId); err == nil { + t.Fatal("should've failed to get public link when disabled") } utils.Cfg.FileSettings.EnablePublicLink = true - if _, err := Client.GetPublicLink("garbage"); err == nil { - t.Fatal("should've failed for invalid link") + if link, err := Client.GetPublicLink(fileId); err != nil { + t.Fatal(err) + } else if link == "" { + t.Fatal("should've received public link") } - if _, err := Client.GetPublicLink(filenames[0]); err != nil { - t.Fatal("should've gotten link for file", err) + // Other user shouldn't be able to get public link for this file if they're not in the channel for it + th.LoginBasic2() + + if _, err := Client.GetPublicLink(fileId); err == nil { + t.Fatal("other user shouldn't be able to get file when not in channel") } - th.LoginBasic2() + Client.Must(Client.JoinChannel(channel.Id)) - if _, err := Client.GetPublicLink(filenames[0]); err == nil { - t.Fatal("should've failed, user not member of channel") + // Other user should now be able to get public link + if link, err := Client.GetPublicLink(fileId); err != nil { + t.Fatal(err) + } else if link == "" { + t.Fatal("should've received public link") } - th.LoginBasic() + // Wait a bit for files to ready + time.Sleep(2 * time.Second) - if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil { - t.Fatal("failed to cleanup test file", err) + if err := cleanupTestFile(store.Must(Srv.Store.FileInfo().Get(fileId)).(*model.FileInfo)); err != nil { + t.Fatal(err) } } @@ -415,48 +602,234 @@ func TestGeneratePublicLinkHash(t *testing.T) { } } -func uploadTestFile(Client *model.Client, channelId string) ([]string, error) { - body := &bytes.Buffer{} - writer := multipart.NewWriter(body) - part, err := writer.CreateFormFile("files", "test.png") +func TestMigrateFilenamesToFileInfos(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + Client := th.BasicClient + + user1 := th.BasicUser + + channel1 := Client.Must(Client.CreateChannel(&model.Channel{ + Name: model.NewId(), + Type: model.CHANNEL_OPEN, + // No TeamId set to simulate a direct channel + })).Data.(*model.Channel) + + var fileId1 string + var fileId2 string + data, err := readTestFile("test.png") if err != nil { - return nil, err + t.Fatal(err) + } else { + fileId1 = Client.MustGeneric(Client.UploadPostAttachment(data, channel1.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + fileId2 = Client.MustGeneric(Client.UploadPostAttachment(data, channel1.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } + + // Bypass the Client whenever possible since we're trying to simulate a pre-3.5 post + post1 := store.Must(Srv.Store.Post().Save(&model.Post{ + UserId: user1.Id, + ChannelId: channel1.Id, + Message: "test", + Filenames: []string{ + fmt.Sprintf("/%s/%s/%s/%s", channel1.Id, user1.Id, fileId1, "test.png"), + fmt.Sprintf("/%s/%s/%s/%s", channel1.Id, user1.Id, fileId2, "test.png"), + fmt.Sprintf("/%s/%s/%s/%s", channel1.Id, user1.Id, fileId2, "test.png"), // duplicate a filename to recreate a rare bug + }, + })).(*model.Post) + + if post1.FileIds != nil && len(post1.FileIds) > 0 { + t.Fatal("post shouldn't have file ids") + } else if post1.Filenames == nil || len(post1.Filenames) != 3 { + t.Fatal("post should have filenames") + } + + // Indirectly call migrateFilenamesToFileInfos by calling Client.GetFileInfosForPost + var infos []*model.FileInfo + if infosResult, err := Client.GetFileInfosForPost(post1.ChannelId, post1.Id, ""); err != nil { + t.Fatal(err) + } else { + infos = infosResult } - // base 64 encoded version of handtinywhite.gif from http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever - file, _ := base64.StdEncoding.DecodeString("R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=") + if len(infos) != 2 { + t.Log(infos) + t.Fatal("should've had 2 infos after migration") + } else if infos[0].Path != "" || infos[0].ThumbnailPath != "" || infos[0].PreviewPath != "" { + t.Fatal("shouldn't return paths to client") + } - if _, err := io.Copy(part, bytes.NewReader(file)); err != nil { - return nil, err + // Should be able to get files after migration + if body, err := Client.GetFile(infos[0].Id); err != nil { + t.Fatal(err) + } else { + body.Close() } - field, err := writer.CreateFormField("channel_id") + if body, err := Client.GetFile(infos[1].Id); err != nil { + t.Fatal(err) + } else { + body.Close() + } + + // Make sure we aren't generating a new set of FileInfos on a second call to GetFileInfosForPost + if infos2 := Client.MustGeneric(Client.GetFileInfosForPost(post1.ChannelId, post1.Id, "")).([]*model.FileInfo); len(infos2) != len(infos) { + t.Fatal("should've received the same 2 infos after second call") + } else if (infos[0].Id != infos2[0].Id && infos[0].Id != infos2[1].Id) || (infos[1].Id != infos2[0].Id && infos[1].Id != infos2[1].Id) { + t.Fatal("should've returned the exact same 2 infos after second call") + } + + if result, err := Client.GetPost(post1.ChannelId, post1.Id, ""); err != nil { + t.Fatal(err) + } else if post := result.Data.(*model.PostList).Posts[post1.Id]; len(post.Filenames) != 0 { + t.Fatal("post shouldn't have filenames") + } else if len(post.FileIds) != 2 { + t.Fatal("post should have 2 file ids") + } else if (infos[0].Id != post.FileIds[0] && infos[0].Id != post.FileIds[1]) || (infos[1].Id != post.FileIds[0] && infos[1].Id != post.FileIds[1]) { + t.Fatal("post file ids should match GetFileInfosForPost results") + } +} + +func TestFindTeamIdForFilename(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + Client := th.BasicClient + + user1 := th.BasicUser + + team1 := th.BasicTeam + team2 := th.CreateTeam(th.BasicClient) + + channel1 := th.BasicChannel + + Client.SetTeamId(team2.Id) + channel2 := Client.Must(Client.CreateChannel(&model.Channel{ + Name: model.NewId(), + Type: model.CHANNEL_OPEN, + // No TeamId set to simulate a direct channel + })).Data.(*model.Channel) + Client.SetTeamId(team1.Id) + + var fileId1 string + var fileId2 string + data, err := readTestFile("test.png") if err != nil { - return nil, err + t.Fatal(err) + } else { + fileId1 = Client.MustGeneric(Client.UploadPostAttachment(data, channel1.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + + Client.SetTeamId(team2.Id) + fileId2 = Client.MustGeneric(Client.UploadPostAttachment(data, channel2.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + Client.SetTeamId(team1.Id) } - if _, err := field.Write([]byte(channelId)); err != nil { - return nil, err + // Bypass the Client whenever possible since we're trying to simulate a pre-3.5 post + post1 := store.Must(Srv.Store.Post().Save(&model.Post{ + UserId: user1.Id, + ChannelId: channel1.Id, + Message: "test", + Filenames: []string{fmt.Sprintf("/%s/%s/%s/%s", channel1.Id, user1.Id, fileId1, "test.png")}, + })).(*model.Post) + + if teamId := findTeamIdForFilename(post1, post1.Filenames[0]); teamId != team1.Id { + t.Fatal("file should've been found under team1") + } + + Client.SetTeamId(team2.Id) + post2 := store.Must(Srv.Store.Post().Save(&model.Post{ + UserId: user1.Id, + ChannelId: channel2.Id, + Message: "test", + Filenames: []string{fmt.Sprintf("/%s/%s/%s/%s", channel2.Id, user1.Id, fileId2, "test.png")}, + })).