split/monofile
1
0
Fork 0
mirror of https://github.com/mollersuite/monofile.git synced 2024-11-21 21:36:26 -08:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

refactor: ♻️ Honofile.

Browse source
This commit is contained in:
Jack W. 2023-10-24 19:59:00 -04:00
parent 6220cd8b0f
commit 0366c91f74
No known key found for this signature in database
18 changed files with 1531 additions and 1308 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
package.json
View file

@ -17,6 +17,7 @@
"node": ">=v16.11" "node": ">=v16.11"
}, },
"dependencies": { "dependencies": {
"@hono/node-server": "^1.2.0",
"@types/body-parser": "^1.19.2", "@types/body-parser": "^1.19.2",
"@types/express": "^4.17.14", "@types/express": "^4.17.14",
"@types/multer": "^1.4.7", "@types/multer": "^1.4.7",

8
pnpm-lock.yaml
View file

@ -5,6 +5,9 @@ settings:
excludeLinksFromLockfile: false excludeLinksFromLockfile: false
dependencies: dependencies:
'@hono/node-server':
specifier: ^1.2.0
version: 1.2.0
'@types/body-parser': '@types/body-parser':
specifier: ^1.19.2 specifier: ^1.19.2
version: 1.19.3 version: 1.19.3
@ -337,6 +340,11 @@ packages:
dev: true dev: true
optional: true optional: true
/@hono/node-server@1.2.0:
resolution: {integrity: sha512-aHT8lDMLpd7ioXJ1/057+h+oE/k7rCOWmjklYDsE0jE4CoNB9XzG4f8dRHvw4s5HJFocaYDiGgYM/V0kYbQ0ww==}
engines: {node: '>=18.0.0'}
dev: false
/@jridgewell/sourcemap-codec@1.4.15: /@jridgewell/sourcemap-codec@1.4.15:
resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==} resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==}
dev: true dev: true

78
src/server/index.ts
View file

@ -1,45 +1,63 @@
import cookieParser from "cookie-parser"
import { IntentsBitField, Client } from "discord.js" import { IntentsBitField, Client } from "discord.js"
import express from "express" import { serve } from "@hono/node-server"
import { serveStatic } from "@hono/node-server/serve-static"
import { Hono } from "hono"
import fs from "fs" import fs from "fs"
import Files from "./lib/files" import Files from "./lib/files"
import { getAccount } from "./lib/middleware" import { getAccount } from "./lib/middleware"
import APIRouter from "./routes/api" import APIRouter from "./routes/api"
import preview from "./preview" import preview from "./preview"
require("dotenv").config() require("dotenv").config()
const pkg = require(`${process.cwd()}/package.json`) const pkg = require(`${process.cwd()}/package.json`)
let app = express() const app = new Hono()
let config = require(`${process.cwd()}/config.json`) let config = require(`${process.cwd()}/config.json`)
app.use("/static/assets", express.static("assets")) app.get(
app.use("/static/vite", express.static("dist/static/vite")) "/static/assets/*",
serveStatic({
rewriteRequestPath: (path) => {
return path.replace("/static/assets", "/assets")
},
})
)
app.get(
"/static/vite/*",
serveStatic({
rewriteRequestPath: (path) => {
return path.replace("/static/vite", "/dist/static/vite")
},
})
)
//app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]})) //app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]}))
app.use(cookieParser())
// check for ssl, if not redirect // check for ssl, if not redirect
if (config.trustProxy) app.enable("trust proxy") if (config.trustProxy) {
// app.enable("trust proxy")
}
if (config.forceSSL) { if (config.forceSSL) {
app.use((req, res, next) => { app.use(async (ctx, next) => {
if (req.protocol == "http") if (new URL(ctx.req.url).protocol == "http") {
res.redirect(`https://${req.get("host")}${req.originalUrl}`) return ctx.redirect(
else next() `https://${ctx.req.header("host")}${
new URL(ctx.req.url).pathname
}`
)
} else {
return next()
}
}) })
} }
app.get("/server", (req, res) => { app.get("/server", (ctx) =>
res.send( ctx.json({
JSON.stringify({
...config, ...config,
version: pkg.version, version: pkg.version,
files: Object.keys(files.files).length, files: Object.keys(files.files).length,
}) })
) )
})
// funcs // funcs
@ -60,17 +78,19 @@ let client = new Client({
let files = new Files(client, config) let files = new Files(client, config)
let apiRouter = new APIRouter(files) const apiRouter = new APIRouter(files)
apiRouter.loadAPIMethods().then(() => { apiRouter.loadAPIMethods().then(() => {
app.use(apiRouter.root) app.route("/", apiRouter.root)
console.log("API OK!") console.log("API OK!")
}) })
// index, clone // index, clone
app.get("/", function (req, res) { app.get("/", async (ctx) =>
res.sendFile(process.cwd() + "/dist/index.html") ctx.html(
}) await fs.promises.readFile(process.cwd() + "/dist/index.html", "utf-8")
)
)
// serve download page // serve download page
@ -87,8 +107,16 @@ app.get("/download/:fileId", getAccount, preview(files))
// listen on 3000 or MONOFILE_PORT // listen on 3000 or MONOFILE_PORT
app.listen(process.env.MONOFILE_PORT || 3000, function () { serve(
console.log("Web OK!") {
}) fetch: app.fetch,
port: Number(process.env.MONOFILE_PORT || 3000),
},
(info) => {
console.log("Web OK!", info.port, info.address)
}
)
client.login(process.env.TOKEN) client.login(process.env.TOKEN)
export = app

58
src/server/lib/auth.ts
View file

@ -1,5 +1,6 @@
import crypto from "crypto" import crypto from "crypto"
import express from "express" import { getCookie } from "hono/cookie"
import type { Context } from "hono"
import { readFile, writeFile } from "fs/promises" import { readFile, writeFile } from "fs/promises"
export let AuthTokens: AuthToken[] = [] export let AuthTokens: AuthToken[] = []
export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {} export let AuthTokenTO: { [key: string]: NodeJS.Timeout } = {}
@ -11,36 +12,37 @@ export const ValidTokenPermissions = [
"upload", // allows an app to upload under an account "upload", // allows an app to upload under an account
"manage", // allows an app to manage an account's files "manage", // allows an app to manage an account's files
"customize", // allows an app to change customization settings "customize", // allows an app to change customization settings
"admin" // only available for accounts with admin "admin", // only available for accounts with admin
// gives an app access to all admin tools // gives an app access to all admin tools
] as const ] as const
export type TokenType = "User" | "App" export type TokenType = "User" | "App"
export type TokenPermission = typeof ValidTokenPermissions[number] export type TokenPermission = (typeof ValidTokenPermissions)[number]
export interface AuthToken { export interface AuthToken {
account: string, account: string
token: string, token: string
expire: number, expire: number
type?: TokenType, // if !type, assume User type?: TokenType // if !type, assume User
tokenPermissions?: TokenPermission[] // default to user if type is App, tokenPermissions?: TokenPermission[] // default to user if type is App,
// give full permissions if type is User // give full permissions if type is User
} }
export function create( export function create(
id: string, id: string,
expire:number=(24*60*60*1000), expire: number = 24 * 60 * 60 * 1000,
type: TokenType = "User", type: TokenType = "User",
tokenPermissions?: TokenPermission[] tokenPermissions?: TokenPermission[]
) { ) {
let token = { let token = {
account: id, account: id,
token:crypto.randomBytes(36).toString('hex'), token: crypto.randomBytes(36).toString("hex"),
expire: expire ? Date.now() + expire : 0, expire: expire ? Date.now() + expire : 0,
type, type,
tokenPermissions: type == "App" ? tokenPermissions || ["user"] : undefined tokenPermissions:
type == "App" ? tokenPermissions || ["user"] : undefined,
} }
AuthTokens.push(token) AuthTokens.push(token)
@ -51,16 +53,19 @@ export function create(
return token.token return token.token
} }
export function tokenFor(req: express.Request) { export function tokenFor(ctx: Context) {
return req.cookies.auth || ( return (
req.header("authorization")?.startsWith("Bearer ") getCookie(ctx, "auth") ||
? req.header("authorization")?.split(" ")[1] (ctx.req.header("authorization")?.startsWith("Bearer ")
: undefined ? ctx.req.header("authorization")?.split(" ")[1]
: undefined)
) )
} }
function getToken(token: string) { function getToken(token: string) {
return AuthTokens.find(e => e.token == token && (e.expire == 0 || Date.now() < e.expire)) return AuthTokens.find(
(e) => e.token == token && (e.expire == 0 || Date.now() < e.expire)
)
} }
export function validate(token: string) { export function validate(token: string) {
@ -82,7 +87,10 @@ export function tokenTimer(token:AuthToken) {
return return
} }
AuthTokenTO[token.token] = setTimeout(() => invalidate(token.token),token.expire-Date.now()) AuthTokenTO[token.token] = setTimeout(
() => invalidate(token.token),
token.expire - Date.now()
)
} }
export function invalidate(token: string) { export function invalidate(token: string) {
@ -90,17 +98,23 @@ export function invalidate(token:string) {
clearTimeout(AuthTokenTO[token]) clearTimeout(AuthTokenTO[token])
} }
AuthTokens.splice(AuthTokens.findIndex(e => e.token == token),1) AuthTokens.splice(
AuthTokens.findIndex((e) => e.token == token),
1
)
save() save()
} }
export function save() { export function save() {
writeFile(`${process.cwd()}/.data/tokens.json`,JSON.stringify(AuthTokens)) writeFile(
.catch((err) => console.error(err)) `${process.cwd()}/.data/tokens.json`,
JSON.stringify(AuthTokens)
).catch((err) => console.error(err))
} }
readFile(`${process.cwd()}/.data/tokens.json`) readFile(`${process.cwd()}/.data/tokens.json`)
.then((buf) => { .then((buf) => {
AuthTokens = JSON.parse(buf.toString()) AuthTokens = JSON.parse(buf.toString())
AuthTokens.forEach(e => tokenTimer(e)) AuthTokens.forEach((e) => tokenTimer(e))
}).catch(err => console.error(err)) })
.catch((err) => console.error(err))

40
src/server/lib/errors.ts
View file

@ -1,48 +1,36 @@
import { Response } from "express";
import { readFile } from "fs/promises" import { readFile } from "fs/promises"
import type { Context } from "hono"
let errorPage: string let errorPage: string
/** /**
* @description Serves an error as a response to a request with an error page attached * @description Serves an error as a response to a request with an error page attached
* @param res Express response object * @param ctx Express response object
* @param code Error code * @param code Error code
* @param reason Error reason * @param reason Error reason
*/ */
export default async function ServeError( export default async function ServeError(
res:Response, ctx: Context,
code: number, code: number,
reason: string reason: string
) { ) {
// fetch error page if not cached // fetch error page if not cached
if (!errorPage) { if (!errorPage) {
errorPage = errorPage = (
( (await readFile(`${process.cwd()}/dist/error.html`).catch((err) =>
await readFile(`${process.cwd()}/dist/error.html`) console.error(err)
.catch((err) => console.error(err)) )) || "<pre>$code $text</pre>"
|| "<pre>$code $text</pre>" ).toString()
)
.toString()
} }
// serve error // serve error
res.statusMessage = reason return ctx.html(
res.status(code)
res.header("x-backup-status-message", reason) // glitch default nginx configuration
res.send(
errorPage errorPage
.replaceAll("$code", code.toString()) .replaceAll("$code", code.toString())
.replaceAll("$text",reason) .replaceAll("$text", reason),
code,
{
"x-backup-status-message": reason, // glitch default nginx configuration
}
) )
} }
/**
* @description Redirects a user to another page.
* @param res Express response object
* @param url Target URL
* @deprecated Use `res.redirect` instead.
*/
export function Redirect(res:Response,url:string) {
res.status(302)
res.header("Location",url)
res.send()
}

