Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Urgent correction of version v1.0.0-beta.14 due to crash issues when acting on the CDN.
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
We would like to apologize for the inconvenience caused and we would like to thank you for the quick report.
This commit is contained in:
.dinawo
2024-07-12 18:07:19 +02:00
parent 4b616e825a
commit aaff0ed4ea
15 changed files with 296 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
routes/Dpanel/API/DeleteFile.js
View File

@@ -99,6 +99,12 @@ router.use(bodyParser.json());
function authenticateToken(req, res, next) {
if (req.session.user) {
req.user = req.session.user;
req.userData = req.session.user;
return next();
}
let token = null;
const authHeader = req.headers['authorization'];
@@ -125,6 +131,8 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized: Invalid token' });
}
// Enregistrer l'utilisateur dans la session
req.session.user = user;
req.user = user;
req.userData = user;
next();

4
routes/Dpanel/API/DeleteFolfder.js
View File

@@ -129,9 +129,9 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized' });
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.jso,:', err);
return res.status(401).json({ message: 'Unauthorized' });
}

91
routes/Dpanel/API/MoveFile.js
View File

@@ -118,7 +118,7 @@ function authenticateToken(req, res, next) {
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.js:', err);
return res.status(401).json({ message: 'Unauthorized' });
}
@@ -145,61 +145,62 @@ router.post('/', authenticateToken, async (req, res) => {
const folderName = req.body.folderName;
if (!fileName || fileName.trim() === '') {
return res.status(400).send('No file selected for moving.');
return res.status(400).json({ error: 'No file selected for moving.' });
}
const data = await fs.readFileSync(path.join(__dirname, '../../../data', 'user.json'), 'utf-8')
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).send('Error moving the file.');
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).send('Error moving the file.');
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
try {
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf-8');
const users = JSON.parse(data);
const user = users.find(user => user.id === req.user.id);
if (!user) {
console.error('User not found in user.json');
return res.status(500).json({ error: 'Error moving the file.' });
}
const userId = user.name;
if (!fileName || !userId) {
console.error('fileName or userId is undefined');
return res.status(500).json({ error: 'Error moving the file.' });
}
const sourcePath = path.join('cdn-files', userId, fileName);
let destinationDir;
if (folderName && folderName.trim() !== '') {
destinationDir = path.join('cdn-files', userId, folderName);
} else {
destinationDir = path.join('cdn-files', userId);
}
const destinationPath = path.join(destinationDir, fileName);
if (!destinationPath.startsWith(path.join('cdn-files', userId))) {
return res.status(403).json({ error: 'Unauthorized: Cannot move file outside of user directory.' });
}
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir);
await ncpAsync(normalizedSourcePath, destinationPath);
await fs.promises.unlink(normalizedSourcePath);
} else {
console.log('File does not exist');
return res.status(404).json({ error: 'File not found.' });
}
res.status(200).json({ message: 'File moved successfully' });
} catch (err) {
console.error(err);
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
});
router.post('/:folderName', authenticateToken, async (req, res) => {
const fileName = req.body.fileName;
let newFolderName = req.body.newFolderName;
const oldFolderName = req.params.folderName;
const oldFolderName = req.params.folderName;
const userName = req.body.userName;
if (newFolderName === 'root') {
@@ -208,7 +209,11 @@ router.post('/:folderName', authenticateToken, async (req, res) => {
if (fileName === undefined || userName === undefined || oldFolderName === undefined || newFolderName === undefined) {
console.error('fileName, userName, oldFolderName, or newFolderName is undefined');
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
if (userName !== req.user.name) {
return res.status(403).json({ error: 'Unauthorized: Cannot move files for other users.' });
}
const userDir = path.join(process.cwd(), 'cdn-files', userName);
@@ -218,25 +223,23 @@ router.post('/:folderName', authenticateToken, async (req, res) => {
if (!sourcePath.startsWith(userDir) || !destinationPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
return res.status(403).json({ error: 'Unauthorized directory access attempt' });
}
try {
const normalizedSourcePath = path.normalize(sourcePath);
console.log('Full Source Path:', normalizedSourcePath);
if (fs.existsSync(normalizedSourcePath)) {
await fs.promises.access(destinationDir, fs.constants.W_OK);
await fs.promises.rename(normalizedSourcePath, destinationPath);
} else {
console.log('File does not exist');
return res.status(404).json({ error: 'File not found.' });
}
res.redirect('/dpanel/dashboard');
res.status(200).json({ message: 'File moved successfully', redirectTo: '/dpanel/dashboard' });
} catch (err) {
console.error(err);
return res.status(500).send('Error moving the file.');
return res.status(500).json({ error: 'Error moving the file.' });
}
});

2
routes/Dpanel/API/NewFolder.js
View File

@@ -105,7 +105,7 @@ function authenticateToken(req, res, next) {
return res.status(401).json({ message: 'Unauthorized' });
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
return res.status(401).json({ message: 'Unauthorized' });

2
routes/Dpanel/API/RenameFile.js
View File

@@ -107,7 +107,7 @@ function authenticateToken(req, res, next) {
}
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
return res.status(401).json({ message: 'Unauthorized' });

2
routes/Dpanel/API/Upload-Role-Admin.js
View File

@@ -40,7 +40,7 @@ router.post('/', authMiddleware, async (req, res) => {
user.role = role;
}
fs.writeFileSync(path.join(__dirname, '../../../data/user.json'), JSON.stringify(User, null, 2));
fs.writeFileSync(path.join(__dirname, '../../../data/user.js'), JSON.stringify(User, null, 2));
res.redirect('/dpanel/dashboard/admin');
} catch (err) {

4
routes/Dpanel/API/Upload.js
View File

@@ -112,9 +112,9 @@ function authenticateToken(req, res, next) {
}
}
fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => {
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.json:', err);
console.error('Error reading user.jso,:', err);
return res.status(401).json({ message: 'Unauthorized' });
}