// ========================================================================== // Squidex Headless CMS // ========================================================================== // Copyright (c) Squidex UG (haftungsbeschränkt) // All rights reserved. Licensed under the MIT license. // ========================================================================== using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Microsoft.Net.Http.Headers; using NSwag.Annotations; using Squidex.Areas.Api.Controllers.Assets.Models; using Squidex.Areas.Api.Controllers.Contents; using Squidex.Domain.Apps.Core.Tags; using Squidex.Domain.Apps.Entities; using Squidex.Domain.Apps.Entities.Apps.Services; using Squidex.Domain.Apps.Entities.Assets; using Squidex.Domain.Apps.Entities.Assets.Commands; using Squidex.Infrastructure; using Squidex.Infrastructure.Assets; using Squidex.Infrastructure.Commands; using Squidex.Shared; using Squidex.Web; namespace Squidex.Areas.Api.Controllers.Assets { ///

/// Uploads and retrieves assets. ///

[ApiExplorerSettings(GroupName = nameof(Assets))] public sealed class AssetsController : ApiController { private readonly IAssetQueryService assetQuery; private readonly IAssetUsageTracker assetStatsRepository; private readonly IAppPlansProvider appPlansProvider; private readonly IOptions controllerOptions; private readonly ITagService tagService; private readonly AssetOptions assetOptions; public AssetsController( ICommandBus commandBus, IAssetQueryService assetQuery, IAssetUsageTracker assetStatsRepository, IAppPlansProvider appPlansProvider, IOptions assetOptions, IOptions controllerOptions, ITagService tagService) : base(commandBus) { this.assetOptions = assetOptions.Value; this.assetQuery = assetQuery; this.assetStatsRepository = assetStatsRepository; this.appPlansProvider = appPlansProvider; this.controllerOptions = controllerOptions; this.tagService = tagService; } ///

/// Get assets tags. ///

/// The name of the app. /// /// 200 => Assets returned. /// 404 => App not found. /// /// /// Get all tags for assets. /// [HttpGet] [Route("apps/{app}/assets/tags")] [ProducesResponseType(typeof(Dictionary), 200)] [ApiPermission(Permissions.AppAssetsRead)] [ApiCosts(1)] public async Task GetTags(string app) { var response = await tagService.GetTagsAsync(AppId, TagGroups.Assets); return Ok(response); } ///

/// Get assets. ///

/// The name of the app. /// The optional asset ids. /// /// 200 => Assets returned. /// 404 => App not found. /// /// /// Get all assets for the app. /// [HttpGet] [Route("apps/{app}/assets/")] [ProducesResponseType(typeof(AssetsDto), 200)] [ApiPermission(Permissions.AppAssetsRead)] [ApiCosts(1)] public async Task GetAssets(string app, [FromQuery] string ids = null) { var context = Context(); var assets = await assetQuery.QueryAsync(context, Q.Empty.WithODataQuery(Request.QueryString.ToString()).WithIds(ids)); var response = AssetsDto.FromAssets(assets, this, app); if (controllerOptions.Value.EnableSurrogateKeys && response.Items.Length <= controllerOptions.Value.MaxItemsForSurrogateKeys) { Response.Headers["Surrogate-Key"] = response.ToSurrogateKeys(); } Response.Headers[HeaderNames.ETag] = response.ToEtag(); return Ok(response); } ///

/// Get an asset by id. ///

/// The name of the app. /// The id of the asset to retrieve. /// /// 200 => Asset found. /// 404 => Asset or app not found. /// [HttpGet] [Route("apps/{app}/assets/{id}/")] [ProducesResponseType(typeof(AssetsDto), 200)] [ApiPermission(Permissions.AppAssetsRead)] [ApiCosts(1)] public async Task GetAsset(string app, Guid id) { var context = Context(); var asset = await assetQuery.FindAssetAsync(context, id); if (asset == null) { return NotFound(); } var response = AssetDto.FromAsset(asset, this, app); if (controllerOptions.Value.EnableSurrogateKeys) { Response.Headers["Surrogate-Key"] = asset.Id.ToString(); } Response.Headers[HeaderNames.ETag] = asset.Version.ToString(); return Ok(response); } ///

