Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2024-12-13 16:06:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0a19b025a0
filesafe/controllers/authController.js

432 lines
12 KiB
JavaScript
Raw Normal View History

Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const bcrypt = require('bcrypt')
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
const path = require('path')
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const randomstring = require('randomstring')
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
const paths = require('./pathsController')
Updates (very important to read) Client-side CSS & JS files will now be processed with Gulp. Gulp tasks are configured in gulpfile.js file. CSS files will be optimized with postcss-preset-env, which will auto-add vendor prefixes and convert any parts necessary for browsers compatibility. Afterwards they will be minified with cssnano. JS files will be optimized with bublé, likewise for browsers compatibility. Afterwards they will be minified with terser. Unprocessed CSS & JS files will now be located at src directory, while the processed results will be located at dist directory. Due to bublé, the JS files should now be compatible up to IE 11 at the minimum. Previously the safe would not work in IE 11 due to extensive usage of template literals. Due to that as well, JS files in src directory will now extensively use arrow functions for my personal comfort (as they will be converted too). The server will use the processed files at dist directory by default. If you want to rebuild the files by your own, you can run "yarn build". Gulp is a development dependency, so make sure you have installed all development dependencies (e.i. NOT using "yarn install --production"). --- yarn lint -> gulp lint yarn build -> gulp default yarn watch -> gulp watch yarn develop -> env NODE_ENV=development yarn watch --- Fixed not being able to demote staff into normal users. /api/token/verify will no longer respond with 401 HTTP error code, unless an error occurred (which will be 500 HTTP error code). Fixed /nojs route not displaying file's original name when a duplicate is found on the server. Removed is-breeze CSS class name, in favor of Bulma's is-info. Removed custom styling from auth page, in favor of global styling. Removed all usage of style HTML attribute in favor of CSS classes. Renamed js/s/ to js/misc/. Use loading spinners on dashboard's sidebar menus. Disable all other sidebar menus when something is loading. Changed title HTML attribute of disabled control buttons in uploads & users list. Hid checkboxes and WIP controls from users list. Better error messages handling. Especially homepage will now support CF's HTTP error codes. Updated various icons. Also, added fontello config file at public/libs/fontello/config.json. This should let you edit them more easily with fontello. Use Gatsby icon for my blog's link in homepage's footer. A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
const perms = require('./permissionController')
Updated tokenController.js + authController.js: + Added a standalone function to generate unique token. Despite tokens being 64 characters long, meaning the chance to generate the same token twice have very small chances, I would rather not leave it to chances. + Some spacings. config.sample.js: + Self-explanatory.
2019-06-18 21:04:14 +00:00
const tokens = require('./tokenController')
Updates * Added VSCode settings to git repo. Now you can match yours with mine, if you want. * Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension). * Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension). * Refactored path in all instances of require() wherever applicable. * Sorted instances of require() wherever applicable. * Fixed 500 HTTP error trying to load an error page for 505 HTTP error. * Removed special treatement of NoJS page from uploadsController.processFilesForDisplay(). * Updated version string of all static files. * Beautified all HTML, HANDLEBARS and CSS files. * Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens. * Added CSS prefixes wherever applicable. * Improved back-end side of No-JS uploader. This will now handle errors properly. * No-JS uploader will now show max file size. * No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
2018-04-13 16:20:57 +00:00
const utils = require('./utilsController')
Updates (very important to read) Client-side CSS & JS files will now be processed with Gulp. Gulp tasks are configured in gulpfile.js file. CSS files will be optimized with postcss-preset-env, which will auto-add vendor prefixes and convert any parts necessary for browsers compatibility. Afterwards they will be minified with cssnano. JS files will be optimized with bublé, likewise for browsers compatibility. Afterwards they will be minified with terser. Unprocessed CSS & JS files will now be located at src directory, while the processed results will be located at dist directory. Due to bublé, the JS files should now be compatible up to IE 11 at the minimum. Previously the safe would not work in IE 11 due to extensive usage of template literals. Due to that as well, JS files in src directory will now extensively use arrow functions for my personal comfort (as they will be converted too). The server will use the processed files at dist directory by default. If you want to rebuild the files by your own, you can run "yarn build". Gulp is a development dependency, so make sure you have installed all development dependencies (e.i. NOT using "yarn install --production"). --- yarn lint -> gulp lint yarn build -> gulp default yarn watch -> gulp watch yarn develop -> env NODE_ENV=development yarn watch --- Fixed not being able to demote staff into normal users. /api/token/verify will no longer respond with 401 HTTP error code, unless an error occurred (which will be 500 HTTP error code). Fixed /nojs route not displaying file's original name when a duplicate is found on the server. Removed is-breeze CSS class name, in favor of Bulma's is-info. Removed custom styling from auth page, in favor of global styling. Removed all usage of style HTML attribute in favor of CSS classes. Renamed js/s/ to js/misc/. Use loading spinners on dashboard's sidebar menus. Disable all other sidebar menus when something is loading. Changed title HTML attribute of disabled control buttons in uploads & users list. Hid checkboxes and WIP controls from users list. Better error messages handling. Especially homepage will now support CF's HTTP error codes. Updated various icons. Also, added fontello config file at public/libs/fontello/config.json. This should let you edit them more easily with fontello. Use Gatsby icon for my blog's link in homepage's footer. A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
