Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update routes and file paths, fix authentication and security issues
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
.dinawo
2024-04-13 22:17:54 +02:00
parent 8f3e604774
commit 4e2e085a63
38 changed files with 1918 additions and 1408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
routes/Dpanel/API/DeleteFile.js Normal file
View File

@@ -0,0 +1,89 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
if (!userId || !filename) {
return res.status(400).json({ message: 'Identifiant d\'utilisateur ou nom de fichier manquant pour la suppression du fichier.' });
}
const userFolderPath = path.join('cdn-files', userId);
function findAndDeleteFile(folderPath) {
const filesInFolder = fs.readdirSync(folderPath);
for (const file of filesInFolder) {
const filePath = path.join(folderPath, file);
if (!filePath.startsWith(userFolderPath)) {
console.error('Unauthorized directory access attempt');
return false;
}
if (fs.statSync(filePath).isDirectory()) {
findAndDeleteFile(filePath);
} else if (file === filename) {
try {
fs.unlinkSync(filePath);
console.log('File deleted:', filePath);
return true;
} catch (error) {
console.error('Error deleting file:', error);
return false;
}
}
}
return false;
}
const fileDeleted = findAndDeleteFile(userFolderPath);
if (fileDeleted) {
res.status(200).json({ status: 'success', message: 'Le fichier a été supprimé avec succès.' });
} else {
res.status(404).json({ status: 'error', message: 'Le fichier que vous essayez de supprimer n\'existe pas.' });
}
});
const ncpAsync = (source, destination) => {
const userFolderPath = path.join('cdn-files', userId);
if (!source.startsWith(userFolderPath) || !destination.startsWith(userFolderPath)) {
throw new Error('Unauthorized directory access attempt');
}
return new Promise((resolve, reject) => {
ncp(source, destination, (err) => {
if (err) {
reject(err);
} else {
resolve();
}
});
});
};
module.exports = router;

45
routes/Dpanel/API/DeleteFileFolder.js Normal file
View File

@@ -0,0 +1,45 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
const userFolderPath = path.join('cdn-files', userId || '');
const filePath = path.join(userFolderPath, req.params.folderName, filename || '');
if (!fs.existsSync(filePath)) {
return res.status(404).json({ error: 'Le fichier spécifié n\'existe pas.' });
}
fs.unlink(filePath, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du fichier.' });
}
res.json({ deleted: true, success: 'Fichier supprimé avec succès.' });
});
});
module.exports = router;

48
routes/Dpanel/API/DeleteFolfder.js Normal file
View File

@@ -0,0 +1,48 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.delete('/:folderName', authMiddleware, (req, res) => {
const userId = req.userData.name;
const folderName = req.params.folderName;
const userFolderPath = path.join('cdn-files', userId);
const folderPath = path.join(userFolderPath, folderName);
if (!fs.existsSync(folderPath)) {
return res.status(404).json({ error: 'Le dossier spécifié n\'existe pas.' });
}
if (!folderPath.startsWith(userFolderPath)) {
return res.status(403).json({ error: 'Vous n\'avez pas la permission de supprimer ce dossier.' });
}
fs.rmdir(folderPath, { recursive: true }, (err) => {
if (err) {
console.error(err);
return res.status(500).json({ error: 'Erreur lors de la suppression du dossier.' });
}
res.json({ deleted: true, success: 'Dossier supprimé avec succès.' });
});
});
module.exports = router;

119
routes/Dpanel/API/MoveFile.js Normal file
View File

@@ -0,0 +1,119 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const folderName = req.body.folderName;
const data = await fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf-8')
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir);
await ncpAsync(normalizedSourcePath, destinationPath);
await fs.promises.unlink(normalizedSourcePath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
router.post('/:folderName', authMiddleware, async (req, res) => {
const fileName = req.body.fileName;
const newFolderName = req.body.folderName;
const oldFolderName = req.params.folderName;
const userId = req.user && req.user._json ? req.userData.name : undefined;
if (!fileName || !userId || !oldFolderName || !newFolderName) {
console.error('fileName, userId, oldFolderName, or newFolderName is undefined');
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
const userDir = path.join(process.cwd(), 'cdn-files', userId);
const sourcePath = path.join(userDir, oldFolderName, fileName);
const destinationDir = path.join(userDir, newFolderName);
const destinationPath = path.join(destinationDir, fileName);
if (!sourcePath.startsWith(userDir) || !destinationPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
}
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir, fs.constants.W_OK);
await fs.promises.rename(normalizedSourcePath, destinationPath);
} else {
console.log('File does not exist');
}
res.redirect('/dpanel/dashboard');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du déplacement du fichier.');
}
});
module.exports = router;

