[#215] added server-side handlers for serving private files

models/schema/schema_field.go

@@ -597,6 +597,7 @@ type FileOptions struct {
 	MaxSize   int      `form:"maxSize" json:"maxSize"` // in bytes
 	MimeTypes []string `form:"mimeTypes" json:"mimeTypes"`
 	Thumbs    []string `form:"thumbs" json:"thumbs"`
+	Private   bool     `form:"private" json:"private"`
 }
 
 func (o FileOptions) Validate() error {

models/schema/schema_field_test.go

@@ -504,7 +504,7 @@ func TestSchemaFieldInitOptions(t *testing.T) {
 		{
 			schema.SchemaField{Type: schema.FieldTypeFile},
 			false,
-			`{"system":false,"id":"","name":"","type":"file","required":false,"unique":false,"options":{"maxSelect":0,"maxSize":0,"mimeTypes":null,"thumbs":null}}`,
+			`{"system":false,"id":"","name":"","type":"file","required":false,"unique":false,"options":{"maxSelect":0,"maxSize":0,"mimeTypes":null,"thumbs":null,"private":false}}`,
 		},
 		{
 			schema.SchemaField{Type: schema.FieldTypeRelation},

models/settings/settings.go

@@ -30,10 +30,12 @@ type Settings struct {
 
 	AdminAuthToken           TokenConfig `form:"adminAuthToken" json:"adminAuthToken"`
 	AdminPasswordResetToken  TokenConfig `form:"adminPasswordResetToken" json:"adminPasswordResetToken"`
+	AdminFileToken           TokenConfig `form:"adminFileToken" json:"adminFileToken"`
 	RecordAuthToken          TokenConfig `form:"recordAuthToken" json:"recordAuthToken"`
 	RecordPasswordResetToken TokenConfig `form:"recordPasswordResetToken" json:"recordPasswordResetToken"`
 	RecordEmailChangeToken   TokenConfig `form:"recordEmailChangeToken" json:"recordEmailChangeToken"`
 	RecordVerificationToken  TokenConfig `form:"recordVerificationToken" json:"recordVerificationToken"`
+	RecordFileToken          TokenConfig `form:"recordFileToken" json:"recordFileToken"`
 
 	// Deprecated: Will be removed in v0.9+
 	EmailAuth EmailAuthConfig `form:"emailAuth" json:"emailAuth"`
@@ -84,27 +86,35 @@ func New() *Settings {
 		},
 		AdminAuthToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 1209600, // 14 days,
+			Duration: 1209600, // 14 days
 		},
 		AdminPasswordResetToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 1800, // 30 minutes,
+			Duration: 1800, // 30 minutes
+		},
+		AdminFileToken: TokenConfig{
+			Secret:   security.RandomString(50),
+			Duration: 180, // 3 minutes
 		},
 		RecordAuthToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 1209600, // 14 days,
+			Duration: 1209600, // 14 days
 		},
 		RecordPasswordResetToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 1800, // 30 minutes,
+			Duration: 1800, // 30 minutes
 		},
 		RecordVerificationToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 604800, // 7 days,
+			Duration: 604800, // 7 days
+		},
+		RecordFileToken: TokenConfig{
+			Secret:   security.RandomString(50),
+			Duration: 180, // 3 minutes
 		},
 		RecordEmailChangeToken: TokenConfig{
 			Secret:   security.RandomString(50),
-			Duration: 1800, // 30 minutes,
+			Duration: 1800, // 30 minutes
 		},
 		GoogleAuth: AuthProviderConfig{
 			Enabled: false,
@@ -177,6 +187,7 @@ func (s *Settings) Validate() error {
 		validation.Field(&s.RecordPasswordResetToken),
 		validation.Field(&s.RecordEmailChangeToken),
 		validation.Field(&s.RecordVerificationToken),
+		validation.Field(&s.RecordFileToken),
 		validation.Field(&s.Smtp),
 		validation.Field(&s.S3),
 		validation.Field(&s.GoogleAuth),
@@ -239,6 +250,7 @@ func (s *Settings) RedactClone() (*Settings, error) {
 		&clone.RecordPasswordResetToken.Secret,
 		&clone.RecordEmailChangeToken.Secret,
 		&clone.RecordVerificationToken.Secret,
+		&clone.RecordFileToken.Secret,
 		&clone.GoogleAuth.ClientSecret,
 		&clone.FacebookAuth.ClientSecret,
 		&clone.GithubAuth.ClientSecret,

models/settings/settings_test.go

@@ -29,6 +29,7 @@ func TestSettingsValidate(t *testing.T) {
 	s.RecordPasswordResetToken.Duration = -10
 	s.RecordEmailChangeToken.Duration = -10
 	s.RecordVerificationToken.Duration = -10
+	s.RecordFileToken.Duration = -10
 	s.GoogleAuth.Enabled = true
 	s.GoogleAuth.ClientId = ""
 	s.FacebookAuth.Enabled = true
@@ -83,6 +84,7 @@ func TestSettingsValidate(t *testing.T) {
 		`"recordPasswordResetToken":{`,
 		`"recordEmailChangeToken":{`,
 		`"recordVerificationToken":{`,
+		`"recordFileToken":{`,
 		`"googleAuth":{`,
 		`"facebookAuth":{`,
 		`"githubAuth":{`,
@@ -129,6 +131,7 @@ func TestSettingsMerge(t *testing.T) {
 	s2.RecordPasswordResetToken.Duration = 4
 	s2.RecordEmailChangeToken.Duration = 5
 	s2.RecordVerificationToken.Duration = 6
+	s2.RecordFileToken.Duration = 7
 	s2.GoogleAuth.Enabled = true
 	s2.GoogleAuth.ClientId = "google_test"
 	s2.FacebookAuth.Enabled = true
@@ -231,6 +234,7 @@ func TestSettingsRedactClone(t *testing.T) {
 	s1.RecordPasswordResetToken.Secret = testSecret
 	s1.RecordEmailChangeToken.Secret = testSecret
 	s1.RecordVerificationToken.Secret = testSecret
+	s1.RecordFileToken.Secret = testSecret
 	s1.GoogleAuth.ClientSecret = testSecret
 	s1.FacebookAuth.ClientSecret = testSecret
 	s1.GithubAuth.ClientSecret = testSecret