101
src/server/lib/middleware.ts
View file

@ -1,36 +1,34 @@
import * as Accounts from "./accounts"; import * as Accounts from "./accounts"
import express, { type RequestHandler } from "express" import { Handler as RequestHandler } from "hono"
import ServeError from "../lib/errors"; import ServeError from "../lib/errors"
import * as auth from "./auth"; import * as auth from "./auth"
/** /**
* @description Middleware which adds an account, if any, to res.locals.acc * @description Middleware which adds an account, if any, to ctx.get("account")
*/ */
export const getAccount: RequestHandler = function(req, res, next) { export const getAccount: RequestHandler = function (ctx, next) {
res.locals.acc = Accounts.getFromToken(auth.tokenFor(req)) ctx.set("account", Accounts.getFromToken(auth.tokenFor(ctx)!))
next() return next()
} }
/** /**
* @description Middleware which blocks requests which do not have res.locals.acc set * @description Middleware which blocks requests which do not have ctx.get("account") set
*/ */
export const requiresAccount: RequestHandler = function(_req, res, next) { export const requiresAccount: RequestHandler = function (ctx, next) {
if (!res.locals.acc) { if (!ctx.get("account")) {
ServeError(res, 401, "not logged in") return ServeError(ctx, 401, "not logged in")
return
} }
next() return next()
} }
/** /**
* @description Middleware which blocks requests that have res.locals.acc.admin set to a falsy value * @description Middleware which blocks requests that have ctx.get("account").admin set to a falsy value
*/ */
export const requiresAdmin: RequestHandler = function(_req, res, next) { export const requiresAdmin: RequestHandler = function (ctx, next) {
if (!res.locals.acc.admin) { if (!ctx.get("account").admin) {
ServeError(res, 403, "you are not an administrator") return ServeError(ctx, 403, "you are not an administrator")
return
} }
next() return next()
} }
/** /**
@ -39,27 +37,26 @@ export const requiresAdmin: RequestHandler = function(_req, res, next) {
* @returns Express middleware * @returns Express middleware
*/ */
export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler { export const requiresPermissions = function (
return function(req, res, next) { ...tokenPermissions: auth.TokenPermission[]
let token = auth.tokenFor(req) ): RequestHandler {
return function (ctx, next) {
let token = auth.tokenFor(ctx)!
let type = auth.getType(token) let type = auth.getType(token)
if (type == "App") { if (type == "App") {
let permissions = auth.getPermissions(token) let permissions = auth.getPermissions(token)
if (!permissions) ServeError(res, 403, "insufficient permissions") if (!permissions) return ServeError(ctx, 403, "insufficient permissions")
else { else {
for (let v of tokenPermissions) { for (let v of tokenPermissions) {
if (!permissions.includes(v as auth.TokenPermission)) { if (!permissions.includes(v as auth.TokenPermission)) {
ServeError(res,403,"insufficient permissions") return ServeError(ctx, 403, "insufficient permissions")
return
} }
} }
next() return next()
} }
} else next() } else return next()
} }
} }
@ -67,20 +64,31 @@ export const requiresPermissions = function(...tokenPermissions: auth.TokenPermi
* @description Blocks requests based on whether or not the token being used to access the route is of type `User`. * @description Blocks requests based on whether or not the token being used to access the route is of type `User`.
*/ */
export const noAPIAccess: RequestHandler = function(req, res, next) { export const noAPIAccess: RequestHandler = function (ctx, next) {
if (auth.getType(auth.tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint") if (auth.getType(auth.tokenFor(ctx)!) == "App")
else next() return ServeError(ctx, 403, "apps are not allowed to access this endpoint")
else return next()
} }
/** /**
@description Add a restriction to this route; the condition must be true to allow API requests. @description Add a restriction to this route; the condition must be true to allow API requests.
*/ */
export const assertAPI = function(condition: (acc:Accounts.Account, token:string) => boolean):RequestHandler { export const assertAPI = function (
return function(req, res, next) { condition: (acc: Accounts.Account, token: string) => boolean
let reqToken = auth.tokenFor(req) ): RequestHandler {
if (auth.getType(reqToken) == "App" && condition(res.locals.acc, reqToken)) ServeError(res, 403, "apps are not allowed to access this endpoint") return function (ctx, next) {
else next() let reqToken = auth.tokenFor(ctx)!
if (
auth.getType(reqToken) == "App" &&
condition(ctx.get("account"), reqToken)
)
return ServeError(
ctx,
403,
"apps are not allowed to access this endpoint"
)
else return next()
} }
} }
@ -94,21 +102,10 @@ interface SchemeObject {
} }
interface SchemeArray { interface SchemeArray {
type: "array", type: "array"
children: SchemeParameter /* All children of the array must be this type */ children:
| SchemeParameter /* All children of the array must be this type */
| SchemeParameter[] /* Array must match this pattern */ | SchemeParameter[] /* Array must match this pattern */
} }
type SchemeParameter = SchemeType | SchemeObject | SchemeArray type SchemeParameter = SchemeType | SchemeObject | SchemeArray
/**
* @description Blocks requests based on whether or not the token being used to access the route is of type `User` unless a condition is met.
* @param tokenPermissions Permissions which your route requires.
* @returns Express middleware
*/
export const sanitize = function(scheme: SchemeObject):RequestHandler {
return function(req, res, next) {
}
}

30
src/server/lib/ratelimit.ts
View file

@ -1,49 +1,49 @@
import { RequestHandler } from "express" import type { Handler } from "hono"
import { type Account } from "./accounts"
import ServeError from "./errors" import ServeError from "./errors"
interface RatelimitSettings { interface RatelimitSettings {
requests: number requests: number
per: number per: number
} }
/** /**
* @description Ratelimits a route based on res.locals.acc * @description Ratelimits a route based on ctx.get("account")
* @param settings Ratelimit settings * @param settings Ratelimit settings
* @returns Express middleware * @returns Express middleware
*/ */
export function accountRatelimit( settings: RatelimitSettings ): RequestHandler { export function accountRatelimit(settings: RatelimitSettings): Handler {
let activeLimits: { let activeLimits: {
[key: string]: { [key: string]: {
requests: number, requests: number
expirationHold: NodeJS.Timeout expirationHold: NodeJS.Timeout
} }
} = {} } = {}
return (req, res, next) => { return (ctx, next) => {
if (res.locals.acc) { if (ctx.get("account")) {
let accId = res.locals.acc.id let accId = ctx.get("account").id
let aL = activeLimits[accId] let aL = activeLimits[accId]
if (!aL) { if (!aL) {
activeLimits[accId] = { activeLimits[accId] = {
requests: 0, requests: 0,
expirationHold: setTimeout(() => delete activeLimits[accId], settings.per) expirationHold: setTimeout(
() => delete activeLimits[accId],
settings.per
),
} }
aL = activeLimits[accId] aL = activeLimits[accId]
} }
if (aL.requests < settings.requests) { if (aL.requests < settings.requests) {
res.locals.undoCount = () => { ctx.set("undoCount", () => {
if (activeLimits[accId]) { if (activeLimits[accId]) {
activeLimits[accId].requests-- activeLimits[accId].requests--
} }
} })
next() return next()
} else { } else {
ServeError(res, 429, "too many requests") return ServeError(ctx, 429, "too many requests")
} }
} }
} }

39
src/server/preview.ts
View file

@ -2,31 +2,32 @@ import fs from "fs/promises"
import bytes from "bytes" import bytes from "bytes"
import ServeError from "./lib/errors" import ServeError from "./lib/errors"
import * as Accounts from "./lib/accounts" import * as Accounts from "./lib/accounts"
import type { Handler } from "express" import type { Handler } from "hono"
import type Files from "./lib/files" import type Files from "./lib/files"
const pkg = require(`${process.cwd()}/package.json`) const pkg = require(`${process.cwd()}/package.json`)
export = (files: Files): Handler => export = (files: Files): Handler =>
async (req, res) => { async (ctx) => {
let acc = res.locals.acc as Accounts.Account let acc = ctx.get("account") as Accounts.Account
const file = files.getFilePointer(req.params.fileId) const fileId = ctx.req.param("fileId")
const host = ctx.req.header("Host")
const file = files.getFilePointer(fileId)
if (file) { if (file) {
if (file.visibility == "private" && acc?.id != file.owner) { if (file.visibility == "private" && acc?.id != file.owner) {
ServeError(res, 403, "you do not own this file") return ServeError(ctx, 403, "you do not own this file")
return
} }
const template = await fs const template = await fs
.readFile(process.cwd() + "/dist/download.html", "utf8") .readFile(process.cwd() + "/dist/download.html", "utf8")
.catch(() => { .catch(() => {
throw res.sendStatus(500) throw ctx.status(500)
}) })
let fileOwner = file.owner let fileOwner = file.owner
? Accounts.getFromId(file.owner) ? Accounts.getFromId(file.owner)
: undefined : undefined
res.send( return ctx.html(
template template
.replaceAll("$FileId", req.params.fileId) .replaceAll("$FileId", fileId)
.replaceAll("$Version", pkg.version) .replaceAll("$Version", pkg.version)
.replaceAll( .replaceAll(
"$FileSize", "$FileSize",
@ -44,18 +45,14 @@ export = (files: Files): Handler =>
.replace( .replace(
"<!--metaTags-->", "<!--metaTags-->",
(file.mime.startsWith("image/") (file.mime.startsWith("image/")
? `<meta name="og:image" content="https://${req.headers.host}/file/${req.params.fileId}" />` ? `<meta name="og:image" content="https://${host}/file/${fileId}" />`
: file.mime.startsWith("video/") : file.mime.startsWith("video/")
? `<meta property="og:video:url" content="https://${ ? `<meta property="og:video:url" content="https://${host}/cpt/${fileId}/video.${
req.headers.host
}/cpt/${req.params.fileId}/video.${
file.mime.split("/")[1] == "quicktime" file.mime.split("/")[1] == "quicktime"
? "mov" ? "mov"
: file.mime.split("/")[1] : file.mime.split("/")[1]
}" /> }" />
<meta property="og:video:secure_url" content="https://${ <meta property="og:video:secure_url" content="https://${host}/cpt/${fileId}/video.${
req.headers.host
}/cpt/${req.params.fileId}/video.${
file.mime.split("/")[1] == "quicktime" file.mime.split("/")[1] == "quicktime"
? "mov" ? "mov"
: file.mime.split("/")[1] : file.mime.split("/")[1]
@ -79,7 +76,7 @@ export = (files: Files): Handler =>
`\n<meta name="theme-color" content="${ `\n<meta name="theme-color" content="${
fileOwner?.embed?.color && fileOwner?.embed?.color &&
file.visibility != "anonymous" && file.visibility != "anonymous" &&
(req.headers["user-agent"] || "").includes( (ctx.req.header("user-agent") || "").includes(
"Discordbot" "Discordbot"
) )
? `#${fileOwner.embed.color}` ? `#${fileOwner.embed.color}`
@ -89,11 +86,11 @@ export = (files: Files): Handler =>
.replace( .replace(
"<!--preview-->", "<!--preview-->",
file.mime.startsWith("image/") file.mime.startsWith("image/")
? `<div style="min-height:10px"></div><img src="/file/${req.params.fileId}" />` ? `<div style="min-height:10px"></div><img src="/file/${fileId}" />`
: file.mime.startsWith("video/") : file.mime.startsWith("video/")
? `<div style="min-height:10px"></div><video src="/file/${req.params.fileId}" controls></video>` ? `<div style="min-height:10px"></div><video src="/file/${fileId}" controls></video>`
: file.mime.startsWith("audio/") : file.mime.startsWith("audio/")
? `<div style="min-height:10px"></div><audio src="/file/${req.params.fileId}" controls></audio>` ? `<div style="min-height:10px"></div><audio src="/file/${fileId}" controls></audio>`
: "" : ""
) )
.replaceAll( .replaceAll(
@ -104,6 +101,6 @@ export = (files: Files): Handler =>
) )
) )
} else { } else {
ServeError(res, 404, "file not found") ServeError(ctx, 404, "file not found")
} }
} }

