Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update routes and file paths, fix authentication and security issues
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
.dinawo
2024-04-13 22:17:54 +02:00
parent 8f3e604774
commit 4e2e085a63
38 changed files with 1918 additions and 1408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
DockerCompse.template → DockerCompose.template
View File

2
models/Passport-ActiveDirectory.js
View File

@@ -8,7 +8,7 @@ const setupFilePath = path.join(__dirname, '../data', 'setup.json');
const setupData = JSON.parse(fs.readFileSync(setupFilePath, 'utf-8'));
passport.use('ActiveDirectory', new ActiveDirectoryStrategy({
passport.use(new ActiveDirectoryStrategy({
integrated: false,
ldap: {
url: setupData[0].ldap.url,

928
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
package.json
View File

@@ -1,5 +1,5 @@
{
"name": "@cdn/app-insider-swiftlogic-labs-dinawo",
"name": "@cdn-app/insider-swiftlogic-labs-dinawo",
"version": "1.0.0-beta.10",
"description": "",
"main": "server.js",

8
public/js/dashboard.js
View File

@@ -104,7 +104,7 @@
}).then(async (result) => {
if (result.isConfirmed) {
try {
const response = await fetch(`/dpanel/dashboard/deletefolder/${folderName}`, {
const response = await fetch(`/api/dpanel/dashboard/deletefolder/${folderName}`, {
method: 'DELETE',
});
@@ -160,7 +160,7 @@
}).then(result => {
if (result.isConfirmed) {
const folderName = result.value.trim();
fetch('/dpanel/dashboard/newfolder', {
fetch('/api/dpanel/dashboard/newfolder', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
@@ -342,7 +342,7 @@
}).then(async (result) => {
if (result.isConfirmed) {
try {
const response = await fetch('/dpanel/dashboard/delete', {
const response = await fetch('/api/dpanel/dashboard/delete', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
@@ -405,7 +405,7 @@
if (result.isConfirmed) {
const newName = result.value;
fetch(`/dpanel/dashboard/rename/${folderName}`, {
fetch(`/api/dpanel/dashboard/rename/${folderName}`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',

6
public/js/folder.js
View File

@@ -115,7 +115,7 @@ async function confirmDeleteFile(folderName, filename) {
if (confirmationResult.isConfirmed) {
try {
const response = await fetch(`/dpanel/dashboard/deletefile/${folderName}`, {
const response = await fetch(`/api/dpanel/dashboard/deletefile/${folderName}`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
@@ -186,7 +186,7 @@ function getCurrentFolderName() {
function renameFolder(currentName, newName) {
try {
const currentFolderName = getCurrentFolderName();
const renameURL = `/dpanel/dashboard/renamefile/${currentFolderName}`;
const renameURL = `/api/dpanel/dashboard/renamefile/${currentFolderName}`;
fetch(renameURL, {
method: 'POST',
@@ -251,7 +251,7 @@ function renameFile(folderName, currentName) {
if (result.isConfirmed) {
const newName = result.value;
fetch(`/dpanel/dashboard/rename/${folderName}`, {
fetch(`/api/dpanel/dashboard/rename/${folderName}`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',

32
routes/Auth/ActiveDirectory.js Normal file
View File

@@ -0,0 +1,32 @@
const express = require('express');
const router = express.Router();
const passport = require('passport');
require('../../models/Passport-ActiveDirectory');
const { checkUserExistsAD } = require('../../Middlewares/UserIDMiddlewareAD');
router.post('/', (req, res, next) => {
passport.authenticate('ActiveDirectory', (err, user) => {
if (err) {
return res.render('AuthLogin', { isAuthenticated: false, errorMessage: err.message, setupData: {}, showActiveDirectoryForm: true, currentUrl: req.originalUrl });
}
if (!user) {
return res.render('AuthLogin', { isAuthenticated: false, errorMessage: 'L\'utilisateur n\'est pas autorisé.', setupData: {}, showActiveDirectoryForm: true, currentUrl: req.originalUrl });
}
req.user = {
...user._json,
name: user._json.sAMAccountName,
id: user._json.sAMAccountName,
};
req.logIn(req.user, function(err) {
if (err) {
return next(err);
}
req.session.user = req.user;
return next();
});
})(req, res, next);
}, checkUserExistsAD);
module.exports = router;

67
routes/Auth/Discord.js Normal file
View File

@@ -0,0 +1,67 @@
const express = require('express');
const router = express.Router();
const passport = require('passport');
const { checkUserExistsDiscord } = require('../../Middlewares/UserIDMiddlewareDiscord');
const { getUserData, getSetupData } = require('../../Middlewares/watcherMiddleware');
let userData = getUserData();
let setupData;
getSetupData().then(data => {
setupData = data;
if (setupData[0].discord !== undefined) {
const DiscordStrategy = require('../../models/Passport-Discord');
}
});
let user = userData;
if (user.identifyURL) {
router.get("/auth/discord", (req, res) => {
res.redirect(user.identifyURL);
});
}
router.use(passport.initialize());
router.use(passport.session());
passport.deserializeUser((user, done) => {
done(null, user);
});
router.get("/", (req, res) => {
res.redirect(setupData.discord.identifyURL);
});
router.get('/callback', (req, res, next) => {
passport.authenticate('discord', (err, user, info) => {
if (err) {
return next(err);
}
if (!user) {
return res.redirect('/auth/login');
}
req.logIn(user, (loginErr) => {
if (loginErr) {
return next(loginErr);
}
checkUserExistsDiscord(req, res, () => {
if (req.userExists) {
return res.redirect('/dpanel/dashboard');
} else {
createUser(req.user, (createErr) => {
if (createErr) {
return next(createErr);
}
return res.redirect('/dpanel/dashboard');
});
}
});
});
})(req, res, next);
});
module.exports = router;

14
routes/Auth/Login.js Normal file
View File

@@ -0,0 +1,14 @@
const express = require('express');
const router = express.Router();
const fs = require('fs');
const path = require('path');
router.get('/', function(req, res) {
const setupFilePath = path.join('data', 'setup.json');
const setupData = JSON.parse(fs.readFileSync(setupFilePath, 'utf-8'));
const showActiveDirectoryForm = setupData[0].ldap && setupData[0].ldap.enabled === 'on';
res.render('AuthLogin', { setupData, isAuthenticated: false, errorMessage: '', showActiveDirectoryForm, currentUrl: req.originalUrl });
});
module.exports = router;

17
routes/Auth/Logout.js Normal file
View File

@@ -0,0 +1,17 @@
const express = require('express');
const router = express.Router();
const fs = require('fs');
const path = require('path');
router.get('/', (req, res) => {
req.logout(function(err) {
if (err) {
return next(err);
}
res.redirect('/auth/login');
});
});
var opts = { failWithError: true }
module.exports = router;

