codecombat/server/routes/file.coffee

Grid = require 'gridfs-stream'
fs = require 'fs'
request = require 'request'
mongoose = require 'mongoose'
errors = require '../commons/errors'
config = require '../../server_config'

module.exports.setup = (app) ->
  app.all '/file*', (req, res) ->
    return fileGet(req, res) if req.route.method is 'get'
    return filePost(req, res) if req.route.method is 'post'
    return fileDelete(req, res) if req.route.method is 'delete'
    return errors.badMethod(res, ['GET', 'POST', 'DELETE'])

fileDelete = (req, res) ->
  return errors.forbidden(res) unless req.user
  query = parsePathIntoQuery(req.path)
  return errors.badInput(res) if not query.filename
  Grid.gfs.collection('media').findOne query, (err, filedata) =>
    return errors.notFound(res) if not filedata
    return errors.forbidden(res) unless userCanEditFile(req.user, filedata)
    Grid.gfs.remove {_id: filedata._id, root: 'media'}, (err) ->
      return errors.serverError(res) if err
      return res.end()
    
fileGet = (req, res) ->
  query = parsePathIntoQuery(req.path)

  if not query.filename # it's a folder, return folder contents
    Grid.gfs.collection('media').find query, (err, cursor) ->
      return errors.serverError(res) if err
      results = cursor.toArray (err, results) ->
        return errors.serverError(res) if err
        res.setHeader('Content-Type', 'text/json')
        res.send(results)
        res.end()

  else # it's a single file
    Grid.gfs.collection('media').findOne query, (err, filedata) =>
      return errors.notFound(res) if not filedata
      readstream = Grid.gfs.createReadStream({_id: filedata._id, root: 'media'})
      if req.headers['if-modified-since'] is filedata.uploadDate
        res.status(304)
        return res.end()

      res.setHeader('Content-Type', filedata.contentType)
      res.setHeader('Last-Modified', filedata.uploadDate)
      res.setHeader('Cache-Control', 'public')
      readstream.pipe(res)
      handleStreamEnd(res, res)
      
parsePathIntoQuery = (path) ->
  path = path[6..]
  path = decodeURI path
  try
    objectId = mongoose.Types.ObjectId(path)
    query = objectId
  catch e
    path = path.split('/')
    filename = path[path.length-1]
    path = path[...path.length-1].join('/')
    query =
      'metadata.path': path
    query.filename = filename if filename

  query

postFileSchema =
  type: 'object'
  properties:
    # source
    url: { type: 'string', description: 'The url to download the file from.' }
    postName: { type: 'string', description: 'The input field this file was sent on.' }
    b64png: { type: 'string', description: 'Raw png data to upload.' }

    # options
    force: { type: 'string', 'default': '', description: 'Whether to overwrite existing files (as opposed to throwing an error).' }

    # metadata
    filename: { type: 'string', description: 'What the file will be named in the system.' }
    mimetype: { type: 'string' }
    name: { type: 'string', description: 'Human readable and searchable string.' }
    description: { type: 'string' }
    path: { type: 'string', description: 'What "folder" this file goes into.' }

  required: ['filename', 'mimetype', 'path']

filePost = (req, res) ->
  return errors.forbidden(res) unless req.user
  options = req.body
  tv4 = require('tv4').tv4
  valid = tv4.validate(options, postFileSchema)
  hasSource = options.url or options.postName or options.b64png
  # TODO : give tv4.error  to badInput
  return errors.badInput(res) if (not valid) or (not hasSource)
  return saveURL(req, res) if options.url
  return saveFile(req, res) if options.postName
  return savePNG(req, res) if options.b64png

saveURL = (req, res) ->
  options = createPostOptions(req)
  checkExistence options, req, res, req.body.force, (err) ->
    return errors.serverError(res) if err
    writestream = Grid.gfs.createWriteStream(options)
    request(req.body.url).pipe(writestream)
    handleStreamEnd(res, writestream)

saveFile = (req, res) ->
  options = createPostOptions(req)
  checkExistence options, req, res, req.body.force, (err) ->
    return if err
    writestream = Grid.gfs.createWriteStream(options)
    f = req.files[req.body.postName]
    fileStream = fs.createReadStream(f.path)
    fileStream.pipe(writestream)
    handleStreamEnd(res, writestream)