(*model.Post) + Client.SetTeamId(team1.Id) + + if teamId := findTeamIdForFilename(post2, post2.Filenames[0]); teamId != team2.Id { + t.Fatal("file should've been found under team2") + } +} + +func TestGetInfoForFilename(t *testing.T) { + th := Setup().InitBasic() + + if utils.Cfg.FileSettings.DriverName == "" { + t.Skip("skipping because no file driver is enabled") + } + + Client := th.BasicClient + + user1 := th.BasicUser + + team1 := th.BasicTeam + + channel1 := th.BasicChannel + + var fileId1 string + var path string + var thumbnailPath string + var previewPath string + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } else { + fileId1 = Client.MustGeneric(Client.UploadPostAttachment(data, channel1.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + path = store.Must(Srv.Store.FileInfo().Get(fileId1)).(*model.FileInfo).Path + thumbnailPath = store.Must(Srv.Store.FileInfo().Get(fileId1)).(*model.FileInfo).ThumbnailPath + previewPath = store.Must(Srv.Store.FileInfo().Get(fileId1)).(*model.FileInfo).PreviewPath + } + + // Bypass the Client whenever possible since we're trying to simulate a pre-3.5 post + post1 := store.Must(Srv.Store.Post().Save(&model.Post{ + UserId: user1.Id, + ChannelId: channel1.Id, + Message: "test", + Filenames: []string{fmt.Sprintf("/%s/%s/%s/%s", channel1.Id, user1.Id, fileId1, "test.png")}, + })).(*model.Post) + + if info := getInfoForFilename(post1, team1.Id, post1.Filenames[0]); info == nil { + t.Fatal("info shouldn't be nil") + } else if info.Id == "" { + t.Fatal("info.Id shouldn't be empty") + } else if info.CreatorId != user1.Id { + t.Fatal("incorrect user id") + } else if info.PostId != post1.Id { + t.Fatal("incorrect user id") + } else if info.Path != path { + t.Fatal("incorrect path") + } else if info.ThumbnailPath != thumbnailPath { + t.Fatal("incorrect thumbnail path") + } else if info.PreviewPath != previewPath { + t.Fatal("incorrect preview path") + } else if info.Name != "test.png" { + t.Fatal("incorrect name") } +} - if err := writer.Close(); err != nil { +func readTestFile(name string) ([]byte, error) { + path := utils.FindDir("tests") + file, err := os.Open(path + "/" + name) + if err != nil { return nil, err } + defer file.Close() - if resp, err := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()); err != nil { + data := &bytes.Buffer{} + if _, err := io.Copy(data, file); err != nil { return nil, err } else { - return resp.Data.(*model.FileUploadResponse).Filenames, nil + return data.Bytes(), nil } } -func cleanupTestFile(fullFilename, teamId, channelId, userId string) error { - filenames := strings.Split(fullFilename, "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - fileId := strings.Split(filename, ".")[0] - +func cleanupTestFile(info *model.FileInfo) error { if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { - // perform clean-up on s3 var auth aws.Auth auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey @@ -464,31 +837,36 @@ func cleanupTestFile(fullFilename, teamId, channelId, userId string) error { s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region]) bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket) - if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename); err != nil { + if err := bucket.Del(info.Path); err != nil { return err } - if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg"); err != nil { - return err + if info.ThumbnailPath != "" { + if err := bucket.Del(info.ThumbnailPath); err != nil { + return err + } } - if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg"); err != nil { - return err + if info.PreviewPath != "" { + if err := bucket.Del(info.PreviewPath); err != nil { + return err + } } - } else { - path := utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename - if err := os.Remove(path); err != nil { - return