Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2025-02-22 05:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updates

Browse Source 
Some small fixes

Removed GET route of /upload/delete.
I first wanted to implement a ShareX-compatible deletion URL,
but then I figured I'd need to setup delete token system,
and I was like, "screw that, I don't even use ShareX",
so yeah.
This commit is contained in:
Bobby Wibowo 2018-12-19 01:14:24 +07:00
parent 00cbd3e76c
commit f3d1aa1c8c
No known key found for this signature in database
GPG Key ID: 51C3A1E1E22D26CF
4 changed files with 5 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/authController.js
View File

@ -159,7 +159,7 @@ authController.editUser = async (req, res, next) => {
else if (target.username === 'root') else if (target.username === 'root')
return res.json({ success: false, description: 'Root user may not be edited.' }) return res.json({ success: false, description: 'Root user may not be edited.' })
const username = String(req.body.username) const username = `${req.body.username}`
if (username.length < 4 || username.length > 32) if (username.length < 4 || username.length > 32)
return res.json({ success: false, description: 'Username must have 4-32 characters.' }) return res.json({ success: false, description: 'Username must have 4-32 characters.' })
@ -197,7 +197,7 @@ authController.listUsers = async (req, res, next) => {
if (!user) return if (!user) return
const isadmin = perms.is(user, 'admin') const isadmin = perms.is(user, 'admin')
if (!isadmin) return res.status(403) if (!isadmin) return res.status(403).end()
let offset = req.params.page let offset = req.params.page
if (offset === undefined) offset = 0 if (offset === undefined) offset = 0

7
controllers/uploadController.js
View File

@ -47,7 +47,7 @@ const storage = multer.diskStorage({
} }
// index.extension (e.i. 0, 1, ..., n - will prepend zeros depending on the amount of chunks) // index.extension (e.i. 0, 1, ..., n - will prepend zeros depending on the amount of chunks)
const digits = req.body.totalchunkcount !== undefined ? String(req.body.totalchunkcount - 1).length : 1 const digits = req.body.totalchunkcount !== undefined ? `${req.body.totalchunkcount - 1}`.length : 1
const zeros = new Array(digits + 1).join('0') const zeros = new Array(digits + 1).join('0')
const name = (zeros + req.body.chunkindex).slice(-digits) const name = (zeros + req.body.chunkindex).slice(-digits)
return cb(null, name) return cb(null, name)
@ -628,11 +628,10 @@ uploadsController.processFilesForDisplay = async (req, res, files, existingFiles
} }
uploadsController.delete = async (req, res) => { uploadsController.delete = async (req, res) => {
const id = parseInt(req.body.id) || parseInt(req.params.identifier) const id = parseInt(req.body.id)
req.body.field = 'id' req.body.field = 'id'
req.body.values = isNaN(id) ? undefined : [id] req.body.values = isNaN(id) ? undefined : [id]
delete req.body.id delete req.body.id
delete req.params.identifier
return uploadsController.bulkDelete(req, res) return uploadsController.bulkDelete(req, res)
} }
@ -663,7 +662,7 @@ uploadsController.list = async (req, res) => {
// Headers is string-only, this seem to be the safest and lightest // Headers is string-only, this seem to be the safest and lightest
const all = req.headers.all === '1' const all = req.headers.all === '1'
const ismoderator = perms.is(user, 'moderator') const ismoderator = perms.is(user, 'moderator')
if (all && !ismoderator) return res.json(403) if (all && !ismoderator) return res.status(403).end()
const files = await db.table('files') const files = await db.table('files')
.where(function () { .where(function () {

12
controllers/utilsController.js
View File

@ -215,18 +215,6 @@ utilsController.deleteFile = file => {
}) })
} }
/**
* Delete files by matching whether the specified field contains any value
* in the array of values. This will return an array of values that could
* not be deleted. At the moment it's hard-coded to only accept either
* "id" or "name" field.
*
* @param {string} field
* @param {any} values
* @param {user} user
* @param {Set} set
* @return {any[]} failed
*/
utilsController.bulkDeleteFiles = async (field, values, user, set) => { utilsController.bulkDeleteFiles = async (field, values, user, set) => {
if (!user || !['id', 'name'].includes(field)) return if (!user || !['id', 'name'].includes(field)) return

1
routes/api.js
View File

@ -21,7 +21,6 @@ routes.get('/uploads', (req, res, next) => uploadController.list(req, res, next)
routes.get('/uploads/:page', (req, res, next) => uploadController.list(req, res, next)) routes.get('/uploads/:page', (req, res, next) => uploadController.list(req, res, next))
routes.post('/upload', (req, res, next) => uploadController.upload(req, res, next)) routes.post('/upload', (req, res, next) => uploadController.upload(req, res, next))
routes.post('/upload/delete', (req, res, next) => uploadController.delete(req, res, next)) routes.post('/upload/delete', (req, res, next) => uploadController.delete(req, res, next))
routes.get('/upload/delete/:identifier', (req, res, next) => uploadController.delete(req, res, next))
routes.post('/upload/bulkdelete', (req, res, next) => uploadController.bulkDelete(req, res, next)) routes.post('/upload/bulkdelete', (req, res, next) => uploadController.bulkDelete(req, res, next))
routes.post('/upload/finishchunks', (req, res, next) => uploadController.finishChunks(req, res, next)) routes.post('/upload/finishchunks', (req, res, next) => uploadController.finishChunks(req, res, next))
routes.post('/upload/:albumid', (req, res, next) => uploadController.upload(req, res, next)) routes.post('/upload/:albumid', (req, res, next) => uploadController.upload(req, res, next))