2 files changed, 54 insertions, 0 deletions

diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php
index 49e48993f5c..b3c1db8e504 100644
--- a/apps/files_sharing/lib/Controller/PublicPreviewController.php
+++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php
@@ -101,4 +101,50 @@ class PublicPreviewController extends Controller {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
 	}
+
+	/**
+	 * @PublicPage
+	 * @NoCSRFRequired
+	 *
+	 * @param $token
+	 * @return DataResponse|FileDisplayResponse
+	 */
+	public function directLink($token) {
+		// No token no image
+		if ($token === '') {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+
+		// No share no image
+		try {
+			$share = $this->shareManager->getShareByToken($token);
+		} catch (ShareNotFound $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		// No permissions no image
+		if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
+		// Password protected shares have no direct link!
+		if ($share->getPassword() !== null) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
+		try {
+			$node = $share->getNode();
+			if ($node instanceof Folder) {
+				// Direct link only works for single files
+				return new DataResponse([], Http::STATUS_BAD_REQUEST);
+			}
+
+			$f = $this->previewManager->getPreview($node, -1, -1, false);
+			return new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);
+		} catch (NotFoundException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		} catch (\InvalidArgumentException $e) {
+			return new DataResponse([], Http::STATUS_BAD_REQUEST);
+		}
+	}
 }
diff --git a/core/routes.php b/core/routes.php
index a572c83d749..af445d9da8f 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -135,6 +135,14 @@ $this->create('files_sharing.sharecontroller.downloadShare', '/s/{token}/downloa
 		throw new \OC\HintException('App file sharing is not enabled');
 	}
 });
+$this->create('files_sharing.publicpreview.directLink', '/s/{token}/preview')->get()->action(function($urlParams) {
+	if (class_exists(\OCA\Files_Sharing\AppInfo\Application::class, false)) {
+		$app = new \OCA\Files_Sharing\AppInfo\Application($urlParams);
+		$app->dispatch('PublicPreviewController', 'directLink');
+	} else {
+		throw new \OC\HintException('App file sharing is not enabled');
+	}
+});
 
 // used for heartbeat
 $this->create('heartbeat', '/heartbeat')->action(function(){