Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2024-12-13 16:06:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fcf4c00de7
filesafe/controllers/authController.js

256 lines
7.8 KiB
JavaScript
Raw Normal View History

Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const bcrypt = require('bcrypt')
Updates * Added VSCode settings to git repo. Now you can match yours with mine, if you want. * Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension). * Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension). * Refactored path in all instances of require() wherever applicable. * Sorted instances of require() wherever applicable. * Fixed 500 HTTP error trying to load an error page for 505 HTTP error. * Removed special treatement of NoJS page from uploadsController.processFilesForDisplay(). * Updated version string of all static files. * Beautified all HTML, HANDLEBARS and CSS files. * Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens. * Added CSS prefixes wherever applicable. * Improved back-end side of No-JS uploader. This will now handle errors properly. * No-JS uploader will now show max file size. * No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
2018-04-13 16:20:57 +00:00
const config = require('./../config')
const db = require('knex')(config.database)
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
const perms = require('./permissionController')
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const randomstring = require('randomstring')
Updates * Added VSCode settings to git repo. Now you can match yours with mine, if you want. * Added .jsbeautifyrc for js-beautify (to be used by VSCode's Beautify extension). * Refactored all instances of require('**/*.js') with require('**/*') wherever applicable (basically gotten rid of the .js extension). * Refactored path in all instances of require() wherever applicable. * Sorted instances of require() wherever applicable. * Fixed 500 HTTP error trying to load an error page for 505 HTTP error. * Removed special treatement of NoJS page from uploadsController.processFilesForDisplay(). * Updated version string of all static files. * Beautified all HTML, HANDLEBARS and CSS files. * Refactored the structure of footer links in homepage and No-JS uploader. This should now fix homepage going out-of-bound in smaller screens. * Added CSS prefixes wherever applicable. * Improved back-end side of No-JS uploader. This will now handle errors properly. * No-JS uploader will now show max file size. * No-JS uploader will now show a proper message when private mode is enabled and/or registration is disabled.
2018-04-13 16:20:57 +00:00
const utils = require('./utilsController')
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
const authController = {}
ES6 rewrite
2017-10-04 00:13:38 +00:00
authController.verify = async (req, res, next) => {
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const username = req.body.username
const password = req.body.password
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (username === undefined) { return res.json({ success: false, description: 'No username provided.' }) }
if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }
ES6 rewrite
2017-10-04 00:13:38 +00:00
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const user = await db.table('users').where('username', username).first()
Init account-manager branch
2018-10-09 19:52:41 +00:00
if (!user) {
return res.json({ success: false, description: 'Username doesn\'t exist.' })
}
Updates * Properly merged changes from master. * database/migration.js will now exit after migartion. * Replaced all instances of createTableIfNotExists() into a combination of hasTable() and createTable() in db.js.
2018-03-14 06:57:09 +00:00
if (user.enabled === false || user.enabled === 0) {
More improvements to albums, and others Improvements related to albums: * Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png). This also adds a new API route: /api/albums/edit. The old API route, /api/albums/rename, is still available but will silently be using the new API in backend. * Deleting album will now also delete its zip archive if exists. * Renaming albums will also rename its zip archive if exists. * Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat. * The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier. * Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier. * Added "download" and "public" columns to "albums" table in database/db.js. Existing users can run "node database/migration.js" to add the columns. Others: * uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise. * Album name of disabled/deleted albums will no longer be shown in uploads list. * Added "fileLength" column to "users" table in database/db.js. * Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though. * Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch). * Updated icons (added download icon). * Some other improvements/tweaks here and there.
2018-04-28 17:26:39 +00:00
return res.json({ success: false, description: 'This account has been disabled.' })
Updates * Properly merged changes from master. * database/migration.js will now exit after migartion. * Replaced all instances of createTableIfNotExists() into a combination of hasTable() and createTable() in db.js.
2018-03-14 06:57:09 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates * Refactored all instances of "err" into "error". * Added bulk delete feature (API route: /api/uploads/bulkdelete). It accepts an array of IDs (its key must be "ids" in the JSON POST request). Don't forget it still requires a token in the headers. (https://s.fiery.me/6rjMAYoC.mp4) * Removed fontello.css from auth.html. * Updated a bunch of styling. * Added "copy link to clipboard" button to thumbs view. * Added "view thumbnail" button to list view. Clicking the row will no longer trigger thumb view, instead you have to press that button. * Updated icons. * ... and perhaps some others that I can't remember?