const config = require('./../config')
const logger = require('./../logger')
const db = require('knex')(config.database)
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
// Don't forget to update min/max length of text inputs in auth.njk
// when changing these values.
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const self = {
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
user: {
min: 4,
max: 32
},
pass: {
min: 6,
// Should not be more than 72 characters
// https://github.com/kelektiv/node.bcrypt.js#security-issues-and-concerns
max: 64,
// Length of randomized password
// when resetting passwordthrough Dashboard's Manage Users.
rand: 16
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
// https://github.com/kelektiv/node.bcrypt.js#a-note-on-rounds
const saltRounds = 10
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.verify = async (req, res, next) => {
const username = typeof req.body.username === 'string'
? req.body.username.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!username) return res.json({ success: false, description: 'No username provided.' })
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const password = typeof req.body.password === 'string'
? req.body.password.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!password) return res.json({ success: false, description: 'No password provided.' })
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
try {
const user = await db.table('users')
.where('username', username)
.first()
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!user) return res.json({ success: false, description: 'Username does not exist.' })
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (user.enabled === false || user.enabled === 0) {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json({ success: false, description: 'This account has been disabled.' })
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
const result = await bcrypt.compare(password, user.password)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (result === false) {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json({ success: false, description: 'Wrong password.' })
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
} else {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json({ success: true, token: user.token })
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.register = async (req, res, next) => {
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (config.enableUserAccounts === false) {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json({ success: false, description: 'Registration is currently disabled.' })
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
Updated Trim user & pass upon login / registration, on both client & server. Users that might have already had whitespace prefix/suffix will need to have their usernames manually updated in the database. Warp various text inputs in the dashboard into HTML form. This will make them be submittable when pressing Enter on the keyboard. Switching page using the prev/next buttons, pagination, and jump to page input, will now scroll the view to the top of the page element. Bumped v1 version string.
2019-08-26 22:00:57 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const username = typeof req.body.username === 'string'
? req.body.username.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (username.length < self.user.min || username.length > self.user.max) {
return res.json({
success: false,
description: `Username must have ${self.user.min}-${self.user.max} characters.`
})
}
Updated ESLint rule: curly No more enforced curly for if/else/for/while/do blocks w/ one statement. With that said, auto-fixed all JS files to follow the rule. I'd also like to apologize for the inconveniences this commit cause, after all it was me who intentionally enforced curly rule back then. Why the change of heart? After doing some more non-JS codes recently, I realized it was pretty stupid of me to enforce that.
2018-12-18 17:01:28 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const password = typeof req.body.password === 'string'
? req.body.password.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (password.length < self.pass.min || password.length > self.pass.max) {
return res.json({
success: false,
description: `Password must have ${self.pass.min}-${self.pass.max} characters.`
})
}
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
try {
const user = await db.table('users')
.where('username', username)
.first()
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (user) return res.json({ success: false, description: 'Username already exists.' })
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
const hash = await bcrypt.hash(password, saltRounds)
Updated tokenController.js + authController.js: + Added a standalone function to generate unique token. Despite tokens being 64 characters long, meaning the chance to generate the same token twice have very small chances, I would rather not leave it to chances. + Some spacings. config.sample.js: + Self-explanatory.
