diff --git a/controllers/albumsController.js b/controllers/albumsController.js
index 9c666be..55885f5 100644
--- a/controllers/albumsController.js
+++ b/controllers/albumsController.js
@@ -6,16 +6,16 @@ let albumsController = {}
albumsController.list = function(req, res, next){
if(req.headers.auth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
let fields = ['id', 'name']
- if(req.headers.extended !== undefined)
+ if(req.params.sidebar === undefined)
fields.push('timestamp')
db.table('albums').select(fields).where('enabled', 1).then((albums) => {
- if(req.headers.extended === undefined)
+ if(req.params.sidebar !== undefined)
return res.json({ success: true, albums })
let ids = []
@@ -42,9 +42,9 @@ albumsController.list = function(req, res, next){
albumsController.create = function(req, res, next){
if(req.headers.auth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
- let name = req.headers.name
+ let name = req.body.name
if(name === undefined || name === '')
return res.json({ success: false, description: 'No album name specified' })
diff --git a/controllers/tokenController.js b/controllers/tokenController.js
index 91cc292..e302869 100644
--- a/controllers/tokenController.js
+++ b/controllers/tokenController.js
@@ -4,8 +4,8 @@ const db = require('knex')(config.database)
let tokenController = {}
tokenController.verify = function(req, res, next){
- let type = req.headers.type
- let token = req.headers.token
+ let type = req.body.type
+ let token = req.body.token
if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
@@ -26,7 +26,7 @@ tokenController.verify = function(req, res, next){
tokenController.list = function(req, res, next){
if(req.headers.auth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
return res.json({
clientToken: config.clientToken,
@@ -36,10 +36,10 @@ tokenController.list = function(req, res, next){
tokenController.change = function(req, res, next){
if(req.headers.auth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
- let type = req.headers.type
- let token = req.headers.token
+ let type = req.body.type
+ let token = req.body.token
if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index 6b962c3..499bdb7 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -24,13 +24,13 @@ uploadsController.upload = function(req, res, next){
if(config.private === true)
if(req.headers.auth !== config.clientToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
- let album = req.headers.album
+ let album = req.body.album
if(album !== undefined)
if(req.headers.adminauth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
upload(req, res, function (err) {
if (err) {
@@ -81,14 +81,14 @@ uploadsController.upload = function(req, res, next){
uploadsController.list = function(req, res){
if(req.headers.auth !== config.adminToken)
- return res.status(401).send('not-authorized')
+ return res.status(401).json({ success: false, description: 'not-authorized'})
db.table('files')
.where(function(){
- if(req.headers.albumid === undefined)
+ if(req.params.id === undefined)
this.where('id', '<>', '')
else
- this.where('albumid', req.headers.albumid)
+ this.where('albumid', req.params.id)
})
.then((files) => {
db.table('albums').then((albums) => {
@@ -114,7 +114,10 @@ uploadsController.list = function(req, res){
}
- return res.json(files)
+ return res.json({
+ success: true,
+ files
+ })
})
})
diff --git a/lolisafe.js b/lolisafe.js
index f360902..36e961e 100644
--- a/lolisafe.js
+++ b/lolisafe.js
@@ -1,6 +1,7 @@
const config = require('./config.js')
const api = require('./routes/api.js')
const express = require('express')
+const bodyParser = require('body-parser')
const db = require('knex')(config.database)
const fs = require('fs')
const safe = express()
@@ -10,6 +11,9 @@ require('./database/db.js')(db, config)
fs.existsSync('./' + config.uploads.folder) || fs.mkdirSync('./' + config.uploads.folder)
fs.existsSync('./' + config.logsFolder) || fs.mkdirSync('./' + config.logsFolder)
+safe.use(bodyParser.urlencoded({ extended: true }))
+safe.use(bodyParser.json())
+
safe.enable('trust proxy')
safe.use('/', express.static('./uploads'))
diff --git a/package.json b/package.json
index 4a8ce8b..cad67a5 100644
--- a/package.json
+++ b/package.json
@@ -15,6 +15,7 @@
},
"license": "MIT",
"dependencies": {
+ "body-parser": "^1.16.0",
"express": "^4.14.0",
"knex": "^0.12.6",
"multer": "^1.2.1",
diff --git a/pages/home.html b/pages/home.html
index 2a1fae8..2fa0158 100644
--- a/pages/home.html
+++ b/pages/home.html
@@ -7,6 +7,7 @@
+
diff --git a/pages/panel.html b/pages/panel.html
index 641b372..a8ae048 100644
