MaDgIK
/
explore-services
13
0
Fork 0
Code Issues Pull Requests Projects Releases 19 Wiki Activity

[Utils Service | Trunk]: Add upload method for stakeholders 

git-svn-id: https://svn.driver.research-infrastructures.eu/driver/dnet40/modules/uoa-services-portal/trunk@59488 d315682c-612b-4755-9ff5-7f18f6832af3
This commit is contained in:
k.triantafyllou 2020-09-28 21:32:09 +00:00
parent 451430694d
commit 2af5bb33e4
2 changed files with 72 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/utils-service/properties.file
View File

@ -1,4 +1,4 @@
userInfoUrl = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken= userInfoUrl = http://dl170.madgik.di.uoa.gr:8180/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
originServer = .di.uoa.gr originServer = .di.uoa.gr
post.allowed = /upload,/upload/ post.allowed = /upload,/upload/
ssl = false ssl = false

95
services/utils-service/uploadService.js
View File

@ -88,47 +88,16 @@ app.post("/upload", upload.array("uploads[]", 12), function (req, res) {
}); });
app.post('/upload/:id', upload.single('photo'), (req, res) => { app.post('/upload/stakeholder/:id', upload.single('photo'), (req, res) => {
const token = req.headers['x-xsrf-token']; sendFile(req, res, (result) => {
const file = req.file; return isAdminOrCurator(result.edu_person_entitlements);
var filepath = (localPath?".":__dirname)+"/" + file.path;
console.log(filepath);
if(!token) {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
}
else if (!file || (file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/png')) {
res.status(500).send(getResponse(500, "No image file type"));
deleteFile(filepath);
}
else if (file.size > maxsize) {
res.status(500).send(getResponse(500, "Exceeds file size limit"));
deleteFile(filepath);
}
else {
http.get(auth+token, function (resp) {
var responseString = "";
resp.on("data", function (data) {
responseString += data;
});
resp.on("end", function () {
var result = JSON.parse(responseString);
if(result.error) {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
} else {
// if user id contains id param or is Admin or Curator keep file and send information, else delete it.
if(result.sub.indexOf(req.params.id) !== -1 || isAdminOrCurator(result.edu_person_entitlements)) {
res.send(file);
} else {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
}
}
}); });
}); });
}
app.post('/upload/:id', upload.single('photo'), (req, res) => {
sendFile(req, res, (result) => {
return result.sub.indexOf(req.params.id) !== -1 || isAdminOrCurator(result.edu_person_entitlements);
});
}); });
app.get('/download/:filename', function (req, res) { app.get('/download/:filename', function (req, res) {
@ -148,7 +117,7 @@ app.get('/tiny', function (req, res) {
}); });
app.delete('/delete/:filename', function (req, res) { app.delete('/delete/:filename', function (req, res) {
const token = req.headers['x-xsrf-token']; const token = req.cookies['AccessToken'];
if (!token) { if (!token) {
res.status(401).send(getResponse(401, "Unauthorized")); res.status(401).send(getResponse(401, "Unauthorized"));
} else { } else {
@ -179,6 +148,43 @@ const server = app.listen(8000, function () {
console.log("Listening on port %s...", server.address().port); console.log("Listening on port %s...", server.address().port);
}); });
function sendFile(req, res, authorized) {
const token = req.cookies['AccessToken'];
const file = req.file;
var filepath = (localPath ? "." : __dirname) + "/" + file.path;
if (!token) {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
} else if (!file || (file.mimetype !== 'image/jpeg' && file.mimetype !== 'image/png')) {
res.status(500).send(getResponse(500, "No image file type"));
deleteFile(filepath);
} else if (file.size > maxsize) {
res.status(500).send(getResponse(500, "Exceeds file size limit"));
deleteFile(filepath);
} else {
http.get(auth + token, function (resp) {
var responseString = "";
resp.on("data", function (data) {
responseString += data;
});
resp.on("end", function () {
var result = JSON.parse(responseString);
if (result.error) {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
} else {
if (authorized(result)) {
res.send(file);
} else {
res.status(401).send(getResponse(401, "Unauthorized"));
deleteFile(filepath);
}
}
});
});
}
}
function getResponse(code, message) { function getResponse(code, message) {
var response = {}; var response = {};
response["code"] = code; response["code"] = code;
@ -222,21 +228,10 @@ function checkCookies(request){
if (cookieValue === undefined || cookieValue === '') { if (cookieValue === undefined || cookieValue === '') {
console.log("no cookie available"); console.log("no cookie available");
valid = false; valid = false;
} else {
const headerValue = request.headers['x-xsrf-token'];
if(headerValue === undefined || headerValue === ''){
console.log("no header available");
valid = false;
} else{
if(cookieValue !== headerValue){
console.log("no proper header or cookie");
valid = false;
} else if (!hasValidOrigin(request.headers.origin)) { } else if (!hasValidOrigin(request.headers.origin)) {
console.log("no proper origin"); console.log("no proper origin");
valid = false; valid = false;
} }
}
}
return valid; return valid;
} }