2019-06-18 21:04:14 +00:00
const token = await tokens.generateUniqueToken()
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!token) {
return res.json({
success: false,
description: 'Sorry, we could not allocate a unique token. Try again?'
})
}
Updated tokenController.js + authController.js: + Added a standalone function to generate unique token. Despite tokens being 64 characters long, meaning the chance to generate the same token twice have very small chances, I would rather not leave it to chances. + Some spacings. config.sample.js: + Self-explanatory.
2019-06-18 21:04:14 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
await db.table('users')
.insert({
username,
password: hash,
token,
enabled: 1,
!!! RUN "yarn migrate" !!! Added "yarn migrate" as alias for "node ./database/migration.js". Updated README.md about it. Added a new column to users database: registration. It will be used to store user's registration timestamp. Registration date will be displayed in Dashboard's Manage Users. Since this is a new column, existing users will not have registration dates. Last token change date will now be displayed in Dashboard as well. <code> elements will now properly have relative font size. User ID will now be displayed in Edit user dialog for reference purpose. Bumped v1 version string and rebuilt client assets.
2020-05-16 15:32:32 +00:00
permission: perms.permissions.user,
registration: Math.floor(Date.now() / 1000)
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
})
Re-worked caching for statistics I guess I'll work on adding charts someday.
2019-04-12 00:45:33 +00:00
utils.invalidateStatsCache('users')
Fixed some critical bugs
2019-09-08 18:33:07 +00:00
tokens.onHold.delete(token)
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
return res.json({ success: true, token })
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.changePassword = async (req, res, next) => {
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const user = await utils.authorize(req, res)
Updated ESLint rule: curly No more enforced curly for if/else/for/while/do blocks w/ one statement. With that said, auto-fixed all JS files to follow the rule. I'd also like to apologize for the inconveniences this commit cause, after all it was me who intentionally enforced curly rule back then. Why the change of heart? After doing some more non-JS codes recently, I realized it was pretty stupid of me to enforce that.
2018-12-18 17:01:28 +00:00
if (!user) return
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const password = typeof req.body.password === 'string'
? req.body.password.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (password.length < self.pass.min || password.length > self.pass.max) {
return res.json({
success: false,
description: `Password must have ${self.pass.min}-${self.pass.max} characters.`
})
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
try {
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
const hash = await bcrypt.hash(password, saltRounds)
ES6 rewrite
2017-10-04 00:13:38 +00:00
More improvements to albums, and others Improvements related to albums: * Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png). This also adds a new API route: /api/albums/edit. The old API route, /api/albums/rename, is still available but will silently be using the new API in backend. * Deleting album will now also delete its zip archive if exists. * Renaming albums will also rename its zip archive if exists. * Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat. * The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier. * Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier. * Added "download" and "public" columns to "albums" table in database/db.js. Existing users can run "node database/migration.js" to add the columns. Others: * uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise. * Album name of disabled/deleted albums will no longer be shown in uploads list. * Added "fileLength" column to "users" table in database/db.js. * Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though. * Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch). * Updated icons (added download icon). * Some other improvements/tweaks here and there.