46
src/server/routes/api.ts
View file

@ -1,6 +1,6 @@
import { Router } from "express"; import { Hono } from "hono"
import { readFile, readdir } from "fs/promises"; import { readFile, readdir } from "fs/promises"
import Files from "../lib/files"; import Files from "../lib/files"
const APIDirectory = __dirname + "/api" const APIDirectory = __dirname + "/api"
@ -22,31 +22,31 @@ function resolveMount(mount: APIMountResolvable): APIMount {
} }
class APIVersion { class APIVersion {
readonly definition: APIDefinition; readonly definition: APIDefinition
readonly apiPath: string; readonly apiPath: string
readonly root: Router = Router(); readonly root: Hono = new Hono()
constructor(definition: APIDefinition, files: Files) { constructor(definition: APIDefinition, files: Files) {
this.definition = definition
this.definition = definition;
this.apiPath = APIDirectory + "/" + definition.name this.apiPath = APIDirectory + "/" + definition.name
for (let _mount of definition.mount) { for (let _mount of definition.mount) {
let mount = resolveMount(_mount) let mount = resolveMount(_mount)
// no idea if there's a better way to do this but this is all i can think of // no idea if there's a better way to do this but this is all i can think of
let route = require(`${this.apiPath}/${mount.file}.js`) as (files:Files)=>Router let route = require(`${this.apiPath}/${mount.file}.js`) as (
this.root.use(mount.to, route(files)) files: Files
) => Hono
this.root.route(mount.to, route(files))
} }
} }
} }
export default class APIRouter { export default class APIRouter {
readonly files: Files readonly files: Files
readonly root: Router = Router(); readonly root: Hono = new Hono()
constructor(files: Files) { constructor(files: Files) {
this.files = files; this.files = files
} }
/** /**
@ -55,24 +55,26 @@ export default class APIRouter {
*/ */
private mount(definition: APIDefinition) { private mount(definition: APIDefinition) {
console.log(`mounting APIDefinition ${definition.name}`) console.log(`mounting APIDefinition ${definition.name}`)
this.root.use( this.root.route(
definition.baseURL, definition.baseURL,
(new APIVersion(definition, this.files)).root new APIVersion(definition, this.files).root
) )
} }
async loadAPIMethods() { async loadAPIMethods() {
let files = await readdir(APIDirectory) let files = await readdir(APIDirectory)
for (let v of files) { /// temporary (hopefully). need to figure out something else for this for (let version of files) {
let def = JSON.parse((await readFile(`${process.cwd()}/src/server/routes/api/${v}/api.json`)).toString()) as APIDefinition /// temporary (hopefully). need to figure out something else for this
let def = JSON.parse(
(
await readFile(
`${process.cwd()}/src/server/routes/api/${version}/api.json`
)
).toString()
) as APIDefinition
this.mount(def) this.mount(def)
} }
} }
} }

265
src/server/routes/api/v0/adminRoutes.ts
View file

@ -1,20 +1,21 @@
import bodyParser from "body-parser"; import { Hono } from "hono"
import { Router } from "express"; import * as Accounts from "../../../lib/accounts"
import * as Accounts from "../../../lib/accounts"; import * as auth from "../../../lib/auth"
import * as auth from "../../../lib/auth"; import { writeFile } from "fs/promises"
import bytes from "bytes" import { sendMail } from "../../../lib/mail"
import {writeFile} from "fs"; import {
import { sendMail } from "../../../lib/mail"; getAccount,
import { getAccount, requiresAccount, requiresAdmin, requiresPermissions } from "../../../lib/middleware" requiresAccount,
requiresAdmin,
requiresPermissions,
} from "../../../lib/middleware"
import Files from "../../../lib/files"
import ServeError from "../../../lib/errors"; export let adminRoutes = new Hono<{
import Files from "../../../lib/files"; Variables: {
account: Accounts.Account
let parser = bodyParser.json({ }
type: ["text/plain","application/json"] }>()
})
export let adminRoutes = Router();
adminRoutes adminRoutes
.use(getAccount) .use(getAccount)
.use(requiresAccount) .use(requiresAccount)
@ -24,212 +25,196 @@ adminRoutes
let config = require(`${process.cwd()}/config.json`) let config = require(`${process.cwd()}/config.json`)
module.exports = function (files: Files) { module.exports = function (files: Files) {
adminRoutes.post("/reset", async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (
adminRoutes.post("/reset", parser, (req,res) => { typeof body.target !== "string" ||
typeof body.password !== "string"
let acc = res.locals.acc as Accounts.Account ) {
return ctx.status(404)
if (typeof req.body.target !== "string" || typeof req.body.password !== "string") {
res.status(404)
res.send()
return
} }
let targetAccount = Accounts.getFromUsername(req.body.target) let targetAccount = Accounts.getFromUsername(body.target)
if (!targetAccount) { if (!targetAccount) {
res.status(404) return ctx.status(404)
res.send()
return
} }
Accounts.password.set ( targetAccount.id, req.body.password ) Accounts.password.set(targetAccount.id, body.password)
auth.AuthTokens.filter(e => e.account == targetAccount?.id).forEach((v) => { auth.AuthTokens.filter((e) => e.account == targetAccount?.id).forEach(
(v) => {
auth.invalidate(v.token) auth.invalidate(v.token)
}) }
)
if (targetAccount.email) { if (targetAccount.email) {
sendMail(targetAccount.email, `Your login details have been updated`, `<b>Hello there!</b> This email is to notify you of a password change that an administrator, <span username>${acc.username}</span>, has initiated. You have been logged out of your devices. Thank you for using monofile.`).then(() => { return sendMail(
res.send("OK") targetAccount.email,
}).catch((err) => {}) `Your login details have been updated`,
`<b>Hello there!</b> This email is to notify you of a password change that an administrator, <span username>${acc.username}</span>, has initiated. You have been logged out of your devices. Thank you for using monofile.`
)
.then(() => ctx.text("OK"))
.catch(() => ctx.status(500))
} }
res.send()
}) })
adminRoutes.post("/elevate", parser, (req,res) => { adminRoutes.post("/elevate", async (ctx) => {
const body = await ctx.req.json()
let acc = ctx.get("account") as Accounts.Account
let acc = res.locals.acc as Accounts.Account if (typeof body.target !== "string") {
return ctx.status(404)
if (typeof req.body.target !== "string") {
res.status(404)
res.send()
return
} }
let targetAccount = Accounts.getFromUsername(req.body.target) let targetAccount = Accounts.getFromUsername(body.target)
if (!targetAccount) { if (!targetAccount) {
res.status(404) return ctx.status(404)
res.send()
return
} }
targetAccount.admin = true;
Accounts.save() Accounts.save()
res.send() return ctx.text("OK")
}) })
adminRoutes.post("/delete", parser, (req,res) => { adminRoutes.post("/delete", async (ctx) => {
const body = await ctx.req.json()
if (typeof req.body.target !== "string") { if (typeof body.target !== "string") {
res.status(404) return ctx.status(404)
res.send()
return
} }
let targetFile = files.getFilePointer(req.body.target) let targetFile = files.getFilePointer(body.target)
if (!targetFile) { if (!targetFile) {
res.status(404) return ctx.status(404)
res.send()
return
} }
files.unlink(req.body.target).then(() => { return files
res.status(200) .unlink(body.target)
}).catch(() => { .then(() => ctx.status(200))
res.status(500) .catch(() => ctx.status(500))
}).finally(() => res.send()) .finally(() => ctx.status(200))
}) })
adminRoutes.post("/delete_account", parser, async (req,res) => { adminRoutes.post("/delete_account", async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
let acc = res.locals.acc as Accounts.Account const body = await ctx.req.json()
if (typeof body.target !== "string") {
if (typeof req.body.target !== "string") { return ctx.status(404)
res.status(404)
res.send()
return
} }
let targetAccount = Accounts.getFromUsername(req.body.target) let targetAccount = Accounts.getFromUsername(body.target)
if (!targetAccount) { if (!targetAccount) {
res.status(404) return ctx.status(404)
res.send()
return
} }
let accId = targetAccount.id let accId = targetAccount.id
auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.AuthTokens.filter((e) => e.account == accId).forEach((v) => {
auth.invalidate(v.token) auth.invalidate(v.token)
}) })
let cpl = () => Accounts.deleteAccount(accId).then(_ => { let cpl = () =>
Accounts.deleteAccount(accId).then((_) => {
if (targetAccount?.email) { if (targetAccount?.email) {
sendMail(targetAccount.email, "Notice of account deletion", `Your account, <span username>${targetAccount.username}</span>, has been deleted by <span username>${acc.username}</span> for the following reason: <br><br><span style="font-weight:600">${req.body.reason || "(no reason specified)"}</span><br><br> Your files ${req.body.deleteFiles ? "have been deleted" : "have not been modified"}. Thank you for using monofile.`) sendMail(
targetAccount.email,
"Notice of account deletion",
`Your account, <span username>${
targetAccount.username
}</span>, has been deleted by <span username>${
acc.username
}</span> for the following reason: <br><br><span style="font-weight:600">${
body.reason || "(no reason specified)"
}</span><br><br> Your files ${
body.deleteFiles
? "have been deleted"
: "have not been modified"
}. Thank you for using monofile.`
)
} }
res.send("account deleted") return ctx.text("account deleted")
}) })
if (req.body.deleteFiles) { if (body.deleteFiles) {
let f = targetAccount.files.map(e=>e) // make shallow copy so that iterating over it doesnt Die let f = targetAccount.files.map((e) => e) // make shallow copy so that iterating over it doesnt Die
for (let v of f) { for (let v of f) {
files.unlink(v,true).catch(err => console.error(err)) files.unlink(v, true).catch((err) => console.error(err))
} }
writeFile(process.cwd()+"/.data/files.json",JSON.stringify(files.files), (err) => { return writeFile(
if (err) console.log(err) process.cwd() + "/.data/files.json",
cpl() JSON.stringify(files.files)
}) ).then(cpl)
} else cpl() } else return cpl()
}) })
adminRoutes.post("/transfer", parser, (req,res) => { adminRoutes.post("/transfer", async (ctx) => {
const body = await ctx.req.json()
if (typeof req.body.target !== "string" || typeof req.body.owner !== "string") { if (typeof body.target !== "string" || typeof body.owner !== "string") {
res.status(404) return ctx.status(404)
res.send()
return
} }
let targetFile = files.getFilePointer(req.body.target) let targetFile = files.getFilePointer(body.target)
if (!targetFile) { if (!targetFile) {
res.status(404) return ctx.status(404)
res.send()
return
} }
let newOwner = Accounts.getFromUsername(req.body.owner || "") let newOwner = Accounts.getFromUsername(body.owner || "")
// clear old owner // clear old owner
if (targetFile.owner) { if (targetFile.owner) {
let oldOwner = Accounts.getFromId(targetFile.owner) let oldOwner = Accounts.getFromId(targetFile.owner)
if (oldOwner) { if (oldOwner) {
Accounts.files.deindex(oldOwner.id, req.body.target) Accounts.files.deindex(oldOwner.id, body.target)
} }
} }
if (newOwner) { if (newOwner) {
Accounts.files.index(newOwner.id, req.body.target) Accounts.files.index(newOwner.id, body.target)
} }
targetFile.owner = newOwner ? newOwner.id : undefined; targetFile.owner = newOwner ? newOwner.id : undefined
files.writeFile(req.body.target, targetFile).then(() => {
res.send()
}).catch(() => {
res.status(500)
res.send()
}) // wasting a reassignment but whatee
files
.writeFile(body.target, targetFile)
.then(() => ctx.status(200))
.catch(() => ctx.status(500))
}) })
adminRoutes.post("/idchange", parser, (req,res) => { adminRoutes.post("/idchange", async (ctx) => {
const body = await ctx.req.json()
if (typeof req.body.target !== "string" || typeof req.body.new !== "string") { if (typeof body.target !== "string" || typeof body.new !== "string") {
res.status(400) return ctx.status(400)
res.send()
return
} }
let targetFile = files.getFilePointer(req.body.target) let targetFile = files.getFilePointer(body.target)
if (!targetFile) { if (!targetFile) {
res.status(404) return ctx.status(404)
res.send()
return
} }
if (files.getFilePointer(req.body.new)) { if (files.getFilePointer(body.new)) {
res.status(400) return ctx.status(400)
res.send()
return
} }
if (targetFile.owner) { if (targetFile.owner) {
Accounts.files.deindex(targetFile.owner, req.body.target) Accounts.files.deindex(targetFile.owner, body.target)
Accounts.files.index(targetFile.owner, req.body.new) Accounts.files.index(targetFile.owner, body.new)
} }
delete files.files[req.body.target] delete files.files[body.target]
files.writeFile(req.body.new, targetFile).then(() => { return files
res.send() .writeFile(body.new, targetFile)
}).catch(() => { .then(() => ctx.status(200))
files.files[req.body.target] = req.body.new .catch(() => {
files.files[body.target] = body.new
if (targetFile.owner) { if (targetFile.owner) {
Accounts.files.deindex(targetFile.owner, req.body.new) Accounts.files.deindex(targetFile.owner, body.new)
Accounts.files.index(targetFile.owner, req.body.target) Accounts.files.index(targetFile.owner, body.target)
} }
res.status(500) return ctx.status(500)
res.send()
}) })
}) })
return adminRoutes return adminRoutes

