Implement upload and get file endpoints for APIv4 (#5396)

* Implement POST /files endpoint for APIv4

* Implement GET /files/{file_id} endpoint for APIv4

.gitignore

@@ -71,6 +71,7 @@ web/sass-files/sass/.sass-cache/
 data/*
 webapp/data/*
 api/data/*
+api4/data/*
 
 enterprise
 

api/file.go

@@ -4,9 +4,6 @@
 package api
 
 import (
-	"bytes"
-	_ "image/gif"
-	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -16,7 +13,6 @@ import (
 	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
-	_ "golang.org/x/image/bmp"
 )
 
 func InitFile() {
@@ -35,12 +31,6 @@ func InitFile() {
 }
 
 func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
-	if len(utils.Cfg.FileSettings.DriverName) == 0 {
-		c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.storage.app_error", nil, "")
-		c.Err.StatusCode = http.StatusNotImplemented
-		return
-	}
-
 	if r.ContentLength > *utils.Cfg.FileSettings.MaxFileSize {
 		c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.too_large.app_error", nil, "")
 		c.Err.StatusCode = http.StatusRequestEntityTooLarge
@@ -70,48 +60,12 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	resStruct := &model.FileUploadResponse{
-		FileInfos: []*model.FileInfo{},
-		ClientIds: []string{},
-	}
-
-	previewPathList := []string{}
-	thumbnailPathList := []string{}
-	imageDataList := [][]byte{}
-
-	for i, fileHeader := range m.File["files"] {
-		file, fileErr := fileHeader.Open()
-		defer file.Close()
-		if fileErr != nil {
-			http.Error(w, fileErr.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		buf := bytes.NewBuffer(nil)
-		io.Copy(buf, file)
-		data := buf.Bytes()
-
-		info, err := app.DoUploadFile(c.TeamId, channelId, c.Session.UserId, fileHeader.Filename, data)
-		if err != nil {
-			c.Err = err
-			return
-		}
-
-		if info.PreviewPath != "" || info.ThumbnailPath != "" {
-			previewPathList = append(previewPathList, info.PreviewPath)
-			thumbnailPathList = append(thumbnailPathList, info.ThumbnailPath)
-			imageDataList = append(imageDataList, data)
-		}
-
-		resStruct.FileInfos = append(resStruct.FileInfos, info)
-
-		if len(m.Value["client_ids"]) > 0 {
-			resStruct.ClientIds = append(resStruct.ClientIds, m.Value["client_ids"][i])
-		}
+	resStruct, err := app.UploadFiles(c.TeamId, channelId, c.Session.UserId, m.File["files"], m.Value["client_ids"])
+	if err != nil {
+		c.Err = err
+		return
 	}
 
-	app.HandleImages(previewPathList, thumbnailPathList, imageDataList)
-
 	w.Write([]byte(resStruct.ToJson()))
 }
 
@@ -239,11 +193,9 @@ func getFileInfoForRequest(c *Context, r *http.Request, requireFileVisible bool)
 		return nil, NewInvalidParamError("getFileInfoForRequest", "file_id")
 	}
 
-	var info *model.FileInfo
-	if result := <-app.Srv.Store.FileInfo().Get(fileId); result.Err != nil {
-		return nil, result.Err
-	} else {
-		info = result.Data.(*model.FileInfo)
+	info, err := app.GetFileInfo(fileId)
+	if err != nil {
+		return nil, err
 	}
 
 	// only let users access files visible in a channel, unless they're the one who uploaded the file

api4/api.go

@@ -143,6 +143,7 @@ func InitApi(full bool) {
 	InitTeam()
 	InitChannel()
 	InitPost()
+	InitFile()
 	InitSystem()
 
 	app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))

api4/apitestlib.go

@@ -4,7 +4,10 @@
 package api4
 
 import (
+	"bytes"
+	"io"
 	"net/http"
+	"os"
 	"reflect"
 	"runtime/debug"
 	"strconv"
@@ -17,6 +20,8 @@ import (
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
+
+	s3 "github.com/minio/minio-go"
 )
 
