filesafe/controllers/albumsController.js
Bobby Wibowo c9ba16e1d6
Updates (very important to read)
Client-side CSS & JS files will now be processed with Gulp.
Gulp tasks are configured in gulpfile.js file.

CSS files will be optimized with postcss-preset-env, which will
auto-add vendor prefixes and convert any parts necessary for browsers
compatibility.
Afterwards they will be minified with cssnano.

JS files will be optimized with bublé,
likewise for browsers compatibility.
Afterwards they will be minified with terser.

Unprocessed CSS & JS files will now be located at src directory, while
the processed results will be located at dist directory.

Due to bublé, the JS files should now be compatible up to IE 11
at the minimum.
Previously the safe would not work in IE 11 due to extensive usage of
template literals.
Due to that as well, JS files in src directory will now extensively use
arrow functions for my personal comfort (as they will be converted too).

The server will use the processed files at dist directory by default.
If you want to rebuild the files by your own, you can run "yarn build".
Gulp is a development dependency, so make sure you have installed all
development dependencies (e.i. NOT using "yarn install --production").

---

yarn lint -> gulp lint

yarn build -> gulp default

yarn watch -> gulp watch

yarn develop -> env NODE_ENV=development yarn watch

---

Fixed not being able to demote staff into normal users.

/api/token/verify will no longer respond with 401 HTTP error code,
unless an error occurred (which will be 500 HTTP error code).

Fixed /nojs route not displaying file's original name when a duplicate
is found on the server.

Removed is-breeze CSS class name, in favor of Bulma's is-info.

Removed custom styling from auth page, in favor of global styling.

Removed all usage of style HTML attribute in favor of CSS classes.

Renamed js/s/ to js/misc/.

Use loading spinners on dashboard's sidebar menus.

Disable all other sidebar menus when something is loading.

Changed title HTML attribute of disabled control buttons in
uploads & users list.

Hid checkboxes and WIP controls from users list.

Better error messages handling.
Especially homepage will now support CF's HTTP error codes.

Updated various icons.
Also, added fontello config file at public/libs/fontello/config.json.
This should let you edit them more easily with fontello.

Use Gatsby icon for my blog's link in homepage's footer.