--- a/pages/panel.html
+++ b/pages/panel.html
@@ -6,6 +6,7 @@
+
diff --git a/public/js/panel.js b/public/js/panel.js
index 3f99ef0..f59d3c6 100644
--- a/public/js/panel.js
+++ b/public/js/panel.js
@@ -15,38 +15,38 @@ panel.preparePage = function(){
}
panel.verifyToken = function(token, reloadOnError = false){
- var xhr = new XMLHttpRequest();
+
+ axios.post('/api/tokens/verify', {
+ type: 'admin',
+ token: token
+ })
+ .then(function (response) {
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- var json = JSON.parse(xhr.responseText);
- if(json.success === false){
+ if(response.data.success === false){
+ swal({
+ title: "An error ocurred",
+ text: response.data.description,
+ type: "error"
+ }, function(){
+ if(reloadOnError){
+ localStorage.removeItem("admintoken");
+ location.reload();
+ }
+ })
+ return;
+ }
- swal({
- title: "An error ocurred",
- text: json.description,
- type: "error"
- }, function(){
- if(reloadOnError){
- localStorage.removeItem("admintoken");
- location.reload();
- }
- })
-
- return;
- }
+ axios.defaults.headers.common['auth'] = token;
+ localStorage.admintoken = token;
+ panel.token = token;
+ return panel.prepareDashboard();
- localStorage.admintoken = token;
- panel.token = token;
- return panel.prepareDashboard();
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
- }
- }
- xhr.open('GET', '/api/tokens/verify', true);
- xhr.setRequestHeader('type', 'admin');
- xhr.setRequestHeader('token', token);
- xhr.send(null);
}
panel.prepareDashboard = function(){
@@ -70,195 +70,183 @@ panel.prepareDashboard = function(){
}
panel.getUploads = function(album = undefined){
- panel.page.innerHTML = '';
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function() {
- if(xhr.readyState == XMLHttpRequest.DONE){
-
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
-
- var json = JSON.parse(xhr.responseText);
-
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
-
- var container = document.createElement('div');
- container.innerHTML = `
-
-
-
- | File |
- Album |
- Date |
-
-
-
-
-
`;
- panel.page.appendChild(container);
-
- var table = document.getElementById('table');
-
- for(var item of json){
-
- var tr = document.createElement('tr');
- tr.innerHTML = `
-
- | ${item.file} |
- ${item.album} |
- ${item.date} |
-
- `;
-
- table.appendChild(tr);
- }
-
- }
- }
- xhr.open('GET', '/api/uploads', true);
+ let url = '/api/uploads'
if(album !== undefined)
- xhr.setRequestHeader('albumid', album);
- xhr.setRequestHeader('auth', panel.token);
- xhr.send(null);
+ url = '/api/album/' + album
+
+ axios.get(url)
+ .then(function (response) {
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
+
+ panel.page.innerHTML = '';
+ var container = document.createElement('div');
+ container.innerHTML = `
+
+
+
+ | File |
+ Album |
+ Date |
+
+
+
+
+
`;
+ panel.page.appendChild(container);
+
+ var table = document.getElementById('table');
+
+ for(var item of response.data.files){
+
+ var tr = document.createElement('tr');
+ tr.innerHTML = `
+
+ | ${item.file} |
+ ${item.album} |
+ ${item.date} |
+
+ `;
+
+ table.appendChild(tr);
+ }
+
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
+
}
panel.getAlbums = function(){
- panel.page.innerHTML = '';
- var xhr = new XMLHttpRequest();
- var container = document.createElement('div');
- container.className = "container";
- container.innerHTML = `
- Create new album
+ axios.get('/api/albums')
+ .then(function (response) {
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
-
-
- Submit
-
+ panel.page.innerHTML = '';
+ var container = document.createElement('div');
+ container.className = "container";
+ container.innerHTML = `
+ Create new album
- List of albums
+
+
+ Submit
+
-
-
-
- | Name |
- Files |
- Created At |
-
-
-
-
-
`;
+ List of albums
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
+
+
+
+ | Name |
+ Files |
+ Created At |
+
+
+
+
+
`;
- var json = JSON.parse(xhr.responseText);
+ panel.page.appendChild(container);
+ var table = document.getElementById('table');
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
+ for(var item of response.data.albums){
- panel.page.appendChild(container);
- var table = document.getElementById('table');
+ var tr = document.createElement('tr');
+ tr.innerHTML = `
+
+ | ${item.name} |
+ ${item.files} |
+ ${item.date} |
+
+ `;
- for(var item of json.albums){
-
- var tr = document.createElement('tr');
- tr.innerHTML = `
-
- | ${item.name} |
- ${item.files} |
- ${item.date} |
-
- `;
-
- table.appendChild(tr);
- }
-
- document.getElementById('submitAlbum').addEventListener('click', function(){
