Add API call to download files and optionally not increasing counter, added Download API permission

Author: Forceu

internal/models/ApiKey.go

@@ -22,19 +22,17 @@ const (
 	ApiPermManageUsers
 	// ApiPermManageLogs is the permission required for managing the log file PERM_MANAGE_LOGS
 	ApiPermManageLogs
-	// ApiPermManageFileRequests is the permission required for creating and managing file requests
+	// ApiPermManageFileRequests is the permission required for creating and managing file requests PERM_MANAGE_FILE_REQUESTS
 	ApiPermManageFileRequests
+	// ApiPermDownload is the permission required for downloading stored files without increasing the counter PERM_DOWNLOAD
+	ApiPermDownload
 )
 
 // ApiPermNone means no permission granted
 const ApiPermNone ApiPermission = 0
 
-// ApiPermAll means all permission granted
-const ApiPermAll ApiPermission = 511
-
-// ApiPermDefault means all permission granted, except ApiPermApiMod, ApiPermManageUsers, ApiPermManageLogs and ApiPermReplace
-// This is the default for new API keys that are created from the UI
-const ApiPermDefault = ApiPermAll - ApiPermApiMod - ApiPermManageUsers - ApiPermReplace - ApiPermManageLogs - ApiPermManageFileRequests
+// ApiPermDefault the default for new API keys that are created from the UI
+const ApiPermDefault = ApiPermView + ApiPermUpload + ApiPermDelete + ApiPermEdit
 
 // ApiKey contains data of a single api key
 type ApiKey struct {
@@ -72,6 +70,8 @@ func ApiPermissionFromString(permString string) (ApiPermission, error) {
 		return ApiPermManageLogs, nil
 	case "PERM_MANAGE_FILE_REQUESTS":
 		return ApiPermManageFileRequests, nil
+	case "PERM_DOWNLOAD":
+		return ApiPermDownload, nil
 	default:
 		return 0, errors.New("invalid permission")
 	}
@@ -145,6 +145,11 @@ func (key *ApiKey) HasPermissionManageFileRequests() bool {
 	return key.HasPermission(ApiPermManageFileRequests)
 }
 
+// HasPermissionDownload returns true if ApiPermDownload is granted
+func (key *ApiKey) HasPermissionDownload() bool {
+	return key.HasPermission(ApiPermDownload)
+}
+
 // ApiKeyOutput is the output used after a new key is created
 type ApiKeyOutput struct {
 	Result   string

internal/storage/FileServing.go

@@ -596,12 +596,14 @@ func GetFileByHotlink(id string) (models.File, bool) {
 }
 
 // ServeFile subtracts a download allowance and serves the file to the browser
-func ServeFile(file models.File, w http.ResponseWriter, r *http.Request, forceDownload bool) {
-	file.DownloadsRemaining = file.DownloadsRemaining - 1
-	file.DownloadCount = file.DownloadCount + 1
-	database.IncreaseDownloadCount(file.Id, !file.UnlimitedDownloads)
+func ServeFile(file models.File, w http.ResponseWriter, r *http.Request, forceDownload, increaseCounter bool) {
+	if increaseCounter {
+		file.DownloadsRemaining = file.DownloadsRemaining - 1
+		file.DownloadCount = file.DownloadCount + 1
+		database.IncreaseDownloadCount(file.Id, !file.UnlimitedDownloads)
+		go sse.PublishDownloadCount(file)
+	}
 	logging.LogDownload(file, r, configuration.Get().SaveIp)
-	go sse.PublishDownloadCount(file)
 
 	if !file.IsLocalStorage() {
 		// If non-blocking, we are not setting a download complete status as there is no reliable way to

internal/webserver/Webserver.go

@@ -590,7 +590,7 @@ func showHotlink(w http.ResponseWriter, r *http.Request) {
 		_, _ = w.Write(imageExpiredPicture)
 		return
 	}
-	storage.ServeFile(file, w, r, false)
+	storage.ServeFile(file, w, r, false, true)
 }
 
 // Checks if a file is associated with the GET parameter from the current URL
@@ -930,7 +930,7 @@ func serveFile(id string, isRootUrl bool, w http.ResponseWriter, r *http.Request
 			return
 		}
 	}
-	storage.ServeFile(savedFile, w, r, true)
+	storage.ServeFile(savedFile, w, r, true, true)
 }
 
 func requireLogin(next http.HandlerFunc, isUiCall, isPwChangeView bool) http.HandlerFunc {

internal/webserver/api/Api.go

@@ -449,6 +449,29 @@ func apiListSingle(w http.ResponseWriter, r requestParser, user models.User) {
 	_, _ = w.Write(result)
 }
 
