From 435791de5d27fb65c29553c92bc61ad9da920747 Mon Sep 17 00:00:00 2001 From: stringsplit <77242831+nbitzz@users.noreply.github.com> Date: Fri, 17 Mar 2023 13:56:57 -0700 Subject: [PATCH] jso --- assets/icons/README.md | 29 +++++++++++++- src/server/index.ts | 13 ++----- src/server/routes/authRoutes.ts | 62 ++++++++---------------------- src/server/routes/fileApiRoutes.ts | 13 +++++++ 4 files changed, 60 insertions(+), 57 deletions(-) diff --git a/assets/icons/README.md b/assets/icons/README.md index 754b5df..8611380 100644 --- a/assets/icons/README.md +++ b/assets/icons/README.md @@ -1 +1,28 @@ -Icons are part of Microsoft's Fluent icons \ No newline at end of file +These icons were originally distributed by Microsoft as part of the Fluent System UI icon collection. +https://github.com/microsoft/fluentui-system-icons + +They are licensed under separate terms, those being: + +``` +MIT License + +Copyright (c) 2020 Microsoft Corporation + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` \ No newline at end of file diff --git a/src/server/index.ts b/src/server/index.ts index ff64f77..878c2ac 100644 --- a/src/server/index.ts +++ b/src/server/index.ts @@ -26,7 +26,7 @@ app.use("/static/assets",express.static("assets")) app.use("/static/style",express.static("out/style")) app.use("/static/js",express.static("out/client")) -app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]})) +//app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]})) app.use(cookieParser()) app.use("/auth",authRoutes) @@ -94,19 +94,14 @@ app.post("/upload",multerSetup.single('file'),async (req,res) => { app.post("/clone",(req,res) => { try { - let j = JSON.parse(req.body) - if (!j.url) { - res.status(400) - res.send("[err] invalid url") - } - axios.get(j.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => { + axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => { files.uploadFile({ owner: auth.validate(req.cookies.auth), - name:j.url.split("/")[req.body.split("/").length-1] || "generic", + name:req.body.url.split("/")[req.body.split("/").length-1] || "generic", mime:data.headers["content-type"], - uploadId:j.uploadId + uploadId:req.body.uploadId },Buffer.from(data.data)) .then((uID) => res.send(uID)) .catch((stat) => { diff --git a/src/server/routes/authRoutes.ts b/src/server/routes/authRoutes.ts index 4c288da..49d6d9b 100644 --- a/src/server/routes/authRoutes.ts +++ b/src/server/routes/authRoutes.ts @@ -21,15 +21,7 @@ export function auth_setFilesObj(newFiles:Files) { } authRoutes.post("/login", parser, (req,res) => { - let body:{[key:string]:any} - try { - body = JSON.parse(req.body) - } catch { - ServeError(res,400,"bad request") - return - } - - if (typeof body.username != "string" || typeof body.password != "string") { + if (typeof req.body.username != "string" || typeof req.body.password != "string") { ServeError(res,400,"please provide a username or password") return } @@ -40,14 +32,14 @@ authRoutes.post("/login", parser, (req,res) => { check if account exists */ - let acc = Accounts.getFromUsername(body.username) + let acc = Accounts.getFromUsername(req.body.username) if (!acc) { ServeError(res,401,"username or password incorrect") return } - if (!Accounts.password.check(acc.id,body.password)) { + if (!Accounts.password.check(acc.id,req.body.password)) { ServeError(res,401,"username or password incorrect") return } @@ -67,17 +59,9 @@ authRoutes.post("/create", parser, (req,res) => { return } - let body:{[key:string]:any} - try { - body = JSON.parse(req.body) - } catch { - ServeError(res,400,"bad request") - return - } - if (auth.validate(req.cookies.auth)) return - if (typeof body.username != "string" || typeof body.password != "string") { + if (typeof req.body.username != "string" || typeof req.body.password != "string") { ServeError(res,400,"please provide a username or password") return } @@ -86,29 +70,29 @@ authRoutes.post("/create", parser, (req,res) => { check if account exists */ - let acc = Accounts.getFromUsername(body.username) + let acc = Accounts.getFromUsername(req.body.username) if (acc) { ServeError(res,400,"account with this username already exists") return } - if (body.username.length < 3 || body.username.length > 20) { + if (req.body.username.length < 3 || req.body.username.length > 20) { ServeError(res,400,"username must be over or equal to 3 characters or under or equal to 20 characters in length") return } - if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) { + if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) { ServeError(res,400,"username contains invalid characters") return } - if (body.password.length < 8) { + if (req.body.password.length < 8) { ServeError(res,400,"password must be 8 characters or longer") return } - let newAcc = Accounts.create(body.username,body.password) + let newAcc = Accounts.create(req.body.username,req.body.password) /* assign token @@ -193,32 +177,24 @@ authRoutes.post("/change_username", (req,res) => { return } - let body:{[key:string]:any} - try { - body = JSON.parse(req.body) - } catch { - ServeError(res,400,"bad request") - return - } - - if (typeof body.username != "string" || body.username.length < 3 || body.username.length > 20) { + if (typeof req.body.username != "string" || req.body.username.length < 3 || req.body.username.length > 20) { ServeError(res,400,"username must be between 3 and 20 characters in length") return } - let _acc = Accounts.getFromUsername(body.username) + let _acc = Accounts.getFromUsername(req.body.username) if (_acc) { ServeError(res,400,"account with this username already exists") return } - if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) { + if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) { ServeError(res,400,"username contains invalid characters") return } - acc.username = body.username + acc.username = req.body.username Accounts.save() res.send("username changed") @@ -231,22 +207,14 @@ authRoutes.post("/change_password", (req,res) => { return } - let body:{[key:string]:any} - try { - body = JSON.parse(req.body) - } catch { - ServeError(res,400,"bad request") - return - } - - if (typeof body.password != "string" || body.password.length < 8) { + if (typeof req.body.password != "string" || req.body.password.length < 8) { ServeError(res,400,"password must be 8 characters or longer") return } let accId = acc.id - Accounts.password.set(accId,body.password) + Accounts.password.set(accId,req.body.password) auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.invalidate(v.token) diff --git a/src/server/routes/fileApiRoutes.ts b/src/server/routes/fileApiRoutes.ts index 775c340..d6982c3 100644 --- a/src/server/routes/fileApiRoutes.ts +++ b/src/server/routes/fileApiRoutes.ts @@ -42,4 +42,17 @@ fileApiRoutes.get("/list", (req,res) => { } })) +}) + +fileApiRoutes.post("/action", (req,res) => { + + if (!auth.validate(req.cookies.auth)) { + ServeError(res, 401, "not logged in") + return + } + + let acc = Accounts.getFromToken(req.cookies.auth) + + if (!acc) return + }) \ No newline at end of file