From d76a781680faf78c1b82b286cebc60be23c233ee Mon Sep 17 00:00:00 2001 From: Dinawo Date: Tue, 28 May 2024 20:20:52 +0200 Subject: [PATCH] Update v1.0.0-beta.12, addition of external APIs and optimization --- .drone.yml | 2 +- Middlewares/UserIDMiddlewareDiscord.js | 15 +- ...discordWebhookSuspisiousAlertMiddleware.js | 2 +- package-lock.json | 416 +++++++++++++----- package.json | 6 +- public/js/dashboard.js | 2 +- routes/Auth/ActiveDirectory.js | 9 +- routes/Auth/Discord.js | 19 +- routes/Dpanel/API/BackgroundCustom.js | 16 + routes/Dpanel/API/DeleteFile.js | 54 ++- routes/Dpanel/API/GenerateToken.js | 41 ++ routes/Dpanel/API/MoveFile.js | 44 +- routes/Dpanel/API/NewFolder.js | 52 ++- routes/Dpanel/API/Upload.js | 57 ++- routes/Dpanel/API/getFile.js | 87 ++++ routes/routes.js | 6 + server.js | 26 ++ views/dashboard.ejs | 12 +- views/paramAdminUser.ejs | 45 ++ 19 files changed, 742 insertions(+), 169 deletions(-) create mode 100644 routes/Dpanel/API/BackgroundCustom.js create mode 100644 routes/Dpanel/API/GenerateToken.js create mode 100644 routes/Dpanel/API/getFile.js diff --git a/.drone.yml b/.drone.yml index 706e187..80d000e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,7 +20,7 @@ steps: repo: swiftlogiclabs/cdn-app-insider tags: - latest - - v1.0.0-beta.11 + - v1.0.0-beta.12 dockerfile: Dockerfile username: from_secret: docker_username diff --git a/Middlewares/UserIDMiddlewareDiscord.js b/Middlewares/UserIDMiddlewareDiscord.js index 06aeee7..00f83aa 100644 --- a/Middlewares/UserIDMiddlewareDiscord.js +++ b/Middlewares/UserIDMiddlewareDiscord.js @@ -1,4 +1,17 @@ -const { getUserData } = require('../Middlewares/watcherMiddleware'); +const fs = require('fs').promises; +const path = require('path'); + +const filePath = path.join(__dirname, '../data/user.json'); + +async function getUserData() { + try { + const fileContent = await fs.readFile(filePath, 'utf8'); + return JSON.parse(fileContent); + } catch (err) { + console.error(`Failed to read from ${filePath}: ${err}`); + throw err; + } +} let userData = getUserData(); async function checkUserExistsDiscord(req, res, next) { diff --git a/Middlewares/discordWebhookSuspisiousAlertMiddleware.js b/Middlewares/discordWebhookSuspisiousAlertMiddleware.js index 83a0b94..df27991 100644 --- a/Middlewares/discordWebhookSuspisiousAlertMiddleware.js +++ b/Middlewares/discordWebhookSuspisiousAlertMiddleware.js @@ -12,7 +12,7 @@ function sendDiscordWebhook(url, req, statusCode) { const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; - const statusEmoji = statusCode === 200 ? '✅' : '❌'; + const statusEmoji = [200, 302].includes(statusCode) ? '✅' : '❌'; const statusMessage = `**Statut:** ${statusEmoji} (${statusCode})`; const timestamp = new Date().toLocaleString('fr-FR', { timeZone: 'UTC', hour12: false }); diff --git a/package-lock.json b/package-lock.json index b131b5b..db9f8ea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@cdn-app/insider-swiftlogic-labs-dinawo", - "version": "1.0.0-beta.11", + "version": "1.0.0-beta.12", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@cdn-app/insider-swiftlogic-labs-dinawo", - "version": "1.0.0-beta.11", + "version": "1.0.0-beta.12", "license": "ISC", "dependencies": { "@auth/express": "^0.5.1", @@ -15,7 +15,7 @@ "axios": "^1.6.3", "axios-debug": "^0.0.4", "bcrypt": "^5.1.1", - "chalk": "^5.3.0", + "chalk": "^4.1.2", "chokidar": "^3.6.0", "connect-flash": "^0.1.1", "cookie-parser": "^1.4.6", @@ -26,11 +26,13 @@ "express": "^4.18.2", "express-fileupload": "^1.4.0", "express-progressbar": "^2.0.0", + "express-rate-limit": "^7.2.0", "express-session": "^1.17.3", "fs": "^0.0.1-security", "fs-extra": "^11.2.0", "get-folder-size": "^4.0.0", "ip": "^2.0.1", + "jsonwebtoken": "^9.0.2", "mime-types": "^2.1.35", "multer": "^1.4.5-lts.1", "mysql2": "^3.6.3", @@ -909,6 +911,11 @@ "node": ">=8" } }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, "node_modules/buffer-from": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", @@ -1007,16 +1014,69 @@ } }, "node_modules/chalk": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz", - "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==", + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, "engines": { - "node": "^12.17.0 || ^14.13 || >=16.0.0" + "node": ">=10" }, "funding": { "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/chalk/node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/chalk/node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/chalk/node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/chalk/node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/chokidar": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", @@ -1494,6 +1554,14 @@ "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", @@ -1688,6 +1756,20 @@ "resolved": "https://registry.npmjs.org/express-progressbar/-/express-progressbar-2.0.0.tgz", "integrity": "sha512-z3qb1D8jfzP2Vnl5tFVcayqtmckFI9nFiQE0x0O/M8PPhWgw7RZUBjm76lluD1Hh97Rr1Uo2rFI374PbOe+mqA==" }, + "node_modules/express-rate-limit": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.2.0.tgz", + "integrity": "sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg==", + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://github.com/sponsors/express-rate-limit" + }, + "peerDependencies": { + "express": "4 || 5 || ^5.0.0-beta.1" + } + }, "node_modules/express-session": { "version": "1.18.0", "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.0.tgz", @@ -2485,70 +2567,6 @@ "node": ">=10" } }, - "node_modules/jake/node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/jake/node_modules/chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "dependencies": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/chalk?sponsor=1" - } - }, - "node_modules/jake/node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dependencies": { - "color-name": "~1.1.4" - }, - "engines": { - "node": ">=7.0.0" - } - }, - "node_modules/jake/node_modules/color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" - }, - "node_modules/jake/node_modules/has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "engines": { - "node": ">=8" - } - }, - "node_modules/jake/node_modules/supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dependencies": { - "has-flag": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, "node_modules/jiti": { "version": "1.21.0", "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz", @@ -2592,6 +2610,46 @@ "graceful-fs": "^4.1.6" } }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "dependencies": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "dependencies": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -2652,16 +2710,51 @@ "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==" }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, "node_modules/lodash.isequal": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz", "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==" }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "node_modules/lodash.mergewith": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==" }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" + }, "node_modules/lodash.orderby": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/lodash.orderby/-/lodash.orderby-4.6.0.tgz", @@ -5898,6 +5991,11 @@ "fill-range": "^7.0.1" } }, + "buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, "buffer-from": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", @@ -5969,9 +6067,49 @@ "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==" }, "chalk": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz", - "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==" + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "requires": { + "color-convert": "^2.0.1" + } + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" + }, + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "requires": { + "has-flag": "^4.0.0" + } + } + } }, "chokidar": { "version": "3.6.0", @@ -6315,6 +6453,14 @@ "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==" }, + "ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "requires": { + "safe-buffer": "^5.0.1" + } + }, "ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", @@ -6481,6 +6627,12 @@ "resolved": "https://registry.npmjs.org/express-progressbar/-/express-progressbar-2.0.0.tgz", "integrity": "sha512-z3qb1D8jfzP2Vnl5tFVcayqtmckFI9nFiQE0x0O/M8PPhWgw7RZUBjm76lluD1Hh97Rr1Uo2rFI374PbOe+mqA==" }, + "express-rate-limit": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.2.0.tgz", + "integrity": "sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg==", + "requires": {} + }, "express-session": { "version": "1.18.0", "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.0.tgz", @@ -7059,51 +7211,6 @@ "chalk": "^4.0.2", "filelist": "^1.0.4", "minimatch": "^3.1.2" - }, - "dependencies": { - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "requires": { - "color-convert": "^2.0.1" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" - }, - "has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" - }, - "supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "requires": { - "has-flag": "^4.0.0" - } - } } }, "jiti": { @@ -7138,6 +7245,42 @@ "universalify": "^2.0.0" } }, + "jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "requires": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + } + }, + "jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "requires": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "requires": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, "keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -7189,16 +7332,51 @@ "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==" }, + "lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, + "lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" + }, "lodash.isequal": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz", "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==" }, + "lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, + "lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "lodash.mergewith": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==" }, + "lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" + }, "lodash.orderby": { "version": "4.6.0", "resolved": "https://registry.npmjs.org/lodash.orderby/-/lodash.orderby-4.6.0.tgz", diff --git a/package.json b/package.json index 9f8bb69..c1c474b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cdn-app/insider-swiftlogic-labs-dinawo", - "version": "1.0.0-beta.11", + "version": "1.0.0-beta.12", "description": "", "main": "server.js", "scripts": { @@ -15,7 +15,7 @@ "axios": "^1.6.3", "axios-debug": "^0.0.4", "bcrypt": "^5.1.1", - "chalk": "^5.3.0", + "chalk": "^4.1.2", "chokidar": "^3.6.0", "connect-flash": "^0.1.1", "cookie-parser": "^1.4.6", @@ -26,11 +26,13 @@ "express": "^4.18.2", "express-fileupload": "^1.4.0", "express-progressbar": "^2.0.0", + "express-rate-limit": "^7.2.0", "express-session": "^1.17.3", "fs": "^0.0.1-security", "fs-extra": "^11.2.0", "get-folder-size": "^4.0.0", "ip": "^2.0.1", + "jsonwebtoken": "^9.0.2", "mime-types": "^2.1.35", "multer": "^1.4.5-lts.1", "mysql2": "^3.6.3", diff --git a/public/js/dashboard.js b/public/js/dashboard.js index 024620c..b7d0104 100644 --- a/public/js/dashboard.js +++ b/public/js/dashboard.js @@ -616,4 +616,4 @@ async function displayMetadata() { function closeModal() { const modal = document.getElementById('metadataModal'); modal.style.display = 'none'; -} \ No newline at end of file +} diff --git a/routes/Auth/ActiveDirectory.js b/routes/Auth/ActiveDirectory.js index 726928e..f51eec6 100644 --- a/routes/Auth/ActiveDirectory.js +++ b/routes/Auth/ActiveDirectory.js @@ -4,7 +4,14 @@ const passport = require('passport'); require('../../models/Passport-ActiveDirectory'); const { checkUserExistsAD } = require('../../Middlewares/UserIDMiddlewareAD'); -router.post('/', (req, res, next) => { +const rateLimit = require("express-rate-limit"); + +const limiter = rateLimit({ + windowMs: 15 * 60 * 1000, + max: 100 +}); + +router.post('/', limiter, (req, res, next) => { passport.authenticate('ActiveDirectory', (err, user) => { if (err) { return res.render('AuthLogin', { isAuthenticated: false, errorMessage: err.message, setupData: {}, showActiveDirectoryForm: true, currentUrl: req.originalUrl }); diff --git a/routes/Auth/Discord.js b/routes/Auth/Discord.js index f562fdb..d95b7f3 100644 --- a/routes/Auth/Discord.js +++ b/routes/Auth/Discord.js @@ -13,14 +13,19 @@ getSetupData().then(data => { if (setupData[0].discord !