savePNG = (req, res) ->
  options = createPostOptions(req)
  checkExistence options, req, res, req.body.force, (err) ->
    return if err
    writestream = Grid.gfs.createWriteStream(options)
    img = new Buffer(req.body.b64png, 'base64')
    streamBuffers = require 'stream-buffers'
    myReadableStreamBuffer = new streamBuffers.ReadableStreamBuffer({frequency: 10, chunkSize: 2048})
    myReadableStreamBuffer.put(img)
    myReadableStreamBuffer.pipe(writestream)
    handleStreamEnd(res, writestream)

userCanEditFile = (user=null, file=null) ->
  # no user means 'anyone'. No file means 'any file'
  return false unless user
  return true if user.isAdmin()
  return false unless file
  return true if file.metadata.creator is user.id
  return false

checkExistence = (options, req, res, force, done) ->
  q = {
    filename: options.filename
    'metadata.path': options.metadata.path
  }
  Grid.gfs.collection('media').find(q).toArray (err, files) ->
    file = files[0]
    if file and ((not userCanEditFile(req.user, file) or (not force)))
      errors.conflict(res, {canForce: userCanEditFile(req.user, file)})
      done(true)
    else if file
      fullPath = "/file/#{options.metadata.path}/#{options.filename}"
      clearCloudFlareCacheForFile(fullPath)
      q = { _id: file._id }
      q.root = 'media'
      Grid.gfs.remove q, (err) ->
        if err
          errors.serverError(res)
          return done(true)
        done()
    else
      done()

handleStreamEnd = (res, stream) ->
  stream.on 'close', (f) ->
    res.send(f)
    res.end()

  stream.on 'error', ->
    return errors.serverError(res)

CHUNK_SIZE = 1024*256

createPostOptions = (req) ->
  unless req.body.name
    name = req.body.filename.split('.')[0]
    req.body.name = _.str.humanize(name)

  path = req.body.path or ''
  path = path[1...] if path and path[0] is '/'
  path = path[...path.length-2] if path and path[path.length-1] is '/'

  options =
    mode: 'w'
    filename: req.body.filename
    chunk_size: CHUNK_SIZE
    root: 'media'
    content_type: req.body.mimetype
    metadata:
      name: req.body.name
      path: path
      creator: ''+req.user._id
  options.metadata.description = req.body.description if req.body.description?

  options

clearCloudFlareCacheForFile = (path='/file') ->
  unless config.cloudflare.token
    console.log 'skipping clearing cloud cache, not configured'
    return

  request = require 'request'
  r = request.post 'https://www.cloudflare.com/api_json.html', (err, httpResponse, body) ->
    if (err)
      console.error('CloudFlare file cache clear failed:', body)

  form = r.form()
  form.append 'tkn', config.cloudflare.token
  form.append 'email', 'scott@codecombat.com'
  form.append 'z', 'codecombat.com'
  form.append 'a', 'zone_file_purge'
  form.append 'url', "http://codecombat.com#{path}"
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`Grid = require 'gridfs-stream'`
			`fs = require 'fs'`
			`request = require 'request'`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`mongoose = require 'mongoose'`
server reorganize files and folder by features - move and rename files - use associative arrays which store handlers for 'dynamically' load module from de db route - store models_path in test/server/common, a global model variable has the same name that the filename of the model 2014-01-22 17:57:41 -05:00			`errors = require '../commons/errors'`
Fixed the cloudflare config to be in the environmental variables. 2014-06-24 12:29:47 -04:00			`config = require '../../server_config'`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
use a mapping for handlers, schemas, and routes 2014-02-04 16:29:13 -05:00			`module.exports.setup = (app) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`app.all '/file*', (req, res) ->`
			`return fileGet(req, res) if req.route.method is 'get'`
			`return filePost(req, res) if req.route.method is 'post'`
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00			`return fileDelete(req, res) if req.route.method is 'delete'`
			`return errors.badMethod(res, ['GET', 'POST', 'DELETE'])`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00			`fileDelete = (req, res) ->`
			`return errors.forbidden(res) unless req.user`
			`query = parsePathIntoQuery(req.path)`
			`return errors.badInput(res) if not query.filename`
			`Grid.gfs.collection('media').findOne query, (err, filedata) =>`
			`return errors.notFound(res) if not filedata`
			`return errors.forbidden(res) unless userCanEditFile(req.user, filedata)`
			`Grid.gfs.remove {_id: filedata._id, root: 'media'}, (err) ->`
			`return errors.serverError(res) if err`
			`return res.end()`

