not many additions but whatev

2024-10-06 12:06:26 -07:00 · 2023-02-27 16:48:43 -08:00 · 2023-02-27 16:48:43 -08:00 · 12f56d5b51
parent f9480d543b
commit 12f56d5b51
5 changed files with 101 additions and 24 deletions
--- a/src/server/index.ts
+++ b/src/server/index.ts
@ -13,6 +13,8 @@ import * as auth from "./lib/auth"
 import * as Accounts from "./lib/accounts"

 import { authRoutes } from "./routes/authRoutes";
+import { fileApiRoutes, setFilesObj } from "./routes/fileApiRoutes";
+
 require("dotenv").config()

 const multerSetup = multer({storage:memoryStorage()})
@ -28,6 +30,7 @@ app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles
 app.use(cookieParser())

 app.use("/auth",authRoutes)
+app.use("/files",fileApiRoutes)
 // funcs

 // init data
@ -45,6 +48,8 @@ let client = new Client({intents:[

 let files = new Files(client,config)

+setFilesObj(files)
+
 // routes (could probably make these use routers)

 // index, clone
@ -125,6 +130,11 @@ app.get("/download/:fileId",(req,res) => {
    if (files.getFilePointer(req.params.fileId)) {
        let file = files.getFilePointer(req.params.fileId)

+        if (file.visibility == "private" && Accounts.getFromToken(req.cookies.auth)?.id != file.owner) {
+            ServeError(res,403,"you do not own this file")
+            return
+        }
+
        fs.readFile(process.cwd()+"/pages/download.html",(err,buf) => {
            if (err) {res.sendStatus(500);console.log(err);return}
            res.send(
@ -159,7 +169,7 @@ app.get("/download/:fileId",(req,res) => {
                        : ""
                    )
                )
-                .replace(/\$Uploader/g,file.anonymous||!file.owner ? "Anonymous" : `@${Accounts.getFromId(file.owner)?.username || "Deleted User"}`)
+                .replace(/\$Uploader/g,!file.owner||file.visibility=="anonymous" ? "Anonymous" : `@${Accounts.getFromId(file.owner)?.username || "Deleted User"}`)
            )
        })
    } else {
@ -168,16 +178,31 @@ app.get("/download/:fileId",(req,res) => {
 })

 let fgRQH = async (req:express.Request,res:express.Response) => {
-    files.readFileStream(req.params.fileId).then(f => {
-        res.setHeader("Content-Type",f.contentType)
-        if (f.byteSize) {
-            res.setHeader("Content-Length",f.byteSize)
+    
+    let file = files.getFilePointer(req.params.fileId)
+    
+    if (file) {
+        
+        if (file.visibility == "private" && Accounts.getFromToken(req.cookies.auth)?.id != file.owner) {
+            ServeError(res,403,"you do not own this file")
+            return
        }
-        res.status(200)
-        f.dataStream.pipe(res)
-    }).catch((err) => {
-        ServeError(res,err.status,err.message)
-    })
+
+        // todo: make readfilestream just the stream since we already have filepointer
+        files.readFileStream(req.params.fileId).then(f => {
+            res.setHeader("Content-Type",f.contentType)
+            if (f.byteSize) {
+                res.setHeader("Content-Length",f.byteSize)
+            }
+            res.status(200)
+            f.dataStream.pipe(res)
+        }).catch((err) => {
+            ServeError(res,err.status,err.message)
+        })
+
+    }
+
+    
 }

 app.get("/server",(req,res) => {
--- a/src/server/lib/accounts.ts
+++ b/src/server/lib/accounts.ts
@ -1,6 +1,7 @@
 import crypto from "crypto"
 import * as auth from "./auth";
 import { readFile, writeFile } from "fs/promises"
+import { FileVisibility } from "./files";

