rest-api/db/migrations/20240810115846_image_upload_function.sql

-- migrate:up
CREATE DOMAIN "*/*" AS BYTEA;

CREATE FUNCTION api.upload_file (BYTEA, OUT file_id UUID)
AS $$
DECLARE
  _headers JSON := CURRENT_SETTING('request.headers', TRUE)::JSON;
  _website_id UUID := (_headers ->> 'x-website-id')::UUID;
  _original_filename TEXT := _headers ->> 'x-original-filename';
  _allowed_mimetypes TEXT[] := ARRAY['image/png', 'image/jpeg', 'image/webp', 'image/avif', 'image/gif', 'image/svg+xml'];
  _max_file_size BIGINT := 5 * 1024 * 1024;
  _has_access BOOLEAN;
  _mimetype TEXT;
BEGIN
  _has_access = internal.user_has_website_access (_website_id, 20);
  _mimetype := CASE WHEN SUBSTRING($1 FROM 1 FOR 8) = '\x89504E470D0A1A0A'::BYTEA THEN
    'image/png'
  WHEN SUBSTRING($1 FROM 1 FOR 3) = '\xFFD8FF'::BYTEA THEN
    'image/jpeg'
  WHEN SUBSTRING($1 FROM 1 FOR 4) = '\x52494646'::BYTEA
    AND SUBSTRING($1 FROM 9 FOR 4) = '\x57454250'::BYTEA THEN
    'image/webp'
  WHEN SUBSTRING($1 FROM 5 FOR 7) = '\x66747970617669'::BYTEA THEN
    'image/avif'
  WHEN SUBSTRING($1 FROM 1 FOR 6) = '\x474946383761'::BYTEA
    OR SUBSTRING($1 FROM 1 FOR 6) = '\x474946383961'::BYTEA THEN
    'image/gif'
  WHEN SUBSTRING($1 FROM 1 FOR 5) = '\x3C3F786D6C'::BYTEA
    OR SUBSTRING($1 FROM 1 FOR 4) = '\x3C737667'::BYTEA THEN
    'image/svg+xml'
  ELSE
    NULL
  END;
  IF OCTET_LENGTH($1) = 0 THEN
    RAISE invalid_parameter_value
    USING message = 'No file data was provided';
  ELSIF (_mimetype IS NULL
      OR _mimetype NOT IN (
        SELECT
          UNNEST(_allowed_mimetypes))) THEN
    RAISE invalid_parameter_value
    USING message = 'Invalid MIME type. Allowed types are: png, jpg, webp, avif, gif, svg';
  ELSIF OCTET_LENGTH($1) > _max_file_size THEN
    RAISE program_limit_exceeded
    USING message = FORMAT('File size exceeds the maximum limit of %s', PG_SIZE_PRETTY(_max_file_size));
  ELSE
    INSERT INTO internal.media (website_id, blob, mimetype, original_name)
      VALUES (_website_id, $1, _mimetype, _original_filename)
    RETURNING
      id INTO file_id;
  END IF;
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;

CREATE FUNCTION api.retrieve_file (id UUID)
  RETURNS "*/*"
  AS $$
DECLARE
  _headers TEXT;
  _blob BYTEA;
BEGIN
  SELECT
    FORMAT('[{ "Content-Type": "%s" },'
    '{ "Content-Disposition": "inline; filename=\"%s\"" },'
    '{ "Cache-Control": "max-age=259200" }]', m.mimetype, m.original_name)
  FROM
    internal.media AS m
  WHERE
    m.id = retrieve_file.id INTO _headers;
  PERFORM
    SET_CONFIG('response.headers', _headers, TRUE);
  SELECT
    m.blob
  FROM
    internal.media AS m
  WHERE
    m.id = retrieve_file.id INTO _blob;
  IF FOUND THEN
    RETURN _blob;
  ELSE
    RAISE invalid_parameter_value
    USING message = 'Invalid file id';
  END IF;
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;

GRANT EXECUTE ON FUNCTION api.upload_file TO authenticated_user;

GRANT EXECUTE ON FUNCTION api.retrieve_file TO anon;

GRANT EXECUTE ON FUNCTION api.retrieve_file TO authenticated_user;

