mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
This commit is contained in:
Alexandru Văleanu
David Mehren
parent
263755284a
commit
32929c1e77
2 changed files with 68 additions and 4 deletions
|
|
@ -6,20 +6,26 @@
|
|||
import {
|
||||
BadRequestException,
|
||||
Controller,
|
||||
Delete,
|
||||
Headers,
|
||||
HttpCode,
|
||||
InternalServerErrorException,
|
||||
NotFoundException,
|
||||
Param,
|
||||
Post,
|
||||
UnauthorizedException,
|
||||
UploadedFile,
|
||||
UseGuards,
|
||||
UseInterceptors,
|
||||
} from '@nestjs/common';
|
||||
import { FileInterceptor } from '@nestjs/platform-express';
|
||||
import { ApiNoContentResponse } from '@nestjs/swagger';
|
||||
|
||||
import {
|
||||
ClientError,
|
||||
MediaBackendError,
|
||||
NotInDBError,
|
||||
PermissionError,
|
||||
} from '../../../errors/errors';
|
||||
import { SessionGuard } from '../../../identity/session.guard';
|
||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||
|
|
@ -29,7 +35,7 @@ import { MulterFile } from '../../../media/multer-file.interface';
|
|||
import { Note } from '../../../notes/note.entity';
|
||||
import { NotesService } from '../../../notes/notes.service';
|
||||
import { User } from '../../../users/user.entity';
|
||||
import { UsersService } from '../../../users/users.service';
|
||||
import { successfullyDeletedDescription } from '../../utils/descriptions';
|
||||
import { RequestUser } from '../../utils/request-user.decorator';
|
||||
|
||||
@UseGuards(SessionGuard)
|
||||
|
|
@ -38,7 +44,6 @@ export class MediaController {
|
|||
constructor(
|
||||
private readonly logger: ConsoleLoggerService,
|
||||
private mediaService: MediaService,
|
||||
private userService: UsersService,
|
||||
private noteService: NotesService,
|
||||
) {
|
||||
this.logger.setContext(MediaController.name);
|
||||
|
|
@ -73,4 +78,46 @@ export class MediaController {
|
|||
throw e;
|
||||
}
|
||||
}
|
||||
|
||||
@Delete(':filename')
|
||||
@HttpCode(204)
|
||||
@ApiNoContentResponse({ description: successfullyDeletedDescription })
|
||||
async deleteMedia(
|
||||
@RequestUser() user: User,
|
||||
@Param('filename') filename: string,
|
||||
): Promise<void> {
|
||||
const username = user.username;
|
||||
try {
|
||||
this.logger.debug(
|
||||
`Deleting '${filename}' for user '${username}'`,
|
||||
'deleteMedia',
|
||||
);
|
||||
const mediaUpload = await this.mediaService.findUploadByFilename(
|
||||
filename,
|
||||
);
|
||||
if (mediaUpload.user.username !== username) {
|
||||
this.logger.warn(
|
||||
`${username} tried to delete '${filename}', but is not the owner`,
|
||||
'deleteMedia',
|
||||
);
|
||||
throw new PermissionError(
|
||||
`File '${filename}' is not owned by '${username}'`,
|
||||
);
|
||||
}
|
||||
await this.mediaService.deleteFile(mediaUpload);
|
||||
} catch (e) {
|
||||
if (e instanceof PermissionError) {
|
||||
throw new UnauthorizedException(e.message);
|
||||
}
|
||||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof MediaBackendError) {
|
||||
throw new InternalServerErrorException(
|
||||
'There was an error in the media backend',
|
||||
);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,9 +24,12 @@ import { IdentityService } from '../../src/identity/identity.service';
|
|||
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
|
||||
import { LoggerModule } from '../../src/logger/logger.module';
|
||||
import { MediaModule } from '../../src/media/media.module';
|
||||
import { MediaService } from '../../src/media/media.service';
|
||||
import { Note } from '../../src/notes/note.entity';
|
||||
import { NotesModule } from '../../src/notes/notes.module';
|
||||
import { NotesService } from '../../src/notes/notes.service';
|
||||
import { PermissionsModule } from '../../src/permissions/permissions.module';
|
||||
import { User } from '../../src/users/user.entity';
|
||||
import { UsersService } from '../../src/users/users.service';
|
||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||
import { ensureDeleted } from '../utils';
|
||||
|
|
@ -34,8 +37,11 @@ import { ensureDeleted } from '../utils';
|
|||
describe('Media', () => {
|
||||
let identityService: IdentityService;
|
||||
let app: NestExpressApplication;
|
||||
let mediaService: MediaService;
|
||||
let uploadPath: string;
|
||||
let agent: request.SuperAgentTest;
|
||||
let testNote: Note;
|
||||
let user: User;
|
||||
|
||||
beforeAll(async () => {
|
||||
const moduleRef = await Test.createTestingModule({
|
||||
|
|
@ -80,9 +86,13 @@ describe('Media', () => {
|
|||
app.useLogger(logger);
|
||||
identityService = moduleRef.get(IdentityService);
|
||||
const notesService: NotesService = moduleRef.get(NotesService);
|
||||
await notesService.createNote('test content', 'test_upload_media');
|
||||
const userService: UsersService = moduleRef.get(UsersService);
|
||||
const user = await userService.createUser('hardcoded', 'Testy');
|
||||
user = await userService.createUser('hardcoded', 'Testy');
|
||||
testNote = await notesService.createNote(
|
||||
'test content',
|
||||
'test_upload_media',
|
||||
);
|
||||
mediaService = moduleRef.get(MediaService);
|
||||
await identityService.createLocalIdentity(user, 'test');
|
||||
agent = request.agent(app.getHttpServer());
|
||||
await agent
|
||||
|
|
@ -145,6 +155,13 @@ describe('Media', () => {
|
|||
});
|
||||
});
|
||||
|
||||
it('DELETE /media/{filename}', async () => {
|
||||
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
|
||||
const url = await mediaService.saveFile(testImage, user, testNote);
|
||||
const filename = url.split('/').pop() || '';
|
||||
await agent.delete('/media/' + filename).expect(204);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
// Delete the upload folder
|
||||
await ensureDeleted(uploadPath);
|
||||
|
|
|
|||
Loading…
Reference in a new issue