Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Urgent correction of version v1.0.0-beta.14 due to crash issues when acting on the CDN.
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
We would like to apologize for the inconvenience caused and we would like to thank you for the quick report.
This commit is contained in:
.dinawo
2024-07-12 18:07:19 +02:00
parent 4b616e825a
commit aaff0ed4ea
15 changed files with 296 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
routes/Dpanel/API/DeleteFile.js
View File

@@ -99,6 +99,12 @@ router.use(bodyParser.json());
function authenticateToken(req, res, next) {
if (req.session.user) {
req.user = req.session.user;
req.userData = req.session.user;
return next();
}
let token = null;
const authHeader = req.headers['authorization'];
@@ -125,6 +131,8 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized: Invalid token' });
}
// Enregistrer l'utilisateur dans la session
req.session.user = user;
req.user = user;
req.userData = user;
next();

4
routes/Dpanel/API/DeleteFolfder.js
View File

@@ -129,9 +129,9 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized' });
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.jso,:', err);
return res.status(401).json({ message: 'Unauthorized' });
}

91
routes/Dpanel/API/MoveFile.js
View File

@@ -118,7 +118,7 @@ function authenticateToken(req, res, next) {
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.js:', err);
return res.status(401).json({ message: 'Unauthorized' });
}
@@ -145,61 +145,62 @@ router.post('/', authenticateToken, async (req, res) => {
const folderName = req.body.folderName;
if (!fileName || fileName.trim() === '') {
return res.status(400).send('No file selected for moving.');
return res.status(400).json({ error: 'No file selected for moving.' });
}
const data = await fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf-8')
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).send('Error moving the file.');
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).send('Error moving the file.');
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
try {
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf-8');
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).json({ error: 'Error moving the file.' });
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).json({ error: 'Error moving the file.' });
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
if (!destinationPath.startsWith(path.join('cdn-files', userId))) {
return res.status(403).json({ error: 'Unauthorized: Cannot move file outside of user directory.' });
}
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir);
await ncpAsync(normalizedSourcePath, destinationPath);
await fs.promises.unlink(normalizedSourcePath);
} else {
console.log('File does not exist');
return res.status(404).json({ error: 'File not found.' });
}
res.status(200).json({ message: 'File moved successfully' });
} catch (err) {
console.error(err);
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
});
router.post('/:folderName', authenticateToken, async (req, res) => {
const fileName = req.body.fileName;
let newFolderName = req.body.newFolderName;
const oldFolderName = req.params.folderName;
const oldFolderName = req.params.folderName;
const userName = req.body.userName;
if (newFolderName === 'root') {
@@ -208,7 +209,11 @@ router.post('/:folderName', authenticateToken, async (req, res) => {
if (fileName === undefined || userName === undefined || oldFolderName === undefined || newFolderName === undefined) {
console.error('fileName, userName, oldFolderName, or newFolderName is undefined');
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
if (userName !== req.user.name) {
return res.status(403).json({ error: 'Unauthorized: Cannot move files for other users.' });
}
const userDir = path.join(process.cwd(), 'cdn-files', userName);
@@ -218,25 +223,23 @@ router.post('/:folderName', authenticateToken, async (req, res) => {
if (!sourcePath.startsWith(userDir) || !destinationPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
return res.status(403).json({ error: 'Unauthorized directory access attempt' });
}
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir, fs.constants.W_OK);
await fs.promises.rename(normalizedSourcePath, destinationPath);
} else {
console.log('File does not exist');
return res.status(404).json({ error: 'File not found.' });
}
res.redirect('/dpanel/dashboard');
res.status(200).json({ message: 'File moved successfully', redirectTo: '/dpanel/dashboard' });
} catch (err) {
console.error(err);
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
});

2
routes/Dpanel/API/NewFolder.js
View File

@@ -105,7 +105,7 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized' });
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
return res.status(401).json({ message: 'Unauthorized' });

2
routes/Dpanel/API/RenameFile.js
View File

@@ -107,7 +107,7 @@ function authenticateToken(req, res, next) {
}
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
return res.status(401).json({ message: 'Unauthorized' });

2
routes/Dpanel/API/Upload-Role-Admin.js
View File

@@ -40,7 +40,7 @@ router.post('/', authMiddleware, async (req, res) => {
user.role = role;
}
fs.writeFileSync(path.join(__dirname, '../../../data/user.json'), JSON.stringify(User, null, 2));
fs.writeFileSync(path.join(__dirname, '../../../data/user.js'), JSON.stringify(User, null, 2));
res.redirect('/dpanel/dashboard/admin');
} catch (err) {

4
routes/Dpanel/API/Upload.js
View File

@@ -112,9 +112,9 @@ function authenticateToken(req, res, next) {
}
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.jso,:', err);
return res.status(401).json({ message: 'Unauthorized' });
}

