Rewrote token handling and upload.js

controllers/tokenController.js

@@ -0,0 +1,27 @@
+const config = require('../config.js')
+const db = require('knex')(config.database)
+
+let tokenController = {}
+
+tokenController.verify = function(req, res, next){
+	let type = req.headers.type
+	let token = req.headers.token
+
+	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
+	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
+	if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
+
+	if(type === 'client'){
+		if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
+		return res.json({ success: true })
+	}
+
+	if(type === 'admin'){
+		if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
+		return res.json({ success: true })
+	}
+
+	return res.json({ success: false, description: '(╯°□°）╯︵ ┻━┻' })
+}
+
+module.exports = tokenController

pages/home.html

@@ -45,8 +45,6 @@
                         <div class="column"></div>
                     </div>
 
-                    
-
                     <div id="uploads">
                         <div id="template" class="columns">
                             <div class="column">

public/js/panel.js

@@ -34,7 +34,7 @@ window.onload = function () {
 					// xhr.responseText
 				}
 			}
-			xhr.open('GET', '/api/verify', true);
+			xhr.open('GET', '/api/token/verify', true);
 			xhr.setRequestHeader('type', 'admin');
 			xhr.setRequestHeader('token', document.getElementById('token').value);
 			xhr.send(null);

public/js/upload.js

@@ -1,36 +1,77 @@
+var upload = {};
 
-window.onload = function () {
+upload.isPrivate = true;
+upload.token = localStorage.token;
 
-	var USINGTOKEN;
+upload.checkIfPublic = function(){
-	var maxSize = '512';
-
-	// First check to see if the service is using token or not
 	var xhr = new XMLHttpRequest();
 	xhr.onreadystatechange = function() {
 		if (xhr.readyState == XMLHttpRequest.DONE) {
-			USINGTOKEN = JSON.parse(xhr.responseText).private;
+			upload.isPublic = JSON.parse(xhr.responseText).private;
-			prepareTokenThing();
+			upload.preparePage();
 		}
 	}
 	xhr.open('GET', '/api/check', true);
 	xhr.send(null);
+}
 
-	function prepareTokenThing(){
+upload.preparePage = function(){
-
+	if(!upload.isPrivate) return upload.prepareUpload();
-		if(!USINGTOKEN) return getInfo();
+	if(!upload.token){
-
-		if(!localStorage.token){
 		document.getElementById('tokenSubmit').addEventListener('click', function(){
-				getInfo(document.getElementById('token').value)
+			upload.verifyToken(document.getElementById('token').value)
 		});
-			return document.getElementById('tokenContainer').style.display = 'flex';
+		document.getElementById('tokenContainer').style.display = 'flex';
+		return;
+	}
+	upload.verifyToken(upload.token, true);
+}
+
+upload.verifyToken = function(token, reloadOnError = false){
+	var xhr = new XMLHttpRequest();
+
+	xhr.onreadystatechange = function() {
+		if (xhr.readyState == XMLHttpRequest.DONE) {
+			
+			var json = JSON.parse(xhr.responseText);
+			if(json.success === false){
+				alert(json.description);
+				if(reloadOnError){
+					localStorage.removeItem("token");
+					location.reload();
+				}
+				return;
 			}
 
-		getInfo(localStorage.token);
+			localStorage.token = token;
+			upload.token = token;
+			return upload.prepareUpload();
 
 		}
+	}
+	xhr.open('GET', '/api/token/verify', true);
+	xhr.setRequestHeader('type', 'client');
+	xhr.setRequestHeader('token', token);
+	xhr.send(null);
+}
 
-	function prepareDropzone(){
+upload.prepareUpload = function(){
+
+	div = document.createElement('div');
+	div.id = 'dropzone';
+	div.innerHTML = 'Click here or drag and drop files';
+	div.style.display = 'flex';
+
+	document.getElementById('btnGithub').style.display = 'none';
+	document.getElementById('tokenContainer').style.display = 'none';
+	document.getElementById('uploadContainer').appendChild(div);
+	document.getElementById('panel').style.display = 'block';
+
+	upload.prepareDropzone();
+
+}
+
+upload.prepareDropzone = function(){
 
 	var previewNode = document.querySelector('#template');
 	previewNode.id = '';
@@ -40,7 +81,6 @@ window.onload = function () {
 	var dropzone = new Dropzone('div#dropzone', { 
 		url: '/api/upload',
 		paramName: 'files[]',
-			maxFilesize: maxSize,
 		parallelUploads: 2,
 		uploadMultiple: false,
 		previewsContainer: 'div#uploads',
@@ -84,44 +124,8 @@ window.onload = function () {
 		
 	});
 
-	}
+}
 
-	function getInfo(token) {
+window.onload = function () {
-		var xhr = new XMLHttpRequest();
+	upload.checkIfPublic();
-
-		xhr.onreadystatechange = function() {
-			if (xhr.readyState == XMLHttpRequest.DONE) {
-				
-				if(xhr.responseText === 'not-authorized')
-					return notAuthorized();
-
-				div = document.createElement('div');
-				div.id = 'dropzone';
-				div.innerHTML = 'Click here or drag and drop files';
-				div.style.display = 'flex';
-
-				document.getElementById('btnGithub').style.display = 'none';
-				document.getElementById('tokenContainer').style.display = 'none';
-				document.getElementById('uploadContainer').appendChild(div);
-				document.getElementById('panel').style.display = 'block';
-				
-				if(xhr.responseText.maxFileSize) maxSize = JSON.parse(xhr.responseText).maxFileSize;
-				if(token) localStorage.token = token;
-
-				prepareDropzone();
-				
-			}
-		}
-		xhr.open('GET', '/api/info', true);
-
-		if(token !== undefined)
-			xhr.setRequestHeader('auth', token);
-
-		xhr.send(null);
-	}
-
-	function notAuthorized() {
-		localStorage.removeItem("token");
-		location.reload();
-	}
 };

routes/api.js

@@ -2,33 +2,12 @@ const config = require('../config.js')
 const routes = require('express').Router()
 const uploadController = require('../controllers/uploadController')
 const galleryController = require('../controllers/galleryController')
+const tokenController = require('../controllers/tokenController')
 
 routes.get ('/check', (req, res, next) => {
 	return res.json({ private: config.private })
 })
 
-routes.get ('/verify', (req, res, next) => {
-	let type = req.headers.type
-	let token = req.headers.token
-
-	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
-	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
-	if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
-
-	if(type === 'client'){
-		if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
-		return res.json({ success: true })
-	}
-
-	if(type === 'admin'){
-		if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
-		return res.json({ success: true })
-	}
-
-	return res.json({ success: false, description: '(╯°□°）╯︵ ┻━┻' })
-
-})
-
 routes.get('/info', (req, res, next) => {
 
 	if(config.private === true)
@@ -44,5 +23,6 @@ routes.get  ('/uploads', (req, res, next) => uploadController.list(req, res))
 routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
 routes.get  ('/gallery', (req, res, next) => galleryController.list(req, res, next))
 routes.get  ('/gallery/test', (req, res, next) => galleryController.test(req, res, next))
+routes.get  ('/token/verify', (req, res, next) => tokenController.verify(req, res))
 
 module.exports = routes