@fontoxml/fontoxml-development-tools/src/modules/editor/dev-cms/connectors-cms-standard/configureOutputAssetGetRouteHandler.js

Development tools for Fonto.

/**
 * This endpoint is a copy of configureAssetPreviewGetRouteHandler.js.
 *
 * Please keep both endpoints in sync.
 *
 * But note the differences:
 * - For Output there is never a editSessionToken in the request body or query parameters.
 * - Output can receive an optional Fonto-Correlation-Id.
 */

/** @typedef {import('../../src/getAppConfig.js').DevCmsConfig} DevCmsConfig */

/**
 * @param {DevCmsConfig} config
 */
function configureOutputAssetGetRouteHandler(config) {
	return (req, res) => {
		const correlationIdRepository = req.repositories.correlationId;

		// Because these requests do not originate from the editor, but from another server, we
		// have no edit session token. In some cases, however, we have an correlationId which we
		// may resolve to the editSessionToken used by the corresponding call to the proxy.
		const editSessionToken =
			correlationIdRepository.getEditSessionTokenForRequest(req);

		const id = req.query.id;
		if (id && id.indexOf('..') !== -1) {
			res.status(403).end();
			return;
		}

		// TODO: Make this work with memory store as well.
		const filePath = req.cms.getPathInFilesystemSync(id, editSessionToken);
		if (filePath) {
			res.sendFile(filePath, {
				cacheControl: !config.cacheControlDisabled,
				maxAge: config.cacheControlMaxAge,
			});
		} else {
			res.status(404).end();
		}
	};
}

export default configureOutputAssetGetRouteHandler;