2018-03-29 23:22:08 +00:00
bcrypt.compare(password, user.password, (error, result) => {
if (error) {
Updates (please update your config.js) NOTICE: Please update your config.js. Use config.sample.js as the template. There were a couple of renames and restructures. * Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though. * All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout. * Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw. * Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail). This haven't been tested in Windows machines, but it'll probably work fine. I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 08:41:30 +00:00
console.error(error)
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'There was an error.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (result === false) { return res.json({ success: false, description: 'Wrong password.' }) }
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
return res.json({ success: true, token: user.token })
})
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
authController.register = async (req, res, next) => {
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
if (config.enableUserAccounts === false) {
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Register is disabled at the moment.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
const username = req.body.username
const password = req.body.password
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (username === undefined) { return res.json({ success: false, description: 'No username provided.' }) }
if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
if (username.length < 4 || username.length > 32) {
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
if (password.length < 6 || password.length > 64) {
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
const user = await db.table('users').where('username', username).first()
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (user) { return res.json({ success: false, description: 'Username already exists.' }) }
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
Updates * Refactored all instances of "err" into "error". * Added bulk delete feature (API route: /api/uploads/bulkdelete). It accepts an array of IDs (its key must be "ids" in the JSON POST request). Don't forget it still requires a token in the headers. (https://s.fiery.me/6rjMAYoC.mp4) * Removed fontello.css from auth.html. * Updated a bunch of styling. * Added "copy link to clipboard" button to thumbs view. * Added "view thumbnail" button to list view. Clicking the row will no longer trigger thumb view, instead you have to press that button. * Updated icons. * ... and perhaps some others that I can't remember?
2018-03-29 23:22:08 +00:00
bcrypt.hash(password, 10, async (error, hash) => {
if (error) {
Updates (please update your config.js) NOTICE: Please update your config.js. Use config.sample.js as the template. There were a couple of renames and restructures. * Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though. * All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout. * Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw. * Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail). This haven't been tested in Windows machines, but it'll probably work fine. I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 08:41:30 +00:00
console.error(error)
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
const token = randomstring.generate(64)
await db.table('users').insert({
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
username,
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
password: hash,
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
token,
Init account-manager branch
2018-10-09 19:52:41 +00:00
enabled: 1,
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
permission: perms.permissions.user
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
})
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
return res.json({ success: true, token })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
})
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
authController.changePassword = async (req, res, next) => {
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
const user = await utils.authorize(req, res)
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (!user) { return }
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
const password = req.body.password
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (password === undefined) { return res.json({ success: false, description: 'No password provided.' }) }
ES6 rewrite
2017-10-04 00:13:38 +00:00
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
if (password.length < 6 || password.length > 64) {
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Password must have 6-64 characters.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates * Refactored all instances of "err" into "error". * Added bulk delete feature (API route: /api/uploads/bulkdelete). It accepts an array of IDs (its key must be "ids" in the JSON POST request). Don't forget it still requires a token in the headers. (https://s.fiery.me/6rjMAYoC.mp4) * Removed fontello.css from auth.html. * Updated a bunch of styling. * Added "copy link to clipboard" button to thumbs view. * Added "view thumbnail" button to list view. Clicking the row will no longer trigger thumb view, instead you have to press that button. * Updated icons. * ... and perhaps some others that I can't remember?
2018-03-29 23:22:08 +00:00
bcrypt.hash(password, 10, async (error, hash) => {
if (error) {
Updates (please update your config.js) NOTICE: Please update your config.js. Use config.sample.js as the template. There were a couple of renames and restructures. * Album zipper API route will now internally save its state when it's generating zip files, and any subsequent requests will silently be "postponed" until the first spawned task is finished. This will guarantee that there are no multiple zipping tasks for the same album. The method may seem a bit hackish though. * All instances of console.log(error) were replaced with console.error(error). This will guarantee that any error goes to stderr instead of stdout. * Deleting file by names will now properly remove successful files from the textarea. There was a logic flaw. * Failure to generate thumbnails will no longer print the full stack, but instead only the error message. It will also then symlink a template image from /public/images/unavailable.png (it's only a simple image that says that it failed to generate thumbnail). This haven't been tested in Windows machines, but it'll probably work fine. I thought of adding a new column to files table which will store information whether the thumbnail generation is sucessful or not, but oh well, I'll go with this method for now.
2018-05-09 08:41:30 +00:00
console.error(error)
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
More improvements to albums, and others Improvements related to albums: * Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png). This also adds a new API route: /api/albums/edit. The old API route, /api/albums/rename, is still available but will silently be using the new API in backend. * Deleting album will now also delete its zip archive if exists. * Renaming albums will also rename its zip archive if exists. * Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat. * The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier. * Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier. * Added "download" and "public" columns to "albums" table in database/db.js. Existing users can run "node database/migration.js" to add the columns. Others: * uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise. * Album name of disabled/deleted albums will no longer be shown in uploads list. * Added "fileLength" column to "users" table in database/db.js. * Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though. * Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch). * Updated icons (added download icon). * Some other improvements/tweaks here and there.
