From 08a968acda12f0b013db282b5e3f7c5f415dedb4 Mon Sep 17 00:00:00 2001
From: Satyajit Dey <satyajit.dey@varnish-software.com>
Date: Mon, 18 May 2020 20:55:05 +0600
Subject: [PATCH] BE #6 Apply ACL to image upload/retrieve API

---
 controllers/binaries.controller.js | 23 +++++++++++++++++++++--
 routes/binaries.route.js           | 12 +++++++++++-
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/controllers/binaries.controller.js b/controllers/binaries.controller.js
index aa68725..423bc33 100644
--- a/controllers/binaries.controller.js
+++ b/controllers/binaries.controller.js
@@ -13,7 +13,11 @@ exports.uploadImage = (req, res) => {
     uploadFile(req.file.path, req.file.filename, res);
 };
 
-let uploadFile = function (source, target, res) {
+exports.retrieveImage = (req, res) => {
+    retrieveFile(req.params.filename, res);
+};
+
+let uploadFile = (source, target, res) => {
     fs.readFile(source, (err, fileData) => {
         if (err) {
             return res.status(500).send({error: err});
@@ -25,7 +29,7 @@ let uploadFile = function (source, target, res) {
             Body: fileData
         };
 
-        s3.putObject(putParams, (err, data) => {
+        s3.upload(putParams, (err, data) => {
             if (err) {
                 return res.status(500).send({error: err});
             }
@@ -40,4 +44,19 @@ let uploadFile = function (source, target, res) {
     });
 };
 
+let retrieveFile = (fileName, res) => {
+    const getParams = {
+        Bucket: process.env.AWS_S3_BUCKET_BINARIES,
+        Key: fileName
+    };
+
+    s3.getObject(getParams, function (err, data) {
+        if (err) {
+            return res.status(400).send({success: false, err: err});
+        } else {
+            return res.send(data);
+        }
+    });
+};
+
 
diff --git a/routes/binaries.route.js b/routes/binaries.route.js
index 08b62c1..f4b60b2 100644
--- a/routes/binaries.route.js
+++ b/routes/binaries.route.js
@@ -2,6 +2,8 @@ const express = require('express');
 const router = express.Router();
 const multer = require('multer');
 
+const AuthValidationMiddleware = require("../middlewares/auth.validation.middleware");
+const AuthPermissionMiddleware = require("../middlewares/auth.permission.middleware");
 const BinariesController = require('../controllers/binaries.controller');
 
 // configure DiscStorage engine
@@ -14,6 +16,14 @@ const storage = multer.diskStorage({
 
 const upload = multer({storage: storage});
 
-router.post('/images/upload', upload.single('image'), BinariesController.uploadImage);
+router.get('/images/retrieve/:filename',
+    AuthValidationMiddleware.verifyJwtToken,
+    AuthPermissionMiddleware.minimumPermissionLevelRequired(process.env.AUTH_PERMISSION_VIEWER),
+    BinariesController.retrieveImage);
+
+router.post('/images/upload', upload.single('image'),
+    AuthValidationMiddleware.verifyJwtToken,
+    AuthPermissionMiddleware.minimumPermissionLevelRequired(process.env.AUTH_PERMISSION_EDITOR),
+    BinariesController.uploadImage);
 
 module.exports = router;
\ No newline at end of file