Merge branch 'master' into release

Author: ssddanbrown

.gitignore

@@ -10,4 +10,6 @@ Homestead.yaml
 /public/bower
 /storage/images
 _ide_helper.php
-/storage/debugbar
+/storage/debugbar
+.phpstorm.meta.php
+yarn.lock

app/Attachment.php

@@ -0,0 +1,36 @@
+<?php namespace BookStack;
+
+
+class Attachment extends Ownable
+{
+    protected $fillable = ['name', 'order'];
+
+    /**
+     * Get the downloadable file name for this upload.
+     * @return mixed|string
+     */
+    public function getFileName()
+    {
+        if (str_contains($this->name, '.')) return $this->name;
+        return $this->name . '.' . $this->extension;
+    }
+
+    /**
+     * Get the page this file was uploaded to.
+     * @return Page
+     */
+    public function page()
+    {
+        return $this->belongsTo(Page::class, 'uploaded_to');
+    }
+
+    /**
+     * Get the url of this file.
+     * @return string
+     */
+    public function getUrl()
+    {
+        return baseUrl('/attachments/' . $this->id);
+    }
+
+}

app/Book.php

@@ -13,9 +13,9 @@ class Book extends Entity
     public function getUrl($path = false)
     {
         if ($path !== false) {
-            return baseUrl('/books/' . $this->slug . '/' . trim($path, '/'));
+            return baseUrl('/books/' . urlencode($this->slug) . '/' . trim($path, '/'));
         }
-        return baseUrl('/books/' . $this->slug);
+        return baseUrl('/books/' . urlencode($this->slug));
     }
 
     /*

app/Chapter.php

@@ -32,9 +32,9 @@ public function getUrl($path = false)
     {
         $bookSlug = $this->getAttribute('bookSlug') ? $this->getAttribute('bookSlug') : $this->book->slug;
         if ($path !== false) {
-            return baseUrl('/books/' . $bookSlug. '/chapter/' . $this->slug . '/' . trim($path, '/'));
+            return baseUrl('/books/' . urlencode($bookSlug) . '/chapter/' . urlencode($this->slug) . '/' . trim($path, '/'));
         }
-        return baseUrl('/books/' . $bookSlug. '/chapter/' . $this->slug);
+        return baseUrl('/books/' . urlencode($bookSlug) . '/chapter/' . urlencode($this->slug));
     }
 
     /**

app/EmailConfirmation.php

@@ -162,18 +162,21 @@ public function fullTextSearchQuery($fieldsToSearch, $terms, $wheres = [])
         $exactTerms = [];
         $fuzzyTerms = [];
         $search = static::newQuery();
+
         foreach ($terms as $key => $term) {
-            $safeTerm = htmlentities($term, ENT_QUOTES);
-            $safeTerm = preg_replace('/[+\-><\(\)~*\"@]+/', ' ', $safeTerm);
-            if (preg_match('/&quot;.*?&quot;/', $safeTerm) || is_numeric($safeTerm)) {
-                $safeTerm = preg_replace('/^"(.*?)"$/', '$1', $term);
-                $exactTerms[] = '%' . $safeTerm . '%';
+            $term = htmlentities($term, ENT_QUOTES);
+            $term = preg_replace('/[+\-><\(\)~*\"@]+/', ' ', $term);
+            if (preg_match('/&quot;.*?&quot;/', $term) || is_numeric($term)) {
+                $term = str_replace('&quot;', '', $term);
+                $exactTerms[] = '%' . $term . '%';
             } else {
-                $safeTerm = '' . $safeTerm . '*';
-                if (trim($safeTerm) !== '*') $fuzzyTerms[] = $safeTerm;
+                $term = '' . $term . '*';
+                if ($term !== '*') $fuzzyTerms[] = $term;
             }
         }
-        $isFuzzy = count($exactTerms) === 0 || count($fuzzyTerms) > 0;
+
+        $isFuzzy = count($exactTerms) === 0 && count($fuzzyTerms) > 0;
+
 
         // Perform fulltext search if relevant terms exist.
         if ($isFuzzy) {
@@ -193,6 +196,7 @@ public function fullTextSearchQuery($fieldsToSearch, $terms, $wheres = [])
                 }
             });
         }
+
         $orderBy = $isFuzzy ? 'title_relevance' : 'updated_at';
 