-- migrate:down
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`-- migrate:up`
Ability to bulk import or export articles as gzip, handle domain prefix logic in API and other smaller improvements 2024-10-30 21:33:44 +01:00			`CREATE DOMAIN "/" AS BYTEA;`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00
			`CREATE FUNCTION api.upload_file (BYTEA, OUT file_id UUID)`
			`AS $$`
			`DECLARE`
			`_headers JSON := CURRENT_SETTING('request.headers', TRUE)::JSON;`
			`_website_id UUID := (_headers ->> 'x-website-id')::UUID;`
			`_original_filename TEXT := _headers ->> 'x-original-filename';`
Allow more common mimetypes 2024-09-17 22:44:16 +02:00			`_allowed_mimetypes TEXT[] := ARRAY['image/png', 'image/jpeg', 'image/webp', 'image/avif', 'image/gif', 'image/svg+xml'];`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`_max_file_size BIGINT := 5 * 1024 * 1024;`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`_has_access BOOLEAN;`
Refactor playwright tests, change button text for better usability and validate mimetype in API layer 2024-10-25 19:23:38 +02:00			`_mimetype TEXT;`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`BEGIN`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`_has_access = internal.user_has_website_access (_website_id, 20);`
Refactor playwright tests, change button text for better usability and validate mimetype in API layer 2024-10-25 19:23:38 +02:00			`_mimetype := CASE WHEN SUBSTRING($1 FROM 1 FOR 8) = '\x89504E470D0A1A0A'::BYTEA THEN`
			`'image/png'`
			`WHEN SUBSTRING($1 FROM 1 FOR 3) = '\xFFD8FF'::BYTEA THEN`
			`'image/jpeg'`
			`WHEN SUBSTRING($1 FROM 1 FOR 4) = '\x52494646'::BYTEA`
			`AND SUBSTRING($1 FROM 9 FOR 4) = '\x57454250'::BYTEA THEN`
			`'image/webp'`
			`WHEN SUBSTRING($1 FROM 5 FOR 7) = '\x66747970617669'::BYTEA THEN`
			`'image/avif'`
			`WHEN SUBSTRING($1 FROM 1 FOR 6) = '\x474946383761'::BYTEA`
			`OR SUBSTRING($1 FROM 1 FOR 6) = '\x474946383961'::BYTEA THEN`
			`'image/gif'`
			`WHEN SUBSTRING($1 FROM 1 FOR 5) = '\x3C3F786D6C'::BYTEA`
			`OR SUBSTRING($1 FROM 1 FOR 4) = '\x3C737667'::BYTEA THEN`
			`'image/svg+xml'`
			`ELSE`
			`NULL`
			`END;`
Use full text search instead of ilike for search functionality 2024-08-14 21:37:19 +02:00			`IF OCTET_LENGTH($1) = 0 THEN`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`RAISE invalid_parameter_value`
Use environment variables for ports in web app 2024-08-10 22:20:57 +02:00			`USING message = 'No file data was provided';`
Show logs and usernames for deleted users and remove svg mimetype for client side 2024-09-14 15:12:08 +02:00			`ELSIF (_mimetype IS NULL`
			`OR _mimetype NOT IN (`
			`SELECT`
			`UNNEST(_allowed_mimetypes))) THEN`
			`RAISE invalid_parameter_value`
Add theme toggle for templates 2024-10-03 18:51:30 +02:00			`USING message = 'Invalid MIME type. Allowed types are: png, jpg, webp, avif, gif, svg';`
Show logs and usernames for deleted users and remove svg mimetype for client side 2024-09-14 15:12:08 +02:00			`ELSIF OCTET_LENGTH($1) > _max_file_size THEN`
			`RAISE program_limit_exceeded`
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`USING message = FORMAT('File size exceeds the maximum limit of %s', PG_SIZE_PRETTY(_max_file_size));`
Show logs and usernames for deleted users and remove svg mimetype for client side 2024-09-14 15:12:08 +02:00			`ELSE`
			`INSERT INTO internal.media (website_id, blob, mimetype, original_name)`
			`VALUES (_website_id, $1, _mimetype, _original_filename)`
			`RETURNING`
			`id INTO file_id;`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`END IF;`
			`END;`
			`$$`
			`LANGUAGE plpgsql`
			`SECURITY DEFINER;`

			`CREATE FUNCTION api.retrieve_file (id UUID)`
			`RETURNS "/"`
			`AS $$`
			`DECLARE`
			`_headers TEXT;`
			`_blob BYTEA;`
			`BEGIN`
			`SELECT`
			`FORMAT('[{ "Content-Type": "%s" },'`
			`'{ "Content-Disposition": "inline; filename=\"%s\"" },'`
			`'{ "Cache-Control": "max-age=259200" }]', m.mimetype, m.original_name)`
			`FROM`
Add TypeScript definitions via pg-to-ts and refactor migrations 2024-09-10 17:29:57 +02:00			`internal.media AS m`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`WHERE`
			`m.id = retrieve_file.id INTO _headers;`
			`PERFORM`
			`SET_CONFIG('response.headers', _headers, TRUE);`
			`SELECT`
			`m.blob`
			`FROM`
Add theme toggle for templates 2024-10-03 18:51:30 +02:00			`internal.media AS m`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00			`WHERE`
			`m.id = retrieve_file.id INTO _blob;`
			`IF FOUND THEN`
			`RETURN _blob;`
			`ELSE`
			`RAISE invalid_parameter_value`
			`USING message = 'Invalid file id';`
			`END IF;`
			`END;`
			`$$`
			`LANGUAGE plpgsql`
			`SECURITY DEFINER;`

Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`GRANT EXECUTE ON FUNCTION api.upload_file TO authenticated_user;`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`GRANT EXECUTE ON FUNCTION api.retrieve_file TO anon;`
GRANT anon users image viewing functionality 2024-09-10 18:13:00 +02:00
Add administrator role plus manage dashboard and cleanup database migrations 2024-10-08 21:20:44 +02:00			`GRANT EXECUTE ON FUNCTION api.retrieve_file TO authenticated_user;`
Serve and create images from within postgresql 2024-08-10 17:09:12 +02:00
			`-- migrate:down`