89
routes/Dpanel/API/DeleteFile.js Normal file
View File

@@ -0,0 +1,89 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
if (!userId || !filename) {
return res.status(400).json({ message: 'Identifiant d\'utilisateur ou nom de fichier manquant pour la suppression du fichier.' });
}
const userFolderPath = path.join('cdn-files', userId);
function findAndDeleteFile(folderPath) {
const filesInFolder = fs.readdirSync(folderPath);
for (const file of filesInFolder) {
const filePath = path.join(folderPath, file);
if (!filePath.startsWith(userFolderPath)) {
console.error('Unauthorized directory access attempt');
return false;
}
if (fs.statSync(filePath).isDirectory()) {
findAndDeleteFile(filePath);
} else if (file === filename) {
try {
fs.unlinkSync(filePath);
console.log('File deleted:', filePath);
return true;
} catch (error) {
console.error('Error deleting file:', error);
return false;
}
}
}
return false;
}
const fileDeleted = findAndDeleteFile(userFolderPath);
if (fileDeleted) {
res.status(200).json({ status: 'success', message: 'Le fichier a été supprimé avec succès.' });
} else {
res.status(404).json({ status: 'error', message: 'Le fichier que vous essayez de supprimer n\'existe pas.' });
}
});
const ncpAsync = (source, destination) => {
const userFolderPath = path.join('cdn-files', userId);
if (!source.startsWith(userFolderPath) || !destination.startsWith(userFolderPath)) {
throw new Error('Unauthorized directory access attempt');
}
return new Promise((resolve, reject) => {
ncp(source, destination, (err) => {
if (err) {
reject(err);
} else {
resolve();
}
});
});
};
module.exports = router;

45
routes/Dpanel/API/DeleteFileFolder.js Normal file
View File

@@ -0,0 +1,45 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
const userFolderPath = path.join('cdn-files', userId || '');
const filePath = path.join(userFolderPath, req.params.folderName, filename || '');
if (!fs.existsSync(filePath)) {
return res.status(404).json({ error: 'Le fichier spécifié n\'existe pas.' });
}
fs.unlink(filePath, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du fichier.' });
}
res.json({ deleted: true, success: 'Fichier supprimé avec succès.' });
});
});
module.exports = router;

48
routes/Dpanel/API/DeleteFolfder.js Normal file
View File

@@ -0,0 +1,48 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.delete('/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const folderName = req.params.folderName;
const userFolderPath = path.join('cdn-files', userId);
const folderPath = path.join(userFolderPath, folderName);
if (!fs.existsSync(folderPath)) {
return res.status(404).json({ error: 'Le dossier spécifié n\'existe pas.' });
}
if (!folderPath.startsWith(userFolderPath)) {
return res.status(403).json({ error: 'Vous n\'avez pas la permission de supprimer ce dossier.' });
}
fs.rmdir(folderPath, { recursive: true }, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du dossier.' });
}
res.json({ deleted: true, success: 'Dossier supprimé avec succès.' });
});
});
module.exports = router;

119
routes/Dpanel/API/MoveFile.js Normal file
View File

@@ -0,0 +1,119 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const folderName = req.body.folderName;
const data = await fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf-8')
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir);
await ncpAsync(normalizedSourcePath, destinationPath);
await fs.promises.unlink(normalizedSourcePath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
router.post('/:folderName', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const newFolderName = req.body.folderName;
const oldFolderName = req.params.folderName;
const userId = req.user && req.user._json ? req.userData.name : undefined;
if (!fileName || !userId || !oldFolderName || !newFolderName) {
console.error('fileName, userId, oldFolderName, or newFolderName is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const userDir = path.join(process.cwd(), 'cdn-files', userId);
const sourcePath = path.join(userDir, oldFolderName, fileName);
const destinationDir = path.join(userDir, newFolderName);
const destinationPath = path.join(destinationDir, fileName);
if (!sourcePath.startsWith(userDir) || !destinationPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
}
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir, fs.constants.W_OK);
await fs.promises.rename(normalizedSourcePath, destinationPath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
module.exports = router;

66
routes/Dpanel/API/NewFolder.js Normal file
View File

@@ -0,0 +1,66 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, (req, res) => {
try {
logger.info('Received POST request to create a new folder.');
const userId = req.userData.name;
let { folderName } = req.body;
logger.info('Received folderName:', folderName);
if (!folderName || typeof folderName !== 'string') {
ErrorLogger.error('Invalid folderName:', folderName);
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
folderName = path.basename(folderName.trim());
if (!folderName) {
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
const folderPath = path.join('cdn-files', userId, folderName);
if (fs.existsSync(folderPath)) {
logger.info('Folder already exists:', folderPath);
return res.status(400).json({ message: 'Le dossier existe déjà.' });
}
fs.mkdir(folderPath, (err) => {
if (err) {
ErrorLogger.error(err);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: err });
}
logger.info('Folder created successfully:', folderPath);
res.status(200).json({ message: 'Dossier créé avec succès.' });
});
} catch (error) {
ErrorLogger.error('Error creating folder:', error);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: error });
}
});
module.exports = router;

106
routes/Dpanel/API/RenameFile.js Normal file
View File

@@ -0,0 +1,106 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const currentPath = path.join('cdn-files', userId || '', currentName);
const newPath = path.join('cdn-files', userId, newName);
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf-8')
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
router.post('/:filePath*', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
const filePath = path.join(req.params.filePath, req.params[0] || '');
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const userDir = path.join('cdn-files', userId);
const currentPath = path.join(userDir, filePath, currentName);
const newPath = path.join(userDir, filePath, newName);
if (!currentPath.startsWith(userDir) || !newPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
}
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
module.exports = router;

62
routes/Dpanel/API/Update-Setup-Admin.js Normal file
View File

@@ -0,0 +1,62 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
try {
let setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'));
if (!req.body.ldap || !req.body.ldap.enabled) {
delete setup.ldap;
} else {
setup.ldap = req.body.ldap;
}
if (!req.body.discord || !req.body.discord.enabled) {
delete setup.discord;
} else {
setup.discord = req.body.discord;
}
setup.domain = req.body.domain;
setup.uptime = req.body.uptime;
fs.writeFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'), JSON.stringify(setup, null, 2);
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

52
routes/Dpanel/API/Upload-Role-Admin.js Normal file
View File

@@ -0,0 +1,52 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
try {
const { id, role } = req.body;
const user = User.find(user => user.id === id);
if (user) {
user.role = role;
}
fs.writeFileSync(path.join(__dirname, '../../../data/user.json'), JSON.stringify(User, null, 2));
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

95
routes/Dpanel/API/Upload.js Normal file
View File

@@ -0,0 +1,95 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.use(fileUpload({
limits: { fileSize: 15 * 1024 * 1024 * 1024 },
}));
router.post('/', authMiddleware, async (req, res) => {
try {
if (!req.files || Object.keys(req.files).length === 0) {
return res.status(400).send('5410 - Erreur de téléchargement, veuillez retenter ultérieurement.');
}
const file = req.files.file;
const userId = req.userData.name;
const Id = req.userData.id;
const uploadDir = path.join('cdn-files', userId);
const originalFileName = file.name;
const domain = config.domain || 'mydomain.com';
let expiryDate = req.body.expiryDate;
let password = req.body.password;
if (!fs.existsSync(uploadDir)) {
fs.mkdirSync(uploadDir, { recursive: true });
}
file.mv(path.join(uploadDir, originalFileName), async (err) => {
if (err) {
console.error(err);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
const fileExtension = path.extname(originalFileName).toLowerCase();
const bcrypt = require('bcrypt');
const saltRounds = 10;
let hashedPassword = '';
if (password) {
hashedPassword = bcrypt.hashSync(password, saltRounds);
}
const fileInfo = {
fileName: originalFileName,
expiryDate: expiryDate || '',
password: hashedPassword,
Id: Id,
path: path.join(uploadDir, originalFileName)
};
if (expiryDate || password) {
let data = [];
if (fs.existsSync(path.join(__dirname, '../../../data', 'file_info.json'))) {
const existingData = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
data = JSON.parse(existingData);
if (!Array.isArray(data)) {
data = [];
}
}
data.push(fileInfo);
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(data, null, 2));
}
res.redirect('/dpanel/dashboard');
});
} catch (error) {
console.error(error);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
});
module.exports = router;