640
src/server/routes/api/v0/authRoutes.ts
View file

@ -1,260 +1,344 @@
import bodyParser from "body-parser"; import { Hono, Handler } from "hono"
import { Router } from "express"; import { getCookie, setCookie } from "hono/cookie"
import * as Accounts from "../../../lib/accounts"; import * as Accounts from "../../../lib/accounts"
import * as auth from "../../../lib/auth"; import * as auth from "../../../lib/auth"
import { sendMail } from "../../../lib/mail"; import { sendMail } from "../../../lib/mail"
import { getAccount, noAPIAccess, requiresAccount, requiresPermissions } from "../../../lib/middleware" import {
getAccount,
noAPIAccess,
requiresAccount,
requiresPermissions,
} from "../../../lib/middleware"
import { accountRatelimit } from "../../../lib/ratelimit" import { accountRatelimit } from "../../../lib/ratelimit"
import ServeError from "../../../lib/errors"; import ServeError from "../../../lib/errors"
import Files, { FileVisibility, generateFileId, id_check_regex } from "../../../lib/files"; import Files, {
FileVisibility,
generateFileId,
id_check_regex,
} from "../../../lib/files"
import { writeFile } from "fs"; import { writeFile } from "fs/promises"
let parser = bodyParser.json({ export let authRoutes = new Hono<{
type: ["text/plain","application/json"] Variables: {
}) account: Accounts.Account
}
export let authRoutes = Router(); }>()
authRoutes.use(getAccount)
let config = require(`${process.cwd()}/config.json`) let config = require(`${process.cwd()}/config.json`)
authRoutes.all("*", getAccount)
module.exports = function (files: Files) { module.exports = function (files: Files) {
authRoutes.post("/login", async (ctx) => {
authRoutes.post("/login", parser, (req,res) => { console.log(ctx)
if (typeof req.body.username != "string" || typeof req.body.password != "string") { const body = await ctx.req.json()
ServeError(res,400,"please provide a username or password") if (
return typeof body.username != "string" ||
typeof body.password != "string"
) {
return ServeError(ctx, 400, "please provide a username or password")
} }
if (auth.validate(req.cookies.auth)) return if (auth.validate(getCookie(ctx, "auth")!))
return ctx.text("You are already authed")
/* /*
check if account exists check if account exists
*/ */
let acc = Accounts.getFromUsername(req.body.username) let acc = Accounts.getFromUsername(body.username)
if (!acc) { if (!acc) {
ServeError(res,401,"username or password incorrect") return ServeError(ctx, 401, "username or password incorrect")
return
} }
if (!Accounts.password.check(acc.id,req.body.password)) { if (!Accounts.password.check(acc.id, body.password)) {
ServeError(res,401,"username or password incorrect") return ServeError(ctx, 401, "username or password incorrect")
return
} }
/* /*
assign token assign token
*/ */
res.cookie("auth",auth.create(acc.id,(3*24*60*60*1000))) setCookie(ctx, "auth", auth.create(acc.id, 3 * 24 * 60 * 60 * 1000))
res.status(200) return ctx.text("")
res.end()
}) })
authRoutes.post("/create", parser, (req,res) => { authRoutes.post("/create", async (ctx) => {
if (!config.accounts.registrationEnabled) { if (!config.accounts.registrationEnabled) {
ServeError(res,403,"account registration disabled") return ServeError(ctx, 403, "account registration disabled")
return
} }
if (auth.validate(req.cookies.auth)) return if (auth.validate(getCookie(ctx, "auth")!)) return
const body = await ctx.req.json()
if (typeof req.body.username != "string" || typeof req.body.password != "string") { if (
ServeError(res,400,"please provide a username or password") typeof body.username != "string" ||
return typeof body.password != "string"
) {
return ServeError(ctx, 400, "please provide a username or password")
} }
/* /*
check if account exists check if account exists
*/ */
let acc = Accounts.getFromUsername(req.body.username) let acc = Accounts.getFromUsername(body.username)
if (acc) { if (acc) {
ServeError(res,400,"account with this username already exists") ServeError(ctx, 400, "account with this username already exists")
return return
} }
if (req.body.username.length < 3 || req.body.username.length > 20) { if (body.username.length < 3 || body.username.length > 20) {
ServeError(res,400,"username must be over or equal to 3 characters or under or equal to 20 characters in length") return ServeError(
ctx,
400,
"username must be over or equal to 3 characters or under or equal to 20 characters in length"
)
}
if (
(body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username
) {
return ServeError(ctx, 400, "username contains invalid characters")
}
if (body.password.length < 8) {
ServeError(ctx, 400, "password must be 8 characters or longer")
return return
} }
if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) { return Accounts.create(body.username, body.password)
ServeError(res,400,"username contains invalid characters")
return
}
if (req.body.password.length < 8) {
ServeError(res,400,"password must be 8 characters or longer")
return
}
Accounts.create(req.body.username,req.body.password)
.then((newAcc) => { .then((newAcc) => {
/* /*
assign token assign token
*/ */
res.cookie("auth",auth.create(newAcc,(3*24*60*60*1000))) setCookie(
res.status(200) ctx,
res.end() "auth",
}) auth.create(newAcc, 3 * 24 * 60 * 60 * 1000)
.catch(() => { )
ServeError(res,500,"internal server error") return ctx.text("")
}) })
.catch(() => ServeError(ctx, 500, "internal server error"))
}) })
authRoutes.post("/logout", (req,res) => { authRoutes.post("/logout", async (ctx) => {
if (!auth.validate(req.cookies.auth)) { if (!auth.validate(getCookie(ctx, "auth")!)) {
ServeError(res, 401, "not logged in") return ServeError(ctx, 401, "not logged in")
return
} }
auth.invalidate(req.cookies.auth) auth.invalidate(getCookie(ctx, "auth")!)
res.send("logged out") return ctx.text("logged out")
}) })
authRoutes.post("/dfv", requiresAccount, requiresPermissions("manage"), parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/dfv",
requiresAccount,
if (['public','private','anonymous'].includes(req.body.defaultFileVisibility)) { requiresPermissions("manage"),
acc.defaultFileVisibility = req.body.defaultFileVisibility // Used body-parser
Accounts.save() async (ctx) => {
res.send(`dfv has been set to ${acc.defaultFileVisibility}`) const body = await ctx.req.json()
} else { let acc = ctx.get("account") as Accounts.Account
res.status(400)
res.send("invalid dfv")
}
})
authRoutes.post("/customcss", requiresAccount, requiresPermissions("customize"), parser, (req,res) => {
let acc = res.locals.acc as Accounts.Account
if (typeof req.body.fileId != "string") req.body.fileId = undefined;
if ( if (
["public", "private", "anonymous"].includes(
!req.body.fileId body.defaultFileVisibility
|| (req.body.fileId.match(id_check_regex) == req.body.fileId )
&& req.body.fileId.length <= config.maxUploadIdLength)
) { ) {
acc.customCSS = req.body.fileId || undefined acc.defaultFileVisibility = body.defaultFileVisibility
if (!req.body.fileId) delete acc.customCSS
Accounts.save() Accounts.save()
res.send(`custom css saved`) return ctx.text(
`dfv has been set to ${acc.defaultFileVisibility}`
)
} else { } else {
res.status(400) return ctx.text("invalid dfv", 400)
res.send("invalid fileid")
} }
}) }
)
authRoutes.post("/embedcolor", requiresAccount, requiresPermissions("customize"), parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/customcss",
requiresAccount,
requiresPermissions("customize"),
// Used body-parser
async (ctx) => {
const body = await ctx.req.json()
let acc = ctx.get("account") as Accounts.Account
if (typeof req.body.color != "string") req.body.color = undefined; if (typeof body.fileId != "string") body.fileId = undefined
if ( if (
!body.fileId ||
(body.fileId.match(id_check_regex) == body.fileId &&
body.fileId.length <= config.maxUploadIdLength)
) {
acc.customCSS = body.fileId || undefined
if (!body.fileId) delete acc.customCSS
Accounts.save()
return ctx.text(`custom css saved`)
} else {
return ctx.text("invalid fileid", 400)
}
}
)
!req.body.color authRoutes.post(
|| (req.body.color.toLowerCase().match(/[a-f0-9]+/) == req.body.color.toLowerCase()) "/embedcolor",
&& req.body.color.length == 6 requiresAccount,
requiresPermissions("customize"),
// Used body-parser
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.color != "string") body.color = undefined
if (
!body.color ||
(body.color.toLowerCase().match(/[a-f0-9]+/) ==
body.color.toLowerCase() &&
body.color.length == 6)
) { ) {
if (!acc.embed) acc.embed = {} if (!acc.embed) acc.embed = {}
acc.embed.color = req.body.color || undefined acc.embed.color = body.color || undefined
if (!req.body.color) delete acc.embed.color if (!body.color) delete acc.embed.color
Accounts.save() Accounts.save()
res.send(`custom embed color saved`) return ctx.text(`custom embed color saved`)
} else { } else {
res.status(400) return ctx.text("invalid hex code", 400)
res.send("invalid hex code")
} }
}) }
)
authRoutes.post("/embedsize", requiresAccount, requiresPermissions("customize"), parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/embedsize",
requiresAccount,
if (typeof req.body.largeImage != "boolean") req.body.color = false; requiresPermissions("customize"),
// Used body-parser
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.largeImage != "boolean") body.color = false
if (!acc.embed) acc.embed = {} if (!acc.embed) acc.embed = {}
acc.embed.largeImage = req.body.largeImage acc.embed.largeImage = body.largeImage
if (!req.body.largeImage) delete acc.embed.largeImage if (!body.largeImage) delete acc.embed.largeImage
Accounts.save() Accounts.save()
res.send(`custom embed image size saved`) return ctx.text(`custom embed image size saved`)
}) }
)
authRoutes.post("/delete_account", requiresAccount, noAPIAccess, parser, async (req,res) => {
let acc = res.locals.acc as Accounts.Account
authRoutes.post(
"/delete_account",
requiresAccount,
noAPIAccess,
// Used body-parser
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
let accId = acc.id let accId = acc.id
auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.AuthTokens.filter((e) => e.account == accId).forEach((v) => {
auth.invalidate(v.token) auth.invalidate(v.token)
}) })
let cpl = () => Accounts.deleteAccount(accId).then(_ => res.send("account deleted")) let cpl = () =>
Accounts.deleteAccount(accId).then((_) =>
ctx.text("account deleted")
)
if (req.body.deleteFiles) { if (body.deleteFiles) {
let f = acc.files.map(e=>e) // make shallow copy so that iterating over it doesnt Die let f = acc.files.map((e) => e) // make shallow copy so that iterating over it doesnt Die
for (let v of f) { for (let v of f) {
files.unlink(v,true).catch(err => console.error(err)) files.unlink(v, true).catch((err) => console.error(err))
} }
writeFile(process.cwd()+"/.data/files.json",JSON.stringify(files.files), (err) => { return writeFile(
if (err) console.log(err) process.cwd() + "/.data/files.json",
cpl() JSON.stringify(files.files)
}) ).then(cpl)
} else cpl() } else cpl()
}) }
)
authRoutes.post("/change_username", requiresAccount, noAPIAccess, parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/change_username",
requiresAccount,
if (typeof req.body.username != "string" || req.body.username.length < 3 || req.body.username.length > 20) { noAPIAccess,
ServeError(res,400,"username must be between 3 and 20 characters in length") // Used body-parser
return async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (
typeof body.username != "string" ||
body.username.length < 3 ||
body.username.length > 20
) {
return ServeError(
ctx,
400,
"username must be between 3 and 20 characters in length"
)
} }
let _acc = Accounts.getFromUsername(req.body.username) let _acc = Accounts.getFromUsername(body.username)
if (_acc) { if (_acc) {
ServeError(res,400,"account with this username already exists") return ServeError(
return ctx,
400,
"account with this username already exists"
)
} }
if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) { if (
ServeError(res,400,"username contains invalid characters") (body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] !=
return body.username
) {
return ServeError(
ctx,
400,
"username contains invalid characters"
)
} }
acc.username = req.body.username acc.username = body.username
Accounts.save() Accounts.save()
if (acc.email) { if (acc.email) {
sendMail(acc.email, `Your login details have been updated`, `<b>Hello there!</b> Your username has been updated to <span username>${req.body.username}</span>. Please update your devices accordingly. Thank you for using monofile.`).then(() => { return sendMail(
res.send("OK") acc.email,
}).catch((err) => {}) `Your login details have been updated`,
`<b>Hello there!</b> Your username has been updated to <span username>${body.username}</span>. Please update your devices accordingly. Thank you for using monofile.`
)
.then(() => ctx.text("OK"))
.catch((err) => {})
} }
res.send("username changed") return ctx.text("username changed")
}) }
)
// shit way to do this but... // shit way to do this but...
let verificationCodes = new Map<string, {code: string, email: string, expiry: NodeJS.Timeout}>() let verificationCodes = new Map<