- panel.submitAlbum();
- });
-
+ table.appendChild(tr);
}
- }
- xhr.open('GET', '/api/albums', true);
- xhr.setRequestHeader('auth', panel.token);
- xhr.setRequestHeader('extended', '');
- xhr.send(null);
+ document.getElementById('submitAlbum').addEventListener('click', function(){
+ panel.submitAlbum();
+ });
+
+
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
+
}
panel.submitAlbum = function(){
- var xhr = new XMLHttpRequest();
+ axios.post('/api/albums', {
+ name: document.getElementById('albumName').value
+ })
+ .then(function (response) {
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
- var json = JSON.parse(xhr.responseText);
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
+ swal("Woohoo!", "Album was added successfully", "success");
+ panel.getAlbumsSidebar();
+ panel.getAlbums();
+ return;
- swal("Woohoo!", "Album was added successfully", "success");
- panel.getAlbumsSidebar();
- panel.getAlbums();
- return;
- }
- }
-
- xhr.open('POST', '/api/albums', true);
- xhr.setRequestHeader('auth', panel.token);
- xhr.setRequestHeader('name', document.getElementById('albumName').value);
- xhr.send(null);
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
}
panel.getAlbumsSidebar = function(){
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
+ axios.get('/api/albums/sidebar')
+ .then(function (response) {
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
- var json = JSON.parse(xhr.responseText);
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
+ var albumsContainer = document.getElementById('albumsContainer');
+ albumsContainer.innerHTML = '';
- var albumsContainer = document.getElementById('albumsContainer');
- albumsContainer.innerHTML = '';
+ if(response.data.albums === undefined) return;
- if(json.albums === undefined) return;
+ for(var album of response.data.albums){
- for(var album of json.albums){
+ li = document.createElement('li');
+ a = document.createElement('a');
+ a.id = album.id;
+ a.innerHTML = album.name;
- li = document.createElement('li');
- a = document.createElement('a');
- a.id = album.id;
- a.innerHTML = album.name;
+ a.addEventListener('click', function(){
+ panel.getAlbum(this);
+ });
- a.addEventListener('click', function(){
- panel.getAlbum(this);
- });
-
- li.appendChild(a);
- albumsContainer.appendChild(li);
- }
+ li.appendChild(a);
+ albumsContainer.appendChild(li);
}
- }
- xhr.open('GET', '/api/albums', true);
- xhr.setRequestHeader('auth', panel.token);
- xhr.send(null);
+
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
+
}
panel.getAlbum = function(item){
@@ -266,99 +254,89 @@ panel.getAlbum = function(item){
}
panel.changeTokens = function(){
- panel.page.innerHTML = '';
- var xhr = new XMLHttpRequest();
- var container = document.createElement('div');
- container.className = "container";
- container.innerHTML = `
- Manage your tokens
+ axios.get('/api/tokens')
+ .then(function (response) {
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
-
-
-
- Save
-
+ panel.page.innerHTML = '';
+ var container = document.createElement('div');
+ container.className = "container";
+ container.innerHTML = `
+ Manage your tokens
-
-
-
- Save
-
- `;
+
+
+
+ Save
+
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
+
+
+
+ Save
+
+ `;
- var json = JSON.parse(xhr.responseText);
+ panel.page.appendChild(container);
- console.log(json);
+ document.getElementById('clientToken').value = response.data.clientToken;
+ document.getElementById('adminToken').value = response.data.adminToken;
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
+ document.getElementById('submitClientToken').addEventListener('click', function(){
+ panel.submitToken('client', document.getElementById('clientToken').value);
+ });
- panel.page.appendChild(container);
+ document.getElementById('submitAdminToken').addEventListener('click', function(){
+ panel.submitToken('admin', document.getElementById('adminToken').value);
+ });
- document.getElementById('clientToken').value = json.clientToken;
- document.getElementById('adminToken').value = json.adminToken;
- document.getElementById('submitClientToken').addEventListener('click', function(){
- panel.submitToken('client', document.getElementById('clientToken').value);
- });
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
- document.getElementById('submitAdminToken').addEventListener('click', function(){
- panel.submitToken('admin', document.getElementById('adminToken').value);
- });
- }
- }
-
- xhr.open('GET', '/api/tokens', true);
- xhr.setRequestHeader('auth', panel.token);
- xhr.send(null);
}
panel.submitToken = function(type, token){