61
routes/Dpanel/Admin/Privacy-Security.js Normal file
View File

@@ -0,0 +1,61 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', authMiddleware, async (req, res) => {
try {
const data = fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.name === req.user.name);
if (!user || user.role !== 'admin') {
console.log('Access denied');
return res.status(403).json({ message: "You do not have the necessary rights to access this resource." });
}
const files = await fs.promises.readdir('./report');
const reports = files.filter(file => file.endsWith('.json')).map(file => {
return fs.promises.readFile(path.join('./report', file), 'utf8')
.then(content => {
return { name: file, content: content };
})
.catch(err => {
console.error(err);
});
});
Promise.all([Promise.all(reports)]).then(([completedReports]) => {
res.render('paramAdminPrivacy&Security', { users: User, reports: completedReports });
});
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

44
routes/Dpanel/Admin/SettingSetup.js Normal file
View File

@@ -0,0 +1,44 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', authMiddleware, async (req, res) => {
try {
const data = fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.name === req.user.name);
if (!user || user.role !== 'admin') {
console.log('Access denied');
return res.status(403).json({ message: "You do not have the necessary rights to access this resource." });
}
res.render('paramAdminSettingSetup', { users: User, setup: setup });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

74
routes/Dpanel/Admin/Stats-Logs.js Normal file
View File

@@ -0,0 +1,74 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', authMiddleware, async (req, res) => {
try {
const data = fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.name === req.user.name);
if (!user || user.role !== 'admin') {
console.log('Access denied');
return res.status(403).json({ message: "You do not have the necessary rights to access this resource." });
}
const uptime = os.uptime();
const memoryUsage = process.memoryUsage().heapUsed / 1024 / 1024;
osUtils.cpuUsage(function(cpuUsage) {
fs.readdir('./logs', (err, files) => {
if (err) {
console.error(err);
res.status(500).send('Error reading logs');
return;
}
const logs = files.map(file => {
return fs.promises.readFile(path.join('./logs', file), 'utf8')
.then(content => {
content = convert.toHtml(content);
return { name: file, content: content };
})
.catch(err => {
console.error(err);
});
});
Promise.all(logs).then(completed => {
res.render('paramAdminStats&Logs', { users: User, setup: setup, uptime, memoryUsage, cpuUsage, logs: completed });
});
});
});
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

55
routes/Dpanel/Admin/User.js Normal file
View File

@@ -0,0 +1,55 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', authMiddleware, async (req, res) => {
try {
const data = fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.name === req.user.name);
if (!user || user.role !== 'admin') {
console.log('Access denied');
return res.status(403).json({ message: "You do not have the necessary rights to access this resource." });
}
let currentPage = Number(req.query.page) || 1;
let limit = Number(req.query.limit) || 10;
let totalUsers = users.length;
let pages = Math.ceil(totalUsers / limit);
let start = (currentPage - 1) * limit;
let end = start + limit;
let usersForPage = users.slice(start, end);
res.render('paramAdminUser', { users: usersForPage, setup: setup, pages: pages, currentPage: currentPage, limit: limit });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

46
routes/Dpanel/Admin/index.js Normal file
View File

@@ -0,0 +1,46 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', authMiddleware, async (req, res) => {
try {
const data = fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.name === req.user.name);
if (!user || user.role !== 'admin') {
console.log('Access denied');
return res.status(403).json({ message: "You do not have the necessary rights to access this resource." });
}
res.render('paramAdmin', { users: User, setup: setup });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

93
routes/Dpanel/Dashboard/index.js Normal file
View File

@@ -0,0 +1,93 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
let configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
let config = JSON.parse(configFile)[0];
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', authMiddleware, async (req, res) => {
const folderName = req.params.folderName || '';
if (!req.userData || !req.userData.name) {
return res.render('error-recovery-file', { error: 'User data is undefined or incomplete' });
}
const userId = req.userData.id;
const userName = req.userData.name;
const downloadDir = path.join('cdn-files', userName);
const domain = config.domain || 'swiftlogic-labs.com';
if (!config.domain) {
console.error('Domain is not defined in setup.json');
config.domain = 'swiftlogic-labs.com';
}
if (!fs.existsSync(downloadDir)) {
fs.mkdirSync(downloadDir, { recursive: true });
}
try {
fs.accessSync(downloadDir, fs.constants.R_OK | fs.constants.W_OK);
} catch (err) {
console.error('No access!', err);
return res.render('error-recovery-file', { error: 'No access to directory' });
}
let fileInfoNames = [];
try {
const fileInfo = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'))
if (!Array.isArray(fileInfo)) {
console.error('fileInfo is not an array. Check the contents of file_info.json');
} else {
fileInfoNames = fileInfo.map(file => file.fileName);
}
} catch (err) {
console.error('Error reading file_info.json:', err);
}
try {
const files = await fs.promises.readdir(downloadDir);
const folders = files.filter(file => fs.statSync(path.join(downloadDir, file)).isDirectory());
const fileDetails = files.map(file => {
const filePath = path.join(downloadDir, file);
const stats = fs.statSync(filePath);
const fileExtension = path.extname(file).toLowerCase();
const encodedFileName = encodeURIComponent(file);
const fileLink = `https://${domain}/attachments/${userId}/${encodedFileName}`;
const fileType = stats.isDirectory() ? 'folder' : 'file';
return {
name: file,
size: stats.size,
url: fileLink,
extension: fileExtension,
type: fileType
};
});
const availableExtensions = Array.from(new Set(fileDetails.map(file => file.extension)));
res.render('dashboard', { files: fileDetails, folders, extensions: availableExtensions, allFolders: folders, folderName: folderName, fileInfoNames: fileInfoNames });
} catch (err) {
console.error('Error reading directory:', err);
return res.render('error-recovery-file', { error: err.message });
}
});
module.exports = router;