string,
{ code: string; email: string; expiry: NodeJS.Timeout }
>()
authRoutes.post("/request_email_change", requiresAccount, noAPIAccess, accountRatelimit({ requests: 4, per: 60*60*1000 }), parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/request_email_change",
requiresAccount,
noAPIAccess,
if (typeof req.body.email != "string" || !req.body.email) { accountRatelimit({ requests: 4, per: 60 * 60 * 1000 }),
ServeError(res,400, "supply an email") // Used body-parser
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.email != "string" || !body.email) {
ServeError(ctx, 400, "supply an email")
return return
} }
@ -271,81 +355,124 @@ module.exports = function(files: Files) {
verificationCodes.set(acc.id, { verificationCodes.set(acc.id, {
code, code,
email: req.body.email, email: body.email,
expiry: setTimeout( () => verificationCodes.delete(acc?.id||""), 15*60*1000) expiry: setTimeout(
() => verificationCodes.delete(acc?.id || ""),
15 * 60 * 1000
),
}) })
// this is a mess but it's fine // this is a mess but it's fine
sendMail(req.body.email, `Hey there, ${acc.username} - let's connect your email`, `<b>Hello there!</b> You are recieving this message because you decided to link your email, <span code>${req.body.email.split("@")[0]}<span style="opacity:0.5">@${req.body.email.split("@")[1]}</span></span>, to your account, <span username>${acc.username}</span>. If you would like to continue, please <a href="https://${req.header("Host")}/auth/confirm_email/${code}"><span code>click here</span></a>, or go to https://${req.header("Host")}/auth/confirm_email/${code}.`).then(() => { sendMail(
res.send("OK") body.email,
}).catch((err) => { `Hey there, ${acc.username} - let's connect your email`,
`<b>Hello there!</b> You are recieving this message because you decided to link your email, <span code>${
body.email.split("@")[0]
}<span style="opacity:0.5">@${
body.email.split("@")[1]
}</span></span>, to your account, <span username>${
acc.username
}</span>. If you would like to continue, please <a href="https://${ctx.req.header(
"Host"
)}/auth/confirm_email/${code}"><span code>click here</span></a>, or go to https://${ctx.req.header(
"Host"
)}/auth/confirm_email/${code}.`
)
.then(() => ctx.text("OK"))
.catch((err) => {
let e = verificationCodes.get(acc?.id || "")?.expiry let e = verificationCodes.get(acc?.id || "")?.expiry
if (e) clearTimeout(e) if (e) clearTimeout(e)
verificationCodes.delete(acc?.id || "") verificationCodes.delete(acc?.id || "")
res.locals.undoCount(); ;(ctx.get("undoCount" as never) as () => {})()
ServeError(res, 500, err?.toString()) return ServeError(ctx, 500, err?.toString())
})
}) })
}
)
authRoutes.get("/confirm_email/:code", requiresAccount, noAPIAccess, (req,res) => { authRoutes.get(
let acc = res.locals.acc as Accounts.Account "/confirm_email/:code",
requiresAccount,
noAPIAccess,
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
let vcode = verificationCodes.get(acc.id) let vcode = verificationCodes.get(acc.id)
if (!vcode) { ServeError(res, 400, "nothing to confirm"); return } if (!vcode) {
ServeError(ctx, 400, "nothing to confirm")
return
}
if (typeof req.params.code == "string" && req.params.code.toUpperCase() == vcode.code) { if (
typeof ctx.req.param("code") == "string" &&
ctx.req.param("code").toUpperCase() == vcode.code
) {
acc.email = vcode.email acc.email = vcode.email
Accounts.save(); Accounts.save()
let e = verificationCodes.get(acc?.id || "")?.expiry let e = verificationCodes.get(acc?.id || "")?.expiry
if (e) clearTimeout(e) if (e) clearTimeout(e)
verificationCodes.delete(acc?.id || "") verificationCodes.delete(acc?.id || "")
res.redirect("/") return ctx.redirect("/")
} else { } else {
ServeError(res, 400, "invalid code") return ServeError(ctx, 400, "invalid code")
} }
}) }
)
authRoutes.post("/remove_email", requiresAccount, noAPIAccess, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/remove_email",
requiresAccount,
noAPIAccess,
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
if (acc.email) { if (acc.email) {
delete acc.email; delete acc.email
Accounts.save() Accounts.save()
res.send("email detached") return ctx.text("email detached")
} else return ServeError(ctx, 400, "email not attached")
} }
else ServeError(res, 400, "email not attached") )
})
let pwReset = new Map<string, {code: string, expiry: NodeJS.Timeout, requestedAt:number}>() let pwReset = new Map<
string,
{ code: string; expiry: NodeJS.Timeout; requestedAt: number }
>()
let prcIdx = new Map<string, string>() let prcIdx = new Map<string, string>()
authRoutes.post("/request_emergency_login", parser, (req,res) => { authRoutes.post("/request_emergency_login", async (ctx) => {
if (auth.validate(req.cookies.auth || "")) return if (auth.validate(getCookie(ctx, "auth") || "")) return
const body = await ctx.req.json()
if (typeof req.body.account != "string" || !req.body.account) { if (typeof body.account != "string" || !body.account) {
ServeError(res,400, "supply a username") ServeError(ctx, 400, "supply a username")
return return
} }
let acc = Accounts.getFromUsername(req.body.account) let acc = Accounts.getFromUsername(body.account)
if (!acc || !acc.email) { if (!acc || !acc.email) {
ServeError(res, 400, "this account either does not exist or does not have an email attached; please contact the server's admin for a reset if you would still like to access it") return ServeError(
return ctx,
400,
"this account either does not exist or does not have an email attached; please contact the server's admin for a reset if you would still like to access it"
)
} }
let pResetCode = pwReset.get(acc.id) let pResetCode = pwReset.get(acc.id)
if (pResetCode && pResetCode.requestedAt+(15*60*1000) > Date.now()) { if (
ServeError(res, 429, `Please wait a few moments to request another emergency login.`) pResetCode &&
return pResetCode.requestedAt + 15 * 60 * 1000 > Date.now()
) {
return ServeError(
ctx,
429,
`Please wait a few moments to request another emergency login.`
)
} }
// delete previous if any // delete previous if any
let e = pResetCode?.expiry let e = pResetCode?.expiry
if (e) clearTimeout(e) if (e) clearTimeout(e)
@ -358,107 +485,146 @@ module.exports = function(files: Files) {
pwReset.set(acc.id, { pwReset.set(acc.id, {
code, code,
expiry: setTimeout( () => { pwReset.delete(acc?.id||""); prcIdx.delete(pResetCode?.code||"") }, 15*60*1000), expiry: setTimeout(() => {
requestedAt: Date.now() pwReset.delete(acc?.id || "")
prcIdx.delete(pResetCode?.code || "")
}, 15 * 60 * 1000),
requestedAt: Date.now(),
}) })
prcIdx.set(code, acc.id) prcIdx.set(code, acc.id)
// this is a mess but it's fine // this is a mess but it's fine
sendMail(acc.email, `Emergency login requested for ${acc.username}`, `<b>Hello there!</b> You are recieving this message because you forgot your password to your monofile account, <span username>${acc.username}</span>. To log in, please <a href="https://${req.header("Host")}/auth/emergency_login/${code}"><span code>click here</span></a>, or go to https://${req.header("Host")}/auth/emergency_login/${code}. If it doesn't appear that you are logged in after visiting this link, please try refreshing. Once you have successfully logged in, you may reset your password.`).then(() => { return sendMail(
res.send("OK") acc.email,
}).catch((err) => { `Emergency login requested for ${acc.username}`,
`<b>Hello there!</b> You are recieving this message because you forgot your password to your monofile account, <span username>${
acc.username
}</span>. To log in, please <a href="https://${ctx.req.header(
"Host"
)}/auth/emergency_login/${code}"><span code>click here</span></a>, or go to https://${ctx.req.header(
"Host"
)}/auth/emergency_login/${code}. If it doesn't appear that you are logged in after visiting this link, please try refreshing. Once you have successfully logged in, you may reset your password.`
)
.then(() => ctx.text("OK"))
.catch((err) => {
let e = pwReset.get(acc?.id || "")?.expiry let e = pwReset.get(acc?.id || "")?.expiry
if (e) clearTimeout(e) if (e) clearTimeout(e)
pwReset.delete(acc?.id || "") pwReset.delete(acc?.id || "")
prcIdx.delete(code || "") prcIdx.delete(code || "")
ServeError(res, 500, err?.toString()) return ServeError(ctx, 500, err?.toString())
}) })
}) })
authRoutes.get("/emergency_login/:code", (req,res) => { authRoutes.get("/emergency_login/:code", async (ctx) => {
if (auth.validate(req.cookies.auth || "")) { if (auth.validate(getCookie(ctx, "auth") || "")) {
ServeError(res, 403, "already logged in") return ServeError(ctx, 403, "already logged in")
return
} }
let vcode = prcIdx.get(req.params.code) let vcode = prcIdx.get(ctx.req.param("code"))
if (!vcode) { ServeError(res, 400, "invalid emergency login code"); return } if (!vcode) {
return ServeError(ctx, 400, "invalid emergency login code")
if (typeof req.params.code == "string" && vcode) { }
res.cookie("auth",auth.create(vcode,(3*24*60*60*1000)))
res.redirect("/")
if (typeof ctx.req.param("code") == "string" && vcode) {
setCookie(ctx, "auth", auth.create(vcode, 3 * 24 * 60 * 60 * 1000))
let e = pwReset.get(vcode)?.expiry let e = pwReset.get(vcode)?.expiry
if (e) clearTimeout(e) if (e) clearTimeout(e)
pwReset.delete(vcode) pwReset.delete(vcode)
prcIdx.delete(req.params.code) prcIdx.delete(ctx.req.param("code"))
return ctx.redirect("/")
} else { } else {
ServeError(res, 400, "invalid code") ServeError(ctx, 400, "invalid code")
} }
}) })
authRoutes.post("/change_password", requiresAccount, noAPIAccess, parser, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/change_password",
requiresAccount,
if (typeof req.body.password != "string" || req.body.password.length < 8) { noAPIAccess,
ServeError(res,400,"password must be 8 characters or longer") // Used body-parser
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.password != "string" || body.password.length < 8) {
ServeError(ctx, 400, "password must be 8 characters or longer")
return return
} }
let accId = acc.id let accId = acc.id
Accounts.password.set(accId,req.body.password) Accounts.password.set(accId, body.password)
auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.AuthTokens.filter((e) => e.account == accId).forEach((v) => {
auth.invalidate(v.token) auth.invalidate(v.token)
}) })
if (acc.email) { if (acc.email) {
sendMail(acc.email, `Your login details have been updated`, `<b>Hello there!</b> This email is to notify you of a password change that you have initiated. You have been logged out of your devices. Thank you for using monofile.`).then(() => { return sendMail(
res.send("OK") acc.email,
}).catch((err) => {}) `Your login details have been updated`,
`<b>Hello there!</b> This email is to notify you of a password change that you have initiated. You have been logged out of your devices. Thank you for using monofile.`
)
.then(() => ctx.text("OK"))
.catch((err) => {})
} }
res.send("password changed - logged out all sessions") return ctx.text("password changed - logged out all sessions")
}) }
)
authRoutes.post("/logout_sessions", requiresAccount, noAPIAccess, (req,res) => { authRoutes.post(
let acc = res.locals.acc as Accounts.Account "/logout_sessions",
requiresAccount,
noAPIAccess,
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
let accId = acc.id let accId = acc.id
auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.AuthTokens.filter((e) => e.account == accId).forEach((v) => {
auth.invalidate(v.token) auth.invalidate(v.token)
}) })
res.send("logged out all sessions") return ctx.text("logged out all sessions")
}) }
)
authRoutes.get("/me", requiresAccount, requiresPermissions("user"), (req,res) => { authRoutes.get(
let acc = res.locals.acc as Accounts.Account "/me",
requiresAccount,
let sessionToken = auth.tokenFor(req) requiresPermissions("user"),
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
let sessionToken = auth.tokenFor(ctx)!
let accId = acc.id let accId = acc.id
res.send({ return ctx.json({
...acc, ...acc,
sessionCount: auth.AuthTokens.filter(e => e.type != "App" && e.account == accId && (e.expire > Date.now() || !e.expire)).length, sessionCount: auth.AuthTokens.filter(
sessionExpires: auth.AuthTokens.find(e => e.token == sessionToken)?.expire, (e) =>
e.type != "App" &&
e.account == accId &&
(e.expire > Date.now() || !e.expire)
).length,
sessionExpires: auth.AuthTokens.find(
(e) => e.token == sessionToken
)?.expire,
password: undefined, password: undefined,
email: email:
auth.getType(sessionToken) == "User" || auth.getPermissions(sessionToken)?.includes("email") auth.getType(sessionToken) == "User" ||
auth.getPermissions(sessionToken)?.includes("email")
? acc.email ? acc.email
: undefined : undefined,
})
}) })
}
)
authRoutes.get("/customCSS", (req,res) => { authRoutes.get("/customCSS", async (ctx) => {
let acc = res.locals.acc let acc = ctx.get("account")
if (acc?.customCSS) res.redirect(`/file/${acc.customCSS}`) if (acc?.customCSS) return ctx.redirect(`/file/${acc.customCSS}`)
else res.send("") else return ctx.text("")
}) })
return authRoutes return authRoutes
} }

