This commit is contained in:
May 2023-03-17 13:56:57 -07:00
parent 52e5de2450
commit 435791de5d
4 changed files with 60 additions and 57 deletions

View file

@ -1 +1,28 @@
Icons are part of Microsoft's Fluent icons These icons were originally distributed by Microsoft as part of the Fluent System UI icon collection.
https://github.com/microsoft/fluentui-system-icons
They are licensed under separate terms, those being:
```
MIT License
Copyright (c) 2020 Microsoft Corporation
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
```

View file

@ -26,7 +26,7 @@ app.use("/static/assets",express.static("assets"))
app.use("/static/style",express.static("out/style")) app.use("/static/style",express.static("out/style"))
app.use("/static/js",express.static("out/client")) app.use("/static/js",express.static("out/client"))
app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]})) //app.use(bodyParser.text({limit:(config.maxDiscordFileSize*config.maxDiscordFiles)+1048576,type:["application/json","text/plain"]}))
app.use(cookieParser()) app.use(cookieParser())
app.use("/auth",authRoutes) app.use("/auth",authRoutes)
@ -94,19 +94,14 @@ app.post("/upload",multerSetup.single('file'),async (req,res) => {
app.post("/clone",(req,res) => { app.post("/clone",(req,res) => {
try { try {
let j = JSON.parse(req.body) axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
if (!j.url) {
res.status(400)
res.send("[err] invalid url")
}
axios.get(j.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
files.uploadFile({ files.uploadFile({
owner: auth.validate(req.cookies.auth), owner: auth.validate(req.cookies.auth),
name:j.url.split("/")[req.body.split("/").length-1] || "generic", name:req.body.url.split("/")[req.body.split("/").length-1] || "generic",
mime:data.headers["content-type"], mime:data.headers["content-type"],
uploadId:j.uploadId uploadId:req.body.uploadId
},Buffer.from(data.data)) },Buffer.from(data.data))
.then((uID) => res.send(uID)) .then((uID) => res.send(uID))
.catch((stat) => { .catch((stat) => {

View file

@ -21,15 +21,7 @@ export function auth_setFilesObj(newFiles:Files) {
} }
authRoutes.post("/login", parser, (req,res) => { authRoutes.post("/login", parser, (req,res) => {
let body:{[key:string]:any} if (typeof req.body.username != "string" || typeof req.body.password != "string") {
try {
body = JSON.parse(req.body)
} catch {
ServeError(res,400,"bad request")
return
}
if (typeof body.username != "string" || typeof body.password != "string") {
ServeError(res,400,"please provide a username or password") ServeError(res,400,"please provide a username or password")
return return
} }
@ -40,14 +32,14 @@ authRoutes.post("/login", parser, (req,res) => {
check if account exists check if account exists
*/ */
let acc = Accounts.getFromUsername(body.username) let acc = Accounts.getFromUsername(req.body.username)
if (!acc) { if (!acc) {
ServeError(res,401,"username or password incorrect") ServeError(res,401,"username or password incorrect")
return return
} }
if (!Accounts.password.check(acc.id,body.password)) { if (!Accounts.password.check(acc.id,req.body.password)) {
ServeError(res,401,"username or password incorrect") ServeError(res,401,"username or password incorrect")
return return
} }
@ -67,17 +59,9 @@ authRoutes.post("/create", parser, (req,res) => {
return return
} }
let body:{[key:string]:any}
try {
body = JSON.parse(req.body)
} catch {
ServeError(res,400,"bad request")
return
}
if (auth.validate(req.cookies.auth)) return if (auth.validate(req.cookies.auth)) return
if (typeof body.username != "string" || typeof body.password != "string") { if (typeof req.body.username != "string" || typeof req.body.password != "string") {
ServeError(res,400,"please provide a username or password") ServeError(res,400,"please provide a username or password")
return return
} }
@ -86,29 +70,29 @@ authRoutes.post("/create", parser, (req,res) => {
check if account exists check if account exists
*/ */
let acc = Accounts.getFromUsername(body.username) let acc = Accounts.getFromUsername(req.body.username)
if (acc) { if (acc) {
ServeError(res,400,"account with this username already exists") ServeError(res,400,"account with this username already exists")
return return
} }
if (body.username.length < 3 || body.username.length > 20) { if (req.body.username.length < 3 || req.body.username.length > 20) {
ServeError(res,400,"username must be over or equal to 3 characters or under or equal to 20 characters in length") ServeError(res,400,"username must be over or equal to 3 characters or under or equal to 20 characters in length")
return return
} }
if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) { if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) {
ServeError(res,400,"username contains invalid characters") ServeError(res,400,"username contains invalid characters")
return return
} }
if (body.password.length < 8) { if (req.body.password.length < 8) {
ServeError(res,400,"password must be 8 characters or longer") ServeError(res,400,"password must be 8 characters or longer")
return return
} }
let newAcc = Accounts.create(body.username,body.password) let newAcc = Accounts.create(req.body.username,req.body.password)
/* /*
assign token assign token
@ -193,32 +177,24 @@ authRoutes.post("/change_username", (req,res) => {
return return
} }
let body:{[key:string]:any} if (typeof req.body.username != "string" || req.body.username.length < 3 || req.body.username.length > 20) {
try {
body = JSON.parse(req.body)
} catch {
ServeError(res,400,"bad request")
return
}
if (typeof body.username != "string" || body.username.length < 3 || body.username.length > 20) {
ServeError(res,400,"username must be between 3 and 20 characters in length") ServeError(res,400,"username must be between 3 and 20 characters in length")
return return
} }
let _acc = Accounts.getFromUsername(body.username) let _acc = Accounts.getFromUsername(req.body.username)
if (_acc) { if (_acc) {
ServeError(res,400,"account with this username already exists") ServeError(res,400,"account with this username already exists")
return return
} }
if ((body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != body.username) { if ((req.body.username.match(/[A-Za-z0-9_\-\.]+/) || [])[0] != req.body.username) {
ServeError(res,400,"username contains invalid characters") ServeError(res,400,"username contains invalid characters")
return return
} }
acc.username = body.username acc.username = req.body.username
Accounts.save() Accounts.save()
res.send("username changed") res.send("username changed")
@ -231,22 +207,14 @@ authRoutes.post("/change_password", (req,res) => {
return return
} }
let body:{[key:string]:any} if (typeof req.body.password != "string" || req.body.password.length < 8) {
try {
body = JSON.parse(req.body)
} catch {
ServeError(res,400,"bad request")
return
}
if (typeof body.password != "string" || body.password.length < 8) {
ServeError(res,400,"password must be 8 characters or longer") ServeError(res,400,"password must be 8 characters or longer")
return return
} }
let accId = acc.id let accId = acc.id
Accounts.password.set(accId,body.password) Accounts.password.set(accId,req.body.password)
auth.AuthTokens.filter(e => e.account == accId).forEach((v) => { auth.AuthTokens.filter(e => e.account == accId).forEach((v) => {
auth.invalidate(v.token) auth.invalidate(v.token)

View file

@ -42,4 +42,17 @@ fileApiRoutes.get("/list", (req,res) => {
} }
})) }))
})
fileApiRoutes.post("/action", (req,res) => {
if (!auth.validate(req.cookies.auth)) {
ServeError(res, 401, "not logged in")
return
}
let acc = Accounts.getFromToken(req.cookies.auth)
if (!acc) return
}) })