== undefined) { const DiscordStrategy = require('../../models/Passport-Discord'); } -}); -let user = userData; -if (user.identifyURL) { - router.get("/auth/discord", (req, res) => { + getUserData().then(user => { + if (user.identifyURL) { + router.get("/auth/discord", (req, res) => { res.redirect(user.identifyURL); + }); + } + + router.get("/", (req, res) => { + res.redirect(setupData.discord.identifyURL); }); -} + }); +}); router.use(passport.initialize()); router.use(passport.session()); @@ -29,10 +34,6 @@ passport.deserializeUser((user, done) => { done(null, user); }); -router.get("/", (req, res) => { - res.redirect(setupData.discord.identifyURL); -}); - router.get('/callback', (req, res, next) => { passport.authenticate('discord', (err, user, info) => { if (err) { diff --git a/routes/Dpanel/API/BackgroundCustom.js b/routes/Dpanel/API/BackgroundCustom.js new file mode 100644 index 0000000..d9e489e --- /dev/null +++ b/routes/Dpanel/API/BackgroundCustom.js @@ -0,0 +1,16 @@ +const express = require('express'); +const router = express.Router(); +const authMiddleware = require('../../../Middlewares/authMiddleware'); + +router.post('/', authMiddleware, (req, res) => { + const { backgroundUrl } = req.body; + + if (!backgroundUrl) { + return res.status(400).json({ message: 'Background URL missing.' }); + } + + res.cookie('background', backgroundUrl, { httpOnly: true }); + res.status(200).json({ message: 'Background updated successfully.' }); +}); + +module.exports = router; \ No newline at end of file diff --git a/routes/Dpanel/API/DeleteFile.js b/routes/Dpanel/API/DeleteFile.js index be7d7b1..e6340c0 100644 --- a/routes/Dpanel/API/DeleteFile.js +++ b/routes/Dpanel/API/DeleteFile.js @@ -18,16 +18,54 @@ let setupData = getSetupData(); let userData = getUserData(); router.use(bodyParser.json()); +function authenticateToken(req, res, next) { + let token = null; + const authHeader = req.headers['authorization']; + + if (authHeader) { + token = authHeader.split(' ')[1]; + } else if (req.query.token) { + token = req.query.token; + } + + if (token == null) { + if (req.user) { + return next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + } + + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error('Error reading user.json:', err); + return res.status(401).json({ message: 'Unauthorized' }); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.token === token); + + if (user) { + req.user = user; + req.userData = user; + next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + }); + } + router.get('/', (req, res) => { res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' }); }); -router.post('/', authMiddleware, (req, res) => { +router.post('/', authenticateToken, (req, res) => { const userId = req.userData.name; const { filename } = req.body; if (!userId || !filename) { - return res.status(400).json({ message: 'Identifiant d\'utilisateur ou nom de fichier manquant pour la suppression du fichier.' }); + return res.status(400).json({ message: 'User ID or filename missing for file deletion.' }); } const userFolderPath = path.join('cdn-files', userId); @@ -39,19 +77,19 @@ router.post('/', authMiddleware, (req, res) => { const filePath = path.join(folderPath, file); if (!filePath.startsWith(userFolderPath)) { - console.error('Unauthorized directory access attempt'); return false; } if (fs.statSync(filePath).isDirectory()) { - findAndDeleteFile(filePath); + const fileDeletedInSubfolder = findAndDeleteFile(filePath); + if (fileDeletedInSubfolder) { + return true; + } } else if (file === filename) { try { fs.unlinkSync(filePath); - console.log('File deleted:', filePath); return true; } catch (error) { - console.error('Error deleting file:', error); return false; } } @@ -63,9 +101,9 @@ router.post('/', authMiddleware, (req, res) => { const fileDeleted = findAndDeleteFile(userFolderPath); if (fileDeleted) { - res.status(200).json({ status: 'success', message: 'Le fichier a été supprimé avec succès.' }); + res.status(200).json({ status: 'success', message: 'The file has been successfully deleted.' }); } else { - res.status(404).json({ status: 'error', message: 'Le fichier que vous essayez de supprimer n\'existe pas.' }); + res.status(404).json({ status: 'error', message: 'The file you are trying to delete does not exist.' }); } }); diff --git a/routes/Dpanel/API/GenerateToken.js b/routes/Dpanel/API/GenerateToken.js new file mode 100644 index 0000000..fcd45fa --- /dev/null +++ b/routes/Dpanel/API/GenerateToken.js @@ -0,0 +1,41 @@ +const jwt = require('jsonwebtoken'); +const fs = require('fs'); +const path = require('path'); +const router = require('express').Router(); +const crypto = require('crypto'); + +router.post('/', (req, res) => { + if (!req.body.name || !req.body.id) { + return res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' }); + } + +const token = crypto.randomBytes(512).toString('base64') + .replace(/\+/g, '0') + .replace(/\//g, '1') + .substring(0, 256); + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error(err); + return res.sendStatus(500); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.name === req.body.name && u.id === req.body.id); + + if (!user) return res.sendStatus(404); + + user.token = token; + + fs.writeFile(path.join(__dirname, '../../../data', 'user.json'), JSON.stringify(users, null, 2), (err) => { + if (err) { + console.error(err); + return res.sendStatus(500); + } + + res.json({ token: token }); + }); + }); +}); + +module.exports = router; \ No newline at end of file diff --git a/routes/Dpanel/API/MoveFile.js b/routes/Dpanel/API/MoveFile.js index 638008d..b6a328b 100644 --- a/routes/Dpanel/API/MoveFile.js +++ b/routes/Dpanel/API/MoveFile.js @@ -20,11 +20,49 @@ let setupData = getSetupData(); let userData = getUserData(); router.use(bodyParser.json()); +function authenticateToken(req, res, next) { + let token = null; + const authHeader = req.headers['authorization']; + + if (authHeader) { + token = authHeader.split(' ')[1]; + } else if (req.query.token) { + token = req.query.token; + } + + if (token == null) { + if (req.user) { + return next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + } + + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error('Error reading user.json:', err); + return res.status(401).json({ message: 'Unauthorized' }); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.token === token); + + if (user) { + req.user = user; + req.userData = user; + next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + }); +} + router.get('/', (req, res) => { res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' }); }); -router.post('/', authMiddleware, async (req, res) => { +router.post('/', authenticateToken, async (req, res) => { const fileName = req.body.fileName; const folderName = req.body.folderName; @@ -73,14 +111,14 @@ router.post('/', authMiddleware, async (req, res) => { console.log('File does not exist'); } - res.redirect('/dpanel/dashboard'); + res.status(200).json({ message: 'File moved successfully' }); } catch (err) { console.error(err); return res.status(500).send('Error moving the file.'); } }); -router.post('/:folderName', authMiddleware, async (req, res) => { +router.post('/:folderName', authenticateToken, async (req, res) => { const fileName = req.body.fileName; const newFolderName = req.body.folderName; const oldFolderName = req.params.folderName; diff --git a/routes/Dpanel/API/NewFolder.js b/routes/Dpanel/API/NewFolder.js index 17cbcab..64b594e 100644 --- a/routes/Dpanel/API/NewFolder.js +++ b/routes/Dpanel/API/NewFolder.js @@ -18,11 +18,49 @@ let setupData = getSetupData(); let userData = getUserData(); router.use(bodyParser.json()); +function authenticateToken(req, res, next) { + let token = null; + const authHeader = req.headers['authorization']; + + if (authHeader) { + token = authHeader.split(' ')[1]; + } else if (req.query.token) { + token = req.query.token; + } + + if (token == null) { + if (req.user) { + return next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + } + + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error('Error reading user.json:', err); + return res.status(401).json({ message: 'Unauthorized' }); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.token === token); + + if (user) { + req.user = user; + req.userData = user; + next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + }); +} + router.get('/', (req, res) => { res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' }); }); -router.post('/', authMiddleware, (req, res) => { +router.post('/', authenticateToken, (req, res) => { try { logger.info('Received POST request to create a new folder.'); @@ -33,33 +71,33 @@ router.post('/', authMiddleware, (req, res) => { if (!folderName || typeof folderName !== 'string') { ErrorLogger.error('Invalid folderName:', folderName); - return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' }); + return res.status(400).json({ message: 'Folder name cannot be empty.' }); } folderName = path.basename(folderName.trim()); if (!folderName) { - return res.status(400).json({ message: 'Le nom du dossier ne peut pas être vide.' }); + return res.status(400).json({ message: 'Folder name cannot be empty.' }); } const folderPath = path.join('cdn-files', userId, folderName); if (fs.existsSync(folderPath)) { logger.info('Folder already exists:', folderPath); - return res.status(400).json({ message: 'Le dossier existe déjà.' }); + return res.status(400).json({ message: 'Folder already exists.' }); } fs.mkdir(folderPath, (err) => { if (err) { ErrorLogger.error(err); - return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: err }); + return res.status(500).json({ message: 'Error creating folder.', error: err }); } logger.info('Folder created successfully:', folderPath); - res.status(200).json({ message: 'Dossier créé avec succès.' }); + res.status(200).json({ message: 'Folder created successfully.' }); }); } catch (error) { ErrorLogger.error('Error creating folder:', error); - return res.status(500).json({ message: 'Erreur lors de la création du dossier.', error: error }); + return res.status(500).json({ message: 'Error creating folder.', error: error }); } }); diff --git a/routes/Dpanel/API/Upload.js b/routes/Dpanel/API/Upload.js index 39a8375..15a0484 100644 --- a/routes/Dpanel/API/Upload.js +++ b/routes/Dpanel/API/Upload.js @@ -3,16 +3,14 @@ const fs = require('fs'); const path = require('path'); const router = express.Router(); const fileUpload = require('express-fileupload'); -const authMiddleware = require('../../../Middlewares/authMiddleware'); const { loggers } = require('winston'); const ncp = require('ncp'); const util = require('util'); -const ncpAsync = util.promisify(ncp.ncp); const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8') const config = JSON.parse(configFile); const bodyParser = require('body-parser'); -const crypto = require('crypto'); -const os = require('os'); +const jwt = require('jsonwebtoken'); +const authMiddleware = require('../../../Middlewares/authMiddleware'); const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware'); const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs'); @@ -20,6 +18,43 @@ let setupData = getSetupData(); let userData = getUserData(); router.use(bodyParser.json()); +function authenticateToken(req, res, next) { + let token = null; + const authHeader = req.headers['authorization']; + + if (authHeader) { + token = authHeader.split(' ')[1]; + } else if (req.query.token) { + token = req.query.token; + } + + if (token == null) { + if (req.user) { + return next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + } + + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error('Error reading user.json:', err); + return res.status(401).json({ message: 'Unauthorized' }); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.token === token); + + if (user) { + req.user = user; + next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + }); +} + router.get('/', (req, res) => { res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' }); }); @@ -28,15 +63,15 @@ router.use(fileUpload({ limits: { fileSize: 15 * 1024 * 1024 * 1024 }, })); -router.post('/', authMiddleware, async (req, res) => { +router.post('/', authenticateToken, async (req, res) => { try { if (!req.files || Object.keys(req.files).length === 0) { - return res.status(400).send('5410 - Erreur de téléchargement, veuillez retenter ultérieurement.'); + return res.status(400).send('5410 - Download error, please try again later.'); } const file = req.files.file; - const userId = req.userData.name; - const Id = req.userData.id; + const userId = req.user.name; + const Id = req.user.id; const uploadDir = path.join('cdn-files', userId); const originalFileName = file.name; const domain = config.domain || 'mydomain.com'; @@ -50,7 +85,7 @@ router.post('/', authMiddleware, async (req, res) => { file.mv(path.join(uploadDir, originalFileName), async (err) => { if (err) { console.error(err); - return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' }); + return res.status(500).send({ message: 'Error downloading file.' }); } const fileExtension = path.extname(originalFileName).toLowerCase(); @@ -84,11 +119,11 @@ router.post('/', authMiddleware, async (req, res) => { await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(data, null, 2)); } - res.status(200).send({ message: 'Votre fichier a été téléchargé avec succès.' }); + res.status(200).send({ message: 'Your file has been successfully uploaded.' }); }); } catch (error) { console.error(error); - return res.status(500).send({ message: 'Erreur lors du téléchargement du fichier.' }); + return res.status(500).send({ message: 'Error downloading file.' }); } }); diff --git a/routes/Dpanel/API/getFile.js b/routes/Dpanel/API/getFile.js new file mode 100644 index 0000000..46d8f25 --- /dev/null +++ b/routes/Dpanel/API/getFile.js @@ -0,0 +1,87 @@ +const express = require('express'); +const fs = require('fs'); +const path = require('path'); +const router = express.Router(); +const fileUpload = require('express-fileupload'); +const authMiddleware = require('../../../Middlewares/authMiddleware'); +const { loggers } = require('winston'); +const ncp = require('ncp').ncp; +let configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8') +let config = JSON.parse(configFile)[0]; +const bodyParser = require('body-parser'); +const crypto = require('crypto'); +const os = require('os'); +const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware'); + +let setupData = getSetupData(); +let userData = getUserData(); +router.use(bodyParser.json()); + +function authenticateToken(req, res, next) { + let token = null; + const authHeader = req.headers['authorization']; + + if (authHeader) { + token = authHeader.split(' ')[1]; + } else if (req.query.token) { + token = req.query.token; + } + + if (token == null) { + if (req.user) { + return next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + } + + fs.readFile(path.join(__dirname, '../../../data', 'user.json'), 'utf8', (err, data) => { + if (err) { + console.error('Error reading user.json:', err); + return res.status(401).json({ message: 'Unauthorized' }); + } + + const users = JSON.parse(data); + + const user = users.find(u => u.token === token); + + if (user) { + req.user = user; + req.userData = user; + next(); + } else { + return res.status(401).json({ message: 'Unauthorized' }); + } + }); + } + +router.post('/', authenticateToken, async (req, res) => { + const userName = req.userData.name; + const downloadDir = path.join('cdn-files', userName); + + if (!fs.existsSync(downloadDir)) { + fs.mkdirSync(downloadDir, { recursive: true }); + } + + try { + const files = await fs.promises.readdir(downloadDir); + + const fileDetails = files.map(file => { + const filePath = path.join(downloadDir, file); + const stats = fs.statSync(filePath); + const fileType = stats.isDirectory() ? 