From f3d1aa1c8cedc5b76f4825f8fc6930a318128488 Mon Sep 17 00:00:00 2001 From: Bobby Wibowo Date: Wed, 19 Dec 2018 01:14:24 +0700 Subject: [PATCH] Updates Some small fixes Removed GET route of /upload/delete. I first wanted to implement a ShareX-compatible deletion URL, but then I figured I'd need to setup delete token system, and I was like, "screw that, I don't even use ShareX", so yeah. --- controllers/authController.js | 4 ++-- controllers/uploadController.js | 7 +++---- controllers/utilsController.js | 12 ------------ routes/api.js | 1 - 4 files changed, 5 insertions(+), 19 deletions(-) diff --git a/controllers/authController.js b/controllers/authController.js index a4083dd..02c80c7 100644 --- a/controllers/authController.js +++ b/controllers/authController.js @@ -159,7 +159,7 @@ authController.editUser = async (req, res, next) => { else if (target.username === 'root') return res.json({ success: false, description: 'Root user may not be edited.' }) - const username = String(req.body.username) + const username = `${req.body.username}` if (username.length < 4 || username.length > 32) return res.json({ success: false, description: 'Username must have 4-32 characters.' }) @@ -197,7 +197,7 @@ authController.listUsers = async (req, res, next) => { if (!user) return const isadmin = perms.is(user, 'admin') - if (!isadmin) return res.status(403) + if (!isadmin) return res.status(403).end() let offset = req.params.page if (offset === undefined) offset = 0 diff --git a/controllers/uploadController.js b/controllers/uploadController.js index b9ce52c..4d7b552 100644 --- a/controllers/uploadController.js +++ b/controllers/uploadController.js @@ -47,7 +47,7 @@ const storage = multer.diskStorage({ } // index.extension (e.i. 0, 1, ..., n - will prepend zeros depending on the amount of chunks) - const digits = req.body.totalchunkcount !== undefined ? String(req.body.totalchunkcount - 1).length : 1 + const digits = req.body.totalchunkcount !== undefined ? `${req.body.totalchunkcount - 1}`.length : 1 const zeros = new Array(digits + 1).join('0') const name = (zeros + req.body.chunkindex).slice(-digits) return cb(null, name) @@ -628,11 +628,10 @@ uploadsController.processFilesForDisplay = async (req, res, files, existingFiles } uploadsController.delete = async (req, res) => { - const id = parseInt(req.body.id) || parseInt(req.params.identifier) + const id = parseInt(req.body.id) req.body.field = 'id' req.body.values = isNaN(id) ? undefined : [id] delete req.body.id - delete req.params.identifier return uploadsController.bulkDelete(req, res) } @@ -663,7 +662,7 @@ uploadsController.list = async (req, res) => { // Headers is string-only, this seem to be the safest and lightest const all = req.headers.all === '1' const ismoderator = perms.is(user, 'moderator') - if (all && !ismoderator) return res.json(403) + if (all && !ismoderator) return res.status(403).end() const files = await db.table('files') .where(function () { diff --git a/controllers/utilsController.js b/controllers/utilsController.js index 68da3a0..0ffe5ef 100644 --- a/controllers/utilsController.js +++ b/controllers/utilsController.js @@ -215,18 +215,6 @@ utilsController.deleteFile = file => { }) } -/** - * Delete files by matching whether the specified field contains any value - * in the array of values. This will return an array of values that could - * not be deleted. At the moment it's hard-coded to only accept either - * "id" or "name" field. - * - * @param {string} field - * @param {any} values - * @param {user} user - * @param {Set} set - * @return {any[]} failed - */ utilsController.bulkDeleteFiles = async (field, values, user, set) => { if (!user || !['id', 'name'].includes(field)) return diff --git a/routes/api.js b/routes/api.js index 84c2817..6124077 100644 --- a/routes/api.js +++ b/routes/api.js @@ -21,7 +21,6 @@ routes.get('/uploads', (req, res, next) => uploadController.list(req, res, next) routes.get('/uploads/:page', (req, res, next) => uploadController.list(req, res, next)) routes.post('/upload', (req, res, next) => uploadController.upload(req, res, next)) routes.post('/upload/delete', (req, res, next) => uploadController.delete(req, res, next)) -routes.get('/upload/delete/:identifier', (req, res, next) => uploadController.delete(req, res, next)) routes.post('/upload/bulkdelete', (req, res, next) => uploadController.bulkDelete(req, res, next)) routes.post('/upload/finishchunks', (req, res, next) => uploadController.finishChunks(req, res, next)) routes.post('/upload/:albumid', (req, res, next) => uploadController.upload(req, res, next))