From 51dc5fa36ed2d5afa72bf630d66693bd99acb916 Mon Sep 17 00:00:00 2001 From: Saturnino Abril Date: Sat, 28 Jul 2018 14:27:55 +0800 Subject: [MM-10621] Set createAt timestamp on file upload api call to secure upload order of files (#9170) * set createAt timestamp on file upload api call to secure upload order of files * fix test on plugin hooks --- app/file.go | 9 +++++---- app/plugin_hooks_test.go | 2 ++ 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'app') diff --git a/app/file.go b/app/file.go index b0c80da16..7dbcdd394 100644 --- a/app/file.go +++ b/app/file.go @@ -321,7 +321,7 @@ func GeneratePublicLinkHash(fileId, salt string) string { return base64.RawURLEncoding.EncodeToString(hash.Sum(nil)) } -func (a *App) UploadMultipartFiles(teamId string, channelId string, userId string, fileHeaders []*multipart.FileHeader, clientIds []string) (*model.FileUploadResponse, *model.AppError) { +func (a *App) UploadMultipartFiles(teamId string, channelId string, userId string, fileHeaders []*multipart.FileHeader, clientIds []string, now time.Time) (*model.FileUploadResponse, *model.AppError) { files := make([]io.ReadCloser, len(fileHeaders)) filenames := make([]string, len(fileHeaders)) @@ -338,13 +338,13 @@ func (a *App) UploadMultipartFiles(teamId string, channelId string, userId strin filenames[i] = fileHeader.Filename } - return a.UploadFiles(teamId, channelId, userId, files, filenames, clientIds) + return a.UploadFiles(teamId, channelId, userId, files, filenames, clientIds, now) } // Uploads some files to the given team and channel as the given user. files and filenames should have // the same length. clientIds should either not be provided or have the same length as files and filenames. // The provided files should be closed by the caller so that they are not leaked. -func (a *App) UploadFiles(teamId string, channelId string, userId string, files []io.ReadCloser, filenames []string, clientIds []string) (*model.FileUploadResponse, *model.AppError) { +func (a *App) UploadFiles(teamId string, channelId string, userId string, files []io.ReadCloser, filenames []string, clientIds []string, now time.Time) (*model.FileUploadResponse, *model.AppError) { if len(*a.Config().FileSettings.DriverName) == 0 { return nil, model.NewAppError("uploadFile", "api.file.upload_file.storage.app_error", nil, "", http.StatusNotImplemented) } @@ -367,7 +367,7 @@ func (a *App) UploadFiles(teamId string, channelId string, userId string, files io.Copy(buf, file) data := buf.Bytes() - info, data, err := a.DoUploadFileExpectModification(time.Now(), teamId, channelId, userId, filenames[i], data) + info, data, err := a.DoUploadFileExpectModification(now, teamId, channelId, userId, filenames[i], data) if err != nil { return nil, err } @@ -417,6 +417,7 @@ func (a *App) DoUploadFileExpectModification(now time.Time, rawTeamId string, ra info.Id = model.NewId() info.CreatorId = userId + info.CreateAt = now.UnixNano() / int64(time.Millisecond) pathPrefix := now.Format("20060102") + "/teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + info.Id + "/" info.Path = pathPrefix + filename diff --git a/app/plugin_hooks_test.go b/app/plugin_hooks_test.go index 6e8434cab..488d81757 100644 --- a/app/plugin_hooks_test.go +++ b/app/plugin_hooks_test.go @@ -11,6 +11,7 @@ import ( "os/exec" "path/filepath" "testing" + "time" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/plugin" @@ -352,6 +353,7 @@ func TestHookFileWillBeUploaded(t *testing.T) { []io.ReadCloser{ioutil.NopCloser(bytes.NewBufferString("inputfile"))}, []string{"testhook.txt"}, []string{}, + time.Now(), ) assert.Nil(t, err) assert.NotNil(t, response) -- cgit v1.2.3-1-g7c22