137
src/server/routes/api/v0/fileApiRoutes.ts
View file

@ -1,57 +1,80 @@
import bodyParser from "body-parser"; import { Hono } from "hono"
import { Router } from "express"; import * as Accounts from "../../../lib/accounts"
import * as Accounts from "../../../lib/accounts"; import { writeFile } from "fs/promises"
import * as auth from "../../../lib/auth"; import Files from "../../../lib/files"
import bytes from "bytes" import {
import {writeFile} from "fs"; getAccount,
requiresAccount,
requiresPermissions,
} from "../../../lib/middleware"
import ServeError from "../../../lib/errors"; export let fileApiRoutes = new Hono<{
import Files from "../../../lib/files"; Variables: {
import { getAccount, requiresAccount, requiresPermissions } from "../../../lib/middleware"; account: Accounts.Account
}
let parser = bodyParser.json({ }>()
type: ["text/plain","application/json"]
})
export let fileApiRoutes = Router();
let config = require(`${process.cwd()}/config.json`) let config = require(`${process.cwd()}/config.json`)
fileApiRoutes.use("*", getAccount) // :warning: /list somehow crashes Hono with an internal error!
/*
/home/jack/Code/Web/monofile/node_modules/.pnpm/@hono+node-server@1.2.0/node_modules/@hono/node-server/dist/listener.js:55
const contentType = res.headers.get("content-type") || "";
^
TypeError: Cannot read properties of undefined (reading 'get')
at Server.<anonymous> (/home/jack/Code/Web/monofile/node_modules/.pnpm/@hono+node-server@1.2.0/node_modules/@hono/node-server/dist/listener.js:55:37)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
*/
module.exports = function (files: Files) { module.exports = function (files: Files) {
fileApiRoutes.get(
fileApiRoutes.use(getAccount); "/list",
requiresAccount,
fileApiRoutes.get("/list", requiresAccount, requiresPermissions("user"), (req,res) => { requiresPermissions("user"),
async (ctx) => {
let acc = res.locals.acc as Accounts.Account let acc = ctx.get("account") as Accounts.Account
if (!acc) return if (!acc) return
let accId = acc.id let accId = acc.id
res.send(acc.files.map((e) => { ctx.json(
acc.files
.map((e) => {
let fp = files.getFilePointer(e) let fp = files.getFilePointer(e)
if (!fp) { Accounts.files.deindex(accId, e); return null } if (!fp) {
Accounts.files.deindex(accId, e)
return null
}
return { return {
...fp, ...fp,
messageids: null, messageids: null,
owner: null, owner: null,
id:e id: e,
} }
}).filter(e=>e))
}) })
.filter((e) => e)
)
}
)
fileApiRoutes.post("/manage", parser, requiresPermissions("manage"), (req,res) => { fileApiRoutes.post(
"/manage",
let acc = res.locals.acc as Accounts.Account requiresPermissions("manage"),
async (ctx) => {
let acc = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (!acc) return if (!acc) return
if (!req.body.target || !(typeof req.body.target == "object") || req.body.target.length < 1) return if (
!body.target ||
!(typeof body.target == "object") ||
body.target.length < 1
)
return
let modified = 0 let modified = 0
req.body.target.forEach((e:string) => { body.target.forEach((e: string) => {
if (!acc.files.includes(e)) return if (!acc.files.includes(e)) return
let fp = files.getFilePointer(e) let fp = files.getFilePointer(e)
@ -60,39 +83,47 @@ module.exports = function(files: Files) {
return return
} }
switch( req.body.action ) { switch (body.action) {
case "delete": case "delete":
files.unlink(e, true) files.unlink(e, true)
modified++; modified++
break; break
case "changeFileVisibility": case "changeFileVisibility":
if (!["public","anonymous","private"].includes(req.body.value)) return; if (
files.files[e].visibility = req.body.value; !["public", "anonymous", "private"].includes(
modified++; body.value
break; )
)
return
files.files[e].visibility = body.value
modified++
break
case "setTag": case "setTag":
if (!req.body.value) delete files.files[e].tag if (!body.value) delete files.files[e].tag
else { else {
if (req.body.value.toString().length > 30) return if (body.value.toString().length > 30) return
files.files[e].tag = req.body.value.toString().toLowerCase() files.files[e].tag = body.value
.toString()
.toLowerCase()
} }
modified++; modified++
break; break
} }
}) })
Accounts.save().then(() => { return Accounts.save()
writeFile(process.cwd()+"/.data/files.json",JSON.stringify(files.files), (err) => { .then(() => {
if (err) console.log(err) writeFile(
res.contentType("text/plain") process.cwd() + "/.data/files.json",
res.send(`modified ${modified} files`) JSON.stringify(files.files)
}) )
}).catch((err) => console.error(err))
}) })
.then(() => ctx.text(`modified ${modified} files`))
.catch((err) => console.error(err))
}
)
return fileApiRoutes return fileApiRoutes
} }

383
src/server/routes/api/v0/primaryApi.ts
View file

@ -1,11 +1,12 @@
import bodyParser from "body-parser" import bodyParser from "body-parser"
import express, { Router } from "express" import { Hono } from "hono"
import * as Accounts from "../../../lib/accounts" import * as Accounts from "../../../lib/accounts"
import * as auth from "../../../lib/auth" import * as auth from "../../../lib/auth"
import axios, { AxiosResponse } from "axios" import axios, { AxiosResponse } from "axios"
import { type Range } from "range-parser" import { type Range } from "range-parser"
import multer, { memoryStorage } from "multer" import multer, { memoryStorage } from "multer"
import { Readable } from "stream"
import ServeError from "../../../lib/errors" import ServeError from "../../../lib/errors"
import Files from "../../../lib/files" import Files from "../../../lib/files"
import { getAccount, requiresPermissions } from "../../../lib/middleware" import { getAccount, requiresPermissions } from "../../../lib/middleware"
@ -14,7 +15,11 @@ let parser = bodyParser.json({
type: ["text/plain", "application/json"], type: ["text/plain", "application/json"],
}) })
export let primaryApi = Router() export let primaryApi = new Hono<{
Variables: {
account: Accounts.Account
}
}>()
const multerSetup = multer({ storage: memoryStorage() }) const multerSetup = multer({ storage: memoryStorage() })
@ -23,216 +28,210 @@ let config = require(`${process.cwd()}/config.json`)
primaryApi.use(getAccount) primaryApi.use(getAccount)
module.exports = function (files: Files) { module.exports = function (files: Files) {
primaryApi.get( // primaryApi.get(
["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], // ["/file/:fileId", "/cpt/:fileId/*", "/:fileId"],
async (req: express.Request, res: express.Response) => { // async (ctx) => {
let acc = res.locals.acc as Accounts.Account // let acc = ctx.get("account") as Accounts.Account
let file = files.getFilePointer(req.params.fileId) // let file = files.getFilePointer(ctx.req.param("fileId"))
res.setHeader("Access-Control-Allow-Origin", "*") // ctx.header("Access-Control-Allow-Origin", "*")
res.setHeader("Content-Security-Policy", "sandbox allow-scripts") // ctx.header("Content-Security-Policy", "sandbox allow-scripts")
if (req.query.attachment == "1") // if (ctx.req.query("attachment") == "1")
res.setHeader("Content-Disposition", "attachment") // ctx.header("Content-Disposition", "attachment")
if (file) { // if (file) {
if (file.visibility == "private") { // if (file.visibility == "private") {
if (acc?.id != file.owner) { // if (acc?.id != file.owner) {
ServeError(res, 403, "you do not own this file") // return ServeError(ctx, 403, "you do not own this file")
return // }
}
if ( // if (
auth.getType(auth.tokenFor(req)) == "App" && // auth.getType(auth.tokenFor(ctx)!) == "App" &&
auth // auth
.getPermissions(auth.tokenFor(req)) // .getPermissions(auth.tokenFor(ctx)!)
?.includes("private") // ?.includes("private")
) { // ) {
ServeError(res, 403, "insufficient permissions") // ServeError(ctx, 403, "insufficient permissions")
return // return
} // }
} // }
let range: Range | undefined // let range: Range | undefined
res.setHeader("Content-Type", file.mime) // ctx.header("Content-Type", file.mime)
if (file.sizeInBytes) { // if (file.sizeInBytes) {
res.setHeader("Content-Length", file.sizeInBytes) // ctx.header("Content-Length", file.sizeInBytes.toString())
if (file.chunkSize) { // if (file.chunkSize) {
let rng = req.range(file.sizeInBytes) // let range = ctx.range(file.sizeInBytes)
if (rng) { // if (range) {
// error handling // // error handling
if (typeof rng == "number") { // if (typeof range == "number") {
res.status(rng == -1 ? 416 : 400).send() // return ctx.status(range == -1 ? 416 : 400)
return // }
} // if (range.type != "bytes") {
if (rng.type != "bytes") { // return ctx.status(400)
res.status(400).send() // }
return
}
// set ranges var // // set ranges var
let rngs = Array.from(rng) // let rngs = Array.from(range)
if (rngs.length != 1) { // if (rngs.length != 1) {
res.status(400).send() // return ctx.status(400)
return // }
} // range = rngs[0]
range = rngs[0] // }
} // }
} // }
}
// supports ranges // // supports ranges
files // return files
.readFileStream(req.params.fileId, range) // .readFileStream(ctx.req.param("fileId"), range)
.then(async (stream) => { // .then(async (stream) => {
if (range) { // if (range) {
res.status(206) // ctx.status(206)
res.header( // ctx.header(
"Content-Length", // "Content-Length",
(range.end - range.start + 1).toString() // (range.end - range.start + 1).toString()
) // )
res.header( // ctx.header(
"Content-Range", // "Content-Range",
`bytes ${range.start}-${range.end}/${file.sizeInBytes}` // `bytes ${range.start}-${range.end}/${file.sizeInBytes}`
) // )
} // }
stream.pipe(res)
})
.catch((err) => {
ServeError(res, err.status, err.message)
})
} else {
ServeError(res, 404, "file not found")
}
}
)
primaryApi.head( // return ctx.stream((stre) => {
["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], // // Somehow return a stream?
(req: express.Request, res: express.Response) => { // })
let file = files.getFilePointer(req.params.fileId) // })
// .catch((err) => {
// return ServeError(ctx, err.status, err.message)
// })
// } else {
// return ServeError(ctx, 404, "file not found")
// }
// }
// )
if ( // // primaryApi.head(
file.visibility == "private" && // // ["/file/:fileId", "/cpt/:fileId/*", "/:fileId"],
(res.locals.acc?.id != file.owner || // // async (ctx) => {
(auth.getType(auth.tokenFor(req)) == "App" && // // let file = files.getFilePointer(req.params.fileId)
auth
.getPermissions(auth.tokenFor(req))
?.includes("private")))
) {
res.status(403).send()
return
}
res.setHeader("Access-Control-Allow-Origin", "*") // // if (
res.setHeader("Content-Security-Policy", "sandbox allow-scripts") // // file.visibility == "private" &&
// // (ctx.get("account")?.id != file.owner ||
// // (auth.getType(auth.tokenFor(ctx)!) == "App" &&
// // auth
// // .getPermissions(auth.tokenFor(ctx)!)
// // ?.includes("private")))
// // ) {
// // return ctx.status(403)
// // }
if (req.query.attachment == "1") // // ctx.header("Content-Security-Policy", "sandbox allow-scripts")
res.setHeader("Content-Disposition", "attachment")
if (!file) { // // if (ctx.req.query("attachment") == "1")
res.status(404) // // ctx.header("Content-Disposition", "attachment")
res.send()
} else {
res.setHeader("Content-Type", file.mime)
if (file.sizeInBytes) {
res.setHeader("Content-Length", file.sizeInBytes)
}
if (file.chunkSize) {
res.setHeader("Accept-Ranges", "bytes")
}
res.send()
}
}
)
// upload handlers // // if (!file) {
// // res.status(404)
// // res.send()
// // } else {
// // ctx.header("Content-Type", file.mime)
// // if (file.sizeInBytes) {
// // ctx.header("Content-Length", file.sizeInBytes)
// // }
// // if (file.chunkSize) {
// // ctx.header("Accept-Ranges", "bytes")
// // }
// // res.send()
// // }
// // }
// // )
primaryApi.post( // // upload handlers
"/upload",
requiresPermissions("upload"),
multerSetup.single("file"),
async (req, res) => {
let acc = res.locals.acc as Accounts.Account
if (req.file) { // primaryApi.post(
try { // "/upload",
let prm = req.header("monofile-params") // requiresPermissions("upload"),
let params: { [key: string]: any } = {} // multerSetup.single("file"),
if (prm) { // async (ctx) => {
params = JSON.parse(prm) // let acc = ctx.get("account") as Accounts.Account
}
files // if (req.file) {
.uploadFile( // try {
{ // let prm = req.header("monofile-params")
owner: acc?.id, // let params: { [key: string]: any } = {}
// if (prm) {
// params = JSON.parse(prm)
// }
uploadId: params.uploadId, // files
filename: req.file.originalname, // .uploadFile(
mime: req.file.mimetype, // {
}, // owner: acc?.id,
req.file.buffer
)
.then((uID) => res.send(uID))
.catch((stat) => {
res.status(stat.status)
res.send(`[err] ${stat.message}`)
})
} catch {
res.status(400)
res.send("[err] bad request")
}
} else {
res.status(400)
res.send("[err] bad request")
}
}
)
primaryApi.post( // uploadId: params.uploadId,
"/clone", // filename: req.file.originalname,
requiresPermissions("upload"), // mime: req.file.mimetype,
bodyParser.json({ type: ["text/plain", "application/json"] }), // },
(req, res) => { // req.file.buffer
let acc = res.locals.acc as Accounts.Account // )
// .then((uID) => res.send(uID))
// .catch((stat) => {
// res.status(stat.status)
// res.send(`[err] ${stat.message}`)
// })
// } catch {
// res.status(400)
// res.send("[err] bad request")
// }
// } else {
// res.status(400)
// res.send("[err] bad request")
// }
// }
// )
try { // primaryApi.post(
axios // "/clone",
.get(req.body.url, { responseType: "arraybuffer" }) // requiresPermissions("upload"),
.then((data: AxiosResponse) => { // async ctx => {
files // let acc = ctx.get("account") as Accounts.Account
.uploadFile(
{ // try {
owner: acc?.id, // return axios
filename: // .get(req.body.url, { responseType: "arraybuffer" })
req.body.url.split("/")[ // .then((data: AxiosResponse) => {
req.body.url.split("/").length - 1 // files
] || "generic", // .uploadFile(
mime: data.headers["content-type"], // {
uploadId: req.body.uploadId, // owner: acc?.id,
}, // filename:
Buffer.from(data.data) // req.body.url.split("/")[
) // req.body.url.split("/").length - 1
.then((uID) => res.send(uID)) // ] || "generic",
.catch((stat) => { // mime: data.headers["content-type"],
res.status(stat.status) // uploadId: req.body.uploadId,
res.send(`[err] ${stat.message}`) // },
}) // Buffer.from(data.data)
}) // )
.catch((err) => { // .then((uID) => res.send(uID))
console.log(err) // .catch((stat) => {
res.status(400) // res.status(stat.status)
res.send(`[err] failed to fetch data`) // res.send(`[err] ${stat.message}`)
}) // })
} catch { // })
res.status(500) // .catch((err) => {
res.send("[err] an error occured") // console.log(err)
} // return res.text(`[err] failed to fetch data`, 400)
} // })
) // } catch {
// return ctx.text("[err] an error occured", 500)
// }
// }
// )
return primaryApi return primaryApi
} }