+func apiDownloadSingle(w http.ResponseWriter, r requestParser, user models.User) {
+	request, ok := r.(*paramFilesDownloadSingle)
+	if !ok {
+		panic("invalid parameter passed")
+	}
+	file, ok := storage.GetFile(request.Id)
+	if !ok {
+		sendError(w, http.StatusNotFound, "File not found")
+		return
+	}
+	if file.UserId != user.Id && !user.HasPermission(models.UserPermListOtherUploads) {
+		sendError(w, http.StatusUnauthorized, "No permission to download file")
+		return
+	}
+	storage.ServeFile(file, w, request.WebRequest, true, request.IncreaseCounter)
+	config := configuration.Get()
+	output, err := file.ToFileApiOutput(config.ServerUrl, config.IncludeFilename)
+	helper.Check(err)
+	result, err := json.Marshal(output)
+	helper.Check(err)
+	_, _ = w.Write(result)
+}
+
 func apiUploadFile(w http.ResponseWriter, r requestParser, user models.User) {
 	request, ok := r.(*paramFilesAdd)
 	if !ok {

internal/webserver/api/routing.go

@@ -42,6 +42,13 @@ var routes = []apiRoute{
 		execution:     apiConfigInfo,
 		RequestParser: nil,
 	},
+	{
+		Url:           "/files/download/",
+		ApiPerm:       models.ApiPermDownload,
+		execution:     apiDownloadSingle,
+		HasWildcard:   true,
+		RequestParser: &paramFilesDownloadSingle{},
+	},
 	{
 		Url:           "/files/list",
 		ApiPerm:       models.ApiPermView,
@@ -231,6 +238,20 @@ func (p *paramFilesListSingle) ProcessParameter(r *http.Request) error {
 	return nil
 }
 
+type paramFilesDownloadSingle struct {
+	Id              string
+	WebRequest      *http.Request
+	IncreaseCounter bool `header:"increaseCounter"`
+	foundHeaders    map[string]bool
+}
+
+func (p *paramFilesDownloadSingle) ProcessParameter(r *http.Request) error {
+	p.WebRequest = r
+	url := parseRequestUrl(r)
+	p.Id = strings.TrimPrefix(url, "/files/download/")
+	return nil
+}
+
 type paramFilesAdd struct {
 	Request *http.Request
 }

internal/webserver/api/routingParsing.go

@@ -108,6 +108,65 @@
         }
       }
     },
+    "/files/download/{id}": {
+      "get": {
+        "tags": [
+          "files"
+        ],
+        "summary": "Downloads file with optionally increasing the download counter",
+        "description": "This API call downloads a file that is not expired and increasing its download counter is disabled by default. Returns 404 if an invalid/expired ID was passed. Requires API permission DOWNLOAD. To download files that were not uploaded by the user, the user needs to have the user permission LIST",
+        "operationId": "downloadsingle",
+        "parameters": [
+          {
+            "name": "id",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "string"
+            },
+            "description": "ID of file to be downloaded"
+          },
+          {
+            "name": "increaseCounter",
+            "in": "header",
+            "required": false,
+            "schema": {
+              "type": "boolean"
+            },
+            "description": "Increase counter if set to true"
+          }
+        ],
+        "security": [
+          {
+            "apikey": [
+              "DOWNLOAD"
+            ]
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Operation successful",
+            "content": {
+              "application/octet-stream": {
+                "schema": {
+                  "type": "file",
+                  "format": "binary"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Invalid input"
+          },
+          "401": {
+            "description": "Invalid API key provided for authentication or API key does not have the required permission"
+          },
+          "404": {
+            "description": "Invalid ID provided or file has expired"
+          }
+        }
+      }
+    },
     "/files/list": {
       "get": {
         "tags": [

internal/webserver/web/static/apidocumentation/openapi.json

@@ -203,7 +203,7 @@ function addRowApi(apiKey, publicId) {
         },
         {
             perm: 'PERM_UPLOAD',
-            icon: 'bi-file-earmark-arrow-up',
+            icon: 'bi-file-earmark-plus',
             granted: true,
             title: 'Upload'
         },
@@ -226,9 +226,15 @@ function addRowApi(apiKey, publicId) {
             title: 'Replace Uploads'
         },
         {
-            perm: 'PERM_MANAGE_FILE_REQUESTS',
+            perm: 'PERM_DOWNLOAD',
             icon: 'bi-box-arrow-in-down',
             granted: false,
+            title: 'Download Files'
+        },
+        {
+            perm: 'PERM_MANAGE_FILE_REQUESTS',
+            icon: 'bi-file-earmark-arrow-up',
+            granted: false,
             title: 'Manage File Requests'
         },
         {

