Fixed Non-ASCII attachment filename will crash when downloading.

Thanks to xet7 ! Fixes #2759
2025-12-21 01:40:13 +01:00 · 2021-04-29 13:26:49 +03:00 · 2021-04-29 13:26:49 +03:00 · c2da477735
commit c2da477735
parent 843ff8eaaa
277 changed files with 30568 additions and 52 deletions
--- a/packages/wekan-cfs-http-methods/README.md
+++ b/packages/wekan-cfs-http-methods/README.md
@ -0,0 +1,215 @@
+wekan-cfs-http-methods [![Build Status](https://travis-ci.org/CollectionFS/Meteor-http-methods.png?branch=master)](https://travis-ci.org/CollectionFS/Meteor-http-methods)
+============
+
+~~Looking for maintainers - please reach out!~~
+This package is to be archived due to inability to find contributors, thanks to everyone who helped make it possible.
+
+**If you're looking for an alternative, we highly recommend [Meteor-Files](https://github.com/VeliovGroup/Meteor-Files) by [VeliovGroup](https://github.com/VeliovGroup)**
+
+---
+
+Add server-side methods to the `HTTP` object your app. It's a server-side package only *- no client simulations added.*
+
+## Usage
+
+The `HTTP` object gets a `methods` method:
+
+```js
+  HTTP.methods({
+    'list': function() {
+      return '<b>Default content type is text/html</b>';
+    }
+  });
+```
+
+## Methods scope
+The methods scope contains different kinds of inputs. We can also get user details if logged in.
+
+
+* `this.userId` - the user whose id and token was used to run this method, if set/found
+* `this.method` - `GET`, `POST`, `PUT`, `DELETE`
+* `this.query` - query params `?token=1&id=2` -> `{ token: 1, id: 2 }`
+* `this.params` - set params `/foo/:name/test/:id` -> `{ name: '', id: '' }`
+* `this.userAgent` - get the user agent string set in the request header
+* `this.requestHeaders` - request headers object
+* `this.setUserId(id)` - option for setting the `this.userId`
+* `this.isSimulation` - always false on the server
+* `this.unblock` - not implemented
+* `this.setContentType('text/html')` - set the content type in header, defaults to `text/html`
+* `this.addHeader('Content-Disposition', 'attachment; filename="name.ext"')`
+* `this.setStatusCode(200)` - set the status code in the response header
+* `createReadStream` - if a request, then get the read stream
+* `createWriteStream` - if you want to stream data to the client
+* `Error` - when streaming we have to be able to send error and close connection
+* `this.request` The original request object
+
+## Passing data via header
+
+From the client:
+```js
+  HTTP.post('list', {
+    data: { foo: 'bar' }
+  }, function(err, result) {
+    console.log('Content: ' + result.content + ' === "Hello"');
+  });
+```
+
+HTTP Server method:
+```js
+  HTTP.methods({
+    'list': function(data) {
+      if (data.foo === 'bar') {
+        /* data we pass via the header is parsed by EJSON.parse
+        If not able, then it returns the raw data instead */
+      }
+      return 'Hello';
+    }
+  });
+```
+
+## Parameters
+The method name or URL can be used to pass parameters to the method. The parameters are available on the server under `this.params`:
+
+Client
+```js
+  HTTP.post('/items/12/emails/5', function(err, result) {
+    console.log('Got back: ' + result.content);
+  });
+```
+
+Server
+```js
+  HTTP.methods({
+    '/items/:itemId/emails/:emailId': function() {
+      // this.params.itemId === '12'
+      // this.params.emailId === '5'
+    }
+  });
+```
+
+## Extended usage
+The `HTTP.methods` normally takes a function, but it can be set to an object for fine-grained handling.
+
+Example:
+```js
+  HTTP.methods({
+    '/hello': {
+      get: function(data) {},
+      // post: function(data) {},
+      // put: function(data) {},
+      // delete: function(data) {},
+      // options: function() {
+      //   // Example of a simple options function
+      //   this.setStatusCode(200);
+      //   this.addHeader('Accept', 'POST,PUT');
+      //    // The options for this restpoint
+      //    var options = {
+      //      POST: {
+      //        description: 'Create an issue',
+      //        parameters: {
+      //          title: {
+      //            type: 'string',
+      //            description: 'Issue title'
+      //          }
+      //        }
+      //       }
+      //    };
+      //    // Print the options in pretty json
+      //    return JSON.stringify(options, null, '\t');
+      //  },
+      //  stream: true // flag whether to allow stream handling in the request
+    }
+  });
+```
+*In this example the mounted http rest point will only support the `get` method*
+
+Example:
+```js
+  HTTP.methods({
+    '/hello': {
+      method: function(data) {},
+    }
+  });
+```
+*In this example all methods `get`, `put`, `post`, `delete` will use the same function - This would be equal to setting the function directly on the http mount point*
+
+## Authentication
+
+The client needs the `access_token` to login in HTTP methods. *One could create a HTTP login/logout method for allowing pure external access*
+
+Client
+```js
+  HTTP.post('/hello', {
+    params: {
+      token: Accounts && Accounts._storedLoginToken()
+    }
+  }, function(err, result) {
+    console.log('Got back: ' + result.content);
+  });
+```
+
+Server
+```js
+  'hello': function(data) {
+    if (this.userId) {
+      var user = Meteor.users.findOne({ _id: this.userId });
+      return 'Hello ' + (user && user.username || user && user.emails[0].address || 'user');
+    } else {
+      this.setStatusCode(401); // Unauthorized
+    }
+  }
+```
+
+## Using custom authentication
+
+It's possible to make your own function to set the userId - not using the built-in token pattern.
+```js
+  // My auth will return the userId
+  var myAuth = function() {
+    // Read the token from '/hello?token=5'
+    var userToken = self.query.token;
+    // Check the userToken before adding it to the db query
+    // Set the this.userId
+    if (userToken) {
+      var user = Meteor.users.findOne({ 'services.resume.loginTokens.token': userToken });
+
+      // Set the userId in the scope
+      return user && user._id;
+    }  
+  };
+
+  HTTP.methods({
+    '/hello': {
+      auth: myAuth,
+      method: function(data) {
+        // this.userId is set by myAuth
+        if (this.userId) { /**/ } else { /**/ }
+      }
+    }
+  });
+```
+*The above resembles the builtin auth handler*
+
+## Security
+When buffering data instead of streaming we set the buffer limit to 5mb - This can be changed on the fly:
+```js
+  // Set the max data length
+  // 5mb = 5 * 1024 * 1024 = 5242880;
+  HTTP.methodsMaxDataLength = 5242880;
+```
+
+## Login and logout (TODO)
+
+These operations are not currently supported for off Meteor use - there are some security considerations.
+
+`basic-auth` is broadly supported, but:
+* password should not be sent in clear text - hash with base64?
+* should be used on https connections
+* Its difficult / impossible to logout a user?
+
+`token` the current `access_token` seems to be a better solution. Better control and options to logout users. But calling the initial `login` method still requires:
+* hashing of password
+* use https
+
+## HTTP Client-side usage
+If you want to use the HTTP client-side functionality and find yourself having a hard time viewing all available options; these can be found on https://docs.meteor.com/#/full/http.