diff --git a/src/main/java/me/kavin/piped/server/ServerLauncher.java b/src/main/java/me/kavin/piped/server/ServerLauncher.java index 76595f8..34b06aa 100644 --- a/src/main/java/me/kavin/piped/server/ServerLauncher.java +++ b/src/main/java/me/kavin/piped/server/ServerLauncher.java @@ -480,8 +480,8 @@ public class ServerLauncher extends MultithreadedHttpServerLauncher { } })).map(GET, "/storage/stat", AsyncServlet.ofBlocking(executor, request -> { try { - var json = mapper.readTree(request.loadBody().getResult().asArray()); - return getJsonResponse(StorageHandlers.statFile(request.getHeader(AUTHORIZATION), json.get("file").textValue()), "private"); + var file = request.getQueryParameter("file"); + return getJsonResponse(StorageHandlers.statFile(request.getHeader(AUTHORIZATION), file), "private"); } catch (Exception e) { return getErrorResponse(e, request.getPath()); } @@ -496,6 +496,13 @@ public class ServerLauncher extends MultithreadedHttpServerLauncher { } catch (Exception e) { return getErrorResponse(e, request.getPath()); } + })).map(GET, "/storage/get", AsyncServlet.ofBlocking(executor, request -> { + try { + var file = request.getQueryParameter("file"); + return getRawResponse(StorageHandlers.getFile(request.getHeader(AUTHORIZATION), file), "application/octet-stream", "private"); + } catch (Exception e) { + return getErrorResponse(e, request.getPath()); + } })) .map(GET, "/", AsyncServlet.ofBlocking(executor, request -> HttpResponse.redirect302(Constants.FRONTEND_URL))); diff --git a/src/main/java/me/kavin/piped/server/handlers/auth/StorageHandlers.java b/src/main/java/me/kavin/piped/server/handlers/auth/StorageHandlers.java index b57270d..dd7f922 100644 --- a/src/main/java/me/kavin/piped/server/handlers/auth/StorageHandlers.java +++ b/src/main/java/me/kavin/piped/server/handlers/auth/StorageHandlers.java @@ -1,5 +1,6 @@ package me.kavin.piped.server.handlers.auth; +import io.minio.GetObjectArgs; import io.minio.PutObjectArgs; import io.minio.StatObjectArgs; import io.minio.errors.ErrorResponseException; @@ -8,6 +9,7 @@ import me.kavin.piped.utils.DatabaseHelper; import me.kavin.piped.utils.ExceptionHandler; import me.kavin.piped.utils.obj.db.User; import me.kavin.piped.utils.resp.SimpleErrorMessage; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.exception.ExceptionUtils; @@ -98,4 +100,21 @@ public class StorageHandlers { .put("status", "ok") ); } + + public static byte[] getFile(String session, String name) throws Exception { + if (!StringUtils.isAlphanumeric(name) || name.length() > 32) + ExceptionHandler.throwErrorResponse(new SimpleErrorMessage("Invalid path provided!")); + + User user = DatabaseHelper.getUserFromSession(session); + + if (user == null) + ExceptionHandler.throwErrorResponse(new SimpleErrorMessage("Invalid session provided!")); + + try (var stream = Constants.S3_CLIENT.getObject(GetObjectArgs.builder() + .bucket(Constants.S3_BUCKET) + .object(user.getId() + "/" + name) + .build())) { + return IOUtils.toByteArray(stream); + } + } }