get secret files working

2022-02-22 02:34:45 -05:00
parent 42cfe127eb
commit 263618a277
7 changed files with 199 additions and 98 deletions
--- a/lib/entendu_web/controllers/link_controller.ex
+++ b/lib/entendu_web/controllers/link_controller.ex
@@ -47,26 +47,15 @@ defmodule EntenduWeb.LinkController do
  def auth_page(conn, %{"id" => link_id}) do
    with %Link{service: service, recipient: recipient} = link <- Links.get_link(link_id) do
      conn
-      |> put_session(:intended_link, link)
+      |> put_session(:intended_link, %{service: service, recipient: recipient})
      |> render("auth.html", %{intended_link: %{service: service, recipient: recipient}})
    end
  end

-  def text(conn, %{"id" => link_id}) do
-    with user = get_session(conn, :current_user),
-         %Link{recipient: recipient} = link <- Links.get_link(link_id),
-         true <- UserFromAuth.can_access?(recipient, user) do
-      path = EncryptedLink.url({link.text_content, link})
-      send_file(conn, 200, path)
-    end
-  end
-
-  def file(conn, %{"id" => link_id}) do
-    with user = get_session(conn, :current_user),
-         %Link{recipient: recipient} = link <- Links.get_link(link_id),
-         true <- UserFromAuth.can_access?(recipient, user) do
-      path = EncryptedLink.url({link.file_content, link})
-      send_file(conn, 200, path)
+  def authorized_link(conn, %{"id" => link_id}) do
+    with %Link{} = link <- Links.get_link(link_id) do
+      conn
+      |> render("show_authorized.json", %{link: link})
    end
  end
 end
--- a/lib/entendu_web/plugs/authorize_link.ex
+++ b/lib/entendu_web/plugs/authorize_link.ex
@@ -12,8 +12,12 @@ defmodule EntenduWeb.Plugs.AuthorizeLink do
  def init(_params) do
  end

-  def call(conn, params) do
-    %{params: %{"path" => [_, link_id, _]}} = conn
+  defp get_link_id(%{params: %{"id" => link_id}}), do: link_id
+
+  defp get_link_id(%{params: %{"path" => [_, link_id, _]}}), do: link_id
+
+  def call(conn, _params) do
+    link_id = get_link_id(conn)
    user = get_session(conn, :current_user)

    if !user do
@@ -23,8 +27,7 @@ defmodule EntenduWeb.Plugs.AuthorizeLink do
      |> render("error_code.json", message: "Unauthorized", code: 403)
      |> halt
    else
-      with {:ok, user} <- get_user_from_path(conn),
-           %Link{recipient: recipient} = link <- Links.get_link(link_id),
+      with %Link{recipient: recipient} = link <- Links.get_link(link_id),
           true <- UserFromAuth.can_access?(recipient, user) do
        conn
        |> assign(:link, link)
@@ -52,19 +55,4 @@ defmodule EntenduWeb.Plugs.AuthorizeLink do
      end
    end
  end
-
-  defp get_user_from_path(%{params: %{"path" => [_, link_id, _]}} = conn) do
-    get_session(conn, :current_user)
-    |> get_user_from_path()
-  end
-
-  defp get_user_from_path(nil) do
-    {:error, "User not authenticated"}
-  end
-
-  defp get_user_from_path(%{id: _, name: _, emails: _} = user) do
-    {:ok, user}
-  end
-
-  defp get_user_from_path(_), do: {:error, "Link does not exist"}
 end
--- a/lib/entendu_web/router.ex
+++ b/lib/entendu_web/router.ex
@@ -16,11 +16,15 @@ defmodule EntenduWeb.Router do
    plug :accepts, ["json"]
  end

-  pipeline :authorized_links do
+  pipeline :authorized_files do
    plug AuthorizeLink
    plug Plug.Static, at: "/uploads", from: Path.expand('./uploads'), gzip: false
  end

+  pipeline :authorized_link do
+    plug AuthorizeLink
+  end
+
  scope "/", EntenduWeb do
    pipe_through :browser

@@ -31,8 +35,6 @@ defmodule EntenduWeb.Router do
    post "/just/for", LinkController, :for
    get "/just/for/you", LinkController, :you_page
    get "/just/for/you/:id", LinkController, :auth_page
-    get "/links/:id/text", LinkController, :text
-    get "/links/:id/file", LinkController, :file
  end

  scope "/auth", EntenduWeb do
@@ -44,10 +46,15 @@ defmodule EntenduWeb.Router do
  end

  scope "/uploads", EntenduWeb do
-    pipe_through [:browser, :authorized_links]
+    pipe_through [:browser, :authorized_files]
    get "/*path", FileNotFoundController, :index
  end

+  scope "/links", EntenduWeb do
+    pipe_through [:browser, :authorized_link]
+    get "/:id", LinkController, :authorized_link
+  end
+
  # Other scopes may use custom stacks.
  # scope "/api", EntenduWeb do
  #   pipe_through :api
--- a/lib/entendu_web/uploaders/encrypted_link.ex
+++ b/lib/entendu_web/uploaders/encrypted_link.ex
@@ -31,9 +31,9 @@ defmodule Entendu.EncryptedLink do
  # end

  # Override the persisted filenames:
-  def filename(_version, {_file, %{filename: filename}}) do
-    if filename, do: filename, else: "text"
-  end
+  # def filename(_version, {_file, %{filename: filename}}) do
+  #   if filename, do: filename, else: "text"
+  # end

  # Override the storage directory:
  def storage_dir(version, {_file, scope}) do