2018-04-28 17:26:39 +00:00
await db.table('users')
.where('id', user.id)
.update('password', hash)
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
return res.json({ success: true })
})
}
ES6 rewrite
2017-10-04 00:13:38 +00:00
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
authController.getFileLengthConfig = async (req, res, next) => {
const user = await utils.authorize(req, res)
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (!user) { return }
Init account-manager branch
2018-10-09 19:52:41 +00:00
return res.json({
success: true,
fileLength: user.fileLength,
config: config.uploads.fileLength
})
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
}
authController.changeFileLength = async (req, res, next) => {
if (config.uploads.fileLength.userChangeable === false) {
Init account-manager branch
2018-10-09 19:52:41 +00:00
return res.json({
success: false,
description: 'Changing file name length is disabled at the moment.'
})
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
}
const user = await utils.authorize(req, res)
Updates * Switched standard to eslint with eslint-config-standard (and 4 more eslint plugins needed by standard). * Added "curly" eslint rule with "all" option. I like it. * Refactored all JS files to apply the new "curly" eslint rule. * Renewed axios.min.js, dropzone.min.js and sweetalert.min.js. Re-minified and added a small comment stating their version and copyright statement. * Some buttons in dashboard will now show loading icon whenever they're waiting for response from the server. * Updated README.md and .gitignore.
2018-03-28 17:40:50 +00:00
if (!user) { return }
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
Updates * Updated eslint-plugin-import dev dependency. * Added 2 new ESLint rules: "prefer-const" and "object-shorthand". * Refactor all JS files to follow the new ESLint rules. * Refactored all instances of for-i into for-of wherever applicable.
2018-04-05 10:52:57 +00:00
const fileLength = parseInt(req.body.fileLength)
Init account-manager branch
2018-10-09 19:52:41 +00:00
if (fileLength === undefined) {
return res.json({
success: false,
description: 'No file name length provided.'
})
}
if (isNaN(fileLength)) {
return res.json({
success: false,
description: 'File name length is not a valid number.'
})
}
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
if (fileLength < config.uploads.fileLength.min || fileLength > config.uploads.fileLength.max) {
Init account-manager branch
2018-10-09 19:52:41 +00:00
return res.json({
success: false,
description: `File name length must be ${config.uploads.fileLength.min} to ${config.uploads.fileLength.max} characters.`
})
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
}
if (fileLength === user.fileLength) {
return res.json({ success: true })
}
More improvements to albums, and others Improvements related to albums: * Changed "rename album" option with a better "edit album" feature. With it you can also disable download or public link and even request a new public link (https://i.fiery.me/fz1y.png). This also adds a new API route: /api/albums/edit. The old API route, /api/albums/rename, is still available but will silently be using the new API in backend. * Deleting album will now also delete its zip archive if exists. * Renaming albums will also rename its zip archive if exists. * Generating zip will use async fs.readFile instead of fs.readFileSync. This should improve generating speed somewhat. * The codes that tries to generate random identifier for album will now check whether an album with the same identifier already exists. It will also rely on "uploads.maxTries" config option to limit how many times it will try to re-generate a new random identifier. * Added a new config option "uploads.albumIdentifierLength" which sets the length of the randomly generated identifier. * Added "download" and "public" columns to "albums" table in database/db.js. Existing users can run "node database/migration.js" to add the columns. Others: * uploadsController.getUniqueRandomName will no longer accept 3 paramters (previously it would accept a callback in the third parameter). It will now instead return a Promise. * Album name of disabled/deleted albums will no longer be shown in uploads list. * Added "fileLength" column to "users" table in database/db.js. * Renamed HTTP404.html and HTTP500.html in /pages/error to 404.html and 500.html respectively. I'm still using symlinks though. * Added a new CSS named sweetalert.css which will be used in homepage, auth and dashboard. It will style all sweetalert modals with dark theme (matching the current color scheme used in this branch). * Updated icons (added download icon). * Some other improvements/tweaks here and there.
