2021-01-05 16:12:38 -05:00
|
|
|
/*
|
2021-01-06 15:36:07 -05:00
|
|
|
* SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
|
2021-01-05 16:12:38 -05:00
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
*/
|
2020-10-24 05:50:45 -04:00
|
|
|
import { promises as fs } from 'fs';
|
2021-08-29 12:45:46 -04:00
|
|
|
import { join } from 'path';
|
2021-04-29 16:47:18 -04:00
|
|
|
import request from 'supertest';
|
2021-08-29 12:45:46 -04:00
|
|
|
|
|
|
|
|
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
|
2022-01-06 15:41:36 -05:00
|
|
|
import { TestSetup, TestSetupBuilder } from '../test-setup';
|
2021-04-22 15:29:23 -04:00
|
|
|
import { ensureDeleted } from '../utils';
|
2020-10-24 05:50:45 -04:00
|
|
|
|
2021-03-24 06:24:39 -04:00
|
|
|
describe('Media', () => {
|
2021-10-14 15:01:29 -04:00
|
|
|
let testSetup: TestSetup;
|
2021-02-13 16:58:44 -05:00
|
|
|
let uploadPath: string;
|
2020-10-24 05:50:45 -04:00
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
2022-09-11 12:12:38 -04:00
|
|
|
testSetup = await TestSetupBuilder.create().withUsers().build();
|
2021-10-14 15:01:29 -04:00
|
|
|
|
|
|
|
|
uploadPath =
|
|
|
|
|
testSetup.configService.get('mediaConfig').backend.filesystem.uploadPath;
|
|
|
|
|
|
|
|
|
|
testSetup.app.useStaticAssets(uploadPath, {
|
2020-10-24 05:50:45 -04:00
|
|
|
prefix: '/uploads',
|
|
|
|
|
});
|
2021-10-14 15:01:29 -04:00
|
|
|
|
|
|
|
|
await testSetup.app.init();
|
|
|
|
|
|
|
|
|
|
const logger = await testSetup.app.resolve(ConsoleLoggerService);
|
2020-10-24 05:50:45 -04:00
|
|
|
logger.log('Switching logger', 'AppBootstrap');
|
2021-10-14 15:01:29 -04:00
|
|
|
testSetup.app.useLogger(logger);
|
2020-10-24 05:50:45 -04:00
|
|
|
});
|
|
|
|
|
|
2022-03-04 07:13:46 -05:00
|
|
|
afterAll(async () => {
|
|
|
|
|
// Delete the upload folder
|
|
|
|
|
await ensureDeleted(uploadPath);
|
|
|
|
|
await testSetup.app.close();
|
|
|
|
|
await testSetup.cleanup();
|
|
|
|
|
});
|
|
|
|
|
|
2021-03-24 06:24:39 -04:00
|
|
|
describe('POST /media', () => {
|
|
|
|
|
it('works', async () => {
|
2021-10-14 15:01:29 -04:00
|
|
|
const uploadResponse = await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/media')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-24 06:24:39 -04:00
|
|
|
.attach('file', 'test/public-api/fixtures/test.png')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('HedgeDoc-Note', 'testAlias1')
|
2021-03-24 06:24:39 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
|
.expect(201);
|
2022-01-29 13:06:38 -05:00
|
|
|
const path: string = uploadResponse.body.url;
|
2021-03-24 06:24:39 -04:00
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
2021-10-14 15:01:29 -04:00
|
|
|
const downloadResponse = await request(testSetup.app.getHttpServer()).get(
|
|
|
|
|
path,
|
|
|
|
|
);
|
2021-03-24 06:24:39 -04:00
|
|
|
expect(downloadResponse.body).toEqual(testImage);
|
2021-03-31 16:43:13 -04:00
|
|
|
// Remove /uploads/ from path as we just need the filename.
|
2021-03-24 06:24:39 -04:00
|
|
|
const fileName = path.replace('/uploads/', '');
|
|
|
|
|
// delete the file afterwards
|
|
|
|
|
await fs.unlink(join(uploadPath, fileName));
|
|
|
|
|
});
|
|
|
|
|
describe('fails:', () => {
|
2021-03-31 16:41:38 -04:00
|
|
|
beforeEach(async () => {
|
2021-04-22 15:29:23 -04:00
|
|
|
await ensureDeleted(uploadPath);
|
2021-03-31 16:41:38 -04:00
|
|
|
});
|
2021-03-24 06:24:39 -04:00
|
|
|
it('MIME type not supported', async () => {
|
2021-10-14 15:01:29 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/media')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-24 06:24:39 -04:00
|
|
|
.attach('file', 'test/public-api/fixtures/test.zip')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('HedgeDoc-Note', 'testAlias1')
|
2021-03-24 06:24:39 -04:00
|
|
|
.expect(400);
|
2021-03-31 16:41:38 -04:00
|
|
|
await expect(fs.access(uploadPath)).rejects.toBeDefined();
|
2021-03-24 06:24:39 -04:00
|
|
|
});
|
|
|
|
|
it('note does not exist', async () => {
|
2021-10-14 15:01:29 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/media')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-24 06:24:39 -04:00
|
|
|
.attach('file', 'test/public-api/fixtures/test.zip')
|
|
|
|
|
.set('HedgeDoc-Note', 'i_dont_exist')
|
2022-01-23 16:23:00 -05:00
|
|
|
.expect(404);
|
2021-03-31 16:41:38 -04:00
|
|
|
await expect(fs.access(uploadPath)).rejects.toBeDefined();
|
2021-03-24 06:24:39 -04:00
|
|
|
});
|
|
|
|
|
it('mediaBackend error', async () => {
|
|
|
|
|
await fs.mkdir(uploadPath, {
|
|
|
|
|
mode: '444',
|
|
|
|
|
});
|
2021-10-14 15:01:29 -04:00
|
|
|
await request(testSetup.app.getHttpServer())