2018-04-28 17:26:39 +00:00
await db.table('users')
.where('id', user.id)
.update('password', hash)
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
return res.json({ success: true })
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
}
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
self.assertPermission = (user, target) => {
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!target) {
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
throw new Error('Could not get user with the specified ID.')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
} else if (!perms.higher(user, target)) {
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
throw new Error('The user is in the same or higher group as you.')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
} else if (target.username === 'root') {
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
throw new Error('Root user may not be tampered with.')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
}
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
self.createUser = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const isadmin = perms.is(user, 'admin')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!isadmin) return res.status(403).end()
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
const username = typeof req.body.username === 'string'
? req.body.username.trim()
: ''
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (username.length < self.user.min || username.length > self.user.max) {
return res.json({
success: false,
description: `Username must have ${self.user.min}-${self.user.max} characters.`
})
}
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
let password = typeof req.body.password === 'string'
? req.body.password.trim()
: ''
if (password.length) {
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (password.length < self.pass.min || password.length > self.pass.max) {
return res.json({
success: false,
description: `Password must have ${self.pass.min}-${self.pass.max} characters.`
})
}
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
} else {
password = randomstring.generate(self.pass.rand)
}
let group = req.body.group
let permission
if (group !== undefined) {
permission = perms.permissions[group]
if (typeof permission !== 'number' || permission < 0) {
group = 'user'
permission = perms.permissions.user
}
}
try {
const user = await db.table('users')
.where('username', username)
.first()
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (user) return res.json({ success: false, description: 'Username already exists.' })
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
const hash = await bcrypt.hash(password, saltRounds)
const token = await tokens.generateUniqueToken()
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!token) {
return res.json({
success: false,
description: 'Sorry, we could not allocate a unique token. Try again?'
})
}
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
await db.table('users')
.insert({
username,
password: hash,
token,
enabled: 1,
!!! RUN "yarn migrate" !!! Added "yarn migrate" as alias for "node ./database/migration.js". Updated README.md about it. Added a new column to users database: registration. It will be used to store user's registration timestamp. Registration date will be displayed in Dashboard's Manage Users. Since this is a new column, existing users will not have registration dates. Last token change date will now be displayed in Dashboard as well. <code> elements will now properly have relative font size. User ID will now be displayed in Edit user dialog for reference purpose. Bumped v1 version string and rebuilt client assets.
2020-05-16 15:32:32 +00:00
permission,
registration: Math.floor(Date.now() / 1000)
Added feature to create new user from Manage Users New admins-only API route: /api/users/create Restored checkboxes and bulk buttons in Manage Users Currently useless, as bulk operators are still WIP Added filter input in Manage Users, currently WIP Rebuilt client-side assets and bumped v1 version string
2020-04-17 07:25:18 +00:00
})
utils.invalidateStatsCache('users')
tokens.onHold.delete(token)
return res.json({ success: true, username, password, group })
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.editUser = async (req, res, next) => {
Init account-manager branch
2018-10-09 19:52:41 +00:00
const user = await utils.authorize(req, res)
Updated ESLint rule: curly No more enforced curly for if/else/for/while/do blocks w/ one statement. With that said, auto-fixed all JS files to follow the rule. I'd also like to apologize for the inconveniences this commit cause, after all it was me who intentionally enforced curly rule back then. Why the change of heart? After doing some more non-JS codes recently, I realized it was pretty stupid of me to enforce that.
2018-12-18 17:01:28 +00:00
if (!user) return
Init account-manager branch
2018-10-09 19:52:41 +00:00
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
const isadmin = perms.is(user, 'admin')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!isadmin) return res.status(403).end()
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
Init account-manager branch
2018-10-09 19:52:41 +00:00
const id = parseInt(req.body.id)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (isNaN(id)) return res.json({ success: false, description: 'No user specified.' })
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
try {
const target = await db.table('users')
.where('id', id)
.first()
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
self.assertPermission(user, target)
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const update = {}
Updates Added pagination to uploads and users list. With that, /api/uploads and /api/users API routes will now add "count" property to their response object. Enabled Delete user button in users list. With that also added /api/users/disable API route. As usual, you can only disable users whose usergroup is lower than your own. Click event will no longer trigger on "disabled" elements (basically any elements with "disabled" attribute). Changed all arrow functions into regular functions in public JS files (there were only a few that I somehow missed). Bumped v1 version string.