A bunch of other improvements here & there.
2019-09-15 13:20:11 +07:00

543 lines
15 KiB
JavaScript

const EventEmitter = require('events')
const fs = require('fs')
const path = require('path')
const randomstring = require('randomstring')
const Zip = require('jszip')
const paths = require('./pathsController')
const utils = require('./utilsController')
const config = require('./../config')
const logger = require('./../logger')
const db = require('knex')(config.database)
const self = {
onHold: new Set()
}
const homeDomain = config.homeDomain || config.domain
const zipMaxTotalSize = parseInt(config.cloudflare.zipMaxTotalSize)
const zipMaxTotalSizeBytes = config.cloudflare.zipMaxTotalSize * 1000000
const zipOptions = config.uploads.jsZipOptions
// Force 'type' option to 'nodebuffer'
zipOptions.type = 'nodebuffer'
// Apply fallbacks for missing config values
if (zipOptions.streamFiles === undefined)
zipOptions.streamFiles = true
if (zipOptions.compression === undefined)
zipOptions.compression = 'DEFLATE'
if (zipOptions.compressionOptions === undefined || zipOptions.compressionOptions.level === undefined)
zipOptions.compressionOptions = { level: 1 }
self.zipEmitters = new Map()
class ZipEmitter extends EventEmitter {
constructor (identifier) {
super()
this.identifier = identifier
this.once('done', () => self.zipEmitters.delete(this.identifier))
}
}
self.getUniqueRandomName = async () => {
for (let i = 0; i < utils.idMaxTries; i++) {
const identifier = randomstring.generate(config.uploads.albumIdentifierLength)
if (self.onHold.has(identifier))
continue
// Put token on-hold (wait for it to be inserted to DB)
self.onHold.add(identifier)
const album = await db.table('albums')
.where('identifier', identifier)
.select('id')
.first()
if (album) {
self.onHold.delete(identifier)
logger.log(`Album with identifier ${identifier} already exists (${i + 1}/${utils.idMaxTries}).`)
continue
}
return identifier
}
throw 'Sorry, we could not allocate a unique random identifier. Try again?'
}
self.list = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
let fields = ['id', 'name']
if (req.params.sidebar === undefined)
fields = fields.concat(['timestamp', 'identifier', 'editedAt', 'download', 'public', 'description'])
const albums = await db.table('albums')
.select(fields)
.where({
enabled: 1,
userid: user.id
})
if (req.params.sidebar !== undefined)
return res.json({ success: true, albums })
const albumids = {}
for (const album of albums) {
album.download = album.download !== 0
album.public = album.public !== 0
album.files = 0
// Map by IDs
albumids[album.id] = album
}
const files = await db.table('files')
.whereIn('albumid', Object.keys(albumids))
.select('albumid')
// Increment files count
for (const file of files)
if (albumids[file.albumid])
albumids[file.albumid].files++
return res.json({ success: true, albums, homeDomain })
}
self.create = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const name = typeof req.body.name === 'string'
? utils.escape(req.body.name.trim())
: ''
if (!name)
return res.json({ success: false, description: 'No album name specified.' })
try {
const album = await db.table('albums')
.where({
name,
enabled: 1,
userid: user.id
})
.first()
if (album)
return res.json({ success: false, description: 'There is already an album with that name.' })
const identifier = await self.getUniqueRandomName()
const ids = await db.table('albums').insert({
name,
enabled: 1,
userid: user.id,
identifier,
timestamp: Math.floor(Date.now() / 1000),
editedAt: 0,
zipGeneratedAt: 0,
download: (req.body.download === false || req.body.download === 0) ? 0 : 1,
public: (req.body.public === false || req.body.public === 0) ? 0 : 1,
description: typeof req.body.description === 'string'
? utils.escape(req.body.description.trim())
: ''
})
utils.invalidateStatsCache('albums')
self.onHold.delete(identifier)
return res.json({ success: true, id: ids[0] })
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
self.delete = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const id = req.body.id
const purge = req.body.purge
if (id === undefined || id === '')
return res.json({ success: false, description: 'No album specified.' })
try {
if (purge) {
const files = await db.table('files')
.where({
albumid: id,
userid: user.id
})
if (files.length) {
const ids = files.map(file => file.id)
const failed = await utils.bulkDeleteFromDb('id', ids, user)
if (failed.length)
return res.json({ success: false, failed })
}
}
await db.table('albums')
.where({
id,
userid: user.id
})
.update('enabled', 0)
utils.invalidateStatsCache('albums')
const identifier = await db.table('albums')
.select('identifier')
.where({
id,
userid: user.id
})
.first()
.then(row => row.identifier)
await paths.unlink(path.join(paths.zips, `${identifier}.zip`))
} catch (error) {
if (error && error.code !== 'ENOENT') {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
return res.json({ success: true })
}
self.edit = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const id = parseInt(req.body.id)
if (isNaN(id))
return res.json({ success: false, description: 'No album specified.' })
const name = typeof req.body.name === 'string'
? utils.escape(req.body.name.trim())
: ''
if (!name)
return res.json({ success: false, description: 'No name specified.' })
try {
const album = await db.table('albums')
.where({
id,
userid: user.id,
enabled: 1
})
.first()
if (!album)
return res.json({ success: false, description: 'Could not get album with the specified ID.' })
else if (album.id !== id)
return res.json({ success: false, description: 'Name already in use.' })
else if (req._old && (album.id === id))
// Old rename API
return res.json({ success: false, description: 'You did not specify a new name.' })
await db.table('albums')
.where({
id,
userid: user.id
})
.update({
name,
download: Boolean(req.body.download),
public: Boolean(req.body.public),
description: typeof req.body.description === 'string'
? utils.escape(req.body.description.trim())
: ''
})
utils.invalidateStatsCache('albums')
if (!req.body.requestLink)
return res.json({ success: true, name })
const oldIdentifier = album.identifier
const newIdentifier = await self.getUniqueRandomName()
await db.table('albums')
.where({
id,
userid: user.id
})
.update('identifier', newIdentifier)
utils.invalidateStatsCache('albums')
self.onHold.delete(newIdentifier)
// Rename zip archive of the album if it exists
try {
const oldZip = path.join(paths.zips, `${oldIdentifier}.zip`)
// await paths.access(oldZip)
const newZip = path.join(paths.zips, `${newIdentifier}.zip`)
await paths.rename(oldZip, newZip)