|
2021-10-15 10:53:10 -04:00
|
|
|
.post('/api/v2/media')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
2021-03-24 06:24:39 -04:00
|
|
|
.attach('file', 'test/public-api/fixtures/test.png')
|
2022-09-11 12:12:38 -04:00
|
|
|
.set('HedgeDoc-Note', 'testAlias1')
|
2021-03-24 06:24:39 -04:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
|
.expect(500);
|
2021-03-31 16:41:38 -04:00
|
|
|
});
|
2023-04-23 15:57:35 -04:00
|
|
|
it('no file uploaded', async () => {
|
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
|
.post('/api/v2/media')
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
|
.set('HedgeDoc-Note', 'testAlias1')
|
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
|
.expect(400);
|
|
|
|
|
});
|
|
|
|
|
|
2021-03-31 16:41:38 -04:00
|
|
|
afterEach(async () => {
|
2021-04-22 15:29:23 -04:00
|
|
|
await ensureDeleted(uploadPath);
|
2021-03-24 06:24:39 -04:00
|
|
|
});
|
|
|
|
|
});
|
2020-10-24 05:50:45 -04:00
|
|
|
});
|
|
|
|
|
|
2022-09-11 12:12:38 -04:00
|
|
|
describe('DELETE /media/{filename}', () => {
|
|
|
|
|
it('successfully deletes an uploaded file', async () => {
|
|
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
|
|
|
|
const upload = await testSetup.mediaService.saveFile(
|
|
|
|
|
testImage,
|
|
|
|
|
testSetup.users[0],
|
|
|
|
|
testSetup.ownedNotes[0],
|
|
|
|
|
);
|
|
|
|
|
const filename = upload.fileUrl.split('/').pop() || '';
|
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
|
.expect(204);
|
|
|
|
|
});
|
|
|
|
|
it('returns an error if the user does not own the file', async () => {
|
|
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
|
|
|
|
const upload = await testSetup.mediaService.saveFile(
|
|
|
|
|
testImage,
|
|
|
|
|
testSetup.users[0],
|
|
|
|
|
testSetup.ownedNotes[0],
|
|
|
|
|
);
|
|
|
|
|
const filename = upload.fileUrl.split('/').pop() || '';
|
|
|
|
|
await request(testSetup.app.getHttpServer())
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(403);
|
|
|
|
|
});
|
2023-03-25 12:47:46 -04:00
|
|
|
it('deleting user is owner of file', async () => {
|
|
|
|
|
// upload a file with the default test user
|
|
|
|
|
const testNote = await testSetup.notesService.createNote(
|
|
|
|
|
'test content',
|
|
|
|
|
null,
|
|
|
|
|
'test_delete_media_file',
|
|
|
|
|
);
|
|
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
|
|
|
|
const upload = await testSetup.mediaService.saveFile(
|
|
|
|
|
testImage,
|
|
|
|
|
testSetup.users[0],
|
|
|
|
|
testNote,
|
|
|
|
|
);
|
|
|
|
|
const filename = upload.fileUrl.split('/').pop() || '';
|
|
|
|
|
|
|
|
|
|
const agent2 = request.agent(testSetup.app.getHttpServer());
|
|
|
|
|
|
|
|
|
|
// try to delete upload with second user
|
|
|
|
|
await agent2
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(403);
|
|
|
|
|
|
|
|
|
|
await agent2
|
|
|
|
|
.get('/uploads/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
|
|
// delete upload for real
|
|
|
|
|
await agent2
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[0].secret}`)
|
|
|
|
|
.expect(204);
|
|
|
|
|
|
|
|
|
|
// Test if file is really deleted
|
|
|
|
|
await agent2
|
|
|
|
|
.get('/uploads/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(404);
|
|
|
|
|
});
|
|
|
|
|
it('deleting user is owner of note', async () => {
|
|
|
|
|
// upload a file with the default test user
|
|
|
|
|
const testNote = await testSetup.notesService.createNote(
|
|
|
|
|
'test content',
|
|
|
|
|
testSetup.users[2],
|
|
|
|
|
'test_delete_media_note',
|
|
|
|
|
);
|
|
|
|
|
const testImage = await fs.readFile('test/public-api/fixtures/test.png');
|
|
|
|
|
const upload = await testSetup.mediaService.saveFile(
|
|
|
|
|
testImage,
|
|
|
|
|
testSetup.users[0],
|
|
|
|
|
testNote,
|
|
|
|
|
);
|
|
|
|
|
const filename = upload.fileUrl.split('/').pop() || '';
|
|
|
|
|
|
|
|
|
|
const agent2 = request.agent(testSetup.app.getHttpServer());
|
|
|
|
|
// try to delete upload with second user
|
|
|
|
|
await agent2
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(403);
|
|
|
|
|
|
|
|
|
|
await agent2
|
|
|
|
|
.get('/uploads/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
|
|
// delete upload for real
|
|
|
|
|
await agent2
|
|
|
|
|
.delete('/api/v2/media/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[2].secret}`)
|
|
|
|
|
.expect(204);
|
|
|
|
|
|
|
|
|
|
// Test if file is really deleted
|
|
|
|
|
await agent2
|
|
|
|
|
.get('/uploads/' + filename)
|
|
|
|
|
.set('Authorization', `Bearer ${testSetup.authTokens[1].secret}`)
|
|
|
|
|
.expect(404);
|
|
|
|
|
});
|
2020-10-24 05:50:45 -04:00
|
|
|
});
|
|
|
|
|
});
|
