Add support for getting all the files from the storage directory

leganz · leganz · commit de70c29e3225 · 2020-07-29T23:01:20.000+02:00
Fix http protocol bug
Change the permissions for defining a create and read permission for this endpoint
Updating the documentation
diff --git a/.env b/.env
@@ -1,5 +1,5 @@
-JWT_SECRET=2VRxS0s15nV2BnyVYcgBvKJwoaPeQdVXsaJylt96Jb9iypXOGylcTCTo8rS1E7Mk
-JWT_ACTIVE=false
-BASIC_ACTIVE=false
+JWT_SECRET=PPNBhcIhU0i7MWF2siMNl6nq5icNLV9ePeBfJfuqTkmOj867jY6yKqetV12J0kTt
+JWT_ACTIVE=true
+BASIC_ACTIVE=true
 BASIC_USER=test
 BASIC_SECRET=asdf
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.0] - 2020-07-29
+### Added
+- Added [GET] /browse to get all files available on the print server.
+- JWT: [GET] /browse requires "browse-read" as permission or a custom permission which can be addressed by setting the environment variable "PERMISSION_BROWSE_READ"
+
+### Fixed
+- Fixed http-protocol bug where links where always http.
+
+### Changed
+- JWT: [POST] /browse requires now the permission "browse-create" instead of "browse" or a custom permission which can be addressed by setting the environment variable "PERMISSION_BROWSE_CREATE"
+
+
 ## [0.1.2] - 2020-06-28
 ### Fixed
 - Issue with decision if you want to use JWT or Basic Authentication
diff --git a/README.md b/README.md
@@ -21,7 +21,8 @@ JWT_SECRET=2VRxS0s15nV2BnyVYcgBvKJwoaPeQdVXsaJylt96Jb9iypXOGylcTCTo8rS1E7Mk
 JWT_ISSUER=http://localhost:8000/api/auth/login
 APP_KEY=
 PORT=3000
-PERMISSION_BROWSE=print
+PERMISSION_BROWSE_CREATE=print
+PERMISSION_BROWSE_READ=print
 ```
 
 ## Run the service
@@ -45,8 +46,8 @@ If you want to use the JWT Authentication the JWT must contain custom claims wit
 - roles (Array)
 - permissions (Array)
 
-If the claim contains a "*" or the given *PERMISSIONS_PRINT* key it will proceed.
-
+[POST]: If the claim contains a "*" or the given *PERMISSIONS_PRINT_CREATE* key it will proceed.
+[GET]: If the claim contains a "*" or the given *PERMISSIONS_PRINT_READ* key it will proceed.
 #### JWT_ACTIVE (env key)
 
 Default: true
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -22,10 +22,10 @@
     "test:e2e": "jest --config ./test/jest-e2e.json"
   },
   "dependencies": {
-    "@nestjs/common": "^7.2.0",
+    "@nestjs/common": "^7.4.1",
     "@nestjs/config": "^0.5.0",
-    "@nestjs/core": "^7.2.0",
-    "@nestjs/platform-express": "^7.2.0",
+    "@nestjs/core": "^7.4.1",
+    "@nestjs/platform-express": "^7.4.1",
     "@nestjs/typeorm": "^7.1.0",
     "axios": "^0.19.2",
     "class-transformer": "^0.2.3",
@@ -38,19 +38,19 @@
     "puppeteer": "^3.3.0",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
-    "rxjs": "^6.5.4",
+    "rxjs": "^6.6.0",
     "signed": "^1.0.3",
     "typeorm": "^0.2.25",
-    "uuid": "^8.2.0"
+    "uuid": "^8.3.0"
   },
   "devDependencies": {
     "@nestjs/cli": "^7.4.1",
     "@nestjs/schematics": "^7.0.0",
-    "@nestjs/testing": "^7.2.0",
-    "@types/express": "^4.17.3",
+    "@nestjs/testing": "^7.4.1",
+    "@types/express": "^4.17.7",
     "@types/jest": "25.2.3",
-    "@types/node": "^13.9.1",
-    "@types/supertest": "^2.0.8",
+    "@types/node": "^13.13.15",
+    "@types/supertest": "^2.0.10",
     "@typescript-eslint/eslint-plugin": "3.0.2",
     "@typescript-eslint/parser": "3.0.2",
     "eslint": "7.1.0",
@@ -64,7 +64,7 @@
