Skip to content

Commit

Permalink
feat: add user_id in documents for future protection (#655)
Browse files Browse the repository at this point in the history
  • Loading branch information
@iNeoO
iNeoO authored Dec 10, 2024
2 parents 28cb5f1 + 97f0f5a commit ad618db
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 14 deletions.
2 changes: 1 addition & 1 deletion .talismanrc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ fileignoreconfig:
- filename: packages/backend/src/services/DemandeSejour.js
checksum: 8a3761a96a2775987fea844c5e0d47c7c6f83ea2dfddfd878c30a90f7d9775cc
- filename: packages/backend/src/services/Document.js
checksum: 59b5abe13b265c61dc6df8bbb92a3f989199dafaef0170d361f49e760d2ac385
checksum: 1fbeae31395935da7b8daef1d3872151b793d433d1cde968d0607b4628ba50a8
- filename: packages/backend/src/services/User.js
checksum: 78ddae12d185c4111aa837a178b75e6bda4083d06783ee6382503262298eefbc
- filename: packages/backend/src/services/geo/Commune.js
Expand Down
2 changes: 2 additions & 0 deletions packages/backend/src/controllers/documents/upload.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const log = logger(module.filename);
module.exports = async (req, res, next) => {
log.i("IN");
const { category } = req.body;
const { decoded } = req;
const file = req.file;
if (!category || !file) {
log.w("DONE with error");
Expand Down Expand Up @@ -49,6 +50,7 @@ module.exports = async (req, res, next) => {
category,
mimetype,
data,
decoded.id,
);
log.d("DONE", uuid);
return res.json({ uuid });
Expand Down
40 changes: 27 additions & 13 deletions packages/backend/src/services/Document.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,20 +24,21 @@ const s3Client = new S3Client({
});

const query = {
create: (category, filename, mime_type, file) => [
create: (category, filename, mime_type, userId, file) => [
`
INSERT INTO doc.documents
(category, filename, mime_type, file)
VALUES ($1, $2, $3, $4) RETURNING uuid`,
[category, filename, mime_type, file],
(category, filename, mime_type, user_id, file)
VALUES ($1, $2, $3, $4, $5) RETURNING uuid`,
[category, filename, mime_type, userId, file],
],
getByUuid: (uuid) => [
`
SELECT uuid,
category,
filename,
mime_type as mimeType,
file
category,
filename,
mime_type as "mimeType",
user_id as "userId",
file
FROM doc.documents
WHERE uuid = $1;`,
[uuid],
Expand All @@ -47,6 +48,7 @@ const query = {
SELECT
uuid,
filename as "name",
user_id as "userId",
created_at as "createdAt"
FROM doc.documents
WHERE uuid = $1;`,
Expand Down Expand Up @@ -88,18 +90,24 @@ module.exports.getFileMetaData = async (uuid) => {
}
};

module.exports.createFile = async (filename, category, mimetype, data) => {
module.exports.createFile = async (
filename,
category,
mimetype,
data,
userid,
) => {
log.i("createFile pg - In");
try {
log.i("createFile pg", { category, filename, mimetype });
const {
rows: [{ uuid }],
} = await poolDoc.query(
...query.create(category, filename, mimetype, data),
...query.create(category, filename, mimetype, userid, data),
);
log.i("createFile pg - Done");
log.i("upload file to s3");
await uploadToS3(filename, category, mimetype, data, uuid);
await uploadToS3(filename, category, mimetype, userid, data, uuid);
log.i("upload file to s3 - Done");
return uuid;
} catch (err) {
Expand All @@ -117,23 +125,29 @@ async function uploadToS3(
filename,
category,
mimetype,
userid,
data,
uuid = crypto.randomUUID(),
) {
log.i("uploadToS3 - In");
try {
log.d("uploadToS3", category, filename);
const encodedFilename = Buffer.from(filename, "latin1").toString("base64");
const encodedFilename = filename
.normalize("NFD")
.replace(/[\u0300-\u036f]/g, "")
.replace(/[^a-zA-Z0-9._-]/g, "_");
const extension = filename.split(".").pop();
await s3Client.send(
new PutObjectCommand({
Body: data,
Bucket: S3_BUCKET_NAME,
Key: `${S3_BUCKET_ROOT_DIR}/${uuid}.pdf`,
Key: `${S3_BUCKET_ROOT_DIR}/${uuid}.${extension}`,
Metadata: {
category,
created_at: String(new Date()),
mimetype: mimetype,
originalname: encodedFilename,
userid: `${userid}`,
},
}),
);
Expand Down
25 changes: 25 additions & 0 deletions packages/migrations/src/migrations/20241210100043_update_documents_with_user_id.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.up = async function (knex) {
await knex.schema.alterTable("doc.documents", (table) => {
table
.integer("user_id")
.nullable()
.references("id")
.inTable("front.users")
.onDelete("SET NULL");
});
};

/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.down = async function (knex) {
await knex.schema.alterTable("doc.documents", (table) => {
table.dropForeign(["user_id"]);
table.dropColumn("user_id");
});
};

0 comments on commit ad618db

Please sign in to comment.