File attachment in the card (#4053)

Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2025-07-12 23:50:27 +02:00 · 2022-11-24 17:16:59 +05:30
parent 9918a0b3f8
commit 6674402079
31 changed files with 1264 additions and 48 deletions
--- a/server/api/files.go
+++ b/server/api/files.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"io"
 	"net/http"
-	"path/filepath"
 	"strings"
 	"time"

@ -13,7 +12,9 @@ import (

 	"github.com/gorilla/mux"
 	"github.com/mattermost/focalboard/server/model"
+
 	"github.com/mattermost/focalboard/server/services/audit"
+	mmModel "github.com/mattermost/mattermost-server/v6/model"

 	"github.com/mattermost/mattermost-server/v6/shared/mlog"
 )
@ -35,9 +36,19 @@ func FileUploadResponseFromJSON(data io.Reader) (*FileUploadResponse, error) {
 	return &fileUploadResponse, nil
 }

+func FileInfoResponseFromJSON(data io.Reader) (*mmModel.FileInfo, error) {
+	var fileInfo mmModel.FileInfo
+
+	if err := json.NewDecoder(data).Decode(&fileInfo); err != nil {
+		return nil, err
+	}
+	return &fileInfo, nil
+}
+
 func (a *API) registerFilesRoutes(r *mux.Router) {
 	// Files API
 	r.HandleFunc("/files/teams/{teamID}/{boardID}/{filename}", a.attachSession(a.handleServeFile, false)).Methods("GET")
+	r.HandleFunc("/files/teams/{teamID}/{boardID}/{filename}/info", a.attachSession(a.getFileInfo, false)).Methods("GET")
 	r.HandleFunc("/teams/{teamID}/{boardID}/files", a.sessionRequired(a.handleUploadFile)).Methods("POST")
 }

@ -108,19 +119,6 @@ func (a *API) handleServeFile(w http.ResponseWriter, r *http.Request) {
 	auditRec.AddMeta("teamID", board.TeamID)
 	auditRec.AddMeta("filename", filename)

-	contentType := "image/jpg"
-
-	fileExtension := strings.ToLower(filepath.Ext(filename))
-	if fileExtension == "png" {
-		contentType = "image/png"
-	}
-
-	if fileExtension == "gif" {
-		contentType = "image/gif"
-	}
-
-	w.Header().Set("Content-Type", contentType)
-
 	fileInfo, err := a.app.GetFileInfo(filename)
 	if err != nil && !model.IsErrNotFound(err) {
 		a.errorResponse(w, r, err)
@ -172,6 +170,80 @@ func (a *API) handleServeFile(w http.ResponseWriter, r *http.Request) {
 	auditRec.Success()
 }

+func (a *API) getFileInfo(w http.ResponseWriter, r *http.Request) {
+	// swagger:operation GET /files/teams/{teamID}/{boardID}/{filename}/info getFile
+	//
+	// Returns the metadata of an uploaded file
+	//
+	// ---
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: teamID
+	//   in: path
+	//   description: Team ID
+	//   required: true
+	//   type: string
+	// - name: boardID
+	//   in: path
+	//   description: Board ID
+	//   required: true
+	//   type: string
+	// - name: filename
+	//   in: path
+	//   description: name of the file
+	//   required: true
+	//   type: string
+	// security:
+	// - BearerAuth: []
+	// responses:
+	//   '200':
+	//     description: success
+	//   '404':
+	//     description: file not found
+	//   default:
+	//     description: internal error
+	//     schema:
+	//       "$ref": "#/definitions/ErrorResponse"
+
+	vars := mux.Vars(r)
+	boardID := vars["boardID"]
+	teamID := vars["teamID"]
+	filename := vars["filename"]
+	userID := getUserID(r)
+
+	hasValidReadToken := a.hasValidReadTokenForBoard(r, boardID)
+	if userID == "" && !hasValidReadToken {
+		a.errorResponse(w, r, model.NewErrUnauthorized("access denied to board"))
+		return
+	}
+
+	if !hasValidReadToken && !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionViewBoard) {
+		a.errorResponse(w, r, model.NewErrPermission("access denied to board"))
+		return
+	}
+
+	auditRec := a.makeAuditRecord(r, "getFile", audit.Fail)
+	defer a.audit.LogRecord(audit.LevelRead, auditRec)
+	auditRec.AddMeta("boardID", boardID)
+	auditRec.AddMeta("teamID", teamID)
+	auditRec.AddMeta("filename", filename)
+
+	fileInfo, err := a.app.GetFileInfo(filename)
+	if err != nil && !model.IsErrNotFound(err) {
+		a.errorResponse(w, r, err)
+		return
+	}
+
+	data, err := json.Marshal(fileInfo)
+	if err != nil {
+		a.errorResponse(w, r, err)
+		return
+	}
+
+	jsonBytesResponse(w, http.StatusOK, data)
+}
+
 func (a *API) handleUploadFile(w http.ResponseWriter, r *http.Request) {
 	// swagger:operation POST /teams/{teamID}/boards/{boardID}/files uploadFile
 	//