 type TestHelper struct {
@@ -398,3 +403,66 @@ func CheckErrorMessage(t *testing.T, resp *model.Response, errorId string) {
 		t.Fatal("incorrect error message")
 	}
 }
+
+func readTestFile(name string) ([]byte, error) {
+	path := utils.FindDir("tests")
+	file, err := os.Open(path + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+
+	data := &bytes.Buffer{}
+	if _, err := io.Copy(data, file); err != nil {
+		return nil, err
+	} else {
+		return data.Bytes(), nil
+	}
+}
+
+func cleanupTestFile(info *model.FileInfo) error {
+	if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
+		endpoint := utils.Cfg.FileSettings.AmazonS3Endpoint
+		accessKey := utils.Cfg.FileSettings.AmazonS3AccessKeyId
+		secretKey := utils.Cfg.FileSettings.AmazonS3SecretAccessKey
+		secure := *utils.Cfg.FileSettings.AmazonS3SSL
+		s3Clnt, err := s3.New(endpoint, accessKey, secretKey, secure)
+		if err != nil {
+			return err
+		}
+		bucket := utils.Cfg.FileSettings.AmazonS3Bucket
+		if err := s3Clnt.RemoveObject(bucket, info.Path); err != nil {
+			return err
+		}
+
+		if info.ThumbnailPath != "" {
+			if err := s3Clnt.RemoveObject(bucket, info.ThumbnailPath); err != nil {
+				return err
+			}
+		}
+
+		if info.PreviewPath != "" {
+			if err := s3Clnt.RemoveObject(bucket, info.PreviewPath); err != nil {
+				return err
+			}
+		}
+	} else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL {
+		if err := os.Remove(utils.Cfg.FileSettings.Directory + info.Path); err != nil {
+			return err
+		}
+
+		if info.ThumbnailPath != "" {
+			if err := os.Remove(utils.Cfg.FileSettings.Directory + info.ThumbnailPath); err != nil {
+				return err
+			}
+		}
+
+		if info.PreviewPath != "" {
+			if err := os.Remove(utils.Cfg.FileSettings.Directory + info.PreviewPath); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}

api4/context.go

@@ -382,12 +382,24 @@ func (c *Context) RequirePostId() *Context {
 	return c
 }
 
+func (c *Context) RequireFileId() *Context {
+	if c.Err != nil {
+		return c
+	}
+
+	if len(c.Params.FileId) != 26 {
+		c.SetInvalidUrlParam("file_id")
+	}
+
+	return c
+}
+
 func (c *Context) RequireTeamName() *Context {
 	if c.Err != nil {
 		return c
 	}
 
-	if !model.IsValidTeamName(c.Params.TeamName){
+	if !model.IsValidTeamName(c.Params.TeamName) {
 		c.SetInvalidUrlParam("team_name")
 	}
 
@@ -401,7 +413,7 @@ func (c *Context) RequireChannelName() *Context {
 
 	if !model.IsValidChannelIdentifier(c.Params.ChannelName) {
 		c.SetInvalidUrlParam("channel_name")
-	} 
+	}
 
 	return c
 }
@@ -417,5 +429,3 @@ func (c *Context) RequireEmail() *Context {
 
 	return c
 }
-
-

api4/file.go

@@ -0,0 +1,114 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+	"net/url"
+	"strconv"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+const (
+	FILE_TEAM_ID = "noteam"
+)
+
+func InitFile() {
+	l4g.Debug(utils.T("api.file.init.debug"))
+
+	BaseRoutes.Files.Handle("", ApiSessionRequired(uploadFile)).Methods("POST")
+	BaseRoutes.File.Handle("", ApiSessionRequired(getFile)).Methods("GET")
+
+}
+
+func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
+	if r.ContentLength > *utils.Cfg.FileSettings.MaxFileSize {
+		c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.too_large.app_error", nil, "")
+		c.Err.StatusCode = http.StatusRequestEntityTooLarge
+		return
+	}
+
+	if err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	m := r.MultipartForm
+
+	props := m.Value
+	if len(props["channel_id"]) == 0 {
+		c.SetInvalidParam("channel_id")
+		return
+	}
+	channelId := props["channel_id"][0]
+	if len(channelId) == 0 {
+		c.SetInvalidParam("channel_id")
+		return
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_UPLOAD_FILE) {
+		c.SetPermissionError(model.PERMISSION_UPLOAD_FILE)
+		return
+	}
+
+	resStruct, err := app.UploadFiles(FILE_TEAM_ID, channelId, c.Session.UserId, m.File["files"], m.Value["client_ids"])
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(resStruct.ToJson()))
+}
+
+func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireFileId()
+	if c.Err != nil {
+		return
+	}
+
+	info, err := app.GetFileInfo(c.Params.FileId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	if info.CreatorId != c.Session.UserId && !app.SessionHasPermissionToChannelByPost(c.Session, info.PostId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if data, err := app.ReadFile(info.Path); err != nil {
+		c.Err = err
+		c.Err.StatusCode = http.StatusNotFound
+	} else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil {
+		c.Err = err
+		return
+	}
+}
+
+func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError {
+	w.Header().Set("Cache-Control", "max-age=2592000, public")
+	w.Header().Set("Content-Length", strconv.Itoa(len(bytes)))
+
+	if contentType != "" {
+		w.Header().Set("Content-Type", contentType)
+	} else {
+		w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+	}
+
+	w.Header().Set("Content-Disposition", "attachment;filename=\""+filename+"\"; filename*=UTF-8''"+url.QueryEscape(filename))
+
+	// prevent file links from being embedded in iframes
+	w.Header().Set("X-Frame-Options", "DENY")
+	w.Header().Set("Content-Security-Policy", "Frame-ancestors 'none'")
+
+	w.Write(bytes)
+
+	return nil
+}