[#215] added server-side handlers for serving private files

tokens/admin.go

@@ -24,3 +24,12 @@ func NewAdminResetPasswordToken(app core.App, admin *models.Admin) (string, erro
 		app.Settings().AdminPasswordResetToken.Duration,
 	)
 }
+
+// NewAdminFileToken generates and returns a new admin private file access token.
+func NewAdminFileToken(app core.App, admin *models.Admin) (string, error) {
+	return security.NewToken(
+		jwt.MapClaims{"id": admin.Id, "type": TypeAdmin},
+		(admin.TokenKey + app.Settings().AdminFileToken.Secret),
+		app.Settings().AdminFileToken.Duration,
+	)
+}

tokens/admin_test.go

@@ -52,3 +52,26 @@ func TestNewAdminResetPasswordToken(t *testing.T) {
 		t.Fatalf("Expected admin %v, got %v", admin, tokenAdmin)
 	}
 }
+
+func TestNewAdminFileToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	admin, err := app.Dao().FindAdminByEmail("test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewAdminFileToken(app, admin)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenAdmin, _ := app.Dao().FindAdminByToken(
+		token,
+		app.Settings().AdminFileToken.Secret,
+	)
+	if tokenAdmin == nil || tokenAdmin.Id != admin.Id {
+		t.Fatalf("Expected admin %v, got %v", admin, tokenAdmin)
+	}
+}

tokens/record.go

@@ -76,3 +76,20 @@ func NewRecordChangeEmailToken(app core.App, record *models.Record, newEmail str
 		app.Settings().RecordEmailChangeToken.Duration,
 	)
 }
+
+// NewRecordFileToken generates and returns a new record private file access token.
+func NewRecordFileToken(app core.App, record *models.Record) (string, error) {
+	if !record.Collection().IsAuth() {
+		return "", errors.New("The record is not from an auth collection.")
+	}
+
+	return security.NewToken(
+		jwt.MapClaims{
+			"id":           record.Id,
+			"type":         TypeAuthRecord,
+			"collectionId": record.Collection().Id,
+		},
+		(record.TokenKey() + app.Settings().RecordFileToken.Secret),
+		app.Settings().RecordFileToken.Duration,
+	)
+}

tokens/record_test.go

@@ -98,3 +98,26 @@ func TestNewRecordChangeEmailToken(t *testing.T) {
 		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
 	}
 }
+
+func TestNewRecordFileToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	user, err := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewRecordFileToken(app, user)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenRecord, _ := app.Dao().FindAuthRecordByToken(
+		token,
+		app.Settings().RecordFileToken.Secret,
+	)
+	if tokenRecord == nil || tokenRecord.Id != user.Id {
+		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
+	}
+}