undo commit

pages/api/v1/archives/[linkId].ts

@@ -11,6 +11,7 @@ import fs from "fs";
 import verifyToken from "@/lib/api/verifyToken";
 import generatePreview from "@/lib/api/generatePreview";
 import createFolder from "@/lib/api/storage/createFolder";
+import { UploadFileSchema } from "@/lib/shared/schemaValidation";
 
 export const config = {
   api: {
@@ -105,8 +106,6 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
         response: "Collection is not accessible.",
       });
 
-    // await uploadHandler(linkId, )
-
     const MAX_LINKS_PER_USER = Number(process.env.MAX_LINKS_PER_USER || 30000);
 
     const numberOfLinksTheUserHas = await prisma.link.count({
@@ -119,8 +118,7 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
 
     if (numberOfLinksTheUserHas > MAX_LINKS_PER_USER)
       return res.status(400).json({
-        response:
-          "Each collection owner can only have a maximum of ${MAX_LINKS_PER_USER} Links.",
+        response: `Each collection owner can only have a maximum of ${MAX_LINKS_PER_USER} Links.`,
       });
 
     const NEXT_PUBLIC_MAX_FILE_BUFFER = Number(
@@ -141,6 +139,20 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
         "image/jpeg",
       ];
 
+      const dataValidation = UploadFileSchema.safeParse({
+        id: Number(req.query.linkId),
+        format: Number(req.query.format),
+        file: files.file,
+      });
+
+      if (!dataValidation.success) {
+        return res.status(400).json({
+          response: `Error: ${
+            dataValidation.error.issues[0].message
+          } [${dataValidation.error.issues[0].path.join(", ")}]`,
+        });
+      }
+
       if (
         err ||
         !files.file ||
@@ -166,8 +178,12 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
           where: { id: linkId },
         });
 
-        if (linkStillExists && files.file[0].mimetype?.includes("image")) {
-          const collectionId = collectionPermissions.id as number;
+        const { mimetype } = files.file[0];
+        const isPDF = mimetype?.includes("pdf");
+        const isImage = mimetype?.includes("image");
+
+        if (linkStillExists && isImage) {
+          const collectionId = collectionPermissions.id;
           createFolder({
             filePath: `archives/preview/${collectionId}`,
           });
@@ -184,13 +200,11 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
           await prisma.link.update({
             where: { id: linkId },
             data: {
-              preview: files.file[0].mimetype?.includes("pdf")
-                ? "unavailable"
-                : undefined,
-              image: files.file[0].mimetype?.includes("image")
+              preview: isPDF ? "unavailable" : undefined,
+              image: isImage
                 ? `archives/${collectionPermissions.id}/${linkId + suffix}`
                 : null,
-              pdf: files.file[0].mimetype?.includes("pdf")
+              pdf: isPDF
                 ? `archives/${collectionPermissions.id}/${linkId + suffix}`
                 : null,
               lastPreserved: new Date().toISOString(),
@@ -206,4 +220,94 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
       });
     });
   }
+  // To update the link preview
+  else if (req.method === "PUT") {
+    if (process.env.NEXT_PUBLIC_DEMO === "true")
+      return res.status(400).json({
+        response:
+          "This action is disabled because this is a read-only demo of Linkwarden.",
+      });
+
+    const user = await verifyUser({ req, res });
+    if (!user) return;
+
+    const collectionPermissions = await getPermission({
+      userId: user.id,
+      linkId,
+    });
+
+    if (!collectionPermissions)
+      return res.status(400).json({
+        response: "Collection is not accessible.",
+      });
+
+    const memberHasAccess = collectionPermissions.members.some(
+      (e: UsersAndCollections) => e.userId === user.id && e.canCreate
+    );
+
+    if (!(collectionPermissions.ownerId === user.id || memberHasAccess))
+      return res.status(400).json({
+        response: "Collection is not accessible.",
+      });
+
+    const NEXT_PUBLIC_MAX_FILE_BUFFER = Number(
+      process.env.NEXT_PUBLIC_MAX_FILE_BUFFER || 10
+    );
+
+    const form = formidable({
+      maxFields: 1,
+      maxFiles: 1,
+      maxFileSize: NEXT_PUBLIC_MAX_FILE_BUFFER * 1024 * 1024,
+    });
+
+    form.parse(req, async (err, fields, files) => {
+      const allowedMIMETypes = ["image/png", "image/jpg", "image/jpeg"];
+
+      if (
+        err ||
+        !files.file ||
+        !files.file[0] ||
+        !allowedMIMETypes.includes(files.file[0].mimetype || "")
+      ) {
+        // Handle parsing error
+        return res.status(400).json({
+          response: `Sorry, we couldn't process your file. Please ensure it's a PDF, PNG, or JPG format and doesn't exceed ${NEXT_PUBLIC_MAX_FILE_BUFFER}MB.`,
+        });
+      } else {
+        const fileBuffer = fs.readFileSync(files.file[0].filepath);
+
+        if (
+          Buffer.byteLength(fileBuffer) >
+          1024 * 1024 * Number(NEXT_PUBLIC_MAX_FILE_BUFFER)
+        )
+          return res.status(400).json({
+            response: `Sorry, we couldn't process your file. Please ensure it's a PNG, or JPG format and doesn't exceed ${NEXT_PUBLIC_MAX_FILE_BUFFER}MB.`,
+          });
+
+        const linkStillExists = await prisma.link.update({
+          where: { id: linkId },
+          data: {
+            updatedAt: new Date(),
+          },
+        });
+
+        if (linkStillExists) {
+          const collectionId = collectionPermissions.id;
+          createFolder({
+            filePath: `archives/preview/${collectionId}`,
+          });
+
+          await generatePreview(fileBuffer, collectionId, linkId);
+        }
+
+        fs.unlinkSync(files.file[0].filepath);
+
+        if (linkStillExists)
+          return res.status(200).json({
+            response: linkStillExists,
+          });
+        else return res.status(400).json({ response: "Link not found." });
+      }
+    });
+  }
 }