From a114d298d0243dd7f7be0b9728f850550628cfd9 Mon Sep 17 00:00:00 2001
From: kanadeko <kanaadeko@gmail.com>
Date: Tue, 17 Jan 2017 16:54:25 -0300
Subject: [PATCH] Rewrote token handling and upload.js

---
 controllers/tokenController.js |  27 +++++
 pages/home.html                |   2 -
 public/js/panel.js             |   2 +-
 public/js/upload.js            | 216 +++++++++++++++++----------------
 routes/api.js                  |  24 +---
 5 files changed, 140 insertions(+), 131 deletions(-)
 create mode 100644 controllers/tokenController.js

diff --git a/controllers/tokenController.js b/controllers/tokenController.js
new file mode 100644
index 0000000..54c2a1f
--- /dev/null
+++ b/controllers/tokenController.js
@@ -0,0 +1,27 @@
+const config = require('../config.js')
+const db = require('knex')(config.database)
+
+let tokenController = {}
+
+tokenController.verify = function(req, res, next){
+	let type = req.headers.type
+	let token = req.headers.token
+
+	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
+	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
+	if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
+
+	if(type === 'client'){
+		if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
+		return res.json({ success: true })
+	}
+
+	if(type === 'admin'){
+		if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
+		return res.json({ success: true })
+	}
+
+	return res.json({ success: false, description: '(╯°□°）╯︵ ┻━┻' })
+}
+
+module.exports = tokenController
\ No newline at end of file
diff --git a/pages/home.html b/pages/home.html
index 9aba94b..43c05ff 100644
--- a/pages/home.html
+++ b/pages/home.html
@@ -45,8 +45,6 @@
                         <div class="column"></div>
                     </div>
 
-                    
-
                     <div id="uploads">
                         <div id="template" class="columns">
                             <div class="column">
diff --git a/public/js/panel.js b/public/js/panel.js
index cff5609..7e3e383 100644
--- a/public/js/panel.js
+++ b/public/js/panel.js
@@ -34,7 +34,7 @@ window.onload = function () {
 					// xhr.responseText
 				}
 			}
-			xhr.open('GET', '/api/verify', true);
+			xhr.open('GET', '/api/token/verify', true);
 			xhr.setRequestHeader('type', 'admin');
 			xhr.setRequestHeader('token', document.getElementById('token').value);
 			xhr.send(null);
diff --git a/public/js/upload.js b/public/js/upload.js
index c99ecb4..f5e8427 100644
--- a/public/js/upload.js
+++ b/public/js/upload.js
@@ -1,127 +1,131 @@
+var upload = {};
 
-window.onload = function () {
+upload.isPrivate = true;
+upload.token = localStorage.token;
 
-	var USINGTOKEN;
-	var maxSize = '512';
-
-	// First check to see if the service is using token or not
+upload.checkIfPublic = function(){
 	var xhr = new XMLHttpRequest();
 	xhr.onreadystatechange = function() {
 		if (xhr.readyState == XMLHttpRequest.DONE) {
-			USINGTOKEN = JSON.parse(xhr.responseText).private;
-			prepareTokenThing();
+			upload.isPublic = JSON.parse(xhr.responseText).private;
+			upload.preparePage();
 		}
 	}
 	xhr.open('GET', '/api/check', true);
 	xhr.send(null);
+}
 
-	function prepareTokenThing(){
-
-		if(!USINGTOKEN) return getInfo();
-
-		if(!localStorage.token){
-			document.getElementById('tokenSubmit').addEventListener('click', function(){
-				getInfo(document.getElementById('token').value)
-			});
-			return document.getElementById('tokenContainer').style.display = 'flex';
-		}
-
-		getInfo(localStorage.token);
-
+upload.preparePage = function(){
+	if(!upload.isPrivate) return upload.prepareUpload();
+	if(!upload.token){
+		document.getElementById('tokenSubmit').addEventListener('click', function(){
+			upload.verifyToken(document.getElementById('token').value)
+		});
+		document.getElementById('tokenContainer').style.display = 'flex';
+		return;
 	}
+	upload.verifyToken(upload.token, true);
+}
 
-	function prepareDropzone(){
+upload.verifyToken = function(token, reloadOnError = false){
+	var xhr = new XMLHttpRequest();
 
-		var previewNode = document.querySelector('#template');
-		previewNode.id = '';
-		var previewTemplate = previewNode.parentNode.innerHTML;
-		previewNode.parentNode.removeChild(previewNode);
-
-		var dropzone = new Dropzone('div#dropzone', { 
-			url: '/api/upload',
-			paramName: 'files[]',
-			maxFilesize: maxSize,
-			parallelUploads: 2,
-			uploadMultiple: false,
-			previewsContainer: 'div#uploads',
-			previewTemplate: previewTemplate,
-			createImageThumbnails: false,
-			maxFiles: 1000,
-			autoProcessQueue: true,
-			headers: {
-        		'auth': localStorage.token
-    		},
-    		init: function() {
-    			this.on('addedfile', function(file) { 
-    				document.getElementById('uploads').style.display = 'block';
-    			});
-  			}
-		});
-
-		// Update the total progress bar
-		dropzone.on('uploadprogress', function(file, progress) {
-			file.previewElement.querySelector('.progress').style.width = progress + '%';
-		});
-
-		dropzone.on('success', function(file, response) {
-
-			// Handle the responseText here. For example, add the text to the preview element:
-
-			if(response.success === false){
-				var span = document.createElement('span');
-				span.innerHTML = response.description;
-				file.previewTemplate.querySelector('.link').appendChild(span);
+	xhr.onreadystatechange = function() {
+		if (xhr.readyState == XMLHttpRequest.DONE) {
+			
+			var json = JSON.parse(xhr.responseText);
+			if(json.success === false){
+				alert(json.description);
+				if(reloadOnError){
+					localStorage.removeItem("token");
+					location.reload();
+				}
 				return;
 			}
 
