Merge pull request #2791 from BookStackApp/attachments_open_in_browser

Attachment serving without forced download
This commit is contained in:
Dan Brown 2021-06-13 14:03:08 +01:00 committed by GitHub
commit 2c34a99248
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 122 additions and 35 deletions

View File

@ -14,16 +14,14 @@ use Illuminate\Validation\ValidationException;
class AttachmentController extends Controller class AttachmentController extends Controller
{ {
protected $attachmentService; protected $attachmentService;
protected $attachment;
protected $pageRepo; protected $pageRepo;
/** /**
* AttachmentController constructor. * AttachmentController constructor.
*/ */
public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo) public function __construct(AttachmentService $attachmentService, PageRepo $pageRepo)
{ {
$this->attachmentService = $attachmentService; $this->attachmentService = $attachmentService;
$this->attachment = $attachment;
$this->pageRepo = $pageRepo; $this->pageRepo = $pageRepo;
} }
@ -67,7 +65,7 @@ class AttachmentController extends Controller
'file' => 'required|file' 'file' => 'required|file'
]); ]);
$attachment = $this->attachment->newQuery()->findOrFail($attachmentId); $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('view', $attachment->page); $this->checkOwnablePermission('view', $attachment->page);
$this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment); $this->checkOwnablePermission('attachment-create', $attachment);
@ -89,7 +87,7 @@ class AttachmentController extends Controller
*/ */
public function getUpdateForm(string $attachmentId) public function getUpdateForm(string $attachmentId)
{ {
$attachment = $this->attachment->findOrFail($attachmentId); $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment); $this->checkOwnablePermission('attachment-create', $attachment);
@ -202,9 +200,10 @@ class AttachmentController extends Controller
* @throws FileNotFoundException * @throws FileNotFoundException
* @throws NotFoundException * @throws NotFoundException
*/ */
public function get(string $attachmentId) public function get(Request $request, string $attachmentId)
{ {
$attachment = $this->attachment->findOrFail($attachmentId); /** @var Attachment $attachment */
$attachment = Attachment::query()->findOrFail($attachmentId);
try { try {
$page = $this->pageRepo->getById($attachment->uploaded_to); $page = $this->pageRepo->getById($attachment->uploaded_to);
} catch (NotFoundException $exception) { } catch (NotFoundException $exception) {
@ -217,8 +216,13 @@ class AttachmentController extends Controller
return redirect($attachment->path); return redirect($attachment->path);
} }
$fileName = $attachment->getFileName();
$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment); $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
return $this->downloadResponse($attachmentContents, $attachment->getFileName());
if ($request->get('open') === 'true') {
return $this->inlineDownloadResponse($attachmentContents, $fileName);
}
return $this->downloadResponse($attachmentContents, $fileName);
} }
/** /**
@ -227,7 +231,7 @@ class AttachmentController extends Controller
*/ */
public function delete(string $attachmentId) public function delete(string $attachmentId)
{ {
$attachment = $this->attachment->findOrFail($attachmentId); $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('attachment-delete', $attachment); $this->checkOwnablePermission('attachment-delete', $attachment);
$this->attachmentService->deleteFile($attachment); $this->attachmentService->deleteFile($attachment);
return response()->json(['message' => trans('entities.attachments_deleted')]); return response()->json(['message' => trans('entities.attachments_deleted')]);

View File

@ -6,6 +6,7 @@ use BookStack\Facades\Activity;
use BookStack\Interfaces\Loggable; use BookStack\Interfaces\Loggable;
use BookStack\HasCreatorAndUpdater; use BookStack\HasCreatorAndUpdater;
use BookStack\Model; use BookStack\Model;
use finfo;
use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests; use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Exceptions\HttpResponseException; use Illuminate\Http\Exceptions\HttpResponseException;
@ -121,6 +122,20 @@ abstract class Controller extends BaseController
]); ]);
} }
/**
* Create a file download response that provides the file with a content-type
* correct for the file, in a way so the browser can show the content in browser.
*/
protected function inlineDownloadResponse(string $content, string $fileName): Response
{
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime = $finfo->buffer($content) ?: 'application/octet-stream';
return response()->make($content, 200, [
'Content-Type' => $mime,
'Content-Disposition' => 'inline; filename="' . $fileName . '"'
]);
}
/** /**
* Show a positive, successful notification to the user on next view load. * Show a positive, successful notification to the user on next view load.
*/ */

View File

@ -41,12 +41,12 @@ class Attachment extends Model
/** /**
* Get the url of this file. * Get the url of this file.
*/ */
public function getUrl(): string public function getUrl($openInline = false): string
{ {
if ($this->external && strpos($this->path, 'http') !== 0) { if ($this->external && strpos($this->path, 'http') !== 0) {
return $this->path; return $this->path;
} }
return url('/attachments/' . $this->id); return url('/attachments/' . $this->id . ($openInline ? '?open=true' : ''));
} }
/** /**

