[ENH] Upload a zip file of assets and Oqtane to add them to the filemanager

[leigh-pointer]

Oqtane Info

Version - 5.1.1
Render Mode - Static
Interactivity - Server
Database - SQL Server

Describe the enhancement

Would be nice to be able to upload a zip file of assests and Oqtuane to add them to the filemanager. The path inside the zip file would dictate the folder stucture on the server.

Anything else?

[sbwalker]

I am guessing any new folders created would inherit the security permissions of the folder where the ZIP file was uploaded? ZIP file uploads are famous for security vulnerabilities (ie. https://security.snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-2385941) so this enhancement would need a lot of testing.

[leigh-pointer]

Picking the permission from the file manager sounds right also the extensions would need to be checked which should help reduce the vulnerability.

[leigh-pointer]

The proposed enhancement involves extending the existing capabilities of Oqtane, a modular application framework for building web applications, by adding support for FTP file transfers and syncing assets with the database. This feature aims to streamline the process of migrating sites and frameworks by handling large amounts of assets more efficiently.

FTP Integration for Asset Management:

1. Feature: Enable FTP transfers directly within Oqtane, allowing users to upload files to specific server locations.
2. Advantage: Simplifies the process of moving large amounts of assets, as users can transfer files via FTP rather than manually uploading through the web interface.

Zip File Upload and Extraction:

1. Feature: Allow users to upload a zip file containing assets to Oqtane.

Functionality:

• Upon uploading a zip file, the system extracts its contents.
• The path structure within the zip file dictates the folder structure on the server.
• Advantage: Facilitates bulk uploading of assets while maintaining the desired directory organization.

Synchronization with File Manager and Database:

1. Feature: Integrate a synchronization framework that updates the Oqtane file manager and the SQL Server database with new assets.
   Functionality:

• Automatically add extracted files to the file manager.
• Update the database with information about the new assets, ensuring they are readily available for use within the application.

Benefits:

• Efficiency: The combined FTP and zip file upload capabilities significantly reduce the time and effort required to manage large quantities of assets.
• Organization: Automated extraction and path-based organization ensure that files are stored correctly without manual intervention.
• Consistency: Syncing with the database maintains consistent asset management across the application, improving reliability and accessibility.
• Migration Ease: Streamlines the migration process for sites and frameworks, providing a smoother transition with less downtime.

By implementing this enhancement, Oqtane will offer a more robust and user-friendly asset management solution, greatly benefiting developers and site administrators involved in large-scale migrations or frequent asset updates.

[sbwalker]

@leigh-pointer I am investigating how the unzip feature could be integrated from a UI perspective. I believe that there are scenarios where you would want to retain a zip file in its compressed form, as well as scenarios where you would want it to be unzipped. So this basically means that the framework cannot make assumptions - it would need user input.

So one option is that this feature could be integrated into the File Management UI in the Admin Dashboard... when you select Edit next to a file it opens the File Management modal and if the file is a ZIP file it could display an Unzip button:

This would provide the user with the ability to unzip a ZIP file (and the backend would handle all of the path/filename/extension validation logic). However this means that this feature would only be available to administrators via the File Management UI - it would not be available via the FileManager component (which is embedded within modules). Would this satisfy the requirement?

(note that I a, ignoring the FTP enhancement outlined above, as this is a different enhancement unrelated to ZIP files and should be logged separately)

[leigh-pointer]

@sbwalker I love what you’re doing with the unzip feature! It’s clear you’re putting a lot of thought into how it can be integrated from a UI perspective, and I really appreciate that you’re considering the different scenarios where users might want to keep a ZIP file compressed or unzip it.
Your idea of adding an Unzip button in the File Management modal is fantastic! It’s super intuitive and makes perfect sense. Plus, keeping this feature exclusive to administrators is a smart move—it strikes a great balance between functionality and security.
I think this approach really shows how much you care about user experience. If you’re open to it, I’d love to hear how it goes once you start testing it out. Also, gathering some feedback from the admins after implementation could provide some great insights for future tweaks.

[sbwalker]

#4521 allows a zip file to be extracted - note that it currently does not support subfolders - it will extract all of the files into the same folder where the zip file is located. This eliminates the risk of directory traversal vulnerabilities and simplifies the implementation considerably.