257
src/server/routes/api/v1/account.ts
View file

@ -1,195 +1,208 @@
// Modules // Modules
import { writeFile } from 'fs'
import { Router } from "express"; import { Hono } from "hono"
import bodyParser from "body-parser"; import { getCookie, setCookie } from "hono/cookie"
// Libs // Libs
import Files, { id_check_regex } from "../../../lib/files"; import Files, { id_check_regex } from "../../../lib/files"
import * as Accounts from '../../../lib/accounts' import * as Accounts from "../../../lib/accounts"
import * as Authentication from '../../../lib/auth' import * as Authentication from "../../../lib/auth"
import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresPermissions } from "../../../lib/middleware"; import {
import ServeError from "../../../lib/errors"; assertAPI,
import { sendMail } from '../../../lib/mail'; getAccount,
noAPIAccess,
requiresAccount,
requiresPermissions,
} from "../../../lib/middleware"
import ServeError from "../../../lib/errors"
import { sendMail } from "../../../lib/mail"
const Configuration = require(`${process.cwd()}/config.json`) const Configuration = require(`${process.cwd()}/config.json`)
const parser = bodyParser.json({ const router = new Hono<{
type: [ "type/plain", "application/json" ] Variables: {
}) account: Accounts.Account
}
}>()
const router = Router() router.use(getAccount)
router.use(getAccount, parser)
module.exports = function (files: Files) { module.exports = function (files: Files) {
router.post( router.post("/login", async (ctx, res) => {
"/login", const body = await ctx.req.json()
(req, res) => { if (
if (typeof req.body.username != "string" || typeof req.body.password != "string") { typeof body.username != "string" ||
ServeError(res, 400, "please provide a username or password") typeof body.password != "string"
) {
ServeError(ctx, 400, "please provide a username or password")
return return
} }
if (Authentication.validate(req.cookies.auth)) { if (Authentication.validate(getCookie(ctx, "auth")!)) {
ServeError(res, 400, "you are already logged in") ServeError(ctx, 400, "you are already logged in")
return return
} }
const Account = Accounts.getFromUsername(req.body.username) const Account = Accounts.getFromUsername(body.username)
if (!Account || !Accounts.password.check(Account.id, req.body.password)) { if (!Account || !Accounts.password.check(Account.id, body.password)) {
ServeError(res, 400, "username or password incorrect") ServeError(ctx, 400, "username or password incorrect")
return return
} }
setCookie(
res.cookie("auth", ctx,
"auth",
Authentication.create( Authentication.create(
Account.id, // account id Account.id, // account id
(3 * 24 * 60 * 60 * 1000) // expiration time 3 * 24 * 60 * 60 * 1000 // expiration time
) ),
) {
res.status(200) // expires:
res.end()
} }
) )
ctx.status(200)
})
router.post( router.post("/create", async (ctx) => {
"/create", const body = await ctx.req.json()
(req, res) => {
if (!Configuration.accounts.registrationEnabled) { if (!Configuration.accounts.registrationEnabled) {
ServeError(res , 403, "account registration disabled") return ServeError(ctx, 403, "account registration disabled")
return
} }
if (Authentication.validate(req.cookies.auth)) { if (Authentication.validate(getCookie(ctx, "auth")!)) {
ServeError(res, 400, "you are already logged in") return ServeError(ctx, 400, "you are already logged in")
return
} }
if (Accounts.getFromUsername(req.body.username)) { if (Accounts.getFromUsername(body.username)) {
ServeError(res, 400, "account with this username already exists") return ServeError(
return ctx,
400,
"account with this username already exists"
)
} }
if (req.body.username.length < 3 || req.body.username.length > 20) { if (body.username.length < 3 || body.username.length > 20) {
ServeError(res, 400, "username must be over or equal to 3 characters or under or equal to 20 characters in length") return ServeError(
return ctx,
400,
"username must be over or equal to 3 characters or under or equal to 20 characters in length"
)
} }
if ( if (
( (body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username
req.body.username.match(/[A-Za-z0-9_\-\.]+/)
||
[]
)[0] != req.body.username
) { ) {
ServeError(res, 400, "username contains invalid characters") return ServeError(ctx, 400, "username contains invalid characters")
return
} }
if (req.body.password.length < 8) { if (body.password.length < 8) {
ServeError(res, 400, "password must be 8 characters or longer") return ServeError(
return ctx,
400,
"password must be 8 characters or longer"
)
} }
Accounts.create( return Accounts.create(body.username, body.password)
req.body.username, .then((Account) => {
req.body.password setCookie(
).then((Account) => { ctx,
res.cookie("auth", Authentication.create( "auth",
Authentication.create(
Account, // account id Account, // account id
(3 * 24 * 60 * 60 * 1000) // expiration time 3 * 24 * 60 * 60 * 1000 // expiration time
)) ),
res.status(200) {
res.end() // expires:
}
)
return ctx.status(200)
}) })
.catch(() => { .catch(() => {
ServeError(res, 500, "internal server error") return ServeError(ctx, 500, "internal server error")
})
}) })
}
)
router.post( router.post("/logout", (ctx) => {
"/logout", if (!Authentication.validate(getCookie(ctx, "auth")!)) {
(req, res) => { return ServeError(ctx, 401, "not logged in")
if (!Authentication.validate(req.cookies.auth)) {
ServeError(res, 401, "not logged in")
return
} }
Authentication.invalidate(req.cookies.auth) Authentication.invalidate(getCookie(ctx, "auth")!)
res.send("logged out") return ctx.text("logged out")
} })
)
router.patch( router.patch(
"/dfv", "/dfv",
requiresAccount, requiresPermissions("manage"), requiresAccount,
(req, res) => { requiresPermissions("manage"),
const Account = res.locals.acc as Accounts.Account async (ctx) => {
const body = await ctx.req.json()
const Account = ctx.get("account")! as Accounts.Account
if (['public', 'private', 'anonymous'].includes(req.body.defaultFileVisibility)) { if (
Account.defaultFileVisibility = req.body.defaultFileVisibility ["public", "private", "anonymous"].includes(
body.defaultFileVisibility
)
) {
Account.defaultFileVisibility = body.defaultFileVisibility
Accounts.save() Accounts.save()
res.send(`dfv has been set to ${Account.defaultFileVisibility}`) return ctx.text(
`dfv has been set to ${Account.defaultFileVisibility}`
)
} else { } else {
ServeError(res, 400, "invalid dfv") return ServeError(ctx, 400, "invalid dfv")
} }
} }
) )
router.delete("/me", router.delete("/me", requiresAccount, noAPIAccess, async (ctx) => {
requiresAccount, noAPIAccess, const Account = ctx.get("account") as Accounts.Account
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
const accountId = Account.id const accountId = Account.id
Authentication.AuthTokens.filter(e => e.account == accountId).forEach((token) => { Authentication.AuthTokens.filter((e) => e.account == accountId).forEach(
(token) => {
Authentication.invalidate(token.token) Authentication.invalidate(token.token)
})
Accounts.deleteAccount(accountId).then(_ => res.send("account deleted"))
} }
) )
router.patch("/me/name", await Accounts.deleteAccount(accountId)
requiresAccount, return ctx.text("account deleted")
noAPIAccess, })
parser,
(req, res) => {
const Account = res.locals.acc as Accounts.Account
const newUsername = req.body.username router.patch("/me/name", requiresAccount, noAPIAccess, async (ctx) => {
const Account = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
const newUsername = body.username
if ( if (
typeof newUsername != "string" typeof newUsername != "string" ||
|| newUsername.length < 3 ||
newUsername.length < 3 newUsername.length > 20
||
req.body.username.length > 20
) { ) {
ServeError(res, 400, "username must be between 3 and 20 characters in length") return ServeError(
return ctx,
400,
"username must be between 3 and 20 characters in length"
)
} }
if (Accounts.getFromUsername(newUsername)) { if (Accounts.getFromUsername(newUsername)) {
ServeError(res, 400, "account with this username already exists") return ServeError(
ctx,
400,
"account with this username already exists"
)
} }
if ( if (
( (newUsername.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username
newUsername.match(/[A-Za-z0-9_\-\.]+/)
||
[]
)[0] != req.body.username
) { ) {
ServeError(res, 400, "username contains invalid characters") ServeError(ctx, 400, "username contains invalid characters")
return return
} }
@ -197,18 +210,14 @@ module.exports = function(files: Files) {
Accounts.save() Accounts.save()
if (Account.email) { if (Account.email) {
sendMail( await sendMail(
Account.email, Account.email,
`Your login details have been updated`, `Your login details have been updated`,
`<b>Hello there!</b> Your username has been updated to <span username>${newUsername}</span>. Please update your devices accordingly. Thank you for using monofile.` `<b>Hello there!</b> Your username has been updated to <span username>${newUsername}</span>. Please update your devices accordingly. Thank you for using monofile.`
).then(() => { ).catch()
res.send("OK") return ctx.text("OK")
}).catch((err) => {})
} }
} })
)
return router return router
} }