2019-01-01 19:39:08 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
if (req.body.username !== undefined) {
update.username = String(req.body.username).trim()
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (update.username.length < self.user.min || update.username.length > self.user.max) {
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
throw new Error(`Username must have ${self.user.min}-${self.user.max} characters.`)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
Added user group option to edit user modal Also simplified selector for file's add to album modal
2018-10-10 17:33:11 +00:00
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (req.body.enabled !== undefined) {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
update.enabled = Boolean(req.body.enabled)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
if (req.body.group !== undefined) {
Updates (very important to read) Client-side CSS & JS files will now be processed with Gulp. Gulp tasks are configured in gulpfile.js file. CSS files will be optimized with postcss-preset-env, which will auto-add vendor prefixes and convert any parts necessary for browsers compatibility. Afterwards they will be minified with cssnano. JS files will be optimized with bublé, likewise for browsers compatibility. Afterwards they will be minified with terser. Unprocessed CSS & JS files will now be located at src directory, while the processed results will be located at dist directory. Due to bublé, the JS files should now be compatible up to IE 11 at the minimum. Previously the safe would not work in IE 11 due to extensive usage of template literals. Due to that as well, JS files in src directory will now extensively use arrow functions for my personal comfort (as they will be converted too). The server will use the processed files at dist directory by default. If you want to rebuild the files by your own, you can run "yarn build". Gulp is a development dependency, so make sure you have installed all development dependencies (e.i. NOT using "yarn install --production"). --- yarn lint -> gulp lint yarn build -> gulp default yarn watch -> gulp watch yarn develop -> env NODE_ENV=development yarn watch --- Fixed not being able to demote staff into normal users. /api/token/verify will no longer respond with 401 HTTP error code, unless an error occurred (which will be 500 HTTP error code). Fixed /nojs route not displaying file's original name when a duplicate is found on the server. Removed is-breeze CSS class name, in favor of Bulma's is-info. Removed custom styling from auth page, in favor of global styling. Removed all usage of style HTML attribute in favor of CSS classes. Renamed js/s/ to js/misc/. Use loading spinners on dashboard's sidebar menus. Disable all other sidebar menus when something is loading. Changed title HTML attribute of disabled control buttons in uploads & users list. Hid checkboxes and WIP controls from users list. Better error messages handling. Especially homepage will now support CF's HTTP error codes. Updated various icons. Also, added fontello config file at public/libs/fontello/config.json. This should let you edit them more easily with fontello. Use Gatsby icon for my blog's link in homepage's footer. A bunch of other improvements here & there.
2019-09-15 06:20:11 +00:00
update.permission = perms.permissions[req.body.group]
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (typeof update.permission !== 'number' || update.permission < 0) {
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
update.permission = target.permission
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
let password
if (req.body.resetPassword) {
Updated Updated some dev dependencies. --- Gulp will now build CSS/JS files during development into dist-dev directory, to prevent IDE's Git from unnecessarily building diff's. Added dist-dev to ignore files. --- The entire config fille will now be passed to Nunjuck templates for ease of access of config values. Root domain for use in Nunjuck templates will now be parsed from config. Better page titles. Updated help message for "Uploads history order" option in homepage's config tab. Added "Load images for preview" option to homepage's config tab. Setting this to false will now prevent image uploads from loading themselves for previews. Uploads' original names in homepage's uploads history are now selectable. Min/max length for user/pass are now enforced in auth's front-end. Improved performance of album public pages. Their generated HTML pages will now be cached into memory. Unfortunately, No-JS version of their pages will be cached separately, so each album may take up to double the memory space. File names in thumbnails no longer have their full URLs as tooltips. I saw no point in that behavior. Added video icons. Homepage's uploads history will now display video icons for videos. "View thumbnail" button in Dashboard is now renamed to "Show preview". Their icons will also be changed depending on their file types. Added max length for albums' title & description. These will be enforced both in front-end and back-end. Existing albums that have surpassed the limits will not be enforced. A few other small improvements.