127
routes/Dpanel/Folder/index.js Normal file
View File

@@ -0,0 +1,127 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile)[0];
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/:folderName', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const folderName = req.params.folderName || '';
const folderPath = path.join('cdn-files', userId, folderName);
const userFolderPath = path.join('cdn-files', userId);
const domain = config.domain || 'swiftlogic-labs.com';
const currentFolderName = folderName || '';
const data = await fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf-8')
let users;
try {
users = JSON.parse(data);
} catch (error) {
console.error('Error parsing user.json:', error);
users = [];
}
if (!Array.isArray(users)) {
console.error('Error: users is not an array. Check the contents of setup.json');
users = [];
}
const user = users.find(user => user.name === userId);
if (!user) {
console.error(`User with ID ${userId} not found in user.json`);
return res.status(500).send(`User with ID ${userId} not found in user.json`);
}
const userRealId = user.id;
const fileInfoData = await fs.readFileSync(path.join(__dirname, '../../../data', 'file_info.json'), 'utf-8')
let fileInfo;
try {
fileInfo = JSON.parse(fileInfoData);
} catch (error) {
console.error('Error parsing file_info.json:', error);
fileInfo = [];
}
if (!Array.isArray(fileInfo)) {
console.error('Error: fileInfo is not an array. Check the contents of file_info.json');
fileInfo = [];
}
const fileInfoNames = fileInfo.map(file => file.fileName);
fs.readdir(folderPath, { withFileTypes: true }, (err, entries) => {
if (err) {
console.error('Error reading directory:', err);
return res.render('error-recovery-file');
}
const folders = entries
.filter(entry => entry.isDirectory())
.map(entry => entry.name);
fs.readdir(userFolderPath, { withFileTypes: true }, (err, allEntries) => {
if (err) {
console.error('Error reading user directory:', err);
return res.render('error-recovery-file');
}
const allFolders = allEntries
.filter(entry => entry.isDirectory())
.map(entry => entry.name);
const fileDetailsPromises = entries.map(entry => {
const filePath = path.join(folderPath, entry.name);
return new Promise((resolve, reject) => {
fs.stat(filePath, (err, stats) => {
if (err) {
console.error('Error getting file stats:', err);
return reject(err);
}
const encodedFileName = encodeURIComponent(entry.name);
const fileLink = `https://${domain}/attachments/${userRealId}/${encodedFileName}`;
const fileType = entry.isDirectory() ? 'folder' : 'file';
resolve({
name: entry.name,
size: stats.size,
url: fileLink,
extension: path.extname(entry.name).toLowerCase(),
type: fileType
});
});
});
});
Promise.all(fileDetailsPromises)
.then(fileDetails => {
const availableExtensions = Array.from(new Set(fileDetails.map(file => file.extension)));
res.render('folder', { files: fileDetails, folders, allFolders, extensions: availableExtensions, currentFolder: currentFolderName, folderName: folderName, fileInfoNames });
})
.catch(error => {
console.error('Error processing file details:', error);
res.status(500).send('Erreur lors du traitement des détails des fichiers.');
});
});
});
});
module.exports = router;

27
routes/Dpanel/Upload.js Normal file
View File

@@ -0,0 +1,27 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', authMiddleware, (req, res) => {
res.render('upload');
});
module.exports = router;

58
routes/attachments.js
View File

@@ -4,12 +4,13 @@ const path = require('path');
const fs = require('fs').promises;
const mime = require('mime-types');
const { logger, ErrorLogger } = require('../config/logs');
const crypto = require('crypto');
const bcrypt = require('bcrypt');
const saltRounds = 10;
const baseDir = 'cdn-files';
async function getSamAccountNameFromUserId(userId) {
const data = await fs.readFile(path.join(__dirname, '../user.json'), 'utf8');
const data = await fs.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.id === userId);
if (user) {
@@ -48,7 +49,6 @@ router.get('/:userId', (req, res) => {
res.render('unauthorized');
});
router.get('/:userId/:filename', async (req, res) => {
const { userId, filename } = req.params;
@@ -59,8 +59,18 @@ router.get('/:userId/:filename', async (req, res) => {
return res.render('file-not-found');
}
const data = await fs.readFile('file_info.json', 'utf8');
const fileInfoArray = JSON.parse(data);
const data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
@@ -113,8 +123,18 @@ router.post('/:userId/:filename', async (req, res) => {
const enteredPassword = req.body.password;
try {
const data = await fs.readFile('file_info.json', 'utf8');
const fileInfoArray = JSON.parse(data);
const data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
@@ -122,13 +142,7 @@ router.post('/:userId/:filename', async (req, res) => {
return res.json({ success: false, message: 'File not found' });
}
const algorithm = 'aes-256-cbc';
const key = crypto.scryptSync(enteredPassword, 'salt', 32);
const iv = Buffer.alloc(16, 0);
const cipher = crypto.createCipheriv(algorithm, key, iv);
const encryptedPassword = cipher.update('', 'utf8', 'hex') + cipher.final('hex');
if (fileInfo.password === encryptedPassword) {
if (bcrypt.compareSync(enteredPassword, fileInfo.password)) {
req.session.passwordVerified = true;
const filePath = await findFileInUserDir(userId, filename);
const fileContent = await fs.readFile(filePath);
@@ -153,8 +167,18 @@ router.post('/:userId/:filename', async (req, res) => {
});
async function deleteExpiredFiles() {
let data = await fs.readFile('file_info.json', 'utf8');
let fileInfoArray = JSON.parse(data);
let data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const now = new Date();
let newFileInfoArray = [];
@@ -183,7 +207,7 @@ async function deleteExpiredFiles() {
}
try {
await fs.writeFile('file_info.json', JSON.stringify(newFileInfoArray, null, 2), 'utf8');
await fs.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(newFileInfoArray, null, 2), 'utf8');
} catch (err) {
ErrorLogger.error('Error writing to file_info.json:', err);
}

128
routes/auth.js
View File

@@ -1,128 +0,0 @@
const express = require('express');
const router = express.Router();
const passport = require('passport');
const fs = require('fs');
const { checkUserExistsAD } = require('../Middlewares/UserIDMiddlewareAD');
const { checkUserExistsDiscord } = require('../Middlewares/UserIDMiddlewareDiscord');
const path = require('path');
const { getUserData, getSetupData } = require('../Middlewares/watcherMiddleware');
let userData = getUserData();
let setupData;
let adStrategy;
getSetupData().then(data => {
setupData = data;
if (setupData[0].ldap !== undefined) {
adStrategy = require('../models/Passport-ActiveDirectory');
adStrategy.name = 'active-directory';
passport.use(adStrategy);
} else {
console.log('LDAP data is not defined in setup data');
}
if (setupData[0].discord !== undefined) {
const DiscordStrategy = require('../models/Passport-Discord');
}
});
let user = userData;
if (user.identifyURL) {
app.get("/auth/discord", (req, res) => {
res.redirect(user.identifyURL);
});
}
router.use(passport.initialize());
router.use(passport.session());
router.get('/login', function(req, res) {
const setupFilePath = path.join('data', 'setup.json');
const setupData = JSON.parse(fs.readFileSync(setupFilePath, 'utf-8'));
const showActiveDirectoryForm = setupData.ldap && setupData.ldap.enabled === 'on';
res.render('AuthLogin', { setupData, isAuthenticated: false, errorMessage: '', showActiveDirectoryForm, currentUrl: req.originalUrl });
});
passport.deserializeUser((user, done) => {
done(null, user);
});
router.get('/logout', (req, res) => {
req.logout(function(err) {
if (err) {
return next(err);
}
res.redirect('/auth/login');
});
});
var opts = { failWithError: true }
router.post('/activedirectory', (req, res, next) => {
passport.authenticate('ActiveDirectory', (err, user) => {
if (err) {
console.log('Authentication error:', err); // Debug log
return res.render('AuthLogin', { isAuthenticated: false, errorMessage: err.message, setupData: {}, showActiveDirectoryForm: true, currentUrl: req.originalUrl });
}
if (!user) {
console.log('User not authorized'); // Debug log
return res.render('AuthLogin', { isAuthenticated: false, errorMessage: 'L\'utilisateur n\'est pas autorisé.', setupData: {}, showActiveDirectoryForm: true, currentUrl: req.originalUrl });
}
req.user = {
...user._json,
name: user._json.sAMAccountName,
id: user._json.sAMAccountName,
};
console.log('User object:', req.user); // Debug log
req.logIn(req.user, function(err) {
if (err) {
console.log('Login error:', err); // Debug log
return next(err);
}
console.log('User logged in successfully'); // Debug log
req.session.user = req.user;
return next();
});
})(req, res, next);
}, checkUserExistsAD);
router.get("/discord", (req, res) => {
res.redirect(setupData.discord.identifyURL);
});
router.get('/discord/callback', (req, res, next) => {
passport.authenticate('discord', (err, user, info) => {
if (err) {
return next(err);
}
if (!user) {
return res.redirect('/auth/login');
}
req.logIn(user, (loginErr) => {
if (loginErr) {
return next(loginErr);
}
checkUserExistsDiscord(req, res, () => {
if (req.userExists) {
return res.redirect('/dpanel/dashboard');
} else {
createUser(req.user, (createErr) => {
if (createErr) {
return next(createErr);
}
return res.redirect('/dpanel/dashboard');
});
}
});
});
})(req, res, next);
});
module.exports = router;

