explore-services/services/utils-service/uploadService.js

var express = require("express");
var bodyParser = require("body-parser");
var cookieParser = require('cookie-parser');
var multer = require("multer");
var PropertiesReader = require('properties-reader');
var properties = PropertiesReader('./properties.file');
var TinyURL = require('tinyurl');
var app = express();
var http = null;

if (properties.get('ssl')) {
    http = require("https");
} else {
    http = require("http");
}


// Properties
var auth = properties.get('userInfoUrl');
var originServer = properties.get('originServer');
var allowPostRequests = properties.get('post.allowed').split(',');
var localPath = properties.get('localPath');
var maxsize = properties.get('photo.size') * 1024;

var storage = multer.diskStorage({
    destination: function (req, file, cb) {
        cb(null, 'uploads')
    },
    filename: function (req, file, cb) {
        if (req.params.id) {
            cb(null, req.params.id + '-' + new Date().getTime() + '.' + file.originalname.split('.').pop());
        } else {
            cb(null, file.originalname);
        }
    }
});

var upload = multer({storage: storage})

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(cookieParser());

app.use(function (req, res, next) {
    if((req.method === 'POST' || req.method === 'DELETE') && allowPostRequests.indexOf(req.url.split('?')[0]) === -1) {
        if(checkCookies(req)) {
            res.header('Access-Control-Allow-Origin', req.headers.origin);
            res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, x-xsrf-token');
            res.header('Access-Control-Allow-Credentials', true);
            next();
        } else {
            res.header('Access-Control-Allow-Origin', '*');
            res.header('Access-Control-Allow-Credentials', true);
            res.header('Vary', 'Origin');
            res.status(403).send(getResponse(403, "Forbidden: You don't have permission to access. Maybe you are not registered."));
        }
    } else if(req.method === 'OPTIONS' && allowPostRequests.indexOf(req.url.split('?')[0]) === -1){
        res.header('Access-Control-Allow-Origin', req.headers.origin);
        res.header('Access-Control-Allow-Credentials', true);
        res.header('Access-Control-Allow-Methods', 'POST, DELETE');
        res.header('Access-Control-Max-Age', 1800);
        res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, x-xsrf-token');
        next();
    } else {
        res.header('Access-Control-Allow-Origin', req.headers.origin);
        res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
        next();
    }
});

app.post("/upload", upload.array("uploads[]", 12), function (req, res) {
    var filepath = (localPath ? "." : __dirname) + "/" + req.files[0].path;
    let type = req.query.type;
	console.log(type);
    if(type == 'json' && req.files[0].mimetype !== 'application/json'){
	 console.error("No proper file type");
        res.status(500).send(getResponse(500, "No proper file type"));
    }else if ((!type || type == 'csv') && req.files[0].mimetype !== 'text/csv' && req.files[0].mimetype !== 'application/vnd.ms-excel') {
        console.error("No proper file type");
        res.status(500).send(getResponse(500, "No proper file type"));
    } else {
        res.download(filepath);
        setTimeout(function () {
            deleteFile(filepath);
        }, 3000);
//        deleteFile(filepath);
    }

});

app.post('/upload/stakeholder/:id', upload.single('photo'), (req, res) => {
    sendFile(req, res,  (result) => {
        return isMonitorCurator(result.edu_person_entitlements);
    });
});

app.post('/upload/:id', upload.single('photo'), (req, res) => {
    sendFile(req, res,  (result) => {
        return result.sub.indexOf(req.params.id) !== -1 || isAdminOrCurator(result.edu_person_entitlements);
    });
});

app.get('/download/:filename', function (req, res) {
    res.download('./uploads/' + req.params.filename);
});

app.get('/tiny', function (req, res) {
    TinyURL.shorten(req.query.url, function (res1, err) {
        if (err)
            console.log(err)
        if (res1 !== 'Error') {
            res.send(res1);
        } else {
            res.send(req.query.url);
        }
    });
});

app.delete('/delete/stakeholder/:filename', function (req, res) {
    deleteFileSend(req, res, (result) => {
        return isMonitorCurator(result.edu_person_entitlements);
    })
});

app.delete('/delete/:filename', function (req, res) {
    deleteFileSend(req, res, (result) => {
        return result.sub.indexOf(req.params.filename.split('-')[0]) !== -1 || isAdminOrCurator(result.edu_person_entitlements);
    })
});