fmt.Errorf("Couldn't remove file at " + path) + } else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL { + if err := os.Remove(utils.Cfg.FileSettings.Directory + info.Path); err != nil { + return err } - path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg" - if err := os.Remove(path); err != nil { - return fmt.Errorf("Couldn't remove file at " + path) + if info.ThumbnailPath != "" { + if err := os.Remove(utils.Cfg.FileSettings.Directory + info.ThumbnailPath); err != nil { + return err + } } - path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg" - if err := os.Remove(path); err != nil { - return fmt.Errorf("Couldn't remove file at " + path) + if info.PreviewPath != "" { + if err := os.Remove(utils.Cfg.FileSettings.Directory + info.PreviewPath); err != nil { + return err + } } } diff --git a/api/post.go b/api/post.go index 1286a23d9..498f5b363 100644 --- a/api/post.go +++ b/api/post.go @@ -49,6 +49,7 @@ func InitPost() { BaseRoutes.NeedPost.Handle("/delete", ApiUserRequired(deletePost)).Methods("POST") BaseRoutes.NeedPost.Handle("/before/{offset:[0-9]+}/{num_posts:[0-9]+}", ApiUserRequired(getPostsBefore)).Methods("GET") BaseRoutes.NeedPost.Handle("/after/{offset:[0-9]+}/{num_posts:[0-9]+}", ApiUserRequired(getPostsAfter)).Methods("GET") + BaseRoutes.NeedPost.Handle("/get_file_infos", ApiUserRequired(getFileInfosForPost)).Methods("GET") } func createPost(c *Context, w http.ResponseWriter, r *http.Request) { @@ -135,48 +136,26 @@ func CreatePost(c *Context, post *model.Post, triggerWebhooks bool) (*model.Post post.Hashtags, _ = model.ParseHashtags(post.Message) - if len(post.Filenames) > 0 { - doRemove := false - for i := len(post.Filenames) - 1; i >= 0; i-- { - path := post.Filenames[i] - - doRemove = false - if model.UrlRegex.MatchString(path) { - continue - } else if model.PartialUrlRegex.MatchString(path) { - matches := model.PartialUrlRegex.FindAllStringSubmatch(path, -1) - if len(matches) == 0 || len(matches[0]) < 4 { - doRemove = true - } - - channelId := matches[0][1] - if channelId != post.ChannelId { - doRemove = true - } - - userId := matches[0][2] - if userId != post.UserId { - doRemove = true - } - } else { - doRemove = true - } - if doRemove { - l4g.Error(utils.T("api.post.create_post.bad_filename.error"), path) - post.Filenames = append(post.Filenames[:i], post.Filenames[i+1:]...) - } - } - } - var rpost *model.Post if result := <-Srv.Store.Post().Save(post); result.Err != nil { return nil, result.Err } else { rpost = result.Data.(*model.Post) + } + + if len(post.FileIds) > 0 { + // There's a rare bug where the client sends up duplicate FileIds so protect against that + post.FileIds = utils.RemoveDuplicatesFromStringArray(post.FileIds) - go handlePostEvents(c, rpost, triggerWebhooks) + for _, fileId := range post.FileIds { + if result := <-Srv.Store.FileInfo().AttachToPost(fileId, post.Id); result.Err != nil { + l4g.Error(utils.T("api.post.create_post.attach_files.error"), post.Id, post.FileIds, c.Session.UserId, result.Err) + } + } } + go handlePostEvents(c, rpost, triggerWebhooks) + return rpost, nil } @@ -566,6 +545,7 @@ func sendNotifications(c *Context, post *model.Post, team *model.Team, channel * pchan := Srv.Store.User().GetProfiles(c.TeamId) dpchan := Srv.Store.User().GetDirectProfiles(c.Session.UserId) mchan := Srv.Store.Channel().GetMembers(post.ChannelId) + fchan := Srv.Store.FileInfo().GetForPost(post.Id) var profileMap map[string]*model.User if result := <-pchan; result.Err != nil { @@ -785,12 +765,18 @@ func sendNotifications(c *Context, post *model.Post, team *model.Team, channel * message.Add("sender_name", senderName) message.Add("team_id", team.Id) - if len(post.Filenames) != 0 { + if len(post.FileIds) != 0 { message.Add("otherFile", "true") - for _, filename := range post.Filenames { - ext := filepath.Ext(filename) - if model.IsFileExtImage(ext) { + var infos []*model.FileInfo + if result := <-fchan; result.Err != nil { + l4g.Warn(utils.T("api.post.send_notifications.files.error"), post.Id, result.Err) + } else { + infos = result.Data.