diff --git a/config.sample.js b/config.sample.js index c63d5fd..83c8baa 100644 --- a/config.sample.js +++ b/config.sample.js @@ -6,6 +6,9 @@ module.exports = { Ideally the only options you should change are port and basedomain. */ + // Should this instance of loli-safe be private? If so, a client token will be needed for uploads + private: true, + // Your base domain where the app is running. Remember to finish it with '/' basedomain: 'https://i.kanacchi.moe/', diff --git a/controllers/galleryController.js b/controllers/galleryController.js index 8bcdd1e..0f64086 100644 --- a/controllers/galleryController.js +++ b/controllers/galleryController.js @@ -5,18 +5,18 @@ let galleryController = {} galleryController.list = function(req, res, next){ - if(config.TOKEN === true) + if(config.private === true) if(req.headers.auth !== config.clientToken) return res.status(401).send('not-authorized') - db.table('gallery').select('id', 'name').then((data) => { - res.json({ data }) + db.table('gallery').select('id', 'name').then((galleries) => { + return res.json({ galleries }) }) } galleryController.test = function(req, res, next){ - if(config.TOKEN === true) + if(config.private === true) if(req.headers.auth !== config.clientToken) return res.status(401).send('not-authorized') diff --git a/controllers/uploadController.js b/controllers/uploadController.js index a374137..c9959fb 100644 --- a/controllers/uploadController.js +++ b/controllers/uploadController.js @@ -22,7 +22,7 @@ const upload = multer({ uploadsController.upload = function(req, res, next){ - if(config.TOKEN === true) + if(config.private === true) if(req.headers.auth !== config.clientToken) return res.status(401).send('not-authorized') @@ -70,9 +70,8 @@ uploadsController.upload = function(req, res, next){ uploadsController.list = function(req, res){ - if(config.TOKEN === true) - if(req.headers.auth !== config.clientToken) - return res.status(401).send('not-authorized') + if(req.headers.auth !== config.adminToken) + return res.status(401).send('not-authorized') db.table('files').then((files) => { diff --git a/pages/home.html b/pages/home.html index b4aa56d..9aba94b 100644 --- a/pages/home.html +++ b/pages/home.html @@ -9,7 +9,7 @@ -
+

@@ -39,6 +39,14 @@

+
+
+
Uploader Chrome extension
+
+
+ + +
diff --git a/public/css/style.css b/public/css/style.css index ad67545..b8d69ee 100644 --- a/public/css/style.css +++ b/public/css/style.css @@ -82,11 +82,13 @@ img.logo { height: 200px; margin-top: 20px; } ------------------ */ section#dashboard { display: none } +section#auth input { background: rgba(0, 0, 0, 0); } section#auth input, section#auth a { border-left: 0px; border-top: 0px; border-right: 0px; border-radius: 0px; - background: rgba(0, 0, 0, 0); box-shadow: 0 0 0; } + +section#dashboard .table { font-size: 12px } diff --git a/public/js/panel.js b/public/js/panel.js index ed1bea0..cff5609 100644 --- a/public/js/panel.js +++ b/public/js/panel.js @@ -1,15 +1,11 @@ window.onload = function () { - if(!localStorage.admintoken){ - askForToken(); - return; - } + var page; - var dashboard = document.getElementById('dashboard'); - var page = document.getElementById('page'); + if(!localStorage.admintoken) + return askForToken(); - dashboard.style.display = 'block'; - prepareMenu(); + prepareDashboard(); function askForToken(){ document.getElementById('tokenSubmit').addEventListener('click', function(){ @@ -21,15 +17,35 @@ window.onload = function () { xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { + try{ + + var json = JSON.parse(xhr.responseText); + if(json.success === false) + return alert(json.description); + + localStorage.admintoken = document.getElementById('token').value; + prepareDashboard(); + + }catch(e){ + console.log(e); + } + + console.log(xhr.responseText); // xhr.responseText } } - xhr.open('POST', '/api/info', true); + xhr.open('GET', '/api/verify', true); + xhr.setRequestHeader('type', 'admin'); + xhr.setRequestHeader('token', document.getElementById('token').value); xhr.send(null); } } - function prepareMenu(){ + function prepareDashboard(){ + page = document.getElementById('page'); + document.getElementById('auth').style.display = 'none'; + document.getElementById('dashboard').style.display = 'block'; + document.getElementById('itemUploads').addEventListener('click', function(){ getUploads(); }); @@ -45,44 +61,47 @@ window.onload = function () { xhr.onreadystatechange = function() { if(xhr.readyState == XMLHttpRequest.DONE){ - if(xhr.responseText !== 'not-authorized'){ - var json = JSON.parse(xhr.responseText); + + if(xhr.responseText === 'not-authorized') + return notAuthorized(); - var container = document.createElement('div'); - container.innerHTML = ` - - - - - - - - - - -