724
routes/dpanel.js
View File

@@ -1,724 +0,0 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../Middlewares/watcherMiddleware');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/dashboard', authMiddleware, async (req, res) => {
const folderName = req.params.folderName || '';
if (!req.userData || !req.userData.name) {
return res.render('error-recovery-file', { error: 'User data is undefined or incomplete' });
}
const userId = req.userData.id;
const userName = req.userData.name;
const downloadDir = path.join('cdn-files', userName);
const domain = config.domain || 'mydomain.com';
if (!fs.existsSync(downloadDir)) {
fs.mkdirSync(downloadDir, { recursive: true });
}
try {
fs.accessSync(downloadDir, fs.constants.R_OK | fs.constants.W_OK);
} catch (err) {
console.error('No access!', err);
return res.render('error-recovery-file', { error: 'No access to directory' });
}
let fileInfoNames = [];
try {
const fileInfo = JSON.parse(fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'))
fileInfoNames = fileInfo.map(file => file.fileName);
fileInfo.map(/* ... */);
} catch (err) {
console.error('Error reading file_info.json:', err);
}
try {
const files = await fs.promises.readdir(downloadDir);
const folders = files.filter(file => fs.statSync(path.join(downloadDir, file)).isDirectory());
const fileDetails = files.map(file => {
const filePath = path.join(downloadDir, file);
const stats = fs.statSync(filePath);
const fileExtension = path.extname(file).toLowerCase();
const encodedFileName = encodeURIComponent(file);
const fileLink = `https://${domain}/attachments/${userId}/${encodedFileName}`;
const fileType = stats.isDirectory() ? 'folder' : 'file';
return {
name: file,
size: stats.size,
url: fileLink,
extension: fileExtension,
type: fileType
};
});
const availableExtensions = Array.from(new Set(fileDetails.map(file => file.extension)));
res.render('dashboard', { files: fileDetails, folders, extensions: availableExtensions, allFolders: folders, folderName: folderName, fileInfoNames: fileInfoNames });
} catch (err) {
console.error('Error reading directory:', err);
return res.render('error-recovery-file', { error: err.message });
}
});
router.get('/dashboard/folder/:folderName', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const folderName = req.params.folderName || '';
const folderPath = path.join('cdn-files', userId, folderName);
const userFolderPath = path.join('cdn-files', userId);
const domain = config.domain || 'mydomain.com';
const currentFolderName = folderName || '';
const data = await fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8')
let users;
try {
users = JSON.parse(data);
} catch (error) {
console.error('Error parsing setup.json:', error);
users = [];
}
if (!Array.isArray(users)) {
console.error('Error: users is not an array. Check the contents of setup.json');
users = [];
}
const user = users.find(user => user.name === userId);
if (!user) {
return res.status(500).send('User not found in user.json');
}
const userRealId = user.id;
const fileInfoData = await fs.readFileSync(path.join(__dirname, '../data', 'file_info.json'), 'utf-8')
let fileInfo;
try {
fileInfo = JSON.parse(fileInfoData);
} catch (error) {
console.error('Error parsing file_info.json:', error);
fileInfo = [];
}
// Check if fileInfo is an array
if (!Array.isArray(fileInfo)) {
console.error('Error: fileInfo is not an array. Check the contents of file_info.json');
fileInfo = []; // Default to an empty array to prevent further errors
}
const fileInfoNames = fileInfo.map(file => file.fileName);
fs.readdir(folderPath, { withFileTypes: true }, (err, entries) => {
if (err) {
console.error('Error reading directory:', err);
return res.render('error-recovery-file');
}
const folders = entries
.filter(entry => entry.isDirectory())
.map(entry => entry.name);
fs.readdir(userFolderPath, { withFileTypes: true }, (err, allEntries) => {
if (err) {
console.error('Error reading user directory:', err);
return res.render('error-recovery-file');
}
const allFolders = allEntries
.filter(entry => entry.isDirectory())
.map(entry => entry.name);
const fileDetailsPromises = entries.map(entry => {
const filePath = path.join(folderPath, entry.name);
return new Promise((resolve, reject) => {
fs.stat(filePath, (err, stats) => {
if (err) {
console.error('Error getting file stats:', err);
return reject(err);
}
const encodedFileName = encodeURIComponent(entry.name);
const fileLink = `https://${domain}/attachments/${userRealId}/${encodedFileName}`;
const fileType = entry.isDirectory() ? 'folder' : 'file';
resolve({
name: entry.name,
size: stats.size,
url: fileLink,
extension: path.extname(entry.name).toLowerCase(),
type: fileType
});
});
});
});
Promise.all(fileDetailsPromises)
.then(fileDetails => {
const availableExtensions = Array.from(new Set(fileDetails.map(file => file.extension)));
res.render('folder', { files: fileDetails, folders, allFolders, extensions: availableExtensions, currentFolder: currentFolderName, folderName: folderName, fileInfoNames });
})
.catch(error => {
console.error('Error processing file details:', error);
res.status(500).send('Erreur lors du traitement des détails des fichiers.');
});
});
});
});
router.post('/dashboard/newfolder', authMiddleware, (req, res) => {
try {
console.log('Received POST request to create a new folder.');
const userId = req.userData.name;
let { folderName } = req.body;
console.log('Received folderName:', folderName);
if (!folderName || typeof folderName !== 'string') {
console.log('Invalid folderName:', folderName);
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
folderName = folderName.trim();
if (!folderName) {
console.log('Trimmed folderName is empty.');
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
const folderPath = path.join('cdn-files', userId, folderName);
if (fs.existsSync(folderPath)) {
console.log('Folder already exists:', folderPath);
return res.status(400).json({ message: 'Le dossier existe déjà.' });
}
fs.mkdir(folderPath, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: err });
}
console.log('Folder created successfully:', folderPath);
res.status(200).json({ message: 'Dossier créé avec succès.' });
});
} catch (error) {
console.error('Error creating folder:', error);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: error });
}
});
router.post('/dashboard/rename', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const currentPath = path.join('cdn-files', userId || '', currentName);
const newPath = path.join('cdn-files', userId, newName);
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promise.readFileSync(path.join(__dirname, '../data', 'file_info.json'), 'utf-8')
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
router.post('/dashboard/rename/:filePath*', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
const filePath = path.join(req.params.filePath, req.params[0] || '');
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const currentPath = path.join('cdn-files', userId || '', filePath, currentName);
const newPath = path.join('cdn-files', userId, filePath, newName);
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
router.post('/dashboard/delete', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
if (!userId || !filename) {
return res.status(400).json({ message: 'Identifiant d\'utilisateur ou nom de fichier manquant pour la suppression du fichier.' });
}
const userFolderPath = path.join('cdn-files', userId);
function findAndDeleteFile(folderPath) {
const filesInFolder = fs.readdirSync(folderPath);
for (const file of filesInFolder) {
const filePath = path.join(folderPath, file);
if (fs.statSync(filePath).isDirectory()) {
findAndDeleteFile(filePath);
} else if (file === filename) {
try {
fs.unlinkSync(filePath);
console.log('File deleted:', filePath);
return true;
} catch (error) {
console.error('Error deleting file:', error);
return false;
}
}
}
return false;
}
const fileDeleted = findAndDeleteFile(userFolderPath);
if (fileDeleted) {
res.status(200).json({ status: 'success', message: 'Le fichier a été supprimé avec succès.' });
} else {
res.status(404).json({ status: 'error', message: 'Le fichier que vous essayez de supprimer n\'existe pas.' });
}
});
const ncpAsync = (source, destination) => {
