jso

assets/icons/README.md

@@ -1 +1,28 @@
-Icons are part of Microsoft's Fluent icons
+These icons were originally distributed by Microsoft as part of the Fluent System UI icon collection.
+https://github.com/microsoft/fluentui-system-icons
+
+They are licensed under separate terms, those being:
+
+```
+MIT License
+
+Copyright (c) 2020 Microsoft Corporation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+```

src/server/index.ts

@@ -26,7 +26,7 @@ app.use("/static/assets",express.static("assets"))
 app.use("/static/style",express.static("out/style"))
 app.use("/static/js",express.static("out/client"))
 
-app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]}))
+//app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]}))
 app.use(cookieParser())
 
 app.use("/auth",authRoutes)
@@ -94,19 +94,14 @@ app.post("/upload",multerSetup.single('file'),async (req,res) => {
 
 app.post("/clone",(req,res) => {
     try {
-        let j = JSON.parse(req.body)
+        axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
-        if (!j.url) {
-            res.status(400)
-            res.send("[err] invalid url")
-        }
-        axios.get(j.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
 
             files.uploadFile({
                 owner: auth.validate(req.cookies.auth),
 
-                name:j.url.split("/")[req.body.split("/").length-1] || "generic",
+                name:req.body.url.split("/")[req.body.split("/").length-1] || "generic",
                 mime:data.headers["content-type"],
-                uploadId:j.uploadId
+                uploadId:req.body.uploadId
             },Buffer.from(data.data))
                 .then((uID) => res.send(uID))
                 .catch((stat) => {

src/server/routes/authRoutes.ts

@@ -21,15 +21,7 @@ export function auth_setFilesObj(newFiles:Files) {
 }
 
 authRoutes.post("/login", parser, (req,res) => {
-    let body:{[key:string]:any}
+    if (typeof req.body.username != "string" || typeof req.body.password != "string") {
-    try {
-        body = JSON.parse(req.body)
-    } catch {
-        ServeError(res,400,"bad request")
-        return
-    }
-
-    if (typeof body.username != "string" || typeof body.password != "string") {
         ServeError(res,400,"please provide a username or password")
         return
     }
@@ -40,14 +32,14 @@ authRoutes.post("/login", parser, (req,res) => {
         check if account exists  
     */
 
-    let acc = Accounts.getFromUsername(body.username)
+    let acc = Accounts.getFromUsername(req.body.username)
 
     if (!acc) {
         ServeError(res,401,"username or password incorrect")
         return
     }
 
-    if (!Accounts.password.check(acc.id,body.password)) {
+    if (!Accounts.password.check(acc.id,req.body.password)) {
         ServeError(res,401,"username or password incorrect")
         return
     }
@@ -67,17 +59,9 @@ authRoutes.post("/create", parser, (req,res) => {
         return
     }
 
-    let body:{[key:string]:any}
-    try {
-        body = JSON.parse(req.body)
-    } catch {
-        ServeError(res,400,"bad request")
-        return
-    }
-
     if (auth.validate(req.cookies.auth)) return
 
-    if (typeof body.username != "string" || typeof body.password != "string") {
+    if (typeof req.body.username != "string" || typeof req.body.password != "string") {
         ServeError(res,400,"please provide a username or password")
         return
     }
@@ -86,29 +70,29 @@ authRoutes.post("/create", parser, (req,res) => {
         check if account exists  
     */
 
-    let acc = Accounts.getFromUsername(body.username)
+    let acc = Accounts.getFromUsername(req.body.username)
 
     if (acc) {
         ServeError(res,400,"account with this username already exists")
         return
     }
 
-    if (body.username.length < 3 || body.username.length > 20) {
+    if (req.body.username.length < 3 || req.body.username.length > 20) {
         ServeError(res,400,"username must be over or equal to 3 characters or under or equal to 20 characters in length")
         return
     }
 
-    if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) {
+    if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) {
         ServeError(res,400,"username contains invalid characters")
         return
     }
 
-    if (body.password.length < 8) {
+    if (req.body.password.length < 8) {
         ServeError(res,400,"password must be 8 characters or longer")
         return
     }
 
-    let newAcc = Accounts.create(body.username,body.password)
+    let newAcc = Accounts.create(req.body.username,req.body.password)
 
     /*
         assign token
@@ -193,32 +177,24 @@ authRoutes.post("/change_username", (req,res) => {
         return
     }
 
-    let body:{[key:string]:any}
+    if (typeof req.body.username != "string" || req.body.username.length < 3 || req.body.username.length > 20) {
-    try {
-        body = JSON.parse(req.body)
-    } catch {
-        ServeError(res,400,"bad request")
-        return
-    }
-
-    if (typeof body.username != "string" || body.username.length < 3 || body.username.length > 20) {
         ServeError(res,400,"username must be between 3 and 20 characters in length")
         return
     }
 
-    let _acc = Accounts.getFromUsername(body.username)
+    let _acc = Accounts.getFromUsername(req.body.username)
 
     if (_acc) {
         ServeError(res,400,"account with this username already exists")
         return
     }
 
-    if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) {
+    if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) {
         ServeError(res,400,"username contains invalid characters")
         return
     }
 
-    acc.username = body.username
+    acc.username = req.body.username
     Accounts.save()
 
     res.send("username changed")
@@ -231,22 +207,14 @@ authRoutes.post("/change_password", (req,res) => {
         return
     }
 
-    let body:{[key:string]:any}
+    if (typeof req.body.password != "string" || req.body.password.length < 8) {
-    try {
-        body = JSON.parse(req.body)
-    } catch {
-        ServeError(res,400,"bad request")
-        return
-    }
-
-    if (typeof body.password != "string" || body.password.length < 8) {
         ServeError(res,400,"password must be 8 characters or longer")
         return
     }
 
     let accId = acc.id
 
-    Accounts.password.set(accId,body.password)
+    Accounts.password.set(accId,req.body.password)
 
     auth.AuthTokens.filter(e => e.account == accId).forEach((v) => {
         auth.invalidate(v.token)

src/server/routes/fileApiRoutes.ts

@@ -43,3 +43,16 @@ fileApiRoutes.get("/list", (req,res) => {
     }))
 
 })
+
+fileApiRoutes.post("/action", (req,res) => {
+
+    if (!auth.validate(req.cookies.auth)) {
+        ServeError(res, 401, "not logged in")
+        return
+    }
+
+    let acc = Accounts.getFromToken(req.cookies.auth)
+    
+    if (!acc) return
+
+})