endpoint to download user attachments, #6441

7 years ago · a6564b7b4e
parent 6088c37f5a
commit a6564b7b4e
6 changed files with 112 additions and 0 deletions
--- a/build/export/.gitignore
+++ b/build/export/.gitignore
@ -1,2 +1,3 @@
 .
 !.gitignore
 !README
--- a/build/export/README
+++ b/build/export/README
@ -0,0 +1,5 @@
 This directory contains archives of user uploads that are prepared on-demand
 when a user wants to retrieve a copy of their uploaded content.
 You can delete the files in here at will. They will just be regenerated if
 requested again.
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@ -1,12 +1,17 @@
 'use strict';
 var async = require('async');
 var path = require('path');
 var fs = require('fs');
 var winston = require('winston');
 var converter = require('json-2-csv');
 var archiver = require('archiver');
 var user = require('../user');
 var meta = require('../meta');
 var posts = require('../posts');
 var batch = require('../batch');
 var events = require('../events');
 var accountHelpers = require('./accounts/helpers');
 var userController = module.exports;
@ -133,3 +138,84 @@ userController.exportPosts = function (req, res, next) {
 		res.set('Content-Type', 'text/csv').set('Content-Disposition', 'attachment; filename="' + req.params.uid + '_posts.csv"').send(csv);
 	});
 };
 userController.exportUploads = function (req, res, next) {
 	const archivePath = path.join(__dirname, '../../build/export', req.params.uid + '_uploads.zip');
 	const archive = archiver('zip', {
 		zlib: { level: 9 }, // Sets the compression level.
 	});
 	const maxAge = 1000 * 60 * 60 * 24;	// 1 day
 	const rootDirectory = path.join(__dirname, '../../public/uploads/');
 	const trimPath = function (path) {
 		return path.replace(rootDirectory, '');
 	};
 	let isFresh = false;
 	const sendFile = function () {
 		events.log({
 			type: 'export:uploads',
 			uid: req.uid,
 			targetUid: req.params.uid,
 			ip: req.ip,
 			fresh: isFresh,
 		});
 		res.sendFile(req.params.uid + '_uploads.zip', {
 			root: path.join(__dirname, '../../build/export'),
 			headers: {
 				'Content-Disposition': 'attachment; filename=' + req.params.uid + '_uploads.zip',
 				maxAge: maxAge,
 			},
 		});
 	};
 	// Check for existing file, if exists and is < 1 day in age, send this instead
 	try {
 		fs.accessSync(archivePath, fs.constants.F_OK | fs.constants.R_OK);
 		isFresh = (Date.now() - fs.statSync(archivePath).mtimeMs) < maxAge;
 		if (isFresh) {
 			return sendFile();
 		}
 	} catch (err) {
 		// File doesn't exist, continue
 	}
 	const output = fs.createWriteStream(archivePath);
 	output.on('close', sendFile);
 	archive.on('warning', function (err) {
 		switch (err.code) {
 		case 'ENOENT':
 			winston.warn('[user/export/uploads] File not found: ' + trimPath(err.path));
 			break;
 		default:
 			winston.warn('[user/export/uploads] Unexpected warning: ' + err.message);
 			break;
 		}
 	});
 	archive.on('error', function (err) {
 		switch (err.code) {
 		case 'EACCES':
 			winston.error('[user/export/uploads] File inaccessible: ' + trimPath(err.path));
 			break;
 		default:
 			winston.error('[user/export/uploads] Unable to construct archive: ' + err.message);
 			break;
 		}
 		res.sendStatus(500);
 	});
 	archive.pipe(output);
 	winston.info('[user/export/uploads] Collating uploads for uid ' + req.params.uid);
 	user.collateUploads(req.params.uid, archive, function (err) {
 		if (err) {
 			return next(err);
 		}
 		archive.finalize();
 	});
 };
--- a/src/events.js
+++ b/src/events.js
@ -12,6 +12,10 @@ var utils = require('./utils');
 var events = module.exports;
 /**
 * Useful options in data: type, uid, ip, targetUid
 * Everything else gets stringified and shown as pretty JSON string
 */
 events.log = function (data, callback) {
 	callback = callback || function () {};
--- a/src/routes/api.js
+++ b/src/routes/api.js
@ -16,6 +16,7 @@ module.exports = function (app, middleware, controllers) {
 	router.get('/user/email/:email', middleware.checkGlobalPrivacySettings, controllers.user.getUserByEmail);
 	router.get('/user/uid/:uid/export/posts', middleware.checkAccountPermissions, controllers.user.exportPosts);
 	router.get('/user/uid/:uid/export/uploads', middleware.checkAccountPermissions, controllers.user.exportUploads);
 	router.get('/:type/pid/:id', controllers.api.getObject);
 	router.get('/:type/tid/:id', controllers.api.getObject);
--- a/src/user/uploads.js
+++ b/src/user/uploads.js
@ -6,6 +6,7 @@ var nconf = require('nconf');
 var db = require('../database');
 var file = require('../file');
 var batch = require('../batch');
 module.exports = function (User) {
 	User.deleteUpload = function (callerUid, uid, uploadName, callback) {
@ -32,4 +33,18 @@ module.exports = function (User) {
 			},
 		], callback);
 	};
 	User.collateUploads = function (uid, archive, callback) {
 		batch.processSortedSet('uid:' + uid + ':uploads', function (files, next) {
 			files.forEach(function (file) {
 				archive.file(path.join(nconf.get('upload_path'), file), {
 					name: path.basename(file),
 				});
 			});
 			setImmediate(next);
 		}, function (err) {
 			callback(err);
 		});
 	};
 };