mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-22 05:46:26 -08:00
bearer-auth: make primaryApi use middleware
This commit is contained in:
parent
14d4261858
commit
a5d3131180
|
@ -8,6 +8,7 @@ import multer, {memoryStorage} from "multer"
|
||||||
|
|
||||||
import ServeError from "../lib/errors";
|
import ServeError from "../lib/errors";
|
||||||
import Files from "../lib/files";
|
import Files from "../lib/files";
|
||||||
|
import { getAccount } from "../lib/middleware";
|
||||||
|
|
||||||
let parser = bodyParser.json({
|
let parser = bodyParser.json({
|
||||||
type: ["text/plain","application/json"]
|
type: ["text/plain","application/json"]
|
||||||
|
@ -24,9 +25,12 @@ const multerSetup = multer({storage:memoryStorage()})
|
||||||
|
|
||||||
let config = require(`${process.cwd()}/config.json`)
|
let config = require(`${process.cwd()}/config.json`)
|
||||||
|
|
||||||
|
primaryApi.use(getAccount);
|
||||||
|
|
||||||
primaryApi.get(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], async (req:express.Request,res:express.Response) => {
|
primaryApi.get(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], async (req:express.Request,res:express.Response) => {
|
||||||
|
|
||||||
|
let acc = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
let file = files.getFilePointer(req.params.fileId)
|
let file = files.getFilePointer(req.params.fileId)
|
||||||
res.setHeader("Access-Control-Allow-Origin", "*")
|
res.setHeader("Access-Control-Allow-Origin", "*")
|
||||||
res.setHeader("Content-Security-Policy","sandbox allow-scripts")
|
res.setHeader("Content-Security-Policy","sandbox allow-scripts")
|
||||||
|
@ -34,7 +38,7 @@ primaryApi.get(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], async (req:expre
|
||||||
|
|
||||||
if (file) {
|
if (file) {
|
||||||
|
|
||||||
if (file.visibility == "private" && Accounts.getFromToken(req.cookies.auth)?.id != file.owner) {
|
if (file.visibility == "private" && acc?.id != file.owner) {
|
||||||
ServeError(res,403,"you do not own this file")
|
ServeError(res,403,"you do not own this file")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -112,6 +116,9 @@ primaryApi.head(["/file/:fileId", "/cpt/:fileId/*", "/:fileId"], (req: express.R
|
||||||
// upload handlers
|
// upload handlers
|
||||||
|
|
||||||
primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
|
primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
|
||||||
|
|
||||||
|
let acc = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
if (req.file) {
|
if (req.file) {
|
||||||
try {
|
try {
|
||||||
let prm = req.header("monofile-params")
|
let prm = req.header("monofile-params")
|
||||||
|
@ -121,7 +128,7 @@ primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
files.uploadFile({
|
files.uploadFile({
|
||||||
owner: auth.validate(req.cookies.auth),
|
owner: acc?.id,
|
||||||
|
|
||||||
uploadId:params.uploadId,
|
uploadId:params.uploadId,
|
||||||
name:req.file.originalname,
|
name:req.file.originalname,
|
||||||
|
@ -143,11 +150,14 @@ primaryApi.post("/upload",multerSetup.single('file'),async (req,res) => {
|
||||||
})
|
})
|
||||||
|
|
||||||
primaryApi.post("/clone", bodyParser.json({type: ["text/plain","application/json"]}) ,(req,res) => {
|
primaryApi.post("/clone", bodyParser.json({type: ["text/plain","application/json"]}) ,(req,res) => {
|
||||||
|
|
||||||
|
let acc = res.locals.acc as Accounts.Account
|
||||||
|
|
||||||
try {
|
try {
|
||||||
axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
|
axios.get(req.body.url,{responseType:"arraybuffer"}).then((data:AxiosResponse) => {
|
||||||
|
|
||||||
files.uploadFile({
|
files.uploadFile({
|
||||||
owner: auth.validate(req.cookies.auth),
|
owner: acc?.id,
|
||||||
|
|
||||||
name:req.body.url.split("/")[req.body.url.split("/").length-1] || "generic",
|
name:req.body.url.split("/")[req.body.url.split("/").length-1] || "generic",
|
||||||
mime:data.headers["content-type"],
|
mime:data.headers["content-type"],
|
||||||
|
|
Loading…
Reference in a new issue