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
+ axios.post('/api/tokens/change', {
+ type: type,
+ token: token
+ })
+ .then(function (response) {
+
+ if(response.data.success === false){
+ if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+ else return swal("An error ocurred", response.data.description, "error");
+ }
+
+ swal({
+ title: "Woohoo!",
+ text: 'Your token was changed successfully.',
+ type: "success"
+ }, function(){
- if(xhr.responseText === 'not-authorized')
- return panel.verifyToken(panel.token);
+ if(type === 'client')
+ localStorage.token = token;
+ else if(type === 'admin')
+ localStorage.admintoken = token
- var json = JSON.parse(xhr.responseText);
-
- console.log(json);
-
- if(json.success === false)
- return swal("An error ocurred", json.description, "error");
-
- swal({
- title: "Woohoo!",
- text: 'Your token was changed successfully.',
- type: "success"
- }, function(){
+ location.reload();
- if(type === 'client')
- localStorage.token = token;
- else if(type === 'admin')
- localStorage.admintoken = token
+ })
- location.reload();
-
- })
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
- }
- }
-
- xhr.open('POST', '/api/tokens/change', true);
- xhr.setRequestHeader('auth', panel.token);
- xhr.setRequestHeader('type', type);
- xhr.setRequestHeader('token', token);
- xhr.send(null);
}
window.onload = function () {
diff --git a/public/js/upload.js b/public/js/upload.js
index d6d9b9d..35208f3 100644
--- a/public/js/upload.js
+++ b/public/js/upload.js
@@ -5,16 +5,18 @@ upload.token = localStorage.token;
upload.maxFileSize;
upload.checkIfPublic = function(){
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
- upload.isPublic = JSON.parse(xhr.responseText).private;
- upload.maxFileSize = JSON.parse(xhr.responseText).maxFileSize;
- upload.preparePage();
- }
- }
- xhr.open('GET', '/api/check', true);
- xhr.send(null);
+
+ axios.get('/api/check')
+ .then(function (response) {
+ upload.isPublic = response.data.private;
+ upload.maxFileSize = response.data.maxFileSize;
+ upload.preparePage();
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
+
}
upload.preparePage = function(){
@@ -30,38 +32,37 @@ upload.preparePage = function(){
}
upload.verifyToken = function(token, reloadOnError = false){
- var xhr = new XMLHttpRequest();
- xhr.onreadystatechange = function() {
- if (xhr.readyState == XMLHttpRequest.DONE) {
-
- var json = JSON.parse(xhr.responseText);
- if(json.success === false){
+ axios.post('/api/tokens/verify', {
+ type: 'client',
+ token: token
+ })
+ .then(function (response) {
- swal({
- title: "An error ocurred",
- text: json.description,
- type: "error"
- }, function(){
- if(reloadOnError){
- localStorage.removeItem("token");
- location.reload();
- }
- })
+ if(response.data.success === false){
+ swal({
+ title: "An error ocurred",
+ text: response.data.description,
+ type: "error"
+ }, function(){
+ if(reloadOnError){
+ localStorage.removeItem("token");
+ location.reload();
+ }
+ })
+ return;
+ }
- return;
- }
+ localStorage.token = token;
+ upload.token = token;
+ return upload.prepareUpload();
- localStorage.token = token;
- upload.token = token;
- return upload.prepareUpload();
+ })
+ .catch(function (error) {
+ return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+ console.log(error);
+ });
- }
- }
- xhr.open('GET', '/api/tokens/verify', true);
- xhr.setRequestHeader('type', 'client');
- xhr.setRequestHeader('token', token);
- xhr.send(null);
}
upload.prepareUpload = function(){
diff --git a/routes/api.js b/routes/api.js
index 81a15bb..4333c74 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -13,11 +13,15 @@ routes.get ('/check', (req, res, next) => {
routes.get ('/uploads', (req, res, next) => uploadController.list(req, res))
routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
+
+routes.get ('/album/:id', (req, res, next) => uploadController.list(req, res, next))
routes.get ('/albums', (req, res, next) => albumsController.list(req, res, next))
+routes.get ('/albums/:sidebar', (req, res, next) => albumsController.list(req, res, next))
routes.post ('/albums', (req, res, next) => albumsController.create(req, res, next))
routes.get ('/albums/test', (req, res, next) => albumsController.test(req, res, next))
-routes.get ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
+
routes.get ('/tokens', (req, res, next) => tokenController.list(req, res))
+routes.post ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
routes.post ('/tokens/change', (req, res, next) => tokenController.change(req, res))
module.exports = routes