FileGalleryDate
`; - page.appendChild(container); + var json = JSON.parse(xhr.responseText); - var table = document.getElementById('table'); + var container = document.createElement('div'); + container.innerHTML = ` + + + + + + + + + + +
FileGalleryDate
`; + page.appendChild(container); - for(var item of json){ + var table = document.getElementById('table'); - var tr = document.createElement('tr'); - tr.innerHTML = ` - - ${item.file} - ${item.gallery} - ${item.date} - - `; + for(var item of json){ - table.appendChild(tr); - } + var tr = document.createElement('tr'); + tr.innerHTML = ` + + ${item.file} + ${item.gallery} + ${item.date} + + `; + + table.appendChild(tr); } + } } xhr.open('GET', '/api/uploads', true); - xhr.setRequestHeader('auth', localStorage.token); + xhr.setRequestHeader('auth', localStorage.admintoken); xhr.send(null); } @@ -93,4 +112,9 @@ window.onload = function () { } + function notAuthorized() { + localStorage.removeItem("admintoken"); + location.reload(); + } + } diff --git a/public/js/upload.js b/public/js/upload.js index bb60f28..c99ecb4 100644 --- a/public/js/upload.js +++ b/public/js/upload.js @@ -8,7 +8,7 @@ window.onload = function () { var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { - USINGTOKEN = JSON.parse(xhr.responseText).token; + USINGTOKEN = JSON.parse(xhr.responseText).private; prepareTokenThing(); } } @@ -20,14 +20,14 @@ window.onload = function () { if(!USINGTOKEN) return getInfo(); if(!localStorage.token){ - document.getElementById('tokenContainer').style.display = 'flex' document.getElementById('tokenSubmit').addEventListener('click', function(){ getInfo(document.getElementById('token').value) }); - }else{ - getInfo(localStorage.token); + return document.getElementById('tokenContainer').style.display = 'flex'; } + getInfo(localStorage.token); + } function prepareDropzone(){ @@ -91,23 +91,25 @@ window.onload = function () { xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { - if(xhr.responseText !== 'not-authorized'){ - - div = document.createElement('div'); - div.id = 'dropzone'; - div.innerHTML = 'Click here or drag and drop files'; - div.style.display = 'flex'; + + if(xhr.responseText === 'not-authorized') + return notAuthorized(); - document.getElementById('btnGithub').style.display = 'none'; - document.getElementById('tokenContainer').style.display = 'none'; - document.getElementById('uploadContainer').appendChild(div); - document.getElementById('panel').style.display = 'block'; - - if(xhr.responseText.maxFileSize) maxSize = JSON.parse(xhr.responseText).maxFileSize; - if(token) localStorage.token = token; + div = document.createElement('div'); + div.id = 'dropzone'; + div.innerHTML = 'Click here or drag and drop files'; + div.style.display = 'flex'; - prepareDropzone(); - } + document.getElementById('btnGithub').style.display = 'none'; + document.getElementById('tokenContainer').style.display = 'none'; + document.getElementById('uploadContainer').appendChild(div); + document.getElementById('panel').style.display = 'block'; + + if(xhr.responseText.maxFileSize) maxSize = JSON.parse(xhr.responseText).maxFileSize; + if(token) localStorage.token = token; + + prepareDropzone(); + } } xhr.open('GET', '/api/info', true); @@ -117,4 +119,9 @@ window.onload = function () { xhr.send(null); } + + function notAuthorized() { + localStorage.removeItem("token"); + location.reload(); + } }; \ No newline at end of file diff --git a/routes/api.js b/routes/api.js index 18135ac..aeedfa9 100644 --- a/routes/api.js +++ b/routes/api.js @@ -4,12 +4,34 @@ const uploadController = require('../controllers/uploadController') const galleryController = require('../controllers/galleryController') routes.get ('/check', (req, res, next) => { - return res.json({token: config.TOKEN}) + return res.json({ private: config.private }) +}) + +routes.get ('/verify', (req, res, next) => { + let type = req.headers.type + let token = req.headers.token + + if(type === undefined) return res.json({ success: false, description: 'No type provided.' }) + if(token === undefined) return res.json({ success: false, description: 'No token provided.' }) + if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' }) + + if(type === 'client'){ + if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' }) + return res.json({ success: true }) + } + + if(type === 'admin'){ + if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' }) + return res.json({ success: true }) + } + + return res.json({ success: false, description: '(╯°□°)╯︵ ┻━┻' }) + }) routes.get('/info', (req, res, next) => { - if(config.TOKEN === true) + if(config.private === true) if(req.headers.auth !== config.clientToken) return res.status(401).send('not-authorized')