mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 19:26:31 -05:00
Add delete media in private API (#1736)
Adds the missing API route of deleting media in the private API.
This commit is contained in:
parent
263755284a
commit
32929c1e77
2 changed files with 68 additions and 4 deletions
|
@ -6,20 +6,26 @@
|
||||||
import {
|
import {
|
||||||
BadRequestException,
|
BadRequestException,
|
||||||
Controller,
|
Controller,
|
||||||
|
Delete,
|
||||||
Headers,
|
Headers,
|
||||||
HttpCode,
|
HttpCode,
|
||||||
InternalServerErrorException,
|
InternalServerErrorException,
|
||||||
|
NotFoundException,
|
||||||
|
Param,
|
||||||
Post,
|
Post,
|
||||||
|
UnauthorizedException,
|
||||||
UploadedFile,
|
UploadedFile,
|
||||||
UseGuards,
|
UseGuards,
|
||||||
UseInterceptors,
|
UseInterceptors,
|
||||||
} from '@nestjs/common';
|
} from '@nestjs/common';
|
||||||
import { FileInterceptor } from '@nestjs/platform-express';
|
import { FileInterceptor } from '@nestjs/platform-express';
|
||||||
|
import { ApiNoContentResponse } from '@nestjs/swagger';
|
||||||
|
|
||||||
import {
|
import {
|
||||||
ClientError,
|
ClientError,
|
||||||
MediaBackendError,
|
MediaBackendError,
|
||||||
NotInDBError,
|
NotInDBError,
|
||||||
|
PermissionError,
|
||||||
} from '../../../errors/errors';
|
} from '../../../errors/errors';
|
||||||
import { SessionGuard } from '../../../identity/session.guard';
|
import { SessionGuard } from '../../../identity/session.guard';
|
||||||
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../../logger/console-logger.service';
|
||||||
|
@ -29,7 +35,7 @@ import { MulterFile } from '../../../media/multer-file.interface';
|
||||||
import { Note } from '../../../notes/note.entity';
|
import { Note } from '../../../notes/note.entity';
|
||||||
import { NotesService } from '../../../notes/notes.service';
|
import { NotesService } from '../../../notes/notes.service';
|
||||||
import { User } from '../../../users/user.entity';
|
import { User } from '../../../users/user.entity';
|
||||||
import { UsersService } from '../../../users/users.service';
|
import { successfullyDeletedDescription } from '../../utils/descriptions';
|
||||||
import { RequestUser } from '../../utils/request-user.decorator';
|
import { RequestUser } from '../../utils/request-user.decorator';
|
||||||
|
|
||||||
@UseGuards(SessionGuard)
|
@UseGuards(SessionGuard)
|
||||||
|
@ -38,7 +44,6 @@ export class MediaController {
|
||||||
constructor(
|
constructor(
|
||||||
private readonly logger: ConsoleLoggerService,
|
private readonly logger: ConsoleLoggerService,
|
||||||
private mediaService: MediaService,
|
private mediaService: MediaService,
|
||||||
private userService: UsersService,
|
|
||||||
private noteService: NotesService,
|
private noteService: NotesService,
|
||||||
) {
|
) {
|
||||||
this.logger.setContext(MediaController.name);
|
this.logger.setContext(MediaController.name);
|
||||||
|
@ -73,4 +78,46 @@ export class MediaController {
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Delete(':filename')
|
||||||
|
@HttpCode(204)
|
||||||
|
@ApiNoContentResponse({ description: successfullyDeletedDescription })
|
||||||
|
async deleteMedia(
|
||||||
|
@RequestUser() user: User,
|
||||||
|
@Param('filename') filename: string,
|
||||||
|
): Promise<void> {
|
||||||
|
const username = user.username;
|
||||||
|
try {
|
||||||
|
this.logger.debug(
|
||||||
|
`Deleting '${filename}' for user '${username}'`,
|
||||||
|
'deleteMedia',
|
||||||
|
);
|
||||||
|
const mediaUpload = await this.mediaService.findUploadByFilename(
|
||||||
|
filename,
|
||||||
|
);
|
||||||
|
if (mediaUpload.user.username !== username) {
|
||||||
|
this.logger.warn(
|
||||||
|
`${username} tried to delete '${filename}', but is not the owner`,
|
||||||
|
'deleteMedia',
|
||||||
|
);
|
||||||
|
throw new PermissionError(
|
||||||
|
`File '${filename}' is not owned by '${username}'`,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
await this.mediaService.deleteFile(mediaUpload);
|
||||||
|
} catch (e) {
|
||||||
|
if (e instanceof PermissionError) {
|
||||||
|
throw new UnauthorizedException(e.message);
|
||||||
|
}
|
||||||
|
if (e instanceof NotInDBError) {
|
||||||
|
throw new NotFoundException(e.message);
|
||||||
|
}
|
||||||
|