Ready for action, sir! 2014-01-03 13:32:13 -05:00			`fileGet = (req, res) ->`
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00			`query = parsePathIntoQuery(req.path)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00			`if not query.filename # it's a folder, return folder contents`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`Grid.gfs.collection('media').find query, (err, cursor) ->`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res) if err`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`results = cursor.toArray (err, results) ->`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res) if err`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`res.setHeader('Content-Type', 'text/json')`
			`res.send(results)`
			`res.end()`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00			`else # it's a single file`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`Grid.gfs.collection('media').findOne query, (err, filedata) =>`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.notFound(res) if not filedata`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`readstream = Grid.gfs.createReadStream({_id: filedata._id, root: 'media'})`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`if req.headers['if-modified-since'] is filedata.uploadDate`
			`res.status(304)`
			`return res.end()`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`res.setHeader('Content-Type', filedata.contentType)`
			`res.setHeader('Last-Modified', filedata.uploadDate)`
			`res.setHeader('Cache-Control', 'public')`
			`readstream.pipe(res)`
			`handleStreamEnd(res, res)`
Added a delete endpoint for files. Fixes #33. 2015-01-12 16:37:01 -05:00
			`parsePathIntoQuery = (path) ->`
			`path = path[6..]`
			`path = decodeURI path`
			`try`
			`objectId = mongoose.Types.ObjectId(path)`
			`query = objectId`
			`catch e`
			`path = path.split('/')`
			`filename = path[path.length-1]`
			`path = path[...path.length-1].join('/')`
			`query =`
			`'metadata.path': path`
			`query.filename = filename if filename`

			`query`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`postFileSchema =`
			`type: 'object'`
			`properties:`
			`# source`
			`url: { type: 'string', description: 'The url to download the file from.' }`
			`postName: { type: 'string', description: 'The input field this file was sent on.' }`
Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`b64png: { type: 'string', description: 'Raw png data to upload.' }`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`# options`
			`force: { type: 'string', 'default': '', description: 'Whether to overwrite existing files (as opposed to throwing an error).' }`

			`# metadata`
			`filename: { type: 'string', description: 'What the file will be named in the system.' }`
			`mimetype: { type: 'string' }`
			`name: { type: 'string', description: 'Human readable and searchable string.' }`
			`description: { type: 'string' }`
			`path: { type: 'string', description: 'What "folder" this file goes into.' }`

			`required: ['filename', 'mimetype', 'path']`

			`filePost = (req, res) ->`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00			`return errors.forbidden(res) unless req.user`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`options = req.body`
			`tv4 = require('tv4').tv4`
			`valid = tv4.validate(options, postFileSchema)`
Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`hasSource = options.url or options.postName or options.b64png`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`# TODO : give tv4.error to badInput`
			`return errors.badInput(res) if (not valid) or (not hasSource)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`return saveURL(req, res) if options.url`
			`return saveFile(req, res) if options.postName`
Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`return savePNG(req, res) if options.b64png`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`saveURL = (req, res) ->`
			`options = createPostOptions(req)`
Fixed #905. 2014-04-24 13:45:52 -04:00			`checkExistence options, req, res, req.body.force, (err) ->`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res) if err`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`writestream = Grid.gfs.createWriteStream(options)`
			`request(req.body.url).pipe(writestream)`
			`handleStreamEnd(res, writestream)`

			`saveFile = (req, res) ->`
			`options = createPostOptions(req)`
Fixed #905. 2014-04-24 13:45:52 -04:00			`checkExistence options, req, res, req.body.force, (err) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`return if err`
			`writestream = Grid.gfs.createWriteStream(options)`
			`f = req.files[req.body.postName]`
			`fileStream = fs.createReadStream(f.path)`
			`fileStream.pipe(writestream)`
			`handleStreamEnd(res, writestream)`

Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`savePNG = (req, res) ->`
			`options = createPostOptions(req)`
Fixed #905. 2014-04-24 13:45:52 -04:00			`checkExistence options, req, res, req.body.force, (err) ->`
			`return if err`
Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`writestream = Grid.gfs.createWriteStream(options)`
			`img = new Buffer(req.body.b64png, 'base64')`
			`streamBuffers = require 'stream-buffers'`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`myReadableStreamBuffer = new streamBuffers.ReadableStreamBuffer({frequency: 10, chunkSize: 2048})`
Set up portrait uploading for thangs. 2014-01-06 15:37:35 -05:00			`myReadableStreamBuffer.put(img)`
			`myReadableStreamBuffer.pipe(writestream)`
			`handleStreamEnd(res, writestream)`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00
Fixed #905. 2014-04-24 13:45:52 -04:00			`userCanEditFile = (user=null, file=null) ->`
			`# no user means 'anyone'. No file means 'any file'`
			`return false unless user`
			`return true if user.isAdmin()`
			`return false unless file`
			`return true if file.metadata.creator is user.id`
			`return false`

			`checkExistence = (options, req, res, force, done) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`q = {`
			`filename: options.filename`
			`'metadata.path': options.metadata.path`
			`}`
			`Grid.gfs.collection('media').find(q).toArray (err, files) ->`
Fixed #905. 2014-04-24 13:45:52 -04:00			`file = files[0]`
			`if file and ((not userCanEditFile(req.user, file) or (not force)))`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`errors.conflict(res, {canForce: userCanEditFile(req.user, file)})`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`done(true)`
Fixed #905. 2014-04-24 13:45:52 -04:00			`else if file`
Fixed the file not 'changing' when overwritten. It was a caching issue. 2014-06-24 11:55:04 -04:00			`fullPath = "/file/#{options.metadata.path}/#{options.filename}"`
			`clearCloudFlareCacheForFile(fullPath)`
Fixed #905. 2014-04-24 13:45:52 -04:00			`q = { _id: file._id }`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`q.root = 'media'`
			`Grid.gfs.remove q, (err) ->`
Fixed #905. 2014-04-24 13:45:52 -04:00			`if err`
			`errors.serverError(res)`
			`return done(true)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`done()`
			`else`
			`done()`

			`handleStreamEnd = (res, stream) ->`
			`stream.on 'close', (f) ->`
			`res.send(f)`
			`res.end()`

			`stream.on 'error', ->`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`CHUNK_SIZE = 1024*256`

			`createPostOptions = (req) ->`
			`unless req.body.name`
			`name = req.body.filename.split('.')[0]`
			`req.body.name = _.str.humanize(name)`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`path = req.body.path or ''`
			`path = path[1...] if path and path[0] is '/'`
			`path = path[...path.length-2] if path and path[path.length-1] is '/'`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`options =`
			`mode: 'w'`
			`filename: req.body.filename`
			`chunk_size: CHUNK_SIZE`
			`root: 'media'`
			`content_type: req.body.mimetype`
			`metadata:`
			`name: req.body.name`
			`path: path`
			`creator: ''+req.user._id`
Non-admins can save (but not overwrite) file uploads. 2014-04-12 16:03:46 -04:00			`options.metadata.description = req.body.description if req.body.description?`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`options`
Fixed the file not 'changing' when overwritten. It was a caching issue. 2014-06-24 11:55:04 -04:00
			`clearCloudFlareCacheForFile = (path='/file') ->`
Fixed the cloudflare config to be in the environmental variables. 2014-06-24 12:29:47 -04:00			`unless config.cloudflare.token`
			`console.log 'skipping clearing cloud cache, not configured'`
			`return`

Fixed the file not 'changing' when overwritten. It was a caching issue. 2014-06-24 11:55:04 -04:00			`request = require 'request'`
			`r = request.post 'https://www.cloudflare.com/api_json.html', (err, httpResponse, body) ->`
			`if (err)`
			`console.error('CloudFlare file cache clear failed:', body)`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00
Fixed the file not 'changing' when overwritten. It was a caching issue. 2014-06-24 11:55:04 -04:00			`form = r.form()`
Fixed the cloudflare config to be in the environmental variables. 2014-06-24 12:29:47 -04:00			`form.append 'tkn', config.cloudflare.token`
Fixed the file not 'changing' when overwritten. It was a caching issue. 2014-06-24 11:55:04 -04:00			`form.append 'email', 'scott@codecombat.com'`
			`form.append 'z', 'codecombat.com'`
			`form.append 'a', 'zone_file_purge'`
			`form.append 'url', "http://codecombat.com#{path}"`