'folder' : 'file'; + + return { + name: file, + type: fileType + }; + }); + + res.json({ files: fileDetails }); + } catch (err) { + console.error('Error reading directory:', err); + res.status(500).json({ error: err.message }); + } +}); + +module.exports = router; \ No newline at end of file diff --git a/routes/routes.js b/routes/routes.js index 3313285..ac88c59 100644 --- a/routes/routes.js +++ b/routes/routes.js @@ -10,6 +10,8 @@ const DpanelFolderRoute = require('./Dpanel/Folder/index.js'); const DpanelUploadRoute = require('./Dpanel/Upload.js'); const AttachmentsRoute = require('./attachments.js'); const buildMetadataRoute = require('./BuildMetaData.js'); +const DpanelBackgroundCustomRoute = require('./Dpanel/API/BackgroundCustom.js'); +const getFileDashboardRoute = require('./Dpanel/API/getFile.js'); const NewFolderRoute = require('./Dpanel/API/NewFolder.js'); const RenameFileRoute = require('./Dpanel/API/RenameFile.js'); @@ -32,6 +34,7 @@ const AdminUsersDpanelRoute = require('./Dpanel/Admin/User.js'); const AdminSettingSetupDpanelRoute = require('./Dpanel/Admin/SettingSetup.js'); const AdminStatsLogsDpanelRoute = require('./Dpanel/Admin/Stats-Logs.js'); const AdminPrivacySecurityDpanelRoute = require('./Dpanel/Admin/Privacy-Security.js'); +const GenerateTokenRoute = require('./Dpanel/API/GenerateToken.js'); router.use('/', indexRoute); router.use('/attachments', AttachmentsRoute); @@ -56,6 +59,9 @@ router.use('/api/dpanel/dashboard/admin/update-setup',discordWebhookSuspisiousAl router.use('/api/dpanel/dashboard/deletefolder',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DeleteFolderRoute); router.use('/api/dpanel/dashboard/deletefile/', discordWebhookSuspisiousAlertMiddleware, logApiRequest,DeleteFileFolderRoute); router.use('/api/dpanel/dashboard/getmetadatafile',discordWebhookSuspisiousAlertMiddleware, logApiRequest, GetMetaDataFileRoute); +router.use('/api/dpanel/dashboard/backgroundcustom',discordWebhookSuspisiousAlertMiddleware, logApiRequest, DpanelBackgroundCustomRoute); +router.use('/api/dpanel/generate-token',discordWebhookSuspisiousAlertMiddleware, logApiRequest, GenerateTokenRoute); +router.use('/api/dpanel/dashboard/getfile', getFileDashboardRoute); router.use('/auth/login', loginRoute); router.use('/auth/logout', logoutRoute); diff --git a/server.js b/server.js index e32a891..e7cb7e5 100644 --- a/server.js +++ b/server.js @@ -12,6 +12,7 @@ const fs = require('fs'); const SystemReport = require('./models/reportManager.js'); const routes = require('./routes/routes.js'); const cron = require('node-cron'); +const chalk = require('chalk'); require('dotenv').config(); const app = express(); @@ -110,8 +111,33 @@ async function fileExists(filePath) { } } +function getAllFiles(dirPath, arrayOfFiles) { + const files = fs.readdirSync(dirPath); + + arrayOfFiles = arrayOfFiles || []; + + files.forEach(function(file) { + if (fs.statSync(dirPath + "/" + file).isDirectory()) { + arrayOfFiles = getAllFiles(dirPath + "/" + file, arrayOfFiles); + } else { + arrayOfFiles.push(path.join(dirPath, "/", file)); + } + }); + + return arrayOfFiles; +} + +const allFiles = getAllFiles(__dirname); + + const PORT = process.env.PORT || 5053; app.listen(PORT, () => { + + allFiles.forEach(file => { + + console.log(`[ ${chalk.green('OK')} ] Loaded file: ${file}`); + }); + console.clear(); if (logger) { logger.info(`☀️ Welcome to the Content Delivery Network (CDN) Server`); diff --git a/views/dashboard.ejs b/views/dashboard.ejs index 0d35707..e1b1644 100644 --- a/views/dashboard.ejs +++ b/views/dashboard.ejs @@ -167,7 +167,7 @@
- + @@ -176,15 +176,16 @@

Améliorations :

    -
  • Renforcement de la sécurité à tous les niveaux de l'application.AMÉLIORATION MAJEURE
    • -
  • Améliorations mineures et corrections mineures sur tous les niveaux de l'application.AMÉLIORATION MINEURE
    • +
  • Améliorations mineures et corrections mineures.AMÉLIORATION MINEURE
    • +
  • Optimisation de la lecture des vidéosAMÉLIORATION MAJEUR
    • +
  • Correction de l'affichage des meta-données qui sont passées sur le nouveau système (géré par l'API)AMÉLIORATION MINEURE

Ajout :

    -
  • Ajout de logs sur Discord disponibles dans le panel administrateur dans la catégorie setup.AJOUT MINEURE
    • +
  • Ajout des endpoints d'api externe à l'applicationAJOUT EXPERIENCE MAJEUR
@@ -199,6 +200,7 @@
+