internal/webserver/web/static/js/admin_ui_api.js

@@ -45,7 +45,7 @@
                                             <td class="prevent-select">
 						<i id="perm_view_{{ .PublicId }}" class="bi bi-eye {{if not .HasPermissionView}}perm-notgranted{{else}}perm-granted{{end}}" title="List Uploads" onclick='changeApiPermission("{{ .PublicId }}","PERM_VIEW", "perm_view_{{ .PublicId }}");'></i>
 
-						<i id="perm_upload_{{ .PublicId }}" class="bi bi-file-earmark-arrow-up {{if not .HasPermissionUpload}}perm-notgranted{{else}}perm-granted{{end}}" title="Upload" onclick='changeApiPermission("{{ .PublicId }}","PERM_UPLOAD", "perm_upload_{{ .PublicId }}");'></i>
+						<i id="perm_upload_{{ .PublicId }}" class="bi bi-file-earmark-plus {{if not .HasPermissionUpload}}perm-notgranted{{else}}perm-granted{{end}}" title="Upload" onclick='changeApiPermission("{{ .PublicId }}","PERM_UPLOAD", "perm_upload_{{ .PublicId }}");'></i>
 
 						<i id="perm_edit_{{ .PublicId }}" class="bi bi-pencil {{if not .HasPermissionEdit}}perm-notgranted{{else}}perm-granted{{end}}" title="Edit Uploads" onclick='changeApiPermission("{{ .PublicId }}","PERM_EDIT", "perm_edit_{{ .PublicId }}");'></i>
 
@@ -54,7 +54,10 @@
 
 						<i id="perm_replace_{{ .PublicId }}" class="bi bi-recycle {{if not (index $.UserMap .UserId).HasPermissionReplace}}perm-unavailable perm-nochange{{ else }}{{if not .HasPermissionReplace}}perm-notgranted{{else}}perm-granted{{end}}{{end}}" title="Replace Uploads" onclick='changeApiPermission("{{ .PublicId }}","PERM_REPLACE", "perm_replace_{{ .PublicId }}");'></i>
 
-						<i id="perm_manage_file_requests_{{ .PublicId }}" class="bi bi-box-arrow-in-down {{if not (index $.UserMap .UserId).HasPermissionCreateFileRequests}}perm-unavailable perm-nochange{{ else }}{{if not .HasPermissionManageFileRequests}}perm-notgranted{{else}}perm-granted{{end}}{{end}}" title="Manage File Requests" onclick='changeApiPermission("{{ .PublicId }}","PERM_MANAGE_FILE_REQUESTS", "perm_manage_file_requests_{{ .PublicId }}");'></i>
+						<i id="perm_download_{{ .PublicId }}" class="bi bi-box-arrow-in-down {{if not .HasPermissionDownload}}perm-notgranted{{else}}perm-granted{{end}}" title="Download Files" onclick='changeApiPermission("{{ .PublicId }}","PERM_DOWNLOAD", "perm_download_{{ .PublicId }}");'></i>
+			
+						
+						<i id="perm_manage_file_requests_{{ .PublicId }}" class="bi bi-file-earmark-arrow-up {{if not (index $.UserMap .UserId).HasPermissionCreateFileRequests}}perm-unavailable perm-nochange{{ else }}{{if not .HasPermissionManageFileRequests}}perm-notgranted{{else}}perm-granted{{end}}{{end}}" title="Manage File Requests" onclick='changeApiPermission("{{ .PublicId }}","PERM_MANAGE_FILE_REQUESTS", "perm_manage_file_requests_{{ .PublicId }}");'></i>
 
 						<i id="perm_users_{{ .PublicId }}" class="bi bi-people {{if not (index $.UserMap .UserId).HasPermissionManageUsers}}perm-unavailable perm-nochange{{ else }}{{if not .HasPermissionManageUsers}}perm-notgranted{{else}}perm-granted{{end}}{{end}}" title="Manage Users" onclick='changeApiPermission("{{ .PublicId }}","PERM_MANAGE_USERS", "perm_users_{{ .PublicId }}");'></i>