feat: private content (#1137)

* save images as private and serve via signed url from images.info api * download private images to directory on export * fix lint errors * private s3 default, AWS.s3 module level scope, default s3 url expiry * combine regex to one, and only replace when there are matches * fix lint * code not needed anymore, remove * updates after pulling master * revert the uploadToS3FromUrl url return * use model gettr to compact code, rename to attachments api * basic checking of document read permission to allow attachment viewing * fix: Continue to upload avatars as public fix: Allow redirect for non-private attachments * add support for publicly shared documents * catch errors which crash the app during zip export and user creation * add tests * enable AWS signature v4 for s3 * switch to use factories to build models for testing * add isDocker flag for local serving of attachment redirect url * fix redirect tests Co-authored-by: Tom Moor <tom.moor@gmail.com>
2020-02-13 03:40:44 +00:00
parent 064d8cea44
commit 8e2b19dc7a
15 changed files with 316 additions and 39 deletions
--- a/server/models/Attachment.js
+++ b/server/models/Attachment.js
@@ -40,6 +40,12 @@ const Attachment = sequelize.define(
      name: function() {
        return path.parse(this.key).base;
      },
+      redirectUrl: function() {
+        return `/api/attachments.redirect?id=${this.id}`;
+      },
+      isPrivate: function() {
+        return this.acl === 'private';
+      },
    },
  }
 );
--- a/server/models/Team.js
+++ b/server/models/Team.js
@@ -91,12 +91,18 @@ Team.associate = models => {

 const uploadAvatar = async model => {
  const endpoint = publicS3Endpoint();
+  const { avatarUrl } = model;

-  if (model.avatarUrl && !model.avatarUrl.startsWith(endpoint)) {
+  if (
+    avatarUrl &&
+    !avatarUrl.startsWith('/api') &&
+    !avatarUrl.startsWith(endpoint)
+  ) {
    try {
      const newUrl = await uploadToS3FromUrl(
-        model.avatarUrl,
-        `avatars/${model.id}/${uuid.v4()}`
+        avatarUrl,
+        `avatars/${model.id}/${uuid.v4()}`,
+        'public-read'
      );
      if (newUrl) model.avatarUrl = newUrl;
    } catch (err) {
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -128,14 +128,21 @@ const uploadAvatar = async model => {

  if (
    avatarUrl &&
+    !avatarUrl.startsWith('/api') &&
    !avatarUrl.startsWith(endpoint) &&
    !avatarUrl.startsWith(DEFAULT_AVATAR_HOST)
  ) {
-    const newUrl = await uploadToS3FromUrl(
-      avatarUrl,
-      `avatars/${model.id}/${uuid.v4()}`
-    );
-    if (newUrl) model.avatarUrl = newUrl;
+    try {
+      const newUrl = await uploadToS3FromUrl(
+        avatarUrl,
+        `avatars/${model.id}/${uuid.v4()}`,
+        'public-read'
+      );
+      if (newUrl) model.avatarUrl = newUrl;
+    } catch (err) {
+      // we can try again next time
+      console.error(err);
+    }
  }
 };