2019-09-17 04:13:41 +00:00
password = randomstring.generate(self.pass.rand)
update.password = await bcrypt.hash(password, saltRounds)
Init account-manager branch
2018-10-09 19:52:41 +00:00
}
await db.table('users')
.where('id', id)
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
.update(update)
utils.invalidateStatsCache('users')
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const response = { success: true, update }
Massively overhauled uploads filtering endpoint Please consult the Help? button again to learn all the syntax changes! The prompt will now also have its width expanded! Updated dependency, knex: 0.20.13 -> 0.20.15. Added new dependency: search-query-parser. Updated all sub-dependencies. Critical? Admins-only API /users/edit will no longer return NEW password salt of the user when randomizing their password. Added page.escape() function to js/misc/utils.js. This will be used to escape input in upload filters input box. The same function used in utilsController.js. Pretty dates will now use / instead of - for date separator. This is due to the fact that date range key for filtering uploads can not accepts dates with - separator. To avoid inconsistency, we will now use / separator. Caching system of album public pages will now be disabled during development (yarn develop). Cleaned up domClick() function in js/dashboard.js. If using date or expiry range keys when filtering uploads, attach client's timezone offset to the API requets. This will be used by the server to calculate timezone differences. Success prompt when changing token will now auto-close. Removed ID column from Manage Users. Improved success prompt when editing users. This will properly list all of the edited fields at once, excluding user group change. Success message for user group change will require a bit more changes on the API endpoint, which is a bit annoying. Rebuilt client-side assets and bumped v1 version string.
2020-04-18 19:52:11 +00:00
if (password) response.update.password = password
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json(response)
} catch (error) {
logger.error(error)
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
return res.status(500).json({
success: false,
description: error.message || 'An unexpected error occurred. Try again?'
})
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.disableUser = async (req, res, next) => {
req.body = { id: req.body.id, enabled: false }
return self.editUser(req, res, next)
Updates Added pagination to uploads and users list. With that, /api/uploads and /api/users API routes will now add "count" property to their response object. Enabled Delete user button in users list. With that also added /api/users/disable API route. As usual, you can only disable users whose usergroup is lower than your own. Click event will no longer trigger on "disabled" elements (basically any elements with "disabled" attribute). Changed all arrow functions into regular functions in public JS files (there were only a few that I somehow missed). Bumped v1 version string.
2019-01-01 19:39:08 +00:00
}
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
self.deleteUser = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const isadmin = perms.is(user, 'admin')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!isadmin) return res.status(403).end()
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
const id = parseInt(req.body.id)
const purge = req.body.purge
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (isNaN(id)) return res.json({ success: false, description: 'No user specified.' })
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
try {
const target = await db.table('users')
.where('id', id)
.first()
self.assertPermission(user, target)
const files = await db.table('files')
.where('userid', id)
.select('id')
if (files.length) {
const fileids = files.map(file => file.id)
if (purge) {
const failed = await utils.bulkDeleteFromDb('id', fileids, user)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (failed.length) return res.json({ success: false, failed })
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
utils.invalidateStatsCache('uploads')
} else {
// Clear out userid attribute from the files
await db.table('files')
.whereIn('id', fileids)
.update('userid', null)
}
}
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
// TODO: Figure out why can't we just just delete the albums from DB
// DISCLAIMER: Upstream always had it coded this way for some reason
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
const albums = await db.table('albums')
.where('userid', id)
.where('enabled', 1)
.select('id', 'identifier')
if (albums.length) {
const albumids = albums.map(album => album.id)
await db.table('albums')
.whereIn('id', albumids)
.del()
utils.invalidateAlbumsCache(albumids)
// Unlink their archives
await Promise.all(albums.map(async album => {
try {
await paths.unlink(path.join(paths.zips, `${album.identifier}.zip`))
} catch (error) {
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (error.code !== 'ENOENT') throw error
Updated Added delete user feature. API: /api/users/delete json: id<number>, purge[boolean] By default will not purge out files, but will still clear userid attribute from the files. All associated albums will also be marked, and have their ZIP archives be unliked, if applicable. Fixed purging albums not properly reporting amount of associated files that could not be removed, if any. Fixed moderators being able to disable users by manually sending API requests, if they at least know of the user IDs. They could only disable regular users however.
2019-10-06 23:11:07 +00:00
}
}))
}
await db.table('users')
.where('id', id)
.del()
utils.invalidateStatsCache('users')
return res.json({ success: true })
} catch (error) {
return res.status(500).json({
success: false,
description: error.message || 'An unexpected error occurred. Try again?'
