Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2025-01-31 15:21:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Pitu 2017-01-29 22:51:54 -03:00
parent a7201c4b96
commit 0258c290ff
1 changed files with 160 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
controllers/uploadController.js
View File

@ -25,15 +25,26 @@ const upload = multer({
uploadsController.upload = function(req, res, next){ uploadsController.upload = function(req, res, next){
// Get the token
let token = req.headers.token
// If we're running in private and there's no token, error
if(config.private === true) if(config.private === true)
if(req.headers.auth !== config.clientToken) if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' })
return res.status(401).json({ success: false, description: 'not-authorized'})
let album = req.params.albumid // Let's see if it's a valid token
db.table('users').where('token', token).then((user) => {
let userid
if(user.length > 0)
userid = user.id
if(album !== undefined) // Check if user is trying to upload to an album
if(req.headers.adminauth !== config.adminToken) let album = undefined
return res.status(401).json({ success: false, description: 'not-authorized'}) if(userid !== undefined){
album = req.headers.albumid
if(album === undefined)
album = req.params.albumid
}
upload(req, res, function (err) { upload(req, res, function (err) {
if (err) { if (err) {
@ -80,6 +91,7 @@ uploadsController.upload = function(req, res, next){
hash: fileHash, hash: fileHash,
ip: req.ip, ip: req.ip,
albumid: album, albumid: album,
userid: userid,
timestamp: Math.floor(Date.now() / 1000) timestamp: Math.floor(Date.now() / 1000)
}) })
} }
@ -87,19 +99,16 @@ uploadsController.upload = function(req, res, next){
if(iteration === req.files.length) if(iteration === req.files.length)
return uploadsController.processFilesForDisplay(req, res, files, existingFiles) return uploadsController.processFilesForDisplay(req, res, files, existingFiles)
iteration++ iteration++
})
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
}) })
}) })
}) })
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
} }
uploadsController.processFilesForDisplay = function(req, res, files, existingFiles){ uploadsController.processFilesForDisplay = function(req, res, files, existingFiles){
let basedomain = req.get('host') let basedomain = req.get('host')
for(let domain of config.domains) for(let domain of config.domains)
if(domain.host === req.get('host')) if(domain.host === req.get('host'))
@ -139,14 +148,23 @@ uploadsController.processFilesForDisplay = function(req, res, files, existingFil
uploadsController.delete = function(req, res){ uploadsController.delete = function(req, res){
if(req.headers.auth !== config.adminToken) let token = req.headers.token
return res.status(401).json({ success: false, description: 'not-authorized'}) if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' })
let id = req.body.id let id = req.body.id
if(id === undefined || id === '') if(id === undefined || id === '')
return res.json({ success: false, description: 'No file specified' }) return res.json({ success: false, description: 'No file specified' })
db.table('files').where('id', id).then((file) => { db.table('users').where('token', token).then((user) => {
if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'})
db.table('files')
.where('id', id)
.where(function(){
if(user.username !== 'root')
this.where('userid', user.id)
})
.then((file) => {
uploadsController.deleteFile(file[0].name).then(() => { uploadsController.deleteFile(file[0].name).then(() => {
db.table('files').where('id', id).del().then(() =>{ db.table('files').where('id', id).del().then(() =>{
@ -160,6 +178,7 @@ uploadsController.delete = function(req, res){
}) })
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
} }
@ -179,8 +198,11 @@ uploadsController.deleteFile = function(file){
uploadsController.list = function(req, res){ uploadsController.list = function(req, res){
if(req.headers.auth !== config.adminToken) let token = req.headers.token
return res.status(401).json({ success: false, description: 'not-authorized'}) if(token === undefined) return res.status(401).json({ success: false, description: 'No token provided' })
db.table('users').where('token', token).then((user) => {
if(user.length === 0) return res.status(401).json({ success: false, description: 'Invalid token'})
let offset = req.params.page let offset = req.params.page
if(offset === undefined) offset = 0 if(offset === undefined) offset = 0
@ -192,6 +214,10 @@ uploadsController.list = function(req, res){
else else
this.where('albumid', req.params.id) this.where('albumid', req.params.id)
}) })
.where(function(){
if(user.username !== 'root')
this.where('userid', user.id)
})
.orderBy('id', 'DESC') .orderBy('id', 'DESC')
.limit(25) .limit(25)
.offset(25 * offset) .offset(25 * offset)
@ -256,6 +282,8 @@ uploadsController.list = function(req, res){
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
}).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) }) }).catch(function(error) { console.log(error); res.json({success: false, description: 'error'}) })
})
} }
module.exports = uploadsController module.exports = uploadsController