 // this is probably horrible
 // but i don't even care anymore
@ -8,15 +9,16 @@ import { readFile, writeFile } from "fs/promises"
 export let Accounts: Account[] = []

 export interface Account {
-    id          : string
-    username    : string
-    password    : {
-        hash    : string
-        salt    : string
+    id                    : string
+    username              : string
+    password              : {
+        hash              : string
+        salt              : string
    }
-    files       : string[]
-    collections : string[]
-    admin       : boolean
+    files                 : string[]
+    collections           : string[]
+    admin                 : boolean
+    defaultFileVisibility : FileVisibility
 }

 export function create(username:string,pwd:string,admin:boolean=false) {
@ -29,7 +31,8 @@ export function create(username:string,pwd:string,admin:boolean=false) {
            password: password.hash(pwd),
            files: [],
            collections: [],
-            admin: admin
+            admin: admin,
+            defaultFileVisibility: "public"
        }
    )

--- a/src/server/lib/files.ts
+++ b/src/server/lib/files.ts
@ -4,11 +4,15 @@ import { readFile, writeFile } from "fs";
 import { Readable } from "node:stream";
 import { files } from "./accounts";

+import * as Accounts from "./accounts";
+
 export let id_check_regex = /[A-Za-z0-9_\-\.\!]+/
 export let alphanum = Array.from("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")

 // bad solution but whatever

+export type FileVisibility = "public" | "anonymous" | "private"
+
 export function generateFileId() {
    let fid = ""
    for (let i = 0; i < 5; i++) {
@ -21,8 +25,7 @@ export interface FileUploadSettings {
    name?: string,
    mime: string,
    uploadId?: string,
-    owner?:string,
-    anonymous?:boolean
+    owner?:string
 }

 export interface Configuration {
@ -46,7 +49,7 @@ export interface FilePointer {
    owner?:string,
    sizeInBytes?:number,
    tag?:string,
-    anonymous?:boolean
+    visibility?:FileVisibility
 }

 export interface StatusCodeError {
@ -185,7 +188,7 @@ export default class Files {
                    sizeInBytes:fBuffer.byteLength,

                    owner:settings.owner,
-                    anonymous: typeof settings.anonymous == "boolean" ? settings.anonymous : false
+                    visibility: settings.owner ? Accounts.getFromId(settings.owner)?.defaultFileVisibility : undefined
                }
            ))
        })
--- a/src/server/routes/fileApiRoutes.ts
+++ b/src/server/routes/fileApiRoutes.ts
@ -0,0 +1,41 @@
+import bodyParser from "body-parser";
+import { Router } from "express";
+import * as Accounts from "../lib/accounts";
+import * as auth from "../lib/auth";
+
+import ServeError from "../lib/errors";
+import Files from "../lib/files";
+
+let parser = bodyParser.json({
+    type: ["text/plain","application/json"]
+})
+
+export let fileApiRoutes = Router();
+let files:Files
+
+export function setFilesObj(newFiles:Files) {
+    files = newFiles
+}
+
+let config = require(`${process.cwd()}/config.json`)
+
+fileApiRoutes.get("/list", (req,res) => {
+
+    if (!auth.validate(req.cookies.auth)) {
+        ServeError(res, 401, "not logged in")
+        return
+    }
+
+    let acc = Accounts.getFromToken(req.cookies.auth)
+    
+    if (!acc) return
+
+    res.send(JSON.stringify(acc.files.map((e) => {
+        return {
+            ...files.getFilePointer(e),
+            messageids: null,
+            id:e
+        }
+    })))
+
+})
--- a/src/svelte/elem/pulldowns/Accounts.svelte
+++ b/src/svelte/elem/pulldowns/Accounts.svelte
@ -121,7 +121,7 @@

                <button>
                    <img src="/static/assets/icons/change_password.svg" alt="change password">
-                    <p>Change password<span><br />You will be logged out</span></p>
+                    <p>Change password<span><br />You will be logged out of all sessions</span></p>
                </button>
                
                {#if !$account.admin}
@ -180,6 +180,11 @@
                        <p>Elevate account to admin</p>
                    </button>

+                    <button>
+                        <img src="/static/assets/icons/link.svg" alt="delete file">
+                        <p>Change file owner</p>
+                    </button>
+
                    <button>
                        <img src="/static/assets/icons/admin/delete_file.svg" alt="delete file">
                        <p>Delete file</p>