From a5d3131180c52d3b83364bf4c7bf1fb2b0c158d3 Mon Sep 17 00:00:00 2001
From: stringsplit <77242831+nbitzz@users.noreply.github.com>
Date: Sun, 1 Oct 2023 16:27:22 -0700
Subject: [PATCH] bearer-auth: make primaryApi use middleware

---
 src/server/routes/primaryApi.ts | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/server/routes/primaryApi.ts b/src/server/routes/primaryApi.ts
index 5ce01bb..0ff3ed7 100644
--- a/src/server/routes/primaryApi.ts
+++ b/src/server/routes/primaryApi.ts
@@ -8,6 +8,7 @@ import multer, {memoryStorage} from "multer"
 
 import ServeError from "../lib/errors";
 import Files from "../lib/files";
+import { getAccount } from "../lib/middleware";
 
 let parser = bodyParser.json({
     type: ["text/plain","application/json"]
@@ -24,9 +25,12 @@ const multerSetup = multer({storage:memoryStorage()})
 
 let config = require(`${process.cwd()}/config.json`)
 
+primaryApi.use(getAccount);
 
 primaryApi.get(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], async (req:express.Request,res:express.Response) => {
     
+    let acc = res.locals.acc as Accounts.Account
+
     let file = files.getFilePointer(req.params.fileId)
     res.setHeader("Access-Control-Allow-Origin", "*")
     res.setHeader("Content-Security-Policy","sandbox allow-scripts")
@@ -34,7 +38,7 @@ primaryApi.get(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], async (req:expre
     
     if (file) {
         
-        if (file.visibility == "private" && Accounts.getFromToken(req.cookies.auth)?.id != file.owner) {
+        if (file.visibility == "private" && acc?.id != file.owner) {
             ServeError(res,403,"you do not own this file")
             return
         }
@@ -112,6 +116,9 @@ primaryApi.head(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], (req: express.R
 // upload handlers
 
 primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
+    
+    let acc = res.locals.acc as Accounts.Account
+
     if (req.file) {
         try {
             let prm = req.header("monofile-params")
@@ -121,7 +128,7 @@ primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
             }
 
             files.uploadFile({
-                owner: auth.validate(req.cookies.auth),
+                owner: acc?.id,
 
                 uploadId:params.uploadId,
                 name:req.file.originalname,
@@ -143,11 +150,14 @@ primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
 })
 
 primaryApi.post("/clone", bodyParser.json({type: ["text/plain","application/json"]}) ,(req,res) => {
+    
+    let acc = res.locals.acc as Accounts.Account
+
     try {
         axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
 
             files.uploadFile({
-                owner: auth.validate(req.cookies.auth),
+                owner: acc?.id,
 
                 name:req.body.url.split("/")[req.body.url.split("/").length-1] || "generic",
                 mime:data.headers["content-type"],