} catch (err) {
// Re-throw error
if (err.code !== 'ENOENT')
throw err
}
return res.json({
success: true,
identifier: newIdentifier
})
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
self.rename = async (req, res, next) => {
req._old = true
req.body = { name: req.body.name }
return self.edit(req, res, next)
}
self.get = async (req, res, next) => {
const identifier = req.params.identifier
if (identifier === undefined)
return res.status(401).json({ success: false, description: 'No identifier provided.' })
try {
const album = await db.table('albums')
.where({
identifier,
enabled: 1
})
.first()
if (!album)
return res.json({
success: false,
description: 'Album not found.'
})
else if (album.public === 0)
return res.status(403).json({
success: false,
description: 'This album is not available for public.'
})
const title = album.name
const files = await db.table('files')
.select('name')
.where('albumid', album.id)
.orderBy('id', 'DESC')
for (const file of files) {
file.file = `${config.domain}/${file.name}`
const extname = utils.extname(file.name)
if (utils.mayGenerateThumb(extname))
file.thumb = `${config.domain}/thumbs/${file.name.slice(0, -extname.length)}.png`
}
return res.json({
success: true,
title,
count: files.length,
files
})
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occcured. Try again?' })
}
}
self.generateZip = async (req, res, next) => {
const versionString = parseInt(req.query.v)
const download = (filePath, fileName) => {
const headers = {}
if (config.cacheControl && versionString > 0) {
headers['Access-Control-Allow-Origin'] = '*'
headers['Cache-Control'] = 'public, max-age=2592000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800'
}
return res.download(filePath, fileName, { headers })
}
const identifier = req.params.identifier
if (identifier === undefined)
return res.status(401).json({
success: false,
description: 'No identifier provided.'
})
if (!config.uploads.generateZips)
return res.status(401).json({
success: false,
description: 'Zip generation disabled.'
})
try {
const album = await db.table('albums')
.where({
identifier,
enabled: 1
})
.first()
if (!album)
return res.json({ success: false, description: 'Album not found.' })
else if (album.download === 0)
return res.json({ success: false, description: 'Download for this album is disabled.' })
if ((isNaN(versionString) || versionString <= 0) && album.editedAt)
return res.redirect(`${album.identifier}?v=${album.editedAt}`)
if (album.zipGeneratedAt > album.editedAt) {
const filePath = path.join(paths.zips, `${identifier}.zip`)
const exists = await new Promise(resolve => fs.access(filePath, error => resolve(!error)))
if (exists) {
const fileName = `${album.name}.zip`
return download(filePath, fileName)
}
}
if (self.zipEmitters.has(identifier)) {
logger.log(`Waiting previous zip task for album: ${identifier}.`)
return self.zipEmitters.get(identifier).once('done', (filePath, fileName, json) => {
if (filePath && fileName)
download(filePath, fileName)
else if (json)
res.json(json)
})
}
self.zipEmitters.set(identifier, new ZipEmitter(identifier))
logger.log(`Starting zip task for album: ${identifier}.`)
const files = await db.table('files')
.select('name', 'size')
.where('albumid', album.id)
if (files.length === 0) {
logger.log(`Finished zip task for album: ${identifier} (no files).`)
const json = {
success: false,
description: 'There are no files in the album.'
}
self.zipEmitters.get(identifier).emit('done', null, null, json)
return res.json(json)
}
if (zipMaxTotalSize) {
const totalSizeBytes = files.reduce((accumulator, file) => accumulator + parseInt(file.size), 0)
if (totalSizeBytes > zipMaxTotalSizeBytes) {
logger.log(`Finished zip task for album: ${identifier} (size exceeds).`)
const json = {
success: false,
description: `Total size of all files in the album exceeds the configured limit (${zipMaxTotalSize} MB).`
}
self.zipEmitters.get(identifier).emit('done', null, null, json)
return res.json(json)
}
}
const zipPath = path.join(paths.zips, `${album.identifier}.zip`)
const archive = new Zip()
try {
for (const file of files) {
const data = await paths.readFile(path.join(paths.uploads, file.name))
archive.file(file.name, data)
}
await new Promise((resolve, reject) => {
archive.generateNodeStream(zipOptions)
.pipe(fs.createWriteStream(zipPath))
.on('error', error => reject(error))
.on('finish', () => resolve())
})
} catch (error) {
logger.error(error)
return res.status(500).json({
success: 'false',
description: error.toString()
})
}
logger.log(`Finished zip task for album: ${identifier} (success).`)
await db.table('albums')
.where('id', album.id)
.update('zipGeneratedAt', Math.floor(Date.now() / 1000))
utils.invalidateStatsCache('albums')
const filePath = path.join(paths.zips, `${identifier}.zip`)
const fileName = `${album.name}.zip`
self.zipEmitters.get(identifier).emit('done', filePath, fileName)
return download(filePath, fileName)
} catch (error) {
logger.error(error)
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
self.addFiles = async (req, res, next) => {
const user = await utils.authorize(req, res)
if (!user) return
const ids = req.body.ids
if (!Array.isArray(ids) || !ids.length)
return res.json({ success: false, description: 'No files specified.' })
let albumid = parseInt(req.body.albumid)
if (isNaN(albumid) || albumid < 0) albumid = null
let failed = []
const albumids = []
try {
if (albumid !== null) {
const album = await db.table('albums')
.where('id', albumid)
.where(function () {
if (user.username !== 'root')
this.where('userid', user.id)
})
.first()
if (!album)
return res.json({
success: false,
description: 'Album does not exist or it does not belong to the user.'
})
albumids.push(albumid)
}
const files = await db.table('files')
.whereIn('id', ids)
.where('userid', user.id)
failed = ids.filter(id => !files.find(file => file.id === id))
await db.table('files')
.whereIn('id', files.map(file => file.id))
.update('albumid', albumid)
files.forEach(file => {
if (file.albumid && !albumids.includes(file.albumid))
albumids.push(file.albumid)
})
await db.table('albums')
.whereIn('id', albumids)
.update('editedAt', Math.floor(Date.now() / 1000))
return res.json({ success: true, failed })
} catch (error) {
logger.error(error)
if (failed.length === ids.length)
return res.json({
success: false,
description: `Could not ${albumid === null ? 'add' : 'remove'} any files ${albumid === null ? 'to' : 'from'} the album.`
})
else
return res.status(500).json({ success: false, description: 'An unexpected error occurred. Try again?' })
}
}
module.exports = self