Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2025-01-31 07:11:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: check if req.path_parameters is set

Browse Source
This commit is contained in:
Bobby Wibowo 2022-07-22 02:03:59 +07:00
parent 07d0237031
commit 96d276b396
No known key found for this signature in database
GPG Key ID: 51C3A1E1E22D26CF
4 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/albumsController.js
View File

@ -105,7 +105,7 @@ self.list = async (req, res) => {
return res.json({ success: true, albums, count }) return res.json({ success: true, albums, count })
} else { } else {
let offset = Number(req.path_parameters.page) let offset = req.path_parameters && Number(req.path_parameters.page)
if (isNaN(offset)) offset = 0 if (isNaN(offset)) offset = 0
else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset) else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset)
@ -430,7 +430,7 @@ self.rename = async (req, res) => {
} }
self.get = async (req, res) => { self.get = async (req, res) => {
const identifier = req.path_parameters.identifier const identifier = req.path_parameters && req.path_parameters.identifier
if (identifier === undefined) { if (identifier === undefined) {
throw new ClientError('No identifier provided.') throw new ClientError('No identifier provided.')
} }
@ -513,7 +513,7 @@ self.getUpstreamCompat = async (req, res) => {
self.generateZip = async (req, res) => { self.generateZip = async (req, res) => {
const versionString = parseInt(req.query_parameters.v) const versionString = parseInt(req.query_parameters.v)
const identifier = req.path_parameters.identifier const identifier = req.path_parameters && req.path_parameters.identifier
if (identifier === undefined) { if (identifier === undefined) {
throw new ClientError('No identifier provided.') throw new ClientError('No identifier provided.')
} }

2
controllers/authController.js
View File

@ -363,7 +363,7 @@ self.listUsers = async (req, res) => {
return res.json({ success: true, users: [], count }) return res.json({ success: true, users: [], count })
} }
let offset = Number(req.path_parameters.page) let offset = req.path_parameters && Number(req.path_parameters.page)
if (isNaN(offset)) offset = 0 if (isNaN(offset)) offset = 0
else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset) else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset)

20
controllers/uploadController.js
View File

@ -210,7 +210,7 @@ self.upload = async (req, res) => {
} }
} }
let albumid = parseInt(req.headers.albumid || req.path_parameters.albumid) let albumid = parseInt(req.headers.albumid || (req.path_parameters && req.path_parameters.albumid))
if (isNaN(albumid)) albumid = null if (isNaN(albumid)) albumid = null
const age = self.assertRetentionPeriod(user, req.headers.age) const age = self.assertRetentionPeriod(user, req.headers.age)
@ -1090,6 +1090,7 @@ self.list = async (req, res) => {
const ismoderator = perms.is(user, 'moderator') const ismoderator = perms.is(user, 'moderator')
if (all && !ismoderator) return res.status(403).end() if (all && !ismoderator) return res.status(403).end()
const albumid = req.path_parameters && Number(req.path_parameters.albumid)
const basedomain = utils.conf.domain const basedomain = utils.conf.domain
// Thresholds for regular users // Thresholds for regular users
@ -1161,12 +1162,15 @@ self.list = async (req, res) => {
if (filters) { if (filters) {
const keywords = [] const keywords = []
if (req.path_parameters.albumid === undefined) { // Only allow filtering by 'albumid' when not listing a specific album's uploads
if (isNaN(albumid)) {
keywords.push('albumid') keywords.push('albumid')
} }
// Only allow filtering by 'ip' and 'user' keys when listing all uploads // Only allow filtering by 'ip' and 'user' keys when listing all uploads
if (all) keywords.push('ip', 'user') if (all) {
keywords.push('ip', 'user')
}
const ranges = [ const ranges = [
'date', 'date',
@ -1361,8 +1365,8 @@ self.list = async (req, res) => {
'timestamp' 'timestamp'
] ]
// Only allow sorting by 'albumid' when not listing album's uploads // Only allow sorting by 'albumid' when not listing a specific album's uploads
if (req.path_parameters.albumid === undefined) { if (isNaN(albumid)) {
allowed.push('albumid') allowed.push('albumid')
} }
@ -1474,7 +1478,7 @@ self.list = async (req, res) => {
// Then, refine using any of the supplied 'albumid' keys and/or NULL flag // Then, refine using any of the supplied 'albumid' keys and/or NULL flag
// Same prioritization logic as 'userid' and 'ip' above // Same prioritization logic as 'userid' and 'ip' above
if (req.path_parameters.albumid === undefined) { if (isNaN(albumid)) {
this.andWhere(function () { this.andWhere(function () {
if (filterObj.queries.exclude.albumid) { if (filterObj.queries.exclude.albumid) {
this.whereNotIn('albumid', filterObj.queries.exclude.albumid) this.whereNotIn('albumid', filterObj.queries.exclude.albumid)
@ -1572,7 +1576,7 @@ self.list = async (req, res) => {
return res.json({ success: true, files: [], count }) return res.json({ success: true, files: [], count })
} }
let offset = Number(req.path_parameters.page) let offset = req.path_parameters && Number(req.path_parameters.page)
if (isNaN(offset)) offset = 0 if (isNaN(offset)) offset = 0
else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset) else if (offset < 0) offset = Math.max(0, Math.ceil(count / 25) + offset)
@ -1680,7 +1684,7 @@ self.get = async (req, res) => {
const user = await utils.authorize(req) const user = await utils.authorize(req)
const ismoderator = perms.is(user, 'moderator') const ismoderator = perms.is(user, 'moderator')
const identifier = req.path_parameters.identifier const identifier = req.path_parameters && req.path_parameters.identifier
if (identifier === undefined) { if (identifier === undefined) {
throw new ClientError('No identifier provided.') throw new ClientError('No identifier provided.')
} }

2
routes/album.js
View File

@ -6,7 +6,7 @@ const utils = require('./../controllers/utilsController')
const config = require('./../config') const config = require('./../config')
routes.get('/a/:identifier', async (req, res) => { routes.get('/a/:identifier', async (req, res) => {
const identifier = req.path_parameters.identifier const identifier = req.path_parameters && req.path_parameters.identifier
if (identifier === undefined) { if (identifier === undefined) {
return errors.handleNotFound(req, res) return errors.handleNotFound(req, res)
} }