Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

V1.0.0-beta.17 Update 2
All checks were successful
continuous-integration/drone Build is passing
Details

Browse Source
This commit is contained in:
.dinawo
2024-12-15 00:49:12 +01:00
parent 243ab5f55e
commit f7658eca22
15 changed files with 1457 additions and 501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

251
routes/Dpanel/API/Upload.js
View File

@@ -1,206 +1,87 @@
const express = require('express');
const fs = require('fs');
const path = require('path');
const multiparty = require('multiparty');
const router = express.Router();
const fileUpload = require('express-fileupload');
const { loggers } = require('winston');
const ncp = require('ncp');
const util = require('util');
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const jwt = require('jsonwebtoken');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
// Limite de taille de fichier à 10 Go
const MAX_FILE_SIZE = 10 * 1024 * 1024 * 1024; // 10 Go
/**
* @swagger
* /dpanel/upload?token={token}:
* post:
* security:
* - bearerAuth: []
* tags:
* - File
* summary: Upload a file
* description: This route allows you to upload a file. It requires a valid JWT token in the Authorization header.
* requestBody:
* required: true
* content:
* multipart/form-data:
* schema:
* type: object
* properties:
* file:
* type: string
* format: binary
* description: The file to upload
* expiryDate:
* type: string
* format: date-time
* description: The expiry date of the file
* password:
* type: string
* description: The password to protect the file
* parameters:
* - in: header
* name: Authorization
* required: true
* schema:
* type: string
* description: The JWT token of your account to have access
* responses:
* 200:
* description: Success
* content:
* application/json:
* schema:
* type: object
* properties:
* message:
* type: string
* 400:
* description: Bad Request
* content:
* application/json:
* schema:
* type: object
* properties:
* message:
* type: string
* 401:
* description: Unauthorized
* content:
* application/json:
* schema:
* type: object
* properties:
* message:
* type: string
* 500:
* description: Error uploading the file
* content:
* application/json:
* schema:
* type: object
* properties:
* message:
* type: string
* error:
* type: string
*/
function authenticateToken(req, res, next) {
let token = null;
const authHeader = req.headers['authorization'];
if (authHeader) {
token = authHeader.split(' ')[1];
} else if (req.query.token) {
token = req.query.token;
}
if (token == null) {
if (req.user) {
return next();
} else {
return res.status(401).json({ message: 'Unauthorized' });
}
}
fs.readFile(path.join(__dirname, '../../../data', 'user.jso,'), 'utf8', (err, data) => {
if (err) {
console.error('Error reading user.jso,:', err);
return res.status(401).json({ message: 'Unauthorized' });
}
const users = JSON.parse(data);
const user = users.find(u => u.token === token);
if (user) {
req.user = user;
next();
} else {
return res.status(401).json({ message: 'Unauthorized' });
}
});
// Crée le dossier temporaire à la racine s'il n'existe pas
const tempDir = path.join(process.cwd(), 'temp');
if (!fs.existsSync(tempDir)) {
fs.mkdirSync(tempDir, { recursive: true });
}
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.use(fileUpload({
limits: { fileSize: 15 * 1024 * 1024 * 1024 },
}));
router.post('/', authenticateToken, async (req, res) => {
try {
if (!req.files || Object.keys(req.files).length === 0) {
return res.status(400).send('5410 - Download error, please try again later.');
router.post('/', (req, res) => {
const form = new multiparty.Form({
uploadDir: tempDir,
maxFilesSize: MAX_FILE_SIZE,
});
form.parse(req, (err, fields, files) => {
if (err) {
console.error('Error parsing the file:', err);
return res.status(400).send('Error during the file upload');
}
if (!files.file || files.file.length === 0) {
return res.status(400).send('No file uploaded');
}
const file = req.files.file;
const userId = req.user.name;
const Id = req.user.id;
const uploadDir = path.join('cdn-files', userId);
const originalFileName = file.name;
const domain = config.domain || 'mydomain.com';
let expiryDate = req.body.expiryDate;
let password = req.body.password;
const file = files.file[0];
// Modifier le chemin pour être relatif à la racine
const userDir = path.join(process.cwd(), 'cdn-files', req.user.name);
// Utiliser le nom sécurisé fourni par le client
const filename = fields.filename ? fields.filename[0] : file.originalFilename;
const filePath = path.join(userDir, filename);
if (!fs.existsSync(uploadDir)) {
fs.mkdirSync(uploadDir, { recursive: true });
// Crée le répertoire s'il n'existe pas
if (!fs.existsSync(userDir)) {
fs.mkdirSync(userDir, { recursive: true });
}
file.mv(path.join(uploadDir, originalFileName), async (err) => {
if (err) {
console.error(err);
return res.status(500).send({ message: 'Error downloading file.' });
// Lecture en chunks pour plus de performances
const readStream = fs.createReadStream(file.path, { highWaterMark: 1024 * 1024 });
const writeStream = fs.createWriteStream(filePath, { flags: 'a' });
readStream.pipe(writeStream);
readStream.on('end', () => {
// Supprimer le fichier temporaire
fs.unlinkSync(file.path);
// Vérifier que le nom du fichier suit bien le format attendu
const fileNamePattern = /^\d{8}_[A-Z0-9]{6}_.*$/;
if (!fileNamePattern.test(filename)) {
console.warn('Le fichier uploadé ne suit pas le format de nom sécurisé attendu:', filename);
}
res.status(200).send({
message: 'File uploaded successfully.',
filename: filename
});
});
const fileExtension = path.extname(originalFileName).toLowerCase();
const bcrypt = require('bcrypt');
const saltRounds = 10;
let hashedPassword = '';
if (password) {
hashedPassword = bcrypt.hashSync(password, saltRounds);
readStream.on('error', (err) => {
console.error('Error reading the file:', err);
// Nettoyer le fichier temporaire en cas d'erreur
if (fs.existsSync(file.path)) {
fs.unlinkSync(file.path);
}
res.status(500).send({ message: 'Error uploading file.' });
});
const fileInfo = {
fileName: originalFileName,
expiryDate: expiryDate || '',
password: hashedPassword,
Id: Id,
path: path.join(uploadDir, originalFileName)
};
if (expiryDate || password) {
let data = [];
if (fs.existsSync(path.join(__dirname, '../../../data', 'file_info.json'))) {
const existingData = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
data = JSON.parse(existingData);
if (!Array.isArray(data)) {
data = [];
}
}
data.push(fileInfo);
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(data, null, 2));
writeStream.on('error', (err) => {
console.error('Error writing the file:', err);
// Nettoyer le fichier temporaire en cas d'erreur
if (fs.existsSync(file.path)) {
fs.unlinkSync(file.path);
}
res.status(200).send({ message: 'Your file has been successfully uploaded.' });
});
} catch (error) {
console.error(error);
return res.status(500).send({ message: 'Error downloading file.' });
}
res.status(500).send({ message: 'Error uploading file.' });
});
});
});
module.exports = router;