66
routes/Dpanel/API/NewFolder.js Normal file
View File

@@ -0,0 +1,66 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, (req, res) => {
try {
logger.info('Received POST request to create a new folder.');
const userId = req.userData.name;
let { folderName } = req.body;
logger.info('Received folderName:', folderName);
if (!folderName || typeof folderName !== 'string') {
ErrorLogger.error('Invalid folderName:', folderName);
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
folderName = path.basename(folderName.trim());
if (!folderName) {
return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' });
}
const folderPath = path.join('cdn-files', userId, folderName);
if (fs.existsSync(folderPath)) {
logger.info('Folder already exists:', folderPath);
return res.status(400).json({ message: 'Le dossier existe déjà.' });
}
fs.mkdir(folderPath, (err) => {
if (err) {
ErrorLogger.error(err);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: err });
}
logger.info('Folder created successfully:', folderPath);
res.status(200).json({ message: 'Dossier créé avec succès.' });
});
} catch (error) {
ErrorLogger.error('Error creating folder:', error);
return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: error });
}
});
module.exports = router;

106
routes/Dpanel/API/RenameFile.js Normal file
View File

@@ -0,0 +1,106 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const currentPath = path.join('cdn-files', userId || '', currentName);
const newPath = path.join('cdn-files', userId, newName);
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf-8')
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
router.post('/:filePath*', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
const filePath = path.join(req.params.filePath, req.params[0] || '');
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const userDir = path.join('cdn-files', userId);
const currentPath = path.join(userDir, filePath, currentName);
const newPath = path.join(userDir, filePath, newName);
if (!currentPath.startsWith(userDir) || !newPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
}
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
module.exports = router;

62
routes/Dpanel/API/Update-Setup-Admin.js Normal file
View File

@@ -0,0 +1,62 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
try {
let setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../data', 'setup.json'), 'utf-8'));
if (!req.body.ldap || !req.body.ldap.enabled) {
delete setup.ldap;
} else {
setup.ldap = req.body.ldap;
}
if (!req.body.discord || !req.body.discord.enabled) {
delete setup.discord;
} else {
setup.discord = req.body.discord;
}
setup.domain = req.body.domain;
setup.uptime = req.body.uptime;
fs.writeFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'), JSON.stringify(setup, null, 2);
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

52
routes/Dpanel/API/Upload-Role-Admin.js Normal file
View File

@@ -0,0 +1,52 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const osUtils = require('os-utils');
const Convert = require('ansi-to-html');
const convert = new Convert()
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
const User = require('../../../data/user.json');
const setup = JSON.parse(fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8'));
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
try {
const { id, role } = req.body;
const user = User.find(user => user.id === id);
if (user) {
user.role = role;
}
fs.writeFileSync(path.join(__dirname, '../../../data/user.json'), JSON.stringify(User, null, 2));
res.redirect('/dpanel/dashboard/admin');
} catch (err) {
console.error(err);
res.status(500).send('Server Error');
}
});
module.exports = router;

95
routes/Dpanel/API/Upload.js Normal file
View File

@@ -0,0 +1,95 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const ncpAsync = util.promisify(ncp.ncp);
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.use(fileUpload({
limits: { fileSize: 15 * 1024 * 1024 * 1024 },
}));
router.post('/', authMiddleware, async (req, res) => {
try {
if (!req.files || Object.keys(req.files).length === 0) {
return res.status(400).send('5410 - Erreur de téléchargement, veuillez retenter ultérieurement.');
}
const file = req.files.file;
const userId = req.userData.name;
const Id = req.userData.id;
const uploadDir = path.join('cdn-files', userId);
const originalFileName = file.name;
const domain = config.domain || 'mydomain.com';
let expiryDate = req.body.expiryDate;
let password = req.body.password;
if (!fs.existsSync(uploadDir)) {
fs.mkdirSync(uploadDir, { recursive: true });
}
file.mv(path.join(uploadDir, originalFileName), async (err) => {
if (err) {
console.error(err);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
const fileExtension = path.extname(originalFileName).toLowerCase();
const bcrypt = require('bcrypt');
const saltRounds = 10;
let hashedPassword = '';
if (password) {
hashedPassword = bcrypt.hashSync(password, saltRounds);
}
const fileInfo = {
fileName: originalFileName,
expiryDate: expiryDate || '',
password: hashedPassword,
Id: Id,
path: path.join(uploadDir, originalFileName)
};
if (expiryDate || password) {
let data = [];
if (fs.existsSync(path.join(__dirname, '../../../data', 'file_info.json'))) {
const existingData = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
data = JSON.parse(existingData);
if (!Array.isArray(data)) {
data = [];
}
}
data.push(fileInfo);
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(data, null, 2));
}
res.redirect('/dpanel/dashboard');
});
} catch (error) {
console.error(error);
return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' });
}
});
module.exports = router;