Updates

Some small fixes Removed GET route of /upload/delete. I first wanted to implement a ShareX-compatible deletion URL, but then I figured I'd need to setup delete token system, and I was like, "screw that, I don't even use ShareX", so yeah.
2025-02-20 12:19:03 +00:00 · 2018-12-19 01:14:24 +07:00 · 2018-12-19 01:14:24 +07:00 · f3d1aa1c8c
commit f3d1aa1c8c
parent 00cbd3e76c
4 changed files with 5 additions and 19 deletions
--- a/controllers/authController.js
+++ b/controllers/authController.js
@ -159,7 +159,7 @@ authController.editUser = async (req, res, next) => {
  else if (target.username === 'root')
    return res.json({ success: false, description: 'Root user may not be edited.' })

-  const username = String(req.body.username)
+  const username = `${req.body.username}`
  if (username.length < 4 || username.length > 32)
    return res.json({ success: false, description: 'Username must have 4-32 characters.' })

@ -197,7 +197,7 @@ authController.listUsers = async (req, res, next) => {
  if (!user) return

  const isadmin = perms.is(user, 'admin')
-  if (!isadmin) return res.status(403)
+  if (!isadmin) return res.status(403).end()

  let offset = req.params.page
  if (offset === undefined) offset = 0
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@ -47,7 +47,7 @@ const storage = multer.diskStorage({
    }

    // index.extension (e.i. 0, 1, ..., n - will prepend zeros depending on the amount of chunks)
-    const digits = req.body.totalchunkcount !== undefined ? String(req.body.totalchunkcount - 1).length : 1
+    const digits = req.body.totalchunkcount !== undefined ? `${req.body.totalchunkcount - 1}`.length : 1
    const zeros = new Array(digits + 1).join('0')
    const name = (zeros + req.body.chunkindex).slice(-digits)
    return cb(null, name)
@ -628,11 +628,10 @@ uploadsController.processFilesForDisplay = async (req, res, files, existingFiles
 }

 uploadsController.delete = async (req, res) => {
-  const id = parseInt(req.body.id) || parseInt(req.params.identifier)
+  const id = parseInt(req.body.id)
  req.body.field = 'id'
  req.body.values = isNaN(id) ? undefined : [id]
  delete req.body.id
-  delete req.params.identifier
  return uploadsController.bulkDelete(req, res)
 }

@ -663,7 +662,7 @@ uploadsController.list = async (req, res) => {
  // Headers is string-only, this seem to be the safest and lightest
  const all = req.headers.all === '1'
  const ismoderator = perms.is(user, 'moderator')
-  if (all && !ismoderator) return res.json(403)
+  if (all && !ismoderator) return res.status(403).end()

  const files = await db.table('files')
    .where(function () {
--- a/controllers/utilsController.js
+++ b/controllers/utilsController.js
@ -215,18 +215,6 @@ utilsController.deleteFile = file => {
  })
 }

-/**
- * Delete files by matching whether the specified field contains any value
- * in the array of values. This will return an array of values that could
- * not be deleted. At the moment it's hard-coded to only accept either
- * "id" or "name" field.
- *
- * @param  {string} field
- * @param  {any} values
- * @param  {user} user
- * @param  {Set} set
- * @return {any[]} failed
- */
 utilsController.bulkDeleteFiles = async (field, values, user, set) => {
  if (!user || !['id', 'name'].includes(field)) return

--- a/routes/api.js
+++ b/routes/api.js
@ -21,7 +21,6 @@ routes.get('/uploads', (req, res, next) => uploadController.list(req, res, next)
 routes.get('/uploads/:page', (req, res, next) => uploadController.list(req, res, next))
 routes.post('/upload', (req, res, next) => uploadController.upload(req, res, next))
 routes.post('/upload/delete', (req, res, next) => uploadController.delete(req, res, next))
-routes.get('/upload/delete/:identifier', (req, res, next) => uploadController.delete(req, res, next))
 routes.post('/upload/bulkdelete', (req, res, next) => uploadController.bulkDelete(req, res, next))
 routes.post('/upload/finishchunks', (req, res, next) => uploadController.finishChunks(req, res, next))
 routes.post('/upload/:albumid', (req, res, next) => uploadController.upload(req, res, next))