View File

@ -3,8 +3,10 @@
use BookStack\Exceptions\FileUploadException; use BookStack\Exceptions\FileUploadException;
use Exception; use Exception;
use Illuminate\Contracts\Filesystem\Factory as FileSystem; use Illuminate\Contracts\Filesystem\Factory as FileSystem;
use Illuminate\Contracts\Filesystem\FileNotFoundException;
use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance; use Illuminate\Contracts\Filesystem\Filesystem as FileSystemInstance;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use Log;
use Symfony\Component\HttpFoundation\File\UploadedFile; use Symfony\Component\HttpFoundation\File\UploadedFile;
class AttachmentService class AttachmentService
@ -38,11 +40,9 @@ class AttachmentService
/** /**
* Get an attachment from storage. * Get an attachment from storage.
* @param Attachment $attachment * @throws FileNotFoundException
* @return string
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/ */
public function getAttachmentFromStorage(Attachment $attachment) public function getAttachmentFromStorage(Attachment $attachment): string
{ {
return $this->getStorage()->get($attachment->path); return $this->getStorage()->get($attachment->path);
} }
@ -202,7 +202,7 @@ class AttachmentService
try { try {
$storage->put($attachmentPath, $attachmentData); $storage->put($attachmentPath, $attachmentData);
} catch (Exception $e) { } catch (Exception $e) {
\Log::error('Error when attempting file upload:' . $e->getMessage()); Log::error('Error when attempting file upload:' . $e->getMessage());
throw new FileUploadException(trans('errors.path_not_writable', ['filePath' => $attachmentPath])); throw new FileUploadException(trans('errors.path_not_writable', ['filePath' => $attachmentPath]));
} }

View File

@ -8,6 +8,7 @@
"php": "^7.3|^8.0", "php": "^7.3|^8.0",
"ext-curl": "*", "ext-curl": "*",
"ext-dom": "*", "ext-dom": "*",
"ext-fileinfo": "*",
"ext-gd": "*", "ext-gd": "*",
"ext-json": "*", "ext-json": "*",
"ext-mbstring": "*", "ext-mbstring": "*",

View File

@ -0,0 +1,47 @@
/**
* Attachments List
* Adds '?open=true' query to file attachment links
* when ctrl/cmd is pressed down.
* @extends {Component}
*/
class AttachmentsList {
setup() {
this.container = this.$el;
this.setupListeners();
}
setupListeners() {
const isExpectedKey = (event) => event.key === 'Control' || event.key === 'Meta';
window.addEventListener('keydown', event => {
if (isExpectedKey(event)) {
this.addOpenQueryToLinks();
}
}, {passive: true});
window.addEventListener('keyup', event => {
if (isExpectedKey(event)) {
this.removeOpenQueryFromLinks();
}
}, {passive: true});
}
addOpenQueryToLinks() {
const links = this.container.querySelectorAll('a.attachment-file');
for (const link of links) {
if (link.href.split('?')[1] !== 'open=true') {
link.href = link.href + '?open=true';
link.setAttribute('target', '_blank');
}
}
}
removeOpenQueryFromLinks() {
const links = this.container.querySelectorAll('a.attachment-file');
for (const link of links) {
link.href = link.href.split('?')[0];
link.removeAttribute('target');
}
}
}
export default AttachmentsList;

View File

@ -2,6 +2,7 @@ import addRemoveRows from "./add-remove-rows.js"
import ajaxDeleteRow from "./ajax-delete-row.js" import ajaxDeleteRow from "./ajax-delete-row.js"
import ajaxForm from "./ajax-form.js" import ajaxForm from "./ajax-form.js"
import attachments from "./attachments.js" import attachments from "./attachments.js"
import attachmentsList from "./attachments-list.js"
import autoSuggest from "./auto-suggest.js" import autoSuggest from "./auto-suggest.js"
import backToTop from "./back-to-top.js" import backToTop from "./back-to-top.js"
import bookSort from "./book-sort.js" import bookSort from "./book-sort.js"
@ -56,6 +57,7 @@ const componentMapping = {
"ajax-delete-row": ajaxDeleteRow, "ajax-delete-row": ajaxDeleteRow,
"ajax-form": ajaxForm, "ajax-form": ajaxForm,
"attachments": attachments, "attachments": attachments,
"attachments-list": attachmentsList,
"auto-suggest": autoSuggest, "auto-suggest": autoSuggest,
"back-to-top": backToTop, "back-to-top": backToTop,
"book-sort": bookSort, "book-sort": bookSort,