125
src/server/routes/api/v1/admin.ts
View file

@ -1,118 +1,117 @@
// Modules // Modules
import { writeFile } from 'fs' import { writeFile } from "fs/promises"
import { Router } from "express"; import { Hono } from "hono"
import bodyParser from "body-parser";
// Libs // Libs
import Files, { id_check_regex } from "../../../lib/files"; import Files, { id_check_regex } from "../../../lib/files"
import * as Accounts from '../../../lib/accounts' import * as Accounts from "../../../lib/accounts"
import * as Authentication from '../../../lib/auth' import * as Authentication from "../../../lib/auth"
import { assertAPI, getAccount, noAPIAccess, requiresAccount, requiresAdmin, requiresPermissions } from "../../../lib/middleware"; import {
import ServeError from "../../../lib/errors"; getAccount,
import { sendMail } from '../../../lib/mail'; noAPIAccess,
requiresAccount,
requiresAdmin,
} from "../../../lib/middleware"
import ServeError from "../../../lib/errors"
import { sendMail } from "../../../lib/mail"
const Configuration = require(`${process.cwd()}/config.json`) const Configuration = require(`${process.cwd()}/config.json`)
const parser = bodyParser.json({ const router = new Hono<{
type: [ "type/plain", "application/json" ] Variables: {
}) account?: Accounts.Account
}
}>()
const router = Router() router.use(getAccount, requiresAccount, requiresAdmin)
router.use(getAccount, requiresAccount, requiresAdmin, parser)
module.exports = function (files: Files) { module.exports = function (files: Files) {
router.patch( router.patch("/account/:username/password", async (ctx) => {
"/account/:username/password", const Account = ctx.get("account") as Accounts.Account
(req, res) => { const body = await ctx.req.json()
const Account = res.locals.acc as Accounts.Account
const targetUsername = req.params.username const targetUsername = ctx.req.param("username")
const password = req.body.password const password = body.password
if (typeof password !== "string") { if (typeof password !== "string") return ServeError(ctx, 404, "")
ServeError(res, 404, "")
return
}
const targetAccount = Accounts.getFromUsername(targetUsername) const targetAccount = Accounts.getFromUsername(targetUsername)
if (!targetAccount) { if (!targetAccount) return ServeError(ctx, 404, "")
ServeError(res, 404, "")
return
}
Accounts.password.set(targetAccount.id, password) Accounts.password.set(targetAccount.id, password)
Authentication.AuthTokens.filter(e => e.account == targetAccount?.id).forEach((accountToken) => { Authentication.AuthTokens.filter(
(e) => e.account == targetAccount?.id
).forEach((accountToken) => {
Authentication.invalidate(accountToken.token) Authentication.invalidate(accountToken.token)
}) })
if (targetAccount.email) { if (targetAccount.email) {
sendMail(targetAccount.email, `Your login details have been updated`, `<b>Hello there!</b> This email is to notify you of a password change that an administrator, <span username>${Account.username}</span>, has initiated. You have been logged out of your devices. Thank you for using monofile.`).then(() => { await sendMail(
res.send("OK") targetAccount.email,
}).catch((err) => {}) `Your login details have been updated`,
`<b>Hello there!</b> This email is to notify you of a password change that an administrator, <span username>${Account.username}</span>, has initiated. You have been logged out of your devices. Thank you for using monofile.`
).catch()
} }
res.send() return ctx.text("")
} })
)
router.patch( router.patch("/account/:username/elevate", (ctx) => {
"/account/:username/elevate", const targetUsername = ctx.req.param("username")
(req, res) => {
const targetUsername = req.params.username
const targetAccount = Accounts.getFromUsername(targetUsername) const targetAccount = Accounts.getFromUsername(targetUsername)
if (!targetAccount) { if (!targetAccount) {
ServeError(res, 404, "") return ServeError(ctx, 404, "")
return
} }
targetAccount.admin = true targetAccount.admin = true
Accounts.save() Accounts.save()
res.send() return ctx.text("")
} })
)
router.delete("/account/:username/:deleteFiles", router.delete(
"/account/:username/:deleteFiles",
requiresAccount, requiresAccount,
noAPIAccess, noAPIAccess,
parser, async (ctx) => {
(req, res) => { const targetUsername = ctx.req.param("username")
const targetUsername = req.params.username const deleteFiles = ctx.req.param("deleteFiles")
const deleteFiles = req.params.deleteFiles
const targetAccount = Accounts.getFromUsername(targetUsername) const targetAccount = Accounts.getFromUsername(targetUsername)
if (!targetAccount) { if (!targetAccount) return ServeError(ctx, 404, "")
ServeError(res, 404, "")
return
}
const accountId = targetAccount.id const accountId = targetAccount.id
Authentication.AuthTokens.filter(e => e.account == accountId).forEach((token) => { Authentication.AuthTokens.filter(
(e) => e.account == accountId
).forEach((token) => {
Authentication.invalidate(token.token) Authentication.invalidate(token.token)
}) })
const deleteAccount = () => Accounts.deleteAccount(accountId).then(_ => res.send("account deleted")) const deleteAccount = () =>
Accounts.deleteAccount(accountId).then((_) =>
ctx.text("account deleted")
)
if (deleteFiles) { if (deleteFiles) {
const Files = targetAccount.files.map(e => e) const Files = targetAccount.files.map((e) => e)
for (let fileId of Files) { for (let fileId of Files) {
files.unlink(fileId, true).catch(err => console.error) files.unlink(fileId, true).catch((err) => console.error)
} }
writeFile(process.cwd() + "/.data/files.json", JSON.stringify(files.files), (err) => { await writeFile(
if (err) console.log(err) process.cwd() + "/.data/files.json",
deleteAccount() JSON.stringify(files.files)
}) )
} else deleteAccount() return deleteAccount()
} else return deleteAccount()
} }
) )

139
src/server/routes/api/v1/customization.ts
View file

@ -1,96 +1,95 @@
// Modules import { Hono } from "hono"
import Files, { id_check_regex } from "../../../lib/files"
import { Router } from "express"; import * as Accounts from "../../../lib/accounts"
import bodyParser from "body-parser"; import {
getAccount,
// Libs requiresAccount,
requiresPermissions,
import Files, { id_check_regex } from "../../../lib/files"; } from "../../../lib/middleware"
import * as Accounts from '../../../lib/accounts' import ServeError from "../../../lib/errors"
import { getAccount, requiresAccount, requiresPermissions } from "../../../lib/middleware";
import ServeError from "../../../lib/errors";
const Configuration = require(`${process.cwd()}/config.json`) const Configuration = require(`${process.cwd()}/config.json`)
const parser = bodyParser.json({ const router = new Hono<{
type: [ "type/plain", "application/json" ] Variables: {
}) account?: Accounts.Account
}
}>()
const router = Router() router.use(getAccount)
router.use(getAccount, parser)
module.exports = function (files: Files) { module.exports = function (files: Files) {
router.put( router.put(
"/css", "/css",
requiresAccount, requiresPermissions("customize"),
async (req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.fileId != "string") req.body.fileId = undefined;
if (
!req.body.fileId
||
(req.body.fileId.match(id_check_regex) == req.body.fileId
&& req.body.fileId.length <= Configuration.maxUploadIdLength)
) {
Account.customCSS = req.body.fileId || undefined
await Accounts.save()
res.send("custom css saved")
} else ServeError(res, 400, "invalid fileId")
}
)
router.get('/css',
requiresAccount, requiresAccount,
(req, res) => { requiresPermissions("customize"),
const Account = res.locals.acc async (ctx) => {
const Account = ctx.get("account") as Accounts.Account
if (Account?.customCSS) res.redirect(`/file/${Account.customCSS}`) const body = await ctx.req.json()
else res.send(""); if (typeof body.fileId != "string") body.fileId = undefined
}
)
router.put("/embed/color",
requiresAccount, requiresPermissions("customize"),
async (req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.color != "string") req.body.color = undefined;
if ( if (
!req.body.color !body.fileId ||
|| (req.body.color.toLowerCase().match(/[a-f0-9]+/) == req.body.color.toLowerCase()) (body.fileId.match(id_check_regex) == body.fileId &&
&& req.body.color.length == 6 body.fileId.length <= Configuration.maxUploadIdLength)
) { ) {
Account.customCSS = body.fileId || undefined
if (!Account.embed) Account.embed = {};
Account.embed.color = req.body.color || undefined
await Accounts.save() await Accounts.save()
res.send("custom embed color saved") return ctx.text("custom css saved")
} else return ServeError(ctx, 400, "invalid fileId")
} else ServeError(res,400,"invalid hex code")
} }
) )
router.put("/embed/size", router.get("/css", requiresAccount, async (ctx) => {
requiresAccount, requiresPermissions("customize"), const Account = ctx.get("account")
async (req, res) => {
const Account = res.locals.acc as Accounts.Account
if (typeof req.body.largeImage != "boolean") { if (Account?.customCSS)
ServeError(res, 400, "largeImage must be bool"); return ctx.redirect(`/file/${Account.customCSS}`)
else return ctx.text("")
})
router.put(
"/embed/color",
requiresAccount,
requiresPermissions("customize"),
async (ctx) => {
const Account = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.color != "string") body.color = undefined
if (
!body.color ||
(body.color.toLowerCase().match(/[a-f0-9]+/) ==
body.color.toLowerCase() &&
body.color.length == 6)
) {
if (!Account.embed) Account.embed = {}
Account.embed.color = body.color || undefined
await Accounts.save()
return ctx.text("custom embed color saved")
} else return ServeError(ctx, 400, "invalid hex code")
}
)
router.put(
"/embed/size",
requiresAccount,
requiresPermissions("customize"),
async (ctx) => {
const Account = ctx.get("account") as Accounts.Account
const body = await ctx.req.json()
if (typeof body.largeImage != "boolean") {
ServeError(ctx, 400, "largeImage must be bool")
return return
} }
if (!Account.embed) Account.embed = {}; if (!Account.embed) Account.embed = {}
Account.embed.largeImage = req.body.largeImage Account.embed.largeImage = body.largeImage
await Accounts.save() await Accounts.save()
res.send(`custom embed image size saved`) return ctx.text(`custom embed image size saved`)
} }
) )

4
src/server/routes/api/v1/file.ts
View file

@ -1,7 +1,7 @@
import { Router } from "express"; import { Hono } from "hono";
import Files from "../../../lib/files"; import Files from "../../../lib/files";
let router = Router() const router = new Hono()
module.exports = function(files: Files) { module.exports = function(files: Files) {
return router return router

6
src/server/routes/api/v1/public.ts
View file

@ -1,7 +1,7 @@
import { Router } from "express"; import { Hono } from "hono"
import Files from "../../../lib/files"; import Files from "../../../lib/files"
let router = Router() const router = new Hono()
module.exports = function (files: Files) { module.exports = function (files: Files) {
return router return router