     "ts-loader": "^6.2.1",
     "ts-node": "^8.6.2",
     "tsconfig-paths": "^3.9.0",
-    "typescript": "^3.7.4",
+    "typescript": "^3.9.7",
     "webpack-node-externals": "^1.7.2"
   },
   "jest": {
diff --git a/src/browser/browser.controller.ts b/src/browser/browser.controller.ts
@@ -24,6 +24,28 @@ export class BrowserController {
     });
   }
 
+  @Get("api/browse")
+  @UseGuards(BrowseGuard)
+  async files(@Param() params, @Req() req: Request, @Res() res: Response) {
+
+    let result = await fs.promises.readdir(`./storage/`);
+
+    result = result.filter(file => {
+      if (file.substr(0,1) !== '.') {
+         return file;
+      }
+    });
+
+
+    result = result.map(file => {
+       file = file.substr(0, file.length - 4);
+       return this.signature.sign(`${req.protocol}://${req.headers.host}/api/browse/${file}`);
+    })
+
+    res.status(HttpStatus.OK).json(result);
+
+  }
+
   @Get("api/browse/:id")
   async file(@Param() params, @Req() req: Request, @Res() res: Response) {
 
@@ -73,7 +95,7 @@ export class BrowserController {
     res.status(HttpStatus.OK).json(new PdfResult({
         statusCode: HttpStatus.OK,
         requestUrl: createSession.url,
-        downloadUrl: resultUpload == false ? this.signature.sign(`http://${request.headers.host}/api/browse/${result.id}`) : null,
+        downloadUrl: resultUpload == false ? this.signature.sign(`${request.protocol}://${request.headers.host}/api/browse/${result.id}`) : null,
         filename: result.id,
         uploaded: resultUpload,
         waited: createSession.postBackWait
diff --git a/src/configuration/configuration.ts b/src/configuration/configuration.ts
@@ -12,7 +12,8 @@ export default () => ({
         secret: process.env.BASIC_SECRET || null
     },
     permissions: {
-        browse: process.env.PERMISSION_BROWSE || 'browse'
+        browseCreate: process.env.PERMISSION_BROWSE_CREATE || 'browse-create',
+        browseRead: process.env.PERMISSION_BROWSE_READ || 'browse-read'
     },
     browser: process.env.BROWSER_PATH || null
   });
diff --git a/src/guards/browse.guard.ts b/src/guards/browse.guard.ts
@@ -8,7 +8,7 @@ const jwt = require('jsonwebtoken');
 export class BrowseGuard implements CanActivate {
 
   constructor(@Inject('ConfigService') private configService: ConfigService) {
-    
+      
   }
 
   canActivate( 
@@ -19,9 +19,19 @@ export class BrowseGuard implements CanActivate {
     const jwtActive = this.configService.get<boolean>('jwt.active');
     const token = request.headers.authorization ? request.headers.authorization.replace('Bearer ', '') : '';  
 
+    let permissionFromConfig: string = "";
+    switch(request.method) {
+       case 'GET':
+        permissionFromConfig = "permissions.browseRead";
+        break;
+       case 'POST':
+        permissionFromConfig = "permissions.browseCreate";
+        break;
+    }
+
     if (jwtActive == true) {
       const data  = jwt.decode(token);
-      return data.permissions === undefined || data.permissions.indexOf(this.configService.get<string>('permissions.browse')) > -1 || data.permissions.indexOf('*') > -1;
+      return data.permissions === undefined || data.permissions.indexOf(this.configService.get<string>(permissionFromConfig)) > -1 || data.permissions.indexOf('*') > -1;
     }
     else {
       return true;
