Update routes and file paths, fix authentication and security issues

2024-04-13 22:17:54 +02:00
parent 8f3e604774
commit 4e2e085a63
38 changed files with 1918 additions and 1408 deletions
--- a/server.js
+++ b/server.js
@@ -33,7 +33,7 @@ if (setup.ldap !== undefined) {
 app.use(express.static(path.join(__dirname, 'public')));

 app.get(['/data/user.json', '/data/file_info.json', '/data/setup.json'], (req, res) => {
-  res.status(403).send('Access Denied');
+res.status(403).json({ error: 'Access Denied. You do not have permission to access this resource.' });
 });app.use(express.urlencoded({ extended: true }));

 function generateSecretKey() {
@@ -54,19 +54,11 @@ app.use(bodyParser.urlencoded({ extended: true }));
 app.use(bodyParser.json());
 app.use(flash());

-const indexRoute = require('./routes/index.js');
-const AuthRoute = require('./routes/auth.js');
-const DpanelRoute = require('./routes/dpanel.js');
-const AttachmentsRoute = require('./routes/attachments.js');
-
+const routes = require('./routes/routes.js');
+app.use('/public', express.static(path.join(__dirname, 'public')));
 app.set('view engine', 'ejs');
 app.set('views', __dirname + '/views');
-
-app.use('/', indexRoute);
-app.use('/auth', AuthRoute);
-app.use('/dpanel', DpanelRoute);
-app.use('/attachments', AttachmentsRoute);
-app.use('/public', express.static(path.join(__dirname, 'public')));
+app.use(routes);

 app.use(logRequestInfo);

@@ -85,7 +77,7 @@ cron.schedule('00 03 * * *', async () => {

 cron.schedule('0 * * * *', async () => {
  try {
-    const fileInfoData = await fs.promises.readFile(path.join(__dirname, 'file_info.json'), 'utf8');
+    const fileInfoData = await fs.promises.readFile(path.join(__dirname,'/data/', 'file_info.json'), 'utf8');
    const fileInfo = JSON.parse(fileInfoData);

    const now = new Date();