([]*model.FileInfo) + } + + for _, info := range infos { + if info.IsImage() { message.Add("image", "true") break } @@ -915,22 +901,29 @@ func sendNotificationEmail(c *Context, post *model.Post, user *model.User, chann } func getMessageForNotification(post *model.Post, translateFunc i18n.TranslateFunc) string { - if len(strings.TrimSpace(post.Message)) != 0 || len(post.Filenames) == 0 { + if len(strings.TrimSpace(post.Message)) != 0 || len(post.FileIds) == 0 { return post.Message } // extract the filenames from their paths and determine what type of files are attached - filenames := make([]string, len(post.Filenames)) + var infos []*model.FileInfo + if result := <-Srv.Store.FileInfo().GetForPost(post.Id); result.Err != nil { + l4g.Warn(utils.T("api.post.get_message_for_notification.get_files.error"), post.Id, result.Err) + } else { + infos = result.Data.([]*model.FileInfo) + } + + filenames := make([]string, len(infos)) onlyImages := true - for i, filename := range post.Filenames { - var err error - if filenames[i], err = url.QueryUnescape(filepath.Base(filename)); err != nil { + for i, info := range infos { + if escaped, err := url.QueryUnescape(filepath.Base(info.Name)); err != nil { // this should never error since filepath was escaped using url.QueryEscape - filenames[i] = filepath.Base(filename) + filenames[i] = escaped + } else { + filenames[i] = info.Name } - ext := filepath.Ext(filename) - onlyImages = onlyImages && model.IsFileExtImage(ext) + onlyImages = onlyImages && info.IsImage() } props := map[string]interface{}{"Filenames": strings.Join(filenames, ", ")} @@ -1099,9 +1092,6 @@ func SendEphemeralPost(teamId, userId string, post *model.Post) { if post.Props == nil { post.Props = model.StringInterface{} } - if post.Filenames == nil { - post.Filenames = []string{} - } message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_EPHEMERAL_MESSAGE, "", post.ChannelId, userId, nil) message.Add("post", post.ToJson()) @@ -1156,9 +1146,13 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { } } - hashtags, _ := model.ParseHashtags(post.Message) + newPost := &model.Post{} + *newPost = *oldPost + + newPost.Message = post.Message + newPost.Hashtags, _ = model.ParseHashtags(post.Message) - if result := <-Srv.Store.Post().Update(oldPost, post.Message, hashtags); result.Err != nil { + if result := <-Srv.Store.Post().Update(newPost, oldPost); result.Err != nil { c.Err = result.Err return } else { @@ -1449,7 +1443,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { message.Add("post", post.ToJson()) go Publish(message) - go DeletePostFiles(c.TeamId, post) + go DeletePostFiles(post) go DeleteFlaggedPost(c.Session.UserId, post) result := make(map[string]string) @@ -1465,17 +1459,13 @@ func DeleteFlaggedPost(userId string, post *model.Post) { } } -func DeletePostFiles(teamId string, post *model.Post) { - if len(post.Filenames) == 0 { +func DeletePostFiles(post *model.Post) { + if len(post.FileIds) != 0 { return } - prefix := "teams/" + teamId + "/channels/" + post.ChannelId + "/users/" + post.UserId + "/" - for _, filename := range post.Filenames { - splitUrl := strings.Split(filename, "/") - oldPath := prefix + splitUrl[len(splitUrl)-2] + "/" + splitUrl[len(splitUrl)-1] - newPath := prefix + splitUrl[len(splitUrl)-2] + "/deleted_" + splitUrl[len(splitUrl)-1] - MoveFile(oldPath, newPath) + if result := <-Srv.Store.FileInfo().DeleteForPost(post.Id); result.Err != nil { + l4g.Warn(utils.T("api.post.delete_post_files.app_error.warn"), post.Id, result.Err) } } @@ -1583,3 +1573,59 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) { w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") w.Write([]byte(posts.ToJson())) } + +func getFileInfosForPost(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + + channelId := params["channel_id"] + if len(channelId) != 26 { + c.SetInvalidParam("getFileInfosForPost", "channelId") + return + } + + postId := params["post_id"] + if len(postId) != 26 { + c.SetInvalidParam("getFileInfosForPost", "postId") + return + } + + pchan := Srv.Store.Post().Get(postId) + fchan := Srv.Store.FileInfo().GetForPost(postId) + + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) { + return + } + + var infos []*model.FileInfo + if result := <-fchan; result.Err != nil { + c.Err = result.Err + return + } else { + infos = result.Data.([]*model.FileInfo) + } + + if len(infos) == 0 { + // No FileInfos were returned so check if they need to be created for this post + var post *model.Post + if result := <-pchan; result.Err != nil { + c.Err = result.Err + return + } else { + post = result.Data.(*model.PostList).Posts[postId] + } + + if len(post.Filenames) > 0 { + // The post has Filenames that need to be replaced with FileInfos + infos = migrateFilenamesToFileInfos(post) + } + } + + etag := model.GetEtagForFileInfos(infos) + + if HandleEtag(etag, w, r) { + return + } else { + w.Header().Set(model.HEADER_ETAG_SERVER, etag) + w.Write([]byte(model.FileInfosToJson(infos))) + } +} diff --git a/api/post_benchmark_test.go b/api/post_benchmark_test.go deleted file mode 100644 index 5424bc1dd..000000000 --- a/api/post_benchmark_test.go +++ /dev/null @@ -1,148 +0,0 @@ -// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. -// See License.txt for license information. - -package api - -import ( - "github.com/mattermost/platform/utils" - "testing" -) - -const ( - NUM_POSTS = 100 -) - -func BenchmarkCreatePost(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - testPoster.CreateTestPosts(NUM_POSTS_RANGE) - } -} - -func BenchmarkUpdatePost(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - UPDATE_POST_LEN = 100 - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - posts, valid := testPoster.CreateTestPosts(NUM_POSTS_RANGE) - if valid == false { - b.Fatal("Unable to create test posts") - } - - for i := range posts { - posts[i].Message = utils.RandString(UPDATE_POST_LEN, utils.ALPHANUMERIC) - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for i := range posts { - if _, err := Client.UpdatePost(posts[i]); err != nil { - b.Fatal(err) - } - } - } -} - -func BenchmarkGetPosts(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - testPoster.CreateTestPosts(NUM_POSTS_RANGE) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - Client.Must(Client.GetPosts(channel.Id, 0, NUM_POSTS, "")) - } -} - -func BenchmarkSearchPosts(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - testPoster.CreateTestPosts(NUM_POSTS_RANGE) - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - Client.Must(Client.SearchPosts("nothere", false)) - Client.Must(Client.SearchPosts("n", false)) - Client.Must(Client.SearchPosts("#tag", false)) - } -} - -func BenchmarkEtagCache(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - testPoster.CreateTestPosts(NUM_POSTS_RANGE) - - etag := Client.Must(Client.GetPosts(channel.Id, 0, NUM_POSTS/2, "")).Etag - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - Client.Must(Client.GetPosts(channel.Id, 0, NUM_POSTS/2, etag)) - } -} - -func BenchmarkDeletePosts(b *testing.B) { - var ( - NUM_POSTS_RANGE = utils.Range{NUM_POSTS, NUM_POSTS} - ) - - th := Setup().InitBasic() - Client := th.BasicClient - channel := th.BasicChannel - - testPoster := NewAutoPostCreator(Client, channel.Id) - posts, valid := testPoster.CreateTestPosts(NUM_POSTS_RANGE) - if valid == false { - b.Fatal("Unable to create test posts") - } - - // Benchmark Start - b.ResetTimer() - for i := 0; i < b.N; i++ { - for i := range posts { - Client.Must(Client.DeletePost(channel.Id, posts[i].Id)) - } - } - -} diff --git a/api/post_test.go b/api/post_test.go index 7b7832148..bdc5278e4 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -15,6 +15,7 @@ import ( "time" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -23,15 +24,12 @@ func TestCreatePost(t *testing.T) { Client := th.BasicClient team := th.BasicTeam team2 := th.CreateTeam(th.BasicClient) - user1 := th.BasicUser user3 := th.CreateUser(th.BasicClient) LinkUserToTeam(user3, team2) channel1 := th.BasicChannel channel2 := th.CreateChannel(Client, team) - filenames := []string{"/12345678901234567890123456/12345678901234567890123456/12345678901234567890123456/test.png", "/" + channel1.Id + "/" + user1.Id + "/test.png", "www.mattermost.com/fake/url", "junk"} - - post1 := &model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a", Filenames: filenames} + post1 := &model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a"} rpost1, err := Client.CreatePost(post1) if err != nil { t.Fatal(err) @@ -45,8 +43,8 @@ func TestCreatePost(t *testing.T) { t.Fatal("hashtag didn't match") } - if len(rpost1.Data.(*model.Post).Filenames) != 2 { - t.Fatal("filenames didn't parse correctly") + if len(rpost1.Data.(*model.Post).FileIds) != 0 { + t.Fatal("shouldn't have files") } post2 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id} @@ -109,6 +107,35 @@ func TestCreatePost(t *testing.T) { if _, err = Client.DoApiPost("/channels/"+channel3.Id+"/create", "garbage"); err == nil { t.Fatal("should have been an error") } + + fileIds := make([]string, 4) + if data, err := readTestFile("test.png"); err != nil { + t.Fatal(err) + } else { + for i := 0; i < 3; i++ { + fileIds[i] = Client.MustGeneric(Client.UploadPostAttachment(data, channel3.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } + } + + // Make sure duplicated file ids are removed + fileIds[3] = fileIds[0] + + post9 := &model.Post{ + ChannelId: channel3.Id, + Message: "test", + FileIds: fileIds, + } + if resp, err := Client.CreatePost(post9); err != nil { + t.Fatal(err) + } else if rpost9 := resp.Data.(*model.Post); len(rpost9.FileIds) != 3 { + t.Fatal("post should have 3 files") + } else { + infos := store.Must(Srv.Store.FileInfo().GetForPost(rpost9.Id)).([]*model.FileInfo) + + if len(infos) != 3 { + t.Fatal("should've attached all 3 files to post") + } + } } func testCreatePostWithOutgoingHook( @@ -800,10 +827,8 @@ func TestFuzzyPosts(t *testing.T) { Client := th.BasicClient channel1 := th.BasicChannel - filenames := []string{"junk"} - for i := 0; i < len(utils.FUZZY_STRINGS_POSTS); i++ { - post := &model.Post{ChannelId: channel1.Id, Message: utils.FUZZY_STRINGS_POSTS[i], Filenames: filenames} + post := &model.Post{ChannelId: channel1.Id, Message: utils.FUZZY_STRINGS_POSTS[i]} _, err := Client.CreatePost(post) if err != nil { @@ -1150,19 +1175,49 @@ func TestGetFlaggedPosts(t *testing.T) { } func TestGetMessageForNotification(t *testing.T) { - Setup() + Setup().InitBasic() + + testPng := store.Must(Srv.Store.FileInfo().Save(&model.FileInfo{ + CreatorId: model.NewId(), + Path: "test1.png", + Name: "test1.png", + MimeType: "image/png", + })).