return new Promise((resolve, reject) => {
ncp(source, destination, (err) => {
if (err) {
reject(err);
} else {
resolve();
}
});
});
};
router.post('/dashboard/movefile', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const folderName = req.body.folderName;
const data = await fs.readFileSync(path.join(__dirname, '../data', 'user.json.json'), 'utf-8')
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir);
await ncpAsync(normalizedSourcePath, destinationPath);
await fs.promises.unlink(normalizedSourcePath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
router.post('/dashboard/movefile/:folderName', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const newFolderName = req.body.folderName;
const oldFolderName = req.params.folderName;
const userId = req.user && req.user._json ? req.userData.name : undefined;
if (!fileName || !userId || !oldFolderName || !newFolderName) {
console.error('fileName, userId, oldFolderName, or newFolderName is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const sourcePath = path.join(process.cwd(), 'cdn-files', userId, oldFolderName, fileName);
const destinationDir = path.join(process.cwd(), 'cdn-files', userId, newFolderName);
const destinationPath = path.join(destinationDir, fileName);
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir, fs.constants.W_OK);
await fs.promises.rename(normalizedSourcePath, destinationPath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
router.delete('/dashboard/deletefolder/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
const userFolderPath = path.join('cdn-files', userId || '');
const folderPath = path.join(userFolderPath, req.params.folderName || '');
if (!fs.existsSync(folderPath)) {
return res.status(404).json({ error: 'Le dossier spécifié n\'existe pas.' });
}
fs.rmdirSync(folderPath, { recursive: true });
res.json({ deleted: true, success: 'Dossier supprimé avec succès.' });
});
router.delete('/dashboard/deletefolder/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const folderName = req.params.folderName;
const folderPath = path.join('cdn-files', userId, folderName);
fs.rmdir(folderPath, { recursive: true }, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du dossier.' });
}
res.json({ deleted: true, success: 'Dossier supprimé avec succès.' });
});
});
router.post('/dashboard/deletefile/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
const userFolderPath = path.join('cdn-files', userId || '');
const filePath = path.join(userFolderPath, req.params.folderName, filename || '');
if (!fs.existsSync(filePath)) {
return res.status(404).json({ error: 'Le fichier spécifié n\'existe pas.' });
}
fs.unlink(filePath, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du fichier.' });
}
res.json({ deleted: true, success: 'Fichier supprimé avec succès.' });
});
});
router.get('/upload', authMiddleware, (req, res) => {
res.render('upload');
});
router.use(fileUpload({
limits: { fileSize: 15 * 1024 * 1024 * 1024 },
}));
router.post('/upload', authMiddleware, async (req, res) => {
try {
if (!req.files || Object.keys(req.files).length === 0) {
return res.status(400).send('5410 - Erreur de téléchargement, veuillez retenter ultérieurement.');
}
const file = req.files.file;
const userId = req.userData.name;
const Id = req.userData.id;
const uploadDir = path.join('cdn-files', userId);
const originalFileName = file.name;
const domain = config.domain || 'mydomain.com';
let expiryDate = req.body.expiryDate;
let password = req.body.password;
if (!fs.existsSync(uploadDir)) {
fs.mkdirSync(uploadDir, { recursive: true });
}
file.mv(path.join(uploadDir, originalFileName), async (err) => {
if (err) {
console.error(err);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
const fileExtension = path.extname(originalFileName).toLowerCase();
let encryptedPassword = '';
if (password) {
const algorithm = 'aes-256-cbc';
const key = crypto.scryptSync(password, 'salt', 32);
const iv = Buffer.alloc(16, 0);
const cipher = crypto.createCipheriv(algorithm, key, iv);
encryptedPassword = cipher.update('', 'utf8', 'hex');
encryptedPassword += cipher.final('hex');
}
const fileInfo = {
fileName: originalFileName,
expiryDate: expiryDate || '',
password: encryptedPassword,
Id: Id,
path: path.join(uploadDir, originalFileName)
};
if (expiryDate || password) {
let data = [];
if (fs.existsSync(path.join(__dirname, '../data', 'file_info.json'))) {
const existingData = await fs.promises.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
data = JSON.parse(existingData);
}
data.push(fileInfo);
await fs.promises.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(data, null, 2));
}
res.redirect('/dpanel/dashboard');
});
} catch (error) {
console.error(error);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
});
const User = require('../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'));
router.get('/dashboard/admin', authMiddleware, async (req, res) => {
try {
res.render('paramAdmin', { users: User, setup: setup });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
router.get('/dashboard/admin/users', authMiddleware, async (req, res) => {
try {
let currentPage = Number(req.query.page) || 1;
let limit = Number(req.query.limit) || 10;
let rawdata = fs.readFileSync(path.join(__dirname, '../data/user.json'));
let users = JSON.parse(rawdata);
let totalUsers = users.length;
let pages = Math.ceil(totalUsers / limit);
let start = (currentPage - 1) * limit;
let end = start + limit;
let usersForPage = users.slice(start, end);
res.render('paramAdminUser', { users: usersForPage, setup: setup, pages: pages, currentPage: currentPage, limit: limit });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
router.get('/dashboard/admin/settingsetup', authMiddleware, async (req, res) => {
try {
res.render('paramAdminSettingSetup', { users: User, setup: setup });
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert();
router.get('/dashboard/admin/stats-logs', authMiddleware, async (req, res) => {
try {
const uptime = os.uptime();
const memoryUsage = process.memoryUsage().heapUsed / 1024 / 1024;
osUtils.cpuUsage(function(cpuUsage) {
fs.readdir('./logs', (err, files) => {
if (err) {
console.error(err);
res.status(500).send('Error reading logs');
return;
}
const logs = files.map(file => {
return fs.promises.readFile(path.join('./logs', file), 'utf8')
.then(content => {
content = convert.toHtml(content);
return { name: file, content: content };
})
.catch(err => {
console.error(err);
});
});
Promise.all(logs).then(completed => {
res.render('paramAdminStats&Logs', { users: User, setup: setup, uptime, memoryUsage, cpuUsage, logs: completed });
});
});
});
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
router.get('/dashboard/admin/Privacy-Security', authMiddleware, async (req, res) => {
try {
const files = await fs.promises.readdir('./report');
const reports = files.filter(file => file.endsWith('.json')).map(file => {
return fs.promises.readFile(path.join('./report', file), 'utf8')
.then(content => {
return { name: file, content: content };
})
.catch(err => {
console.error(err);
});
});
Promise.all([Promise.all(reports)]).then(([completedReports]) => {
res.render('paramAdminPrivacy&Security', { users: User, reports: completedReports });
});
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
router.post('/dashboard/update-role', authMiddleware, async (req, res) => {
try {
const { id, role } = req.body;
const user = User.find(user => user.id === id);
if (user) {
user.role = role;
}
fs.writeFileSync(path.join(__dirname, '../data/user.json'), JSON.stringify(User, null, 2));
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
router.post('/dashboard/update-setup', authMiddleware, async (req, res) => {
try {
let setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'));
if (!req.body.ldap || !req.body.ldap.enabled) {
delete setup.ldap;
} else {
setup.ldap = req.body.ldap;
}
if (!req.body.discord || !req.body.discord.enabled) {
delete setup.discord;
} else {
setup.discord = req.body.discord;
}
setup.domain = req.body.domain;
setup.uptime = req.body.uptime;
fs.writeFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'), JSON.stringify(setup, null, 2);
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

