xssbook2/db/rest/util/_api_serve_media.sql

CREATE FUNCTION _api.serve_media(
	_name TEXT
)
RETURNS sys."*/*"
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
	_headers TEXT;
	_data BYTEA;
BEGIN

	SELECT FORMAT(
      '[{"Content-Type": "%s"},'
       '{"Content-Disposition": "inline; filename=\"%s\""},'
       '{"Cache-Control": "max-age=259200"}]'
      ,	m.type, m.name)
	FROM admin.media m
	WHERE m.name = _name INTO _headers;

	PERFORM SET_CONFIG('response.headers', _headers, true);

	SELECT m.content
	FROM admin.media m
	WHERE m.name = _name
	INTO _data;

	IF FOUND THEN
		RETURN(_data);
	ELSE
		PERFORM _api.raise(
			_msg => 'api_not_found',
			_err => 404
		);
	END IF;
END
$BODY$;

GRANT EXECUTE ON FUNCTION _api.serve_media(TEXT)
	TO rest_anon, rest_user;
GRANT SELECT ON TABLE admin.media
	TO rest_anon, rest_user;
start database (user and post), and initial barebones home page 2024-03-30 02:29:56 +00:00			`CREATE FUNCTION _api.serve_media(`
			`_name TEXT`
			`)`
			`RETURNS sys."/"`
			`LANGUAGE plpgsql VOLATILE`
			`AS $BODY$`
			`DECLARE`
			`_headers TEXT;`
			`_data BYTEA;`
			`BEGIN`

			`SELECT FORMAT(`
			`'[{"Content-Type": "%s"},'`
			`'{"Content-Disposition": "inline; filename=\"%s\""},'`
			`'{"Cache-Control": "max-age=259200"}]'`
			`, m.type, m.name)`
			`FROM admin.media m`
			`WHERE m.name = _name INTO _headers;`

			`PERFORM SET_CONFIG('response.headers', _headers, true);`

			`SELECT m.content`
			`FROM admin.media m`
			`WHERE m.name = _name`
			`INTO _data;`

			`IF FOUND THEN`
			`RETURN(_data);`
			`ELSE`
			`PERFORM _api.raise(`
			`_msg => 'api_not_found',`
			`_err => 404`
			`);`
			`END IF;`
			`END`
			`$BODY$;`

			`GRANT EXECUTE ON FUNCTION _api.serve_media(TEXT)`
			`TO rest_anon, rest_user;`
			`GRANT SELECT ON TABLE admin.media`
			`TO rest_anon, rest_user;`