-			a = document.createElement('a');
-			a.href = response.files[0].url;
-			a.target = '_blank';
-			a.innerHTML = response.files[0].url;
-			file.previewTemplate.querySelector('.link').appendChild(a);
-			
-			file.previewTemplate.querySelector('.progress').style.display = 'none';
-			
-		});
+			localStorage.token = token;
+			upload.token = token;
+			return upload.prepareUpload();
 
-	}
-	
-	function getInfo(token) {
-		var xhr = new XMLHttpRequest();
-
-		xhr.onreadystatechange = function() {
-			if (xhr.readyState == XMLHttpRequest.DONE) {
-				
-				if(xhr.responseText === 'not-authorized')
-					return notAuthorized();
-
-				div = document.createElement('div');
-				div.id = 'dropzone';
-				div.innerHTML = 'Click here or drag and drop files';
-				div.style.display = 'flex';
-
-				document.getElementById('btnGithub').style.display = 'none';
-				document.getElementById('tokenContainer').style.display = 'none';
-				document.getElementById('uploadContainer').appendChild(div);
-				document.getElementById('panel').style.display = 'block';
-				
-				if(xhr.responseText.maxFileSize) maxSize = JSON.parse(xhr.responseText).maxFileSize;
-				if(token) localStorage.token = token;
-
-				prepareDropzone();
-				
-			}
 		}
-		xhr.open('GET', '/api/info', true);
-
-		if(token !== undefined)
-			xhr.setRequestHeader('auth', token);
-
-		xhr.send(null);
 	}
+	xhr.open('GET', '/api/token/verify', true);
+	xhr.setRequestHeader('type', 'client');
+	xhr.setRequestHeader('token', token);
+	xhr.send(null);
+}
 
-	function notAuthorized() {
-		localStorage.removeItem("token");
-		location.reload();
-	}
+upload.prepareUpload = function(){
+
+	div = document.createElement('div');
+	div.id = 'dropzone';
+	div.innerHTML = 'Click here or drag and drop files';
+	div.style.display = 'flex';
+
+	document.getElementById('btnGithub').style.display = 'none';
+	document.getElementById('tokenContainer').style.display = 'none';
+	document.getElementById('uploadContainer').appendChild(div);
+	document.getElementById('panel').style.display = 'block';
+
+	upload.prepareDropzone();
+
+}
+
+upload.prepareDropzone = function(){
+
+	var previewNode = document.querySelector('#template');
+	previewNode.id = '';
+	var previewTemplate = previewNode.parentNode.innerHTML;
+	previewNode.parentNode.removeChild(previewNode);
+
+	var dropzone = new Dropzone('div#dropzone', { 
+		url: '/api/upload',
+		paramName: 'files[]',
+		parallelUploads: 2,
+		uploadMultiple: false,
+		previewsContainer: 'div#uploads',
+		previewTemplate: previewTemplate,
+		createImageThumbnails: false,
+		maxFiles: 1000,
+		autoProcessQueue: true,
+		headers: {
+    		'auth': localStorage.token
+		},
+		init: function() {
+			this.on('addedfile', function(file) { 
+				document.getElementById('uploads').style.display = 'block';
+			});
+			}
+	});
+
+	// Update the total progress bar
+	dropzone.on('uploadprogress', function(file, progress) {
+		file.previewElement.querySelector('.progress').style.width = progress + '%';
+	});
+
+	dropzone.on('success', function(file, response) {
+
+		// Handle the responseText here. For example, add the text to the preview element:
+
+		if(response.success === false){
+			var span = document.createElement('span');
+			span.innerHTML = response.description;
+			file.previewTemplate.querySelector('.link').appendChild(span);
+			return;
+		}
+
+		a = document.createElement('a');
+		a.href = response.files[0].url;
+		a.target = '_blank';
+		a.innerHTML = response.files[0].url;
+		file.previewTemplate.querySelector('.link').appendChild(a);
+		
+		file.previewTemplate.querySelector('.progress').style.display = 'none';
+		
+	});
+
+}
+
+window.onload = function () {
+	upload.checkIfPublic();
 };
\ No newline at end of file
diff --git a/routes/api.js b/routes/api.js
index aeedfa9..4707a57 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -2,33 +2,12 @@ const config = require('../config.js')
 const routes = require('express').Router()
 const uploadController = require('../controllers/uploadController')
 const galleryController = require('../controllers/galleryController')
+const tokenController = require('../controllers/tokenController')
 
 routes.get ('/check', (req, res, next) => {
 	return res.json({ private: config.private })
 })
 
-routes.get ('/verify', (req, res, next) => {
-	let type = req.headers.type
-	let token = req.headers.token
-
-	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
-	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
-	if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
-
-	if(type === 'client'){
-		if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
-		return res.json({ success: true })
-	}
-
-	if(type === 'admin'){
-		if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
-		return res.json({ success: true })
-	}
-
-	return res.json({ success: false, description: '(╯°□°）╯︵ ┻━┻' })
-
-})
-
 routes.get('/info', (req, res, next) => {
 
 	if(config.private === true)
@@ -44,5 +23,6 @@ routes.get  ('/uploads', (req, res, next) => uploadController.list(req, res))
 routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
 routes.get  ('/gallery', (req, res, next) => galleryController.list(req, res, next))
 routes.get  ('/gallery/test', (req, res, next) => galleryController.test(req, res, next))
+routes.get  ('/token/verify', (req, res, next) => tokenController.verify(req, res))
 
 module.exports = routes