         // Add additional where terms

app/Entity.php

@@ -0,0 +1,4 @@
+<?php namespace BookStack\Exceptions;
+
+
+class FileUploadException extends PrettyException {}

app/Events/Event.php

@@ -87,4 +87,20 @@ protected function getOriginalMessage(Exception $e) {
         } while ($e = $e->getPrevious());
         return $message;
     }
+
+    /**
+     * Convert an authentication exception into an unauthenticated response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Auth\AuthenticationException  $exception
+     * @return \Illuminate\Http\Response
+     */
+    protected function unauthenticated($request, AuthenticationException $exception)
+    {
+        if ($request->expectsJson()) {
+            return response()->json(['error' => 'Unauthenticated.'], 401);
+        }
+
+        return redirect()->guest('login');
+    }
 }

app/Exceptions/FileUploadException.php

@@ -0,0 +1,215 @@
+<?php namespace BookStack\Http\Controllers;
+
+use BookStack\Exceptions\FileUploadException;
+use BookStack\Attachment;
+use BookStack\Repos\PageRepo;
+use BookStack\Services\AttachmentService;
+use Illuminate\Http\Request;
+
+class AttachmentController extends Controller
+{
+    protected $attachmentService;
+    protected $attachment;
+    protected $pageRepo;
+
+    /**
+     * AttachmentController constructor.
+     * @param AttachmentService $attachmentService
+     * @param Attachment $attachment
+     * @param PageRepo $pageRepo
+     */
+    public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
+    {
+        $this->attachmentService = $attachmentService;
+        $this->attachment = $attachment;
+        $this->pageRepo = $pageRepo;
+        parent::__construct();
+    }
+
+
+    /**
+     * Endpoint at which attachments are uploaded to.
+     * @param Request $request
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
+     */
+    public function upload(Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+
+        $this->checkPermission('attachment-create-all');
+        $this->checkOwnablePermission('page-update', $page);
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Update an uploaded attachment.
+     * @param int $attachmentId
+     * @param Request $request
+     * @return mixed
+     */
+    public function uploadUpdate($attachmentId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+        $attachment = $this->attachment->findOrFail($attachmentId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+        
+        if (intval($pageId) !== intval($attachment->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attached file update');
+        }
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Update the details of an existing file.
+     * @param $attachmentId
+     * @param Request $request
+     * @return Attachment|mixed
+     */
+    public function update($attachmentId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+        $attachment = $this->attachment->findOrFail($attachmentId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+
+        if (intval($pageId) !== intval($attachment->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attachment update');
+        }
+
+        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
+        return $attachment;
+    }
+
+    /**
+     * Attach a link to a page.
+     * @param Request $request
+     * @return mixed
+     */
+    public function attachLink(Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'required|url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId, true);
+
+        $this->checkPermission('attachment-create-all');
+        $this->checkOwnablePermission('page-update', $page);
+
+        $attachmentName = $request->get('name');
+        $link = $request->get('link');
+        $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
+
+        return response()->json($attachment);
+    }
+
+    /**
+     * Get the attachments for a specific page.
+     * @param $pageId
+     * @return mixed
+     */
+    public function listForPage($pageId)
+    {
+        $page = $this->pageRepo->getById($pageId, true);
+        $this->checkOwnablePermission('page-view', $page);
+        return response()->json($page->attachments);
+    }
+
+    /**
+     * Update the attachment sorting.
+     * @param $pageId
+     * @param Request $request
+     * @return mixed
+     */
+    public function sortForPage($pageId, Request $request)
+    {
+        $this->validate($request, [
+            'files' => 'required|array',
+            'files.*.id' => 'required|integer',
+        ]);
+        $page = $this->pageRepo->getById($pageId);
+        $this->checkOwnablePermission('page-update', $page);
+
+        $attachments = $request->get('files');
+        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
+        return response()->json(['message' => 'Attachment order updated']);
+    }
+
+    /**
+     * Get an attachment from storage.
+     * @param $attachmentId
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
+     */
+    public function get($attachmentId)
+    {
+        $attachment = $this->attachment->findOrFail($attachmentId);
+        $page = $this->pageRepo->getById($attachment->uploaded_to);
+        $this->checkOwnablePermission('page-view', $page);
+
+        if ($attachment->external) {
+            return redirect($attachment->path);
+        }
+
+        $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
+        return response($attachmentContents, 200, [
+            'Content-Type' => 'application/octet-stream',
+            'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'
+        ]);
+    }
+
+    /**
+     * Delete a specific attachment in the system.
+     * @param $attachmentId
+     * @return mixed
+     */
+    public function delete($attachmentId)
+    {
+        $attachment = $this->attachment->findOrFail($attachmentId);
+        $this->checkOwnablePermission('attachment-delete', $attachment);
+        $this->attachmentService->deleteFile($attachment);
+        return response()->json(['message' => 'Attachment deleted']);
+    }
+}