})
}
}
self.bulkDeleteUsers = async (req, res, next) => {
// TODO
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
self.listUsers = async (req, res, next) => {
Init account-manager branch
2018-10-09 19:52:41 +00:00
const user = await utils.authorize(req, res)
Updated ESLint rule: curly No more enforced curly for if/else/for/while/do blocks w/ one statement. With that said, auto-fixed all JS files to follow the rule. I'd also like to apologize for the inconveniences this commit cause, after all it was me who intentionally enforced curly rule back then. Why the change of heart? After doing some more non-JS codes recently, I realized it was pretty stupid of me to enforce that.
2018-12-18 17:01:28 +00:00
if (!user) return
Init account-manager branch
2018-10-09 19:52:41 +00:00
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
const isadmin = perms.is(user, 'admin')
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!isadmin) return res.status(403).end()
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
try {
const count = await db.table('users')
.count('id as count')
.then(rows => rows[0].count)
Removed custom ESLint curly rule Sigh, why did you do this, past me..? Also fixed "Delete uploads by names".
2020-10-30 18:12:09 +00:00
if (!count) return res.json({ success: true, users: [], count })
Updates Added pagination to uploads and users list. With that, /api/uploads and /api/users API routes will now add "count" property to their response object. Enabled Delete user button in users list. With that also added /api/users/disable API route. As usual, you can only disable users whose usergroup is lower than your own. Click event will no longer trigger on "disabled" elements (basically any elements with "disabled" attribute). Changed all arrow functions into regular functions in public JS files (there were only a few that I somehow missed). Bumped v1 version string.
2019-01-01 19:39:08 +00:00
Added support for negative page num e.g. -1 means last page, -2 means the 2nd from last, and so on will only accept up to -N where N is the amount of pages anything lower will alwasy return the first page this works for both list uploads and list users APIs fixed some Object.assign in dashboard.js added bottom control buttons in manage users
2020-05-02 15:42:23 +00:00
let offset = Number(req.params.page)
if (isNaN(offset)) offset = 0
else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset)
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const users = await db.table('users')
.limit(25)
.offset(25 * offset)
!!! RUN "yarn migrate" !!! Added "yarn migrate" as alias for "node ./database/migration.js". Updated README.md about it. Added a new column to users database: registration. It will be used to store user's registration timestamp. Registration date will be displayed in Dashboard's Manage Users. Since this is a new column, existing users will not have registration dates. Last token change date will now be displayed in Dashboard as well. <code> elements will now properly have relative font size. User ID will now be displayed in Edit user dialog for reference purpose. Bumped v1 version string and rebuilt client assets.
2020-05-16 15:32:32 +00:00
.select('id', 'username', 'enabled', 'timestamp', 'permission', 'registration')
Init account-manager branch
2018-10-09 19:52:41 +00:00
Updated Improved performance of /api/users/:id (admin's manage users). Promisify fs.writeFile. Improved performance of /api/stats. By a lot in Linux, cause uploads size will be deferred to "du" binary. In addition, total usage of whichever disk uploads path resides on will also be queried using "df" binary. Non-Linux will have to rely on manual calculation by querying DB for each upload's size. But logics related to uploads stats were also improved to be almost twice as fast as before. Improved parsing of /api/stats results on dashboard.js. This allows ease of extending server's response by not having to update dashboard.js by much, if at all. Improved codes relating to item menus in dashboard's sidebar. Finally much cleaner now 👍 No longer use /api/upload/delete API route from dashboard. Single file deletion and bulk files deletion, both from uploads list or by names, will now properly use a single function that will use /api/upload/bulkdelete API route. /api/upload/delete will still be kept indefinitely for backward support. Fixed oddities with Select all checkbox. Replaced all instances of modifying HTML element's style attribute with adding/removing is-hidden CSS helper class. Rephrased all instances of "files" to "uploads" in any display strings. Fixed notice message when server is on private mode. A few other improvements.