59
routes/routes.js Normal file
View File

@@ -0,0 +1,59 @@
const express = require('express');
const router = express.Router();
const path = require('path');
const indexRoute = require('./index.js');
const DpanelDashboardRoute = require('./Dpanel/Dashboard/index.js');
const DpanelFolderRoute = require('./Dpanel/Folder/index.js');
const DpanelUploadRoute = require('./Dpanel/Upload.js');
const AttachmentsRoute = require('./attachments.js');
const NewFolderRoute = require('./Dpanel/API/NewFolder.js');
const RenameFileRoute = require('./Dpanel/API/RenameFile.js');
const DeleteFileRoute = require('./Dpanel/API/DeleteFile.js');
const MoveFileRoute = require('./Dpanel/API/MoveFile.js');
const UploadRoute = require('./Dpanel/API/Upload.js');
const UpdateRoleAdminRoute = require('./Dpanel/API/Upload-Role-Admin.js');
const UpdateSetupAdminRoute = require('./Dpanel/API/Update-Setup-Admin.js');
const DeleteFolderRoute = require('./Dpanel/API/DeleteFolfder.js');
const DeleteFileFolderRoute = require('./Dpanel/API/DeleteFileFolder.js');
const loginRoute = require('./Auth/Login.js');
const logoutRoute = require('./Auth/Logout.js');
const activeDirectoryRoute = require('./Auth/ActiveDirectory.js');
const discordRoute = require('./Auth/Discord.js');
const AdminDpanelRoute = require('./Dpanel/Admin/index.js');
const AdminUsersDpanelRoute = require('./Dpanel/Admin/User.js');
const AdminSettingSetupDpanelRoute = require('./Dpanel/Admin/SettingSetup.js');
const AdminStatsLogsDpanelRoute = require('./Dpanel/Admin/Stats-Logs.js');
const AdminPrivacySecurityDpanelRoute = require('./Dpanel/Admin/Privacy-Security.js');
router.use('/', indexRoute);
router.use('/attachments', AttachmentsRoute);
router.use('/dpanel/dashboard', DpanelDashboardRoute);
router.use('/dpanel/upload', DpanelUploadRoute);
router.use('/dpanel/dashboard/folder', DpanelFolderRoute);
router.use('/dpanel/dashboard/admin', AdminDpanelRoute);
router.use('/dpanel/dashboard/admin/users', AdminUsersDpanelRoute);
router.use('/dpanel/dashboard/admin/settingsetup', AdminSettingSetupDpanelRoute)
router.use('/dpanel/dashboard/admin/stats-logs', AdminStatsLogsDpanelRoute);;
router.use('/dpanel/dashboard/admin/Privacy-Security', AdminPrivacySecurityDpanelRoute);
router.use('/api/dpanel/dashboard/newfolder', NewFolderRoute);
router.use('/api/dpanel/dashboard/rename', RenameFileRoute);
router.use('/api/dpanel/dashboard/delete', DeleteFileRoute);
router.use('/api/dpanel/dashboard/movefile', MoveFileRoute);
router.use('/api/dpanel/upload', UploadRoute);
router.use('/api/dpanel/dashboard/admin/update-role', UpdateRoleAdminRoute);
router.use('/api/dpanel/dashboard/admin/update-setup', UpdateSetupAdminRoute);
router.use('/api/dpanel/dashboard/deletefolder', DeleteFolderRoute);
router.use('/api/dpanel/dashboard/deletefile/', DeleteFileFolderRoute);
router.use('/auth/login', loginRoute);
router.use('/auth/logout', logoutRoute);
router.use('/auth/activedirectory', activeDirectoryRoute);
router.use('/auth/discord', discordRoute);
module.exports = router;

18
server.js
View File

@@ -33,7 +33,7 @@ if (setup.ldap !== undefined) {
app.use(express.static(path.join(__dirname, 'public')));
app.get(['/data/user.json', '/data/file_info.json', '/data/setup.json'], (req, res) => {
res.status(403).send('Access Denied');
res.status(403).json({ error: 'Access Denied. You do not have permission to access this resource.' });
});app.use(express.urlencoded({ extended: true }));
function generateSecretKey() {
@@ -54,19 +54,11 @@ app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(flash());
const indexRoute = require('./routes/index.js');
const AuthRoute = require('./routes/auth.js');
const DpanelRoute = require('./routes/dpanel.js');
const AttachmentsRoute = require('./routes/attachments.js');
const routes = require('./routes/routes.js');
app.use('/public', express.static(path.join(__dirname, 'public')));
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');
app.use('/', indexRoute);
app.use('/auth', AuthRoute);
app.use('/dpanel', DpanelRoute);
app.use('/attachments', AttachmentsRoute);
app.use('/public', express.static(path.join(__dirname, 'public')));
app.use(routes);
app.use(logRequestInfo);
@@ -85,7 +77,7 @@ cron.schedule('00 03 * * *', async () => {
cron.schedule('0 * * * *', async () => {
try {
const fileInfoData = await fs.promises.readFile(path.join(__dirname, 'file_info.json'), 'utf8');
const fileInfoData = await fs.promises.readFile(path.join(__dirname,'/data/', 'file_info.json'), 'utf8');
const fileInfo = JSON.parse(fileInfoData);
const now = new Date();