2018-04-28 17:26:39 +00:00
await db.table('users')
.where('id', user.id)
.update('fileLength', fileLength)
Updates (WARNING!) WARNING: Please turn off lolisafe before upgrading, then run "node database/migration.js" once after upgrading. Ignore all errors/warnings about duplicate column name. Afterwards make sure your config.js follows the new format in config.sample.js (specifically fileLength and generateThumbnails options). * generateImageThumbnails and generateVideoThumbnails options in config.js is now renamed to an object named generateThumbnails, with image and video as its properties. * fileLength option is now an object with min, max, default and userChangeable as its properties. * User may now change their preferred file length (following the previous option, of course). * Updated a bunch of responses messages. Mainly appending a dot to the messages. * New APIs: /fileLength/config to get an object of the current fileLength config (exactly what is in the config.js file). /fileLength/change to change user's preferred file length. * And maybe some others ...?
2018-03-24 13:52:47 +00:00
return res.json({ success: true })
}
Init account-manager branch
2018-10-09 19:52:41 +00:00
authController.editUser = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) { return }
const id = parseInt(req.body.id)
if (isNaN(id)) {
return res.json({ success: false, description: 'No user specified.' })
}
const target = await db.table('users')
.where('id', id)
.first()
if (!target) {
return res.json({ success: false, description: 'Could not get user with the specified ID.' })
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
} else if (!perms.higher(user, target)) {
Init account-manager branch
2018-10-09 19:52:41 +00:00
return res.json({ success: false, description: 'The user is in the same or higher group as you.' })
} else if (target.username === 'root') {
return res.json({ success: false, description: 'Root user may not be edited.' })
}
const username = String(req.body.username)
if (username.length < 4 || username.length > 32) {
return res.json({ success: false, description: 'Username must have 4-32 characters.' })
}
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
let permission = req.body.group ? perms.permissions[req.body.group] : target.permission
Added user group option to edit user modal Also simplified selector for file's add to album modal
2018-10-10 17:33:11 +00:00
if (typeof permission !== 'number' || permission < 0) { permission = target.permission }
Init account-manager branch
2018-10-09 19:52:41 +00:00
await db.table('users')
.where('id', id)
.update({
username,
Added user group option to edit user modal Also simplified selector for file's add to album modal
2018-10-10 17:33:11 +00:00
enabled: Boolean(req.body.enabled),
permission
Init account-manager branch
2018-10-09 19:52:41 +00:00
})
if (!req.body.resetPassword) {
return res.json({ success: true, username })
}
const password = randomstring.generate(16)
bcrypt.hash(password, 10, async (error, hash) => {
if (error) {
console.error(error)
return res.json({ success: false, description: 'Error generating password hash (╯°□°)╯︵ ┻━┻.' })
}
await db.table('users')
.where('id', id)
.update('password', hash)
return res.json({ success: true, password })
})
}
authController.listUsers = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) { return }
Moved permission-related functions to permissionController Fix: non-root staffs are now able to delete files by any users (previously they could only list them).
2018-10-13 11:06:58 +00:00
const isadmin = perms.is(user, 'admin')
Init account-manager branch
2018-10-09 19:52:41 +00:00
if (!isadmin) { return res.status(403) }
let offset = req.params.page
if (offset === undefined) { offset = 0 }
const users = await db.table('users')
// .orderBy('id', 'DESC')
.limit(25)
.offset(25 * offset)
.select('id', 'username', 'enabled', 'fileLength', 'permission')
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
if (!users.length) { return res.json({ success: true, users }) }
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
const userids = []
Init account-manager branch
2018-10-09 19:52:41 +00:00
for (const user of users) {
user.groups = authController.mapPermissions(user)
delete user.permission
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
userids.push(user.id)
user.uploadsCount = 0
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
user.diskUsage = 0
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
}
const maps = {}
const uploads = await db.table('files').whereIn('userid', userids)
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
for (const upload of uploads) {
// This is the fastest method that I can think of
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
if (maps[upload.userid] === undefined) { maps[upload.userid] = { count: 0, size: 0 } }
maps[upload.userid].count++
maps[upload.userid].size += parseInt(upload.size)
Added ID and uploads count columns into manage users Updated client-side check of user's enabled status to match server-side Removed a bunch of console.log()'s from development
2018-10-12 09:42:16 +00:00
}
for (const user of users) {
Added disk usage column to manage users
2018-10-12 10:19:14 +00:00
if (!maps[user.id]) { continue }
user.uploadsCount = maps[user.id].count
user.diskUsage = maps[user.id].size
Init account-manager branch
2018-10-09 19:52:41 +00:00
}
return res.json({ success: true, users })
}
Various updates * Switched ESLint + Aqua to Standard. I'm a big fan of Standard. Updated yarn.lock file too. * Lots of refactors to follow the rules of Standard. * Fixed issue with uploading as a not logged in user.
2018-01-23 20:06:30 +00:00
module.exports = authController
Reference in New Issue Copy Permalink