feat: private content (#1137)

* save images as private and serve via signed url from images.info api * download private images to directory on export * fix lint errors * private s3 default, AWS.s3 module level scope, default s3 url expiry * combine regex to one, and only replace when there are matches * fix lint * code not needed anymore, remove * updates after pulling master * revert the uploadToS3FromUrl url return * use model gettr to compact code, rename to attachments api * basic checking of document read permission to allow attachment viewing * fix: Continue to upload avatars as public fix: Allow redirect for non-private attachments * add support for publicly shared documents * catch errors which crash the app during zip export and user creation * add tests * enable AWS signature v4 for s3 * switch to use factories to build models for testing * add isDocker flag for local serving of attachment redirect url * fix redirect tests Co-authored-by: Tom Moor <tom.moor@gmail.com>
2020-02-13 03:40:44 +00:00
parent 064d8cea44
commit 8e2b19dc7a
15 changed files with 316 additions and 39 deletions
--- a/server/presenters/document.js
+++ b/server/presenters/document.js
@@ -1,24 +1,46 @@
 // @flow
 import { takeRight } from 'lodash';
-import { User, Document } from '../models';
+import { User, Document, Attachment } from '../models';
+import { getSignedImageUrl } from '../utils/s3';
 import presentUser from './user';

 type Options = {
  isPublic?: boolean,
 };

+const attachmentRegex = /!\[.*\]\(\/api\/attachments\.redirect\?id=(?<id>.*)\)/gi;
+
+// replaces attachments.redirect urls with signed/authenticated url equivalents
+async function replaceImageAttachments(text) {
+  const attachmentIds = [...text.matchAll(attachmentRegex)].map(
+    match => match.groups && match.groups.id
+  );
+
+  for (const id of attachmentIds) {
+    const attachment = await Attachment.findByPk(id);
+    const accessUrl = await getSignedImageUrl(attachment.key);
+    text = text.replace(attachment.redirectUrl, accessUrl);
+  }
+
+  return text;
+}
+
 export default async function present(document: Document, options: ?Options) {
  options = {
    isPublic: false,
    ...options,
  };

+  const text = options.isPublic
+    ? await replaceImageAttachments(document.text)
+    : document.text;
+
  const data = {
    id: document.id,
    url: document.url,
    urlId: document.urlId,
    title: document.title,
-    text: document.text,
+    text,
    emoji: document.emoji,
    createdAt: document.createdAt,
    createdBy: undefined,