2
views/AuthLogin.ejs
View File

@@ -51,7 +51,7 @@
<body class="light-mode animate">
<div class="container mt-4 animate">
<h1 class="title text-center animate">Connexion</h1>
<% if (currentUrl === '/auth/activedirectory' || setupData.hasOwnProperty('ldap')) { %>
<% if (currentUrl === '/auth/activedirectory' || (setupData[0] && setupData[0].hasOwnProperty('ldap'))) { %>
<h3 class="text-center animate">Connexion avec Active Directory</h3>
<form action="/auth/activedirectory" method="post" class="mb-4 animate">
<% if (typeof errorMessage !== 'undefined' && errorMessage) { %>

42
views/dashboard.ejs
View File

@@ -127,7 +127,7 @@
<button class="btn btn-primary btn-round" onclick="renameFile('<%= folderName %>', '<%= file.name %>')">
<i class="fas fa-edit"></i> Renommer
</button>
<form class="file-actions mb-2" id="deleteForm" action="/dpanel/dashboard/delete" method="post">
<form class="file-actions mb-2" id="deleteForm" action="/api/dpanel/dashboard/delete" method="post">
<input type="hidden" name="_method" value="DELETE">
<input type="hidden" name="filename" value="<%= file.name %>">
<button class="delete-button btn btn-danger btn-round" type="button" onclick="confirmDelete('<%= file.name %>')">
@@ -142,7 +142,7 @@
</button>
</div>
</form>
<form class="file-actions d-flex align-items-center mb-2" action="/dpanel/dashboard/movefile" method="post">
<form class="file-actions d-flex align-items-center mb-2" action="/api/dpanel/dashboard/movefile" method="post">
<input type="hidden" name="fileName" value="<%= file.name %>">
<select class="form-control rounded mr-2" name="folderName">
<option value="" disabled selected>Déplacer vers...</option>
@@ -172,24 +172,38 @@
</button>
</div>
<div class="patch-note-item">
<p><i class="fas fa-shield-alt"></i> Sécurité :</p>
<ul>
<li>Correction Critique de Sécurité - Gérée par SwiftLogic CyberShield :</li>
<ul>
<li>Mise en place d'une correction critique de sécurité pour remédier aux vulnérabilités potentielles et assurer un environnement plus sûr pour les utilisateurs.<span class="badge badge-warning ml-1">PATCH</span></li>
</ul>
</ul>
</div>
<div class="patch-note-item pl-3">
<p><i class="fas fa-tools"></i> Améliorations :</p>
<ul>
<li>Refactor total de l'application pour une performance optimisée et une maintenance simplifiée.<span class="badge badge-success ml-1">AMÉLIORATION MAJEURE</span></li>
<li>Renforcement de la sécurité à tous les niveaux de l'application.<span class="badge badge-success ml-1">AMÉLIORATION MAJEURE</span></li>
<li>Améliorations mineures pour renforcer la stabilité globale de l'application.<span class="badge badge-success ml-1">AMÉLIORATION MINEURE</span></li>
</ul>
</div>
<div class="patch-note-item">
<p>Remarque : Merci de continuer à fournir vos retours d'expérience et rapports de bugs pour nous aider à améliorer constamment notre plateforme. Nous sommes reconnaissants de votre engagement et de votre contribution.</p>
</div>
<div class="patch-note-item pl-3">
<p><i class="fab fa-docker"></i> Version Docker :</p>
<ul>
<li>La version Docker est désormais la principale version utilisée, offrant une gestion plus flexible et une déployabilité accrue.<span class="badge badge-info ml-1">NOUVEAU</span></li>
</ul>
</div>
<div class="patch-note-item pl-3">
<p><i class="fas fa-exclamation-triangle"></i> Avis :</p>
<ul>
<li>La version en dur est désormais abandonnée et ne sera plus maintenue à jour.<span class="badge badge-danger ml-1">OBSOLÈTE</span></li>
<li>Les failles de sécurité critiques ne seront plus mises à jour sur la version en dur. Il est fortement recommandé de migrer vers la version Docker pour bénéficier des correctifs de sécurité continus.<span class="badge badge-danger ml-1">OBSOLÈTE</span></li>
</ul>
</div>
<div class="patch-note-item pl-3">
<p>Remarque : Nous apprécions vos retours d'expérience et vos rapports de bogues pour continuer à améliorer notre plateforme. Merci pour votre soutien continu !</p>
</div>
</div>
</div>
</div>
<div class="container">
<footer class="py-3 my-4">
<ul class="nav justify-content-center border-bottom pb-3 mb-3">

4
views/folder.ejs
View File

@@ -125,7 +125,7 @@
<button class="btn btn-primary btn-round" onclick="renameFile('<%= folderName %>', '<%= file.name %>')">
<i class="fas fa-edit fa-xs btn-icon"></i> Renommer
</button>
<form class="file-actions mb-2" id="deleteForm" action="/dpanel/dashboard/delete" method="post">
<form class="file-actions mb-2" id="deleteForm" action="/api/dpanel/dashboard/delete" method="post">
<input type="hidden" name="_method" value="DELETE">
<input type="hidden" name="filename" value="<%= file.name %>">
<button class="delete-button btn btn-danger btn-round" type="button" onclick="confirmDeleteFile('<%= currentFolder %>', '<%= file.name %>')">
@@ -140,7 +140,7 @@
</button>
</div>
</form>
<form class="file-actions d-flex align-items-center mb-2" action="/dpanel/dashboard/movefile/<%= folderName %>" method="post">
<form class="file-actions d-flex align-items-center mb-2" action="/api/dpanel/dashboard/movefile/<%= folderName %>" method="post">
<input type="hidden" name="fileName" value="<%= file.name %>">
<select class="form-control rounded mr-2" name="folderName">
<option value="" disabled selected>Déplacer vers...</option>

2
views/paramAdminSettingSetup.ejs
View File

@@ -113,7 +113,7 @@ input:checked + .slider:before {
<h2 class="text-center">Gestion de la configuration</h2><br>
<div class="table-responsive">
<form action="/dpanel/dashboard/update-setup" method="POST">
<form action="/api/dpanel/dashboard/admin/update-setup" method="POST">
<table class="table w-100">
<thead>
<tr>

2
views/paramAdminUser.ejs
View File

@@ -82,7 +82,7 @@
<td><%= user.name %></td>
<td><%= user.role %></td>
<td>
<form action="/dpanel/dashboard/update-role" method="POST" class="d-flex align-items-center">
<form action="/api/dpanel/dashboard/admin/update-role" method="POST" class="d-flex align-items-center">
<input type="hidden" name="id" value="<%= user.id %>">
<input type="hidden" name="name" value="<%= user.name %>">
<select class="form-control rounded mr-2" name="role">

2
views/upload.ejs
View File

@@ -77,7 +77,7 @@
formData.append('password', password);
const xhr = new XMLHttpRequest();
xhr.open('POST', '/dpanel/upload', true);
xhr.open('POST', '/api/dpanel/upload', true);
xhr.upload.onprogress = (event) => {
if (event.lengthComputable) {