Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1c7f9bbaa09a88b26c01317e60d675cd0755c564
CDN-APP-INSIDER/routes/Dpanel/API/DeleteFile.js
Dinawo 4e2e085a63
All checks were successful
continuous-integration/drone/push Build is passing
Details
Update routes and file paths, fix authentication and security issues
2024-04-13 22:17:54 +02:00

89 lines
3.0 KiB
JavaScript
Raw Blame History

const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, (req, res) => {
const userId = req.userData.name;
const { filename } = req.body;
if (!userId || !filename) {
return res.status(400).json({ message: 'Identifiant d\'utilisateur ou nom de fichier manquant pour la suppression du fichier.' });
}
const userFolderPath = path.join('cdn-files', userId);
function findAndDeleteFile(folderPath) {
const filesInFolder = fs.readdirSync(folderPath);
for (const file of filesInFolder) {
const filePath = path.join(folderPath, file);
if (!filePath.startsWith(userFolderPath)) {
console.error('