/// Upload a new asset. ///

/// The name of the app. /// The file to upload. /// /// 201 => Asset created. /// 404 => App not found. /// 400 => Asset exceeds the maximum size. /// /// /// You can only upload one file at a time. The mime type of the file is not calculated by Squidex and is required correctly. /// [HttpPost] [Route("apps/{app}/assets/")] [ProducesResponseType(typeof(AssetDto), 200)] [AssetRequestSizeLimit] [ApiPermission(Permissions.AppAssetsCreate)] [ApiCosts(1)] public async Task PostAsset(string app, [SwaggerIgnore] List file) { var assetFile = await CheckAssetFileAsync(file); var command = new CreateAsset { File = assetFile }; var context = await CommandBus.PublishAsync(command); var result = context.Result(); var response = AssetDto.FromAsset(result.Asset, this, app, result.IsDuplicate); return CreatedAtAction(nameof(GetAsset), new { app, id = response.Id }, response); } ///

/// Replace asset content. ///

/// The name of the app. /// The id of the asset. /// The file to upload. /// /// 200 => Asset updated. /// 404 => Asset or app not found. /// 400 => Asset exceeds the maximum size. /// /// /// Use multipart request to upload an asset. /// [HttpPut] [Route("apps/{app}/assets/{id}/content/")] [ProducesResponseType(typeof(AssetDto), 200)] [ApiPermission(Permissions.AppAssetsUpdate)] [ApiCosts(1)] public async Task PutAssetContent(string app, Guid id, [SwaggerIgnore] List file) { var assetFile = await CheckAssetFileAsync(file); var command = new UpdateAsset { File = assetFile, AssetId = id }; var response = await InvokeCommandAsync(app, command); return Ok(response); } ///

/// Updates the asset. ///

/// The name of the app. /// The id of the asset. /// The asset object that needs to updated. /// /// 200 => Asset updated. /// 400 => Asset name not valid. /// 404 => Asset or app not found. /// [HttpPut] [Route("apps/{app}/assets/{id}/")] [ProducesResponseType(typeof(AssetDto), 200)] [AssetRequestSizeLimit] [ApiPermission(Permissions.AppAssetsUpdate)] [ApiCosts(1)] public async Task PutAsset(string app, Guid id, [FromBody] AnnotateAssetDto request) { var command = request.ToCommand(id); var response = await InvokeCommandAsync(app, command); return Ok(response); } ///

/// Delete an asset. ///

/// The name of the app. /// The id of the asset to delete. /// /// 204 => Asset deleted. /// 404 => Asset or app not found. /// [HttpDelete] [Route("apps/{app}/assets/{id}/")] [ApiPermission(Permissions.AppAssetsDelete)] [ApiCosts(1)] public async Task DeleteAsset(string app, Guid id) { await CommandBus.PublishAsync(new DeleteAsset { AssetId = id }); return NoContent(); } private async Task InvokeCommandAsync(string app, ICommand command) { var context = await CommandBus.PublishAsync(command); var result = context.Result(); var response = AssetDto.FromAsset(result, this, app); return response; } private async Task CheckAssetFileAsync(IReadOnlyList file) { if (file.Count != 1) { var error = new ValidationError($"Can only upload one file, found {file.Count} files."); throw new ValidationException("Cannot create asset.", error); } var formFile = file[0]; if (formFile.Length > assetOptions.MaxSize) { var error = new ValidationError($"File cannot be bigger than {assetOptions.MaxSize.ToReadableSize()}."); throw new ValidationException("Cannot create asset.", error); } var plan = appPlansProvider.GetPlanForApp(App); var currentSize = await assetStatsRepository.GetTotalSizeAsync(AppId); if (plan.MaxAssetSize > 0 && plan.MaxAssetSize < currentSize + formFile.Length) { var error = new ValidationError("You have reached your max asset size."); throw new ValidationException("Cannot create asset.", error); } var assetFile = new AssetFile(formFile.FileName, formFile.ContentType, formFile.Length, formFile.OpenReadStream); return assetFile; } private QueryContext Context() { return QueryContext.Create(App, User); } } }