package apis import ( "fmt" "github.com/labstack/echo/v5" "github.com/pocketbase/pocketbase/core" "github.com/pocketbase/pocketbase/models" "github.com/pocketbase/pocketbase/models/schema" "github.com/pocketbase/pocketbase/tools/list" ) var imageContentTypes = []string{"image/png", "image/jpg", "image/jpeg", "image/gif"} var defaultThumbSizes = []string{"100x100"} // bindFileApi registers the file api endpoints and the corresponding handlers. func bindFileApi(app core.App, rg *echo.Group) { api := fileApi{app: app} subGroup := rg.Group("/files", ActivityLogger(app)) subGroup.HEAD("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app)) subGroup.GET("/:collection/:recordId/:filename", api.download, LoadCollectionContext(api.app)) } type fileApi struct { app core.App } func (api *fileApi) download(c echo.Context) error { collection, _ := c.Get(ContextCollectionKey).(*models.Collection) if collection == nil { return NewNotFoundError("", nil) } recordId := c.PathParam("recordId") if recordId == "" { return NewNotFoundError("", nil) } record, err := api.app.Dao().FindRecordById(collection.Id, recordId) if err != nil { return NewNotFoundError("", err) } filename := c.PathParam("filename") fileField := record.FindFileFieldByFile(filename) if fileField == nil { return NewNotFoundError("", nil) } options, _ := fileField.Options.(*schema.FileOptions) baseFilesPath := record.BaseFilesPath() // fetch the original view file field related record if collection.IsView() { fileRecord, err := api.app.Dao().FindRecordByViewFile(collection.Id, fileField.Name, filename) if err != nil { return NewNotFoundError("", fmt.Errorf("Failed to fetch view file field record: %w", err)) } baseFilesPath = fileRecord.BaseFilesPath() } fs, err := api.app.NewFilesystem() if err != nil { return NewBadRequestError("Filesystem initialization failure.", err) } defer fs.Close() originalPath := baseFilesPath + "/" + filename servedPath := originalPath servedName := filename // check for valid thumb size param thumbSize := c.QueryParam("thumb") if thumbSize != "" && (list.ExistInSlice(thumbSize, defaultThumbSizes) || list.ExistInSlice(thumbSize, options.Thumbs)) { // extract the original file meta attributes and check it existence oAttrs, oAttrsErr := fs.Attributes(originalPath) if oAttrsErr != nil { return NewNotFoundError("", err) } // check if it is an image if list.ExistInSlice(oAttrs.ContentType, imageContentTypes) { // add thumb size as file suffix servedName = thumbSize + "_" + filename servedPath = baseFilesPath + "/thumbs_" + filename + "/" + servedName // create a new thumb if it doesn exists if exists, _ := fs.Exists(servedPath); !exists { if err := fs.CreateThumb(originalPath, servedPath, thumbSize); err != nil { servedPath = originalPath // fallback to the original } } } } event := new(core.FileDownloadEvent) event.HttpContext = c event.Collection = collection event.Record = record event.FileField = fileField event.ServedPath = servedPath event.ServedName = servedName // clickjacking shouldn't be a concern when serving uploaded files, // so it safe to unset the global X-Frame-Options to allow files embedding // (note: it is out of the hook to allow users to customize the behavior) c.Response().Header().Del("X-Frame-Options") return api.app.OnFileDownloadRequest().Trigger(event, func(e *core.FileDownloadEvent) error { res := e.HttpContext.Response() req := e.HttpContext.Request() if err := fs.Serve(res, req, e.ServedPath, e.ServedName); err != nil { return NewNotFoundError("", err) } return nil }) }