2019-09-10 16:31:27 +00:00
const pointers = {}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
for (const user of users) {
user.groups = perms.mapPermissions(user)
delete user.permission
Updated Improved performance of /api/users/:id (admin's manage users). Promisify fs.writeFile. Improved performance of /api/stats. By a lot in Linux, cause uploads size will be deferred to "du" binary. In addition, total usage of whichever disk uploads path resides on will also be queried using "df" binary. Non-Linux will have to rely on manual calculation by querying DB for each upload's size. But logics related to uploads stats were also improved to be almost twice as fast as before. Improved parsing of /api/stats results on dashboard.js. This allows ease of extending server's response by not having to update dashboard.js by much, if at all. Improved codes relating to item menus in dashboard's sidebar. Finally much cleaner now 👍 No longer use /api/upload/delete API route from dashboard. Single file deletion and bulk files deletion, both from uploads list or by names, will now properly use a single function that will use /api/upload/bulkdelete API route. /api/upload/delete will still be kept indefinitely for backward support. Fixed oddities with Select all checkbox. Replaced all instances of modifying HTML element's style attribute with adding/removing is-hidden CSS helper class. Rephrased all instances of "files" to "uploads" in any display strings. Fixed notice message when server is on private mode. A few other improvements.
2019-09-10 16:31:27 +00:00
user.uploads = 0
user.usage = 0
pointers[user.id] = user
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
const uploads = await db.table('files')
Updated Improved performance of /api/users/:id (admin's manage users). Promisify fs.writeFile. Improved performance of /api/stats. By a lot in Linux, cause uploads size will be deferred to "du" binary. In addition, total usage of whichever disk uploads path resides on will also be queried using "df" binary. Non-Linux will have to rely on manual calculation by querying DB for each upload's size. But logics related to uploads stats were also improved to be almost twice as fast as before. Improved parsing of /api/stats results on dashboard.js. This allows ease of extending server's response by not having to update dashboard.js by much, if at all. Improved codes relating to item menus in dashboard's sidebar. Finally much cleaner now 👍 No longer use /api/upload/delete API route from dashboard. Single file deletion and bulk files deletion, both from uploads list or by names, will now properly use a single function that will use /api/upload/bulkdelete API route. /api/upload/delete will still be kept indefinitely for backward support. Fixed oddities with Select all checkbox. Replaced all instances of modifying HTML element's style attribute with adding/removing is-hidden CSS helper class. Rephrased all instances of "files" to "uploads" in any display strings. Fixed notice message when server is on private mode. A few other improvements.
2019-09-10 16:31:27 +00:00
.whereIn('userid', Object.keys(pointers))
.select('userid', 'size')
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
for (const upload of uploads) {
Updated Improved performance of /api/users/:id (admin's manage users). Promisify fs.writeFile. Improved performance of /api/stats. By a lot in Linux, cause uploads size will be deferred to "du" binary. In addition, total usage of whichever disk uploads path resides on will also be queried using "df" binary. Non-Linux will have to rely on manual calculation by querying DB for each upload's size. But logics related to uploads stats were also improved to be almost twice as fast as before. Improved parsing of /api/stats results on dashboard.js. This allows ease of extending server's response by not having to update dashboard.js by much, if at all. Improved codes relating to item menus in dashboard's sidebar. Finally much cleaner now 👍 No longer use /api/upload/delete API route from dashboard. Single file deletion and bulk files deletion, both from uploads list or by names, will now properly use a single function that will use /api/upload/bulkdelete API route. /api/upload/delete will still be kept indefinitely for backward support. Fixed oddities with Select all checkbox. Replaced all instances of modifying HTML element's style attribute with adding/removing is-hidden CSS helper class. Rephrased all instances of "files" to "uploads" in any display strings. Fixed notice message when server is on private mode. A few other improvements.
2019-09-10 16:31:27 +00:00
pointers[upload.userid].uploads++
pointers[upload.userid].usage += parseInt(upload.size)
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
return res.json({ success: true, users, count })
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
}
!!! MASSIVE OVERHAUL !!! As the title says, this commit is a massive overhaul. I've rewritten/restrucuted almost everything in the controller scripts. Because of that, there's a considerable possibility that I've broken something somewhere. Notable changes: Added temporary uploads. Removed file name length changer from dashboard, in favor of an equivalent in homepage config tab. This allows non-registered users to also set file name length. A bunch of other undocmented stuff. I don't know, I'm too tired to remember them all.
2019-09-08 01:56:29 +00:00
module.exports = self
Reference in New Issue Copy Permalink