lib/refile/app.rb in refile-0.5.5 vs lib/refile/app.rb in refile-0.6.0
- old
+ new
@@ -30,47 +30,78 @@
response["Access-Control-Allow-Headers"] = request.env["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"].to_s
response["Access-Control-Allow-Method"] = request.env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"].to_s
end
end
- get "/:backend/:id/:filename" do
+ # This will match all token authenticated requests
+ before "/:token/:backend/*" do
+ halt 403 unless verified?
+ end
+
+ get "/:token/:backend/:id/:filename" do
+ halt 404 unless download_allowed?
stream_file file
end
- get "/:backend/:processor/:id/:file_basename.:extension" do
+ get "/:token/:backend/:processor/:id/:file_basename.:extension" do
+ halt 404 unless download_allowed?
stream_file processor.call(file, format: params[:extension])
end
- get "/:backend/:processor/:id/:filename" do
+ get "/:token/:backend/:processor/:id/:filename" do
+ halt 404 unless download_allowed?
stream_file processor.call(file)
end
- get "/:backend/:processor/*/:id/:file_basename.:extension" do
+ get "/:token/:backend/:processor/*/:id/:file_basename.:extension" do
+ halt 404 unless download_allowed?
stream_file processor.call(file, *params[:splat].first.split("/"), format: params[:extension])
end
- get "/:backend/:processor/*/:id/:filename" do
+ get "/:token/:backend/:processor/*/:id/:filename" do
+ halt 404 unless download_allowed?
stream_file processor.call(file, *params[:splat].first.split("/"))
end
options "/:backend" do
""
end
post "/:backend" do
- halt 404 unless Refile.direct_upload.include?(params[:backend])
+ halt 404 unless upload_allowed?
tempfile = request.params.fetch("file").fetch(:tempfile)
file = backend.upload(tempfile)
content_type :json
{ id: file.id }.to_json
end
+ get "/:backend/presign" do
+ halt 404 unless upload_allowed?
+ content_type :json
+ backend.presign.to_json
+ end
+
not_found do
content_type :text
"not found"
end
+ error 403 do
+ content_type :text
+ "forbidden"
+ end
+
+ error Refile::InvalidFile do
+ status 400
+ "Upload failure error"
+ end
+
+ error Refile::InvalidMaxSize do
+ status 413
+ "Upload failure error"
+ end
+
error do |error_thrown|
log_error("Error -> #{error_thrown}")
error_thrown.backtrace.each do |line|
log_error(line)
end
@@ -78,10 +109,18 @@
"error"
end
private
+ def download_allowed?
+ Refile.allow_downloads_from == :all or Refile.allow_downloads_from.include?(params[:backend])
+ end
+
+ def upload_allowed?
+ Refile.allow_uploads_to == :all or Refile.allow_uploads_to.include?(params[:backend])
+ end
+
def logger
Refile.logger
end
def stream_file(file)
@@ -98,16 +137,14 @@
send_file path, filename: filename, disposition: "inline", type: ::File.extname(request.path)
end
def backend
- backend = Refile.backends[params[:backend]]
- unless backend
- log_error("Could not find backend: #{params[:backend]}")
+ Refile.backends.fetch(params[:backend]) do |name|
+ log_error("Could not find backend: #{name}")
halt 404
end
- backend
end
def file
file = backend.get(params[:id])
unless file.exists?
@@ -116,18 +153,22 @@
end
file.download
end
def processor
- processor = Refile.processors[params[:processor]]
- unless processor
- log_error("Could not find processor: #{params[:processor]}")
+ Refile.processors.fetch(params[:processor]) do |name|
+ log_error("Could not find processor: #{name}")
halt 404
end
- processor
end
def log_error(message)
logger.error "#{self.class.name}: #{message}"
+ end
+
+ def verified?
+ base_path = request.path.gsub(::File.join(request.script_name, params[:token]), "")
+
+ Refile.valid_token?(base_path, params[:token])
end
end
end