Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update routes and file paths, fix authentication and security issues
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
.dinawo
2024-04-13 22:17:54 +02:00
parent 8f3e604774
commit 4e2e085a63
38 changed files with 1918 additions and 1408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
routes/attachments.js
View File

@@ -4,12 +4,13 @@ const path = require('path');
const fs = require('fs').promises;
const mime = require('mime-types');
const { logger, ErrorLogger } = require('../config/logs');
const crypto = require('crypto');
const bcrypt = require('bcrypt');
const saltRounds = 10;
const baseDir = 'cdn-files';
async function getSamAccountNameFromUserId(userId) {
const data = await fs.readFile(path.join(__dirname, '../user.json'), 'utf8');
const data = await fs.readFile(path.join(__dirname, '../data', 'user.json'), 'utf8');
const users = JSON.parse(data);
const user = users.find(user => user.id === userId);
if (user) {
@@ -48,7 +49,6 @@ router.get('/:userId', (req, res) => {
res.render('unauthorized');
});
router.get('/:userId/:filename', async (req, res) => {
const { userId, filename } = req.params;
@@ -59,8 +59,18 @@ router.get('/:userId/:filename', async (req, res) => {
return res.render('file-not-found');
}
const data = await fs.readFile('file_info.json', 'utf8');
const fileInfoArray = JSON.parse(data);
const data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
@@ -113,8 +123,18 @@ router.post('/:userId/:filename', async (req, res) => {
const enteredPassword = req.body.password;
try {
const data = await fs.readFile('file_info.json', 'utf8');
const fileInfoArray = JSON.parse(data);
const data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
@@ -122,13 +142,7 @@ router.post('/:userId/:filename', async (req, res) => {
return res.json({ success: false, message: 'File not found' });
}
const algorithm = 'aes-256-cbc';
const key = crypto.scryptSync(enteredPassword, 'salt', 32);
const iv = Buffer.alloc(16, 0);
const cipher = crypto.createCipheriv(algorithm, key, iv);
const encryptedPassword = cipher.update('', 'utf8', 'hex') + cipher.final('hex');
if (fileInfo.password === encryptedPassword) {
if (bcrypt.compareSync(enteredPassword, fileInfo.password)) {
req.session.passwordVerified = true;
const filePath = await findFileInUserDir(userId, filename);
const fileContent = await fs.readFile(filePath);
@@ -153,8 +167,18 @@ router.post('/:userId/:filename', async (req, res) => {
});
async function deleteExpiredFiles() {
let data = await fs.readFile('file_info.json', 'utf8');
let fileInfoArray = JSON.parse(data);
let data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
}
const now = new Date();
let newFileInfoArray = [];
@@ -183,7 +207,7 @@ async function deleteExpiredFiles() {
}
try {
await fs.writeFile('file_info.json', JSON.stringify(newFileInfoArray, null, 2), 'utf8');
await fs.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(newFileInfoArray, null, 2), 'utf8');
} catch (err) {
ErrorLogger.error('Error writing to file_info.json:', err);
}