parse-community · dblythy · Jul 23, 2023 · Jul 24, 2023 · Jul 24, 2023 · mtrezza
diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
@@ -3531,6 +3531,124 @@ describe('afterLogin hook', () => {
 });
 
 describe('saveFile hooks', () => {
+  it('find hooks should run', async () => {
+    const file = new Parse.File('popeye.txt', [1, 2, 3], 'text/plain');
+    await file.save({ useMasterKey: true });
+    const user = await Parse.User.signUp('username', 'password');
+    const hooks = {
+      beforeFind(req) {
+        expect(req).toBeDefined();
+        expect(req.file).toBeDefined();
+        expect(req.triggerName).toBe('beforeFind');
+        expect(req.master).toBeFalse();
+        expect(req.log).toBeDefined();
+      },
+      afterFind(req) {
+        expect(req).toBeDefined();
+        expect(req.file).toBeDefined();
+        expect(req.triggerName).toBe('afterFind');
+        expect(req.master).toBeFalse();
+        expect(req.log).toBeDefined();
+        expect(req.forceDownload).toBeFalse();
+      },
+    };
+    for (const hook in hooks) {
+      spyOn(hooks, hook).and.callThrough();
+      Parse.Cloud[hook](Parse.File, hooks[hook]);
+    }
+    await request({
+      url: file.url(),
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+        'X-Parse-Session-Token': user.getSessionToken(),
+      },
+    });
+    for (const hook in hooks) {
+      expect(hooks[hook]).toHaveBeenCalled();
+    }
+  });
+
+  it('beforeFind can throw', async () => {
+    const file = new Parse.File('popeye.txt', [1, 2, 3], 'text/plain');
+    await file.save({ useMasterKey: true });
+    const user = await Parse.User.signUp('username', 'password');
+    const hooks = {
+      beforeFind() {
+        throw 'unauthorized';
+      },
+      afterFind() {},
+    };
+    for (const hook in hooks) {
+      spyOn(hooks, hook).and.callThrough();
+      Parse.Cloud[hook](Parse.File, hooks[hook]);
+    }
+    await expectAsync(
+      request({
+        url: file.url(),
+        headers: {
+          'X-Parse-Application-Id': 'test',
+          'X-Parse-REST-API-Key': 'rest',
+          'X-Parse-Session-Token': user.getSessionToken(),
+        },
+      }).catch(e => {
+        throw new Parse.Error(e.data.code, e.data.error);
+      })
+    ).toBeRejectedWith(new Parse.Error(Parse.Error.SCRIPT_FAILED, 'unauthorized'));
+
+    expect(hooks.beforeFind).toHaveBeenCalled();
+    expect(hooks.afterFind).not.toHaveBeenCalled();
+  });
+
+  it('afterFind can throw', async () => {
+    const file = new Parse.File('popeye.txt', [1, 2, 3], 'text/plain');
+    await file.save({ useMasterKey: true });
+    const user = await Parse.User.signUp('username', 'password');
+    const hooks = {
+      beforeFind() {},
+      afterFind() {
+        throw 'unauthorized';
+      },
+    };
+    for (const hook in hooks) {
+      spyOn(hooks, hook).and.callThrough();
+      Parse.Cloud[hook](Parse.File, hooks[hook]);
+    }
+    await expectAsync(
+      request({
+        url: file.url(),
+        headers: {
+          'X-Parse-Application-Id': 'test',
+          'X-Parse-REST-API-Key': 'rest',
+          'X-Parse-Session-Token': user.getSessionToken(),
+        },
+      }).catch(e => {
+        throw new Parse.Error(e.data.code, e.data.error);
+      })
+    ).toBeRejectedWith(new Parse.Error(Parse.Error.SCRIPT_FAILED, 'unauthorized'));
+    for (const hook in hooks) {
+      expect(hooks[hook]).toHaveBeenCalled();
+    }
+  });
+
+  it('can force download', async () => {
+    const file = new Parse.File('popeye.txt', [1, 2, 3], 'text/plain');
+    await file.save({ useMasterKey: true });
+    const user = await Parse.User.signUp('username', 'password');
+    Parse.Cloud.afterFind(Parse.File, req => {
+      req.forceDownload = true;
+    });
+    const response = await request({
+      url: file.url(),
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+        'X-Parse-Session-Token': user.getSessionToken(),
+      },
+    });
+    expect(response.headers['content-disposition']).toBe(`attachment;filename=${file._name}`);
+  });
+
   it('beforeSaveFile should return file that is already saved and not save anything to files adapter', async () => {
     await reconfigureServer({ filesAdapter: mockAdapter });
     const createFileSpy = spyOn(mockAdapter, 'createFile').and.callThrough();

diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js
@@ -67,37 +67,75 @@ export class FilesRouter {
     return router;
   }
 
-  getHandler(req, res) {
+  async getHandler(req, res) {
     const config = Config.get(req.params.appId);
     if (!config) {
       res.status(403);
       const err = new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'Invalid application ID.');
       res.json({ code: err.code, error: err.message });
       return;
     }
-    const filesController = config.filesController;
-    const filename = req.params.filename;
-    const contentType = mime.getType(filename);
-    if (isFileStreamable(req, filesController)) {
-      filesController.handleFileStream(config, filename, req, res, contentType).catch(() => {
-        res.status(404);
-        res.set('Content-Type', 'text/plain');
-        res.end('File not found.');
-      });
-    } else {
-      filesController
-        .getFileData(config, filename)
-        .then(data => {
-          res.status(200);
-          res.set('Content-Type', contentType);
-          res.set('Content-Length', data.length);
-          res.end(data);
-        })
-        .catch(() => {
+
+    let filename = req.params.filename;
+    try {
+      const filesController = config.filesController;
+      let contentType = mime.getType(filename);
+      let file = new Parse.File(filename, { base64: '' }, contentType);
+      const triggerResult = await triggers.maybeRunFileTrigger(
+        triggers.Types.beforeFind,
+        { file },
+        config,
+        req.auth
+      );
+      if (triggerResult?.file?._name) {
+        filename = triggerResult?.file?._name;
+        contentType = mime.getType(filename);
+      }
+
+      if (isFileStreamable(req, filesController)) {
+        filesController.handleFileStream(config, filename, req, res, contentType).catch(() => {
           res.status(404);
           res.set('Content-Type', 'text/plain');
           res.end('File not found.');
         });
+        return;
+      }
+
+      let data = await filesController.getFileData(config, filename).catch(() => {
+        res.status(404);
+        res.set('Content-Type', 'text/plain');
+        res.end('File not found.');
+      });
+      if (!data) {
+        return;
+      }
+      file = new Parse.File(filename, { base64: data.toString('base64') }, contentType);
+      const afterFind = await triggers.maybeRunFileTrigger(
+        triggers.Types.afterFind,
+        { file, forceDownload: false },
+        config,
+        req.auth
+      );
+
+      if (afterFind?.file) {
+        contentType = mime.getType(afterFind.file._name);
+        data = Buffer.from(afterFind.file._data, 'base64');
+      }
+
+      res.status(200);
+      res.set('Content-Type', contentType);
+      res.set('Content-Length', data.length);
+      if (afterFind.forceDownload) {
+        res.set('Content-Disposition', `attachment;filename=${afterFind.file._name}`);
+      }
+      res.end(data);
+    } catch (e) {
+      const err = triggers.resolveError(e, {
+        code: Parse.Error.SCRIPT_FAILED,
+        message: `Could not find file: ${filename}.`,
+      });
+      res.status(403);
+      res.json({ code: err.code, error: err.message });
     }
   }
 

diff --git a/src/triggers.js b/src/triggers.js
@@ -983,6 +983,9 @@ export async function maybeRunFileTrigger(triggerType, fileObject, config, auth)
         return fileObject;
       }
       const result = await fileTrigger(request);
+      if (request.forceDownload) {
+        fileObject.forceDownload = true;
+      }
       logTriggerSuccessBeforeHook(
         triggerType,
         'Parse.File',