View File

@ -1,8 +1,10 @@
@foreach($attachments as $attachment) <div component="attachments-list">
<div class="attachment icon-list"> @foreach($attachments as $attachment)
<a class="icon-list-item py-xs" href="{{ $attachment->getUrl() }}" @if($attachment->external) target="_blank" @endif> <div class="attachment icon-list">
<span class="icon">@icon($attachment->external ? 'export' : 'file')</span> <a class="icon-list-item py-xs attachment-{{ $attachment->external ? 'link' : 'file' }}" href="{{ $attachment->getUrl() }}" @if($attachment->external) target="_blank" @endif>
<span>{{ $attachment->name }}</span> <span class="icon">@icon($attachment->external ? 'export' : 'file')</span>
</a> <span>{{ $attachment->name }}</span>
</div> </a>
@endforeach </div>
@endforeach
</div>

View File

@ -4,11 +4,9 @@ use BookStack\Entities\Tools\TrashCan;
use BookStack\Entities\Repos\PageRepo; use BookStack\Entities\Repos\PageRepo;
use BookStack\Uploads\Attachment; use BookStack\Uploads\Attachment;
use BookStack\Entities\Models\Page; use BookStack\Entities\Models\Page;
use BookStack\Auth\Permissions\PermissionService;
use BookStack\Uploads\AttachmentService; use BookStack\Uploads\AttachmentService;
use Illuminate\Http\UploadedFile; use Illuminate\Http\UploadedFile;
use Tests\TestCase; use Tests\TestCase;
use Tests\TestResponse;
class AttachmentTest extends TestCase class AttachmentTest extends TestCase
{ {
@ -57,7 +55,7 @@ class AttachmentTest extends TestCase
public function test_file_upload() public function test_file_upload()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$admin = $this->getAdmin(); $admin = $this->getAdmin();
$fileName = 'upload_test_file.txt'; $fileName = 'upload_test_file.txt';
@ -85,7 +83,7 @@ class AttachmentTest extends TestCase
public function test_file_upload_does_not_use_filename() public function test_file_upload_does_not_use_filename()
{ {
$page = Page::first(); $page = Page::query()->first();
$fileName = 'upload_test_file.txt'; $fileName = 'upload_test_file.txt';
@ -99,7 +97,7 @@ class AttachmentTest extends TestCase
public function test_file_display_and_access() public function test_file_display_and_access()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$fileName = 'upload_test_file.txt'; $fileName = 'upload_test_file.txt';
@ -119,7 +117,7 @@ class AttachmentTest extends TestCase
public function test_attaching_link_to_page() public function test_attaching_link_to_page()
{ {
$page = Page::first(); $page = Page::query()->first();
$admin = $this->getAdmin(); $admin = $this->getAdmin();
$this->asAdmin(); $this->asAdmin();
@ -156,7 +154,7 @@ class AttachmentTest extends TestCase
public function test_attachment_updating() public function test_attachment_updating()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$attachment = $this->createAttachment($page); $attachment = $this->createAttachment($page);
@ -180,7 +178,7 @@ class AttachmentTest extends TestCase
public function test_file_deletion() public function test_file_deletion()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$fileName = 'deletion_test.txt'; $fileName = 'deletion_test.txt';
$this->uploadFile($fileName, $page->id); $this->uploadFile($fileName, $page->id);
@ -202,7 +200,7 @@ class AttachmentTest extends TestCase
public function test_attachment_deletion_on_page_deletion() public function test_attachment_deletion_on_page_deletion()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$fileName = 'deletion_test.txt'; $fileName = 'deletion_test.txt';
$this->uploadFile($fileName, $page->id); $this->uploadFile($fileName, $page->id);
@ -230,7 +228,7 @@ class AttachmentTest extends TestCase
{ {
$admin = $this->getAdmin(); $admin = $this->getAdmin();
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$page = Page::first(); /** @var Page $page */ $page = Page::query()->first(); /** @var Page $page */
$this->actingAs($admin); $this->actingAs($admin);
$fileName = 'permission_test.txt'; $fileName = 'permission_test.txt';
@ -253,7 +251,7 @@ class AttachmentTest extends TestCase
public function test_data_and_js_links_cannot_be_attached_to_a_page() public function test_data_and_js_links_cannot_be_attached_to_a_page()
{ {
$page = Page::first(); $page = Page::query()->first();
$this->asAdmin(); $this->asAdmin();
$badLinks = [ $badLinks = [
@ -291,4 +289,22 @@ class AttachmentTest extends TestCase
]); ]);
} }
} }
public function test_file_access_with_open_query_param_provides_inline_response_with_correct_content_type()
{
$page = Page::query()->first();
$this->asAdmin();
$fileName = 'upload_test_file.txt';
$upload = $this->uploadFile($fileName, $page->id);
$upload->assertStatus(200);
$attachment = Attachment::query()->orderBy('id', 'desc')->take(1)->first();
$attachmentGet = $this->get($attachment->getUrl(true));
// http-foundation/Response does some 'fixing' of responses to add charsets to text responses.
$attachmentGet->assertHeader('Content-Type', 'text/plain; charset=UTF-8');
$attachmentGet->assertHeader('Content-Disposition', "inline; filename=\"upload_test_file.txt\"");
$this->deleteUploads();
}
} }