(*model.FileInfo) + + testJpg1 := store.Must(Srv.Store.FileInfo().Save(&model.FileInfo{ + CreatorId: model.NewId(), + Path: "test2.jpg", + Name: "test2.jpg", + MimeType: "image/jpeg", + })).(*model.FileInfo) + + testFile := store.Must(Srv.Store.FileInfo().Save(&model.FileInfo{ + CreatorId: model.NewId(), + Path: "test1.go", + Name: "test1.go", + MimeType: "text/plain", + })).(*model.FileInfo) + + testJpg2 := store.Must(Srv.Store.FileInfo().Save(&model.FileInfo{ + CreatorId: model.NewId(), + Path: "test3.jpg", + Name: "test3.jpg", + MimeType: "image/jpeg", + })).(*model.FileInfo) + translateFunc := utils.GetUserTranslations("en") post := &model.Post{ - Message: "test", - Filenames: model.StringArray{}, + Id: model.NewId(), + Message: "test", } if getMessageForNotification(post, translateFunc) != "test" { t.Fatal("should've returned message text") } - post.Filenames = model.StringArray{"test1.png"} + post.FileIds = model.StringArray{testPng.Id} + store.Must(Srv.Store.FileInfo().AttachToPost(testPng.Id, post.Id)) if getMessageForNotification(post, translateFunc) != "test" { t.Fatal("should've returned message text, even with attachments") } @@ -1172,18 +1227,60 @@ func TestGetMessageForNotification(t *testing.T) { t.Fatal("should've returned number of images:", message) } - post.Filenames = model.StringArray{"test1.png", "test2.jpg"} + post.FileIds = model.StringArray{testPng.Id, testJpg1.Id} + store.Must(Srv.Store.FileInfo().AttachToPost(testJpg1.Id, post.Id)) if message := getMessageForNotification(post, translateFunc); message != "2 images sent: test1.png, test2.jpg" { t.Fatal("should've returned number of images:", message) } - post.Filenames = model.StringArray{"test1.go"} + post.Id = model.NewId() + post.FileIds = model.StringArray{testFile.Id} + store.Must(Srv.Store.FileInfo().AttachToPost(testFile.Id, post.Id)) if message := getMessageForNotification(post, translateFunc); message != "1 file sent: test1.go" { t.Fatal("should've returned number of files:", message) } - post.Filenames = model.StringArray{"test1.go", "test2.jpg"} - if message := getMessageForNotification(post, translateFunc); message != "2 files sent: test1.go, test2.jpg" { + store.Must(Srv.Store.FileInfo().AttachToPost(testJpg2.Id, post.Id)) + post.FileIds = model.StringArray{testFile.Id, testJpg2.Id} + if message := getMessageForNotification(post, translateFunc); message != "2 files sent: test1.go, test3.jpg" { t.Fatal("should've returned number of mixed files:", message) } } + +func TestGetFileInfosForPost(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + channel1 := th.BasicChannel + + fileIds := make([]string, 3, 3) + if data, err := readTestFile("test.png"); err != nil { + t.Fatal(err) + } else { + for i := 0; i < 3; i++ { + fileIds[i] = Client.MustGeneric(Client.UploadPostAttachment(data, channel1.Id, "test.png")).(*model.FileUploadResponse).FileInfos[0].Id + } + } + + post1 := Client.Must(Client.CreatePost(&model.Post{ + ChannelId: channel1.Id, + Message: "test", + FileIds: fileIds, + })).Data.(*model.Post) + + var etag string + if infos, err := Client.GetFileInfosForPost(channel1.Id, post1.Id, ""); err != nil { + t.Fatal(err) + } else if len(infos) != 3 { + t.Fatal("should've received 3 files") + } else if Client.Etag == "" { + t.Fatal("should've received etag") + } else { + etag = Client.Etag + } + + if infos, err := Client.GetFileInfosForPost(channel1.Id, post1.Id, etag); err != nil { + t.Fatal(err) + } else if len(infos) != 0 { + t.Fatal("should've returned nothing because of etag") + } +} -- cgit v1.2.3-1-g7c22