86
routes/attachments.js
View File

@@ -2,6 +2,7 @@ const express = require('express');
const router = express.Router();
const path = require('path');
const fs = require('fs').promises;
const fsStandard = require('fs');
const mime = require('mime-types');
const { logger, ErrorLogger } = require('../config/logs');
const bcrypt = require('bcrypt');
@@ -27,7 +28,12 @@ async function findFileInUserDir(userId, filename) {
}
async function findFileInDir(dir, filename) {
const files = await fs.readdir(dir, { withFileTypes: true });
let files;
try {
files = await fs.readdir(dir, { withFileTypes: true });
} catch (err) {
return null; // Directory does not exist
}
for (const file of files) {
const filePath = path.join(dir, file.name);
@@ -65,15 +71,16 @@ router.get('/:userId/:filename', async (req, res) => {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
return res.status(500).send('Error reading file info.');
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
return res.status(500).send('Invalid file info format.');
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
if (fileInfo) {
const expiryDate = new Date(fileInfo.expiryDate);
const now = new Date();
@@ -88,26 +95,11 @@ router.get('/:userId/:filename', async (req, res) => {
}
}
const fileContent = await fs.readFile(filePath);
let mimeType = mime.lookup(filePath);
const readStream = fsStandard.createReadStream(filePath);
let mimeType = mime.lookup(filePath) || 'application/octet-stream';
if (!mimeType) {
if (filePath.endsWith('.txt')) {
mimeType = 'text/plain';
} else if (filePath.endsWith('.pdf')) {
mimeType = 'application/pdf';
}
}
if (mimeType) {
res.setHeader('Content-Type', mimeType);
}
if (mimeType === 'text/plain') {
res.end(fileContent);
} else {
res.send(fileContent);
}
res.setHeader('Content-Type', mimeType);
readStream.pipe(res);
if (fileInfo) {
req.session.passwordVerified = false;
@@ -129,11 +121,12 @@ router.post('/:userId/:filename', async (req, res) => {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
return res.status(500).send('Error reading file info.');
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
return res.status(500).send('Invalid file info format.');
}
const fileInfo = fileInfoArray.find(info => info.fileName === filename && info.Id === userId);
@@ -142,21 +135,21 @@ router.post('/:userId/:filename', async (req, res) => {
return res.json({ success: false, message: 'File not found' });
}
if (bcrypt.compareSync(enteredPassword, fileInfo.password)) {
const passwordMatch = await bcrypt.compare(enteredPassword, fileInfo.password);
if (passwordMatch) {
req.session.passwordVerified = true;
const filePath = await findFileInUserDir(userId, filename);
const fileContent = await fs.readFile(filePath);
let mimeType = mime.lookup(filePath);
const readStream = fsStandard.createReadStream(filePath);
let mimeType = mime.lookup(filePath) || 'application/octet-stream';
if (!mimeType) {
if (filePath.endsWith('.txt')) {
mimeType = 'text/plain';
} else if (filePath.endsWith('.pdf')) {
mimeType = 'application/pdf';
}
}
let fileContent = '';
readStream.on('data', chunk => {
fileContent += chunk.toString('base64');
});
res.json({ success: true, fileContent: fileContent.toString('base64'), mimeType });
readStream.on('end', () => {
res.json({ success: true, fileContent, mimeType });
});
} else {
res.json({ success: false, message: 'Incorrect password' });
}
@@ -167,24 +160,31 @@ router.post('/:userId/:filename', async (req, res) => {
});
async function deleteExpiredFiles() {
let data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
let data;
try {
data = await fs.readFile(path.join(__dirname, '../data', 'file_info.json'), 'utf8');
} catch (error) {
console.error('Error reading file_info.json:', error);
return;
}
let fileInfoArray;
try {
fileInfoArray = JSON.parse(data);
} catch (error) {
console.error('Error parsing file_info.json:', error);
return;
}
if (!Array.isArray(fileInfoArray)) {
console.error('fileInfoArray is not an array');
fileInfoArray = [];
return;
}
const now = new Date();
let newFileInfoArray = [];
for (let i = 0; i < fileInfoArray.length; i++) {
const fileInfo = fileInfoArray[i];
for (const fileInfo of fileInfoArray) {
let expiryDate;
if (fileInfo.expiryDate && fileInfo.expiryDate.trim() !== '') {
expiryDate = new Date(fileInfo.expiryDate);
@@ -193,10 +193,10 @@ async function deleteExpiredFiles() {
}
if (expiryDate < now) {
const samaccountname = await getSamAccountNameFromUserId(fileInfo.userId);
const userDir = path.join(baseDir, samaccountname);
const filePath = path.join(userDir, fileInfo.fileName);
try {
const samaccountname = await getSamAccountNameFromUserId(fileInfo.userId);
const userDir = path.join(baseDir, samaccountname);
const filePath = path.join(userDir, fileInfo.fileName);
await fs.unlink(filePath);
} catch (err) {
ErrorLogger.error('Error deleting file:', err);
@@ -207,7 +207,7 @@ async function deleteExpiredFiles() {
}
try {
await fs.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(newFileInfoArray, null, 2), 'utf8');
await fs.writeFile(path.join(__dirname, '../data', 'file_info.json'), JSON.stringify(newFileInfoArray, null, 2), 'utf8');
} catch (err) {
ErrorLogger.error('Error writing to file_info.json:', err);
}
@@ -215,4 +215,4 @@ async function deleteExpiredFiles() {
setInterval(deleteExpiredFiles, 24 * 60 * 60 * 1000);
module.exports = router;
module.exports = router;

2
routes/routes.js
View File

@@ -55,7 +55,7 @@ router.use('/api/dpanel/dashboard/newfolder',discordWebhookSuspisiousAlertMiddle
router.use('/api/dpanel/dashboard/rename',discordWebhookSuspisiousAlertMiddleware, logApiRequest, RenameFileRoute);
router.use('/api/dpanel/dashboard/delete',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DeleteFileRoute);
router.use('/api/dpanel/dashboard/movefile',discordWebhookSuspisiousAlertMiddleware, logApiRequest, MoveFileRoute);
router.use('/api/dpanel/upload',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UploadRoute);
router.use('/api/dpanel/upload', UploadRoute);
router.use('/api/dpanel/dashboard/admin/update-role',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UpdateRoleAdminRoute);
router.use('/api/dpanel/dashboard/admin/update-setup',discordWebhookSuspisiousAlertMiddleware, logApiRequest, UpdateSetupAdminRoute);
router.use('/api/dpanel/dashboard/deletefolder',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DeleteFolderRoute);