if (e instanceof MediaBackendError) {
|
||||||
|
throw new InternalServerErrorException(
|
||||||
|
'There was an error in the media backend',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,9 +24,12 @@ import { IdentityService } from '../../src/identity/identity.service';
|
||||||
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
|
import { ConsoleLoggerService } from '../../src/logger/console-logger.service';
|
||||||
import { LoggerModule } from '../../src/logger/logger.module';
|
import { LoggerModule } from '../../src/logger/logger.module';
|
||||||
import { MediaModule } from '../../src/media/media.module';
|
import { MediaModule } from '../../src/media/media.module';
|
||||||
|
import { MediaService } from '../../src/media/media.service';
|
||||||
|
import { Note } from '../../src/notes/note.entity';
|
||||||
import { NotesModule } from '../../src/notes/notes.module';
|
import { NotesModule } from '../../src/notes/notes.module';
|
||||||
import { NotesService } from '../../src/notes/notes.service';
|
import { NotesService } from '../../src/notes/notes.service';
|
||||||
import { PermissionsModule } from '../../src/permissions/permissions.module';
|
import { PermissionsModule } from '../../src/permissions/permissions.module';
|
||||||
|
import { User } from '../../src/users/user.entity';
|
||||||
import { UsersService } from '../../src/users/users.service';
|
import { UsersService } from '../../src/users/users.service';
|
||||||
import { setupSessionMiddleware } from '../../src/utils/session';
|
import { setupSessionMiddleware } from '../../src/utils/session';
|
||||||
import { ensureDeleted } from '../utils';
|
import { ensureDeleted } from '../utils';
|
||||||
|
@ -34,8 +37,11 @@ import { ensureDeleted } from '../utils';
|
||||||
describe('Media', () => {
|
describe('Media', () => {
|
||||||
let identityService: IdentityService;
|
let identityService: IdentityService;
|
||||||
let app: NestExpressApplication;
|
let app: NestExpressApplication;
|
||||||
|
let mediaService: MediaService;
|
||||||
let uploadPath: string;
|
let uploadPath: string;
|
||||||
let agent: request.SuperAgentTest;
|
let agent: request.SuperAgentTest;
|
||||||
|
let testNote: Note;
|
||||||
|
let user: User;
|
||||||
|
|
||||||
beforeAll(async () => {
|
beforeAll(async () => {
|
||||||
const moduleRef = await Test.createTestingModule({
|
const moduleRef = await Test.createTestingModule({
|
||||||
|
@ -80,9 +86,13 @@ describe('Media', () => {
|
||||||
app.useLogger(logger);
|
app.useLogger(logger);
|
||||||
identityService = moduleRef.get(IdentityService);
|
identityService = moduleRef.get(IdentityService);
|
||||||
const notesService: NotesService = moduleRef.get(NotesService);
|
const notesService: NotesService = moduleRef.get(NotesService);
|
||||||
await notesService.createNote('test content', 'test_upload_media');
|
|
||||||
const userService: UsersService = moduleRef.get(UsersService);
|
const userService: UsersService = moduleRef.get(UsersService);
|
||||||
const user = await userService.createUser('hardcoded', 'Testy');
|
user = await userService.createUser('hardcoded', 'Testy');
|
||||||
|
testNote = await notesService.createNote(
|
||||||
|
'test content',
|
||||||
|
'test_upload_media',
|
||||||
|
);
|
||||||
|
mediaService = moduleRef.get(MediaService);
|
||||||
await identityService.createLocalIdentity(user, 'test');
|
await identityService.createLocalIdentity(user, 'test');
|
||||||
agent = request.agent(app.getHttpServer());
|
agent = request.agent(app.getHttpServer());
|
||||||
await agent
|
await agent
|
||||||
|
@ -145,6 +155,13 @@ describe('Media', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('DELETE /media/{filename}', async () => {
|
||||||
|
const testImage = await fs.readFile('test/private-api/fixtures/test.png');
|
||||||
|
const url = await mediaService.saveFile(testImage, user, testNote);
|
||||||
|
const filename = url.split('/').pop() || '';
|
||||||
|
await agent.delete('/media/' + filename).expect(204);
|
||||||
|
});
|
||||||
|
|
||||||
afterAll(async () => {
|
afterAll(async () => {
|
||||||
// Delete the upload folder
|
// Delete the upload folder
|
||||||
await ensureDeleted(uploadPath);
|
await ensureDeleted(uploadPath);
|
||||||
|
|
Loading…
Reference in a new issue