/
file-download.controller.ts
71 lines (66 loc) · 1.87 KB
/
file-download.controller.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
// Copyright IBM Corp. and LoopBack contributors 2020. All Rights Reserved.
// Node module: @loopback/example-file-transfer
// This file is licensed under the MIT License.
// License text available at https://opensource.org/licenses/MIT
import {inject} from '@loopback/core';
import {
get,
HttpErrors,
oas,
param,
Response,
RestBindings,
} from '@loopback/rest';
import fs from 'fs';
import path from 'path';
import {promisify} from 'util';
import {STORAGE_DIRECTORY} from '../keys';
const readdir = promisify(fs.readdir);
/**
* A controller to handle file downloads using multipart/form-data media type
*/
export class FileDownloadController {
constructor(@inject(STORAGE_DIRECTORY) private storageDirectory: string) {}
@get('/files', {
responses: {
200: {
content: {
// string[]
'application/json': {
schema: {
type: 'array',
items: {
type: 'string',
},
},
},
},
description: 'A list of files',
},
},
})
async listFiles() {
const files = await readdir(this.storageDirectory);
return files;
}
@get('/files/{filename}')
@oas.response.file()
downloadFile(
@param.path.string('filename') fileName: string,
@inject(RestBindings.Http.RESPONSE) response: Response,
) {
const file = this.validateFileName(fileName);
response.download(file, fileName);
return response;
}
/**
* Validate file names to prevent them goes beyond the designated directory
* @param fileName - File name
*/
private validateFileName(fileName: string) {
const resolved = path.resolve(this.storageDirectory, fileName);
if (resolved.startsWith(this.storageDirectory)) return resolved;
// The resolved file is outside sandbox
throw new HttpErrors.BadRequest(`Invalid file name: ${fileName}`);
}
}