const server = app.listen(8000, function () {
    console.log("Listening on port %s...", server.address().port);
});

function sendFile(req, res, authorized) {
    const token = req.cookies['AccessToken'];
    const file = req.file;
    var filepath = (localPath ? "." : __dirname) + "/" + file.path;
    if (!token) {
        res.status(401).send(getResponse(401, "Unauthorized"));
        deleteFile(filepath);
    } else if (!file || (file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/png')) {
        res.status(500).send(getResponse(500, "No image file type"));
        deleteFile(filepath);
    } else if (file.size > maxsize) {
        res.status(500).send(getResponse(500, "Exceeds file size limit"));
        deleteFile(filepath);
    } else {
        http.get(auth + token, function (resp) {
            var responseString = "";
            resp.on("data", function (data) {
                responseString += data;
            });
            resp.on("end", function () {
                var result = JSON.parse(responseString);
                if (result.error) {
                    res.status(401).send(getResponse(401, "Unauthorized"));
                    deleteFile(filepath);
                } else {
                    if (authorized(result)) {
                        res.send(file);
                    } else {
                        res.status(401).send(getResponse(401, "Unauthorized"));
                        deleteFile(filepath);
                    }
                }
            });
        });
    }
}

function deleteFileSend(req, res, authorized) {
    const token = req.cookies['AccessToken'];
    if (!token) {
        res.status(401).send(getResponse(401, "Unauthorized"));
    } else {
        http.get(auth + token, function (resp) {
            var responseString = "";
            resp.on("data", function (data) {
                responseString += data;
            });
            resp.on("end", function () {
                var result = JSON.parse(responseString);
                if (result.error) {
                    res.status(401).send(getResponse(401, "Unauthorized"));
                } else {
                    // if user id is on filename or is Admin delete file else unauthorized.
                    if (authorized) {
                        deleteFile('./uploads/' + req.params.filename);
                        return res.status(200).send(getResponse(200, "File Deleted Successfully"));
                    } else {
                        res.status(401).send(getResponse(401, "Unauthorized"));
                    }
                }
            });
        });
    }
}

function getResponse(code, message) {
    var response = {};
    response["code"] = code;
    response["message"] = message;
    return response;
}

function deleteFile(filepath) {
    const fs = require('fs');
    fs.stat(filepath, function (err, stats) {
        console.log(stats); //here we got all information of file in stats variable

        if (err) {
            return console.error(err);
        }

        fs.unlink(filepath, function (err) {
            if (err) return console.log(err);
            console.log('file deleted successfully');
        });
    });
}

function isMonitorCurator(roles) {
    var isAdmin = false;
    var isCurator = false;
    for (var i = 0; i < roles.length; i++) {
        if (roles[i] === 'urn:geant:openaire.eu:group:Portal+Administrator#aai.openaire.eu') {
            isAdmin = true;
        }
        if (roles[i] === 'urn:geant:openaire.eu:group:Curator+-+Funder#aai.openaire.eu') {
            isCurator = true;
        }
    }
    return isAdmin || isCurator;
}

function isAdminOrCurator(roles) {
    var isAdmin = false;
    var isCurator = false;
    for (var i = 0; i < roles.length; i++) {
        if (roles[i] === 'urn:geant:openaire.eu:group:Portal+Administrator#aai.openaire.eu') {
            isAdmin = true;
        }
        if (roles[i] === 'urn:geant:openaire.eu:group:Curator+-+Community#aai.openaire.eu') {
            isCurator = true;
        }
    }
    return isAdmin || isCurator;
}

function checkCookies(request) {
    var valid = true;
    var cookieValue = request.cookies.AccessToken;
    if (cookieValue === undefined || cookieValue === '') {
        console.log("no cookie available");
        valid = false;
    } else if (!hasValidOrigin(request.headers.origin)) {
        console.log("no proper origin");
        valid = false;
    }
    return valid;
}


function hasValidOrigin(origin) {
    if (origin !== undefined && origin.indexOf(originServer) !== -1) {
        return true;
    } else {
        console.log("Not valid origin. Origin server is \"" + origin +
            "\", but expected value is \"" + originServer +
            "\". If the expected value is not right, check originServer variable.");
        return false;
    }
}