From 5d1bea39ef2eb048b5c09e0986e4811bfd3022f6 Mon Sep 17 00:00:00 2001 From: Bobby Date: Tue, 28 Jun 2022 11:57:56 +0700 Subject: [PATCH] feat: new api /api/upload/get/:identifier this api only returns file that the user owns (thus token must be set) --- controllers/uploadController.js | 31 +++++++++++++++++++++++++++++++ routes/api.js | 2 +- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/controllers/uploadController.js b/controllers/uploadController.js index 62fc4e2..2b9f3b1 100644 --- a/controllers/uploadController.js +++ b/controllers/uploadController.js @@ -1594,4 +1594,35 @@ self.list = async (req, res, next) => { } } +/** Get file info */ + +self.get = async (req, res, next) => { + try { + const user = await utils.authorize(req) + const ismoderator = perms.is(user, 'moderator') + + const identifier = req.params.identifier + if (identifier === undefined) { + throw new ClientError('No identifier provided.') + } + + const file = await utils.db.table('files') + .where('name', identifier) + .where(function () { + if (!ismoderator) { + this.where('userid', user.id) + } + }) + .first() + + if (!file) { + throw new ClientError('File not found.', { statusCode: 404 }) + } + + await res.json({ success: true, file }) + } catch (error) { + return apiErrorsHandler(error, req, res, next) + } +} + module.exports = self diff --git a/routes/api.js b/routes/api.js index 2bef674..f202013 100644 --- a/routes/api.js +++ b/routes/api.js @@ -32,9 +32,9 @@ routes.get('/uploads', (req, res, next) => uploadController.list(req, res, next) routes.get('/uploads/:page', (req, res, next) => uploadController.list(req, res, next)) routes.post('/upload', (req, res, next) => uploadController.upload(req, res, next)) routes.post('/upload/delete', (req, res, next) => uploadController.delete(req, res, next)) -// routes.get('/upload/delete/:name', (req, res, next) => uploadController.delete(req, res, next)) routes.post('/upload/bulkdelete', (req, res, next) => uploadController.bulkDelete(req, res, next)) routes.post('/upload/finishchunks', (req, res, next) => uploadController.finishChunks(req, res, next)) +routes.get('/upload/get/:identifier', (req, res, next) => uploadController.get(req, res, next)) routes.post('/upload/:albumid', (req, res, next) => uploadController.upload(req, res, next)) routes.get('/album/get/:identifier', (req, res, next) => albumsController.get(req, res, next)) routes.get('/album/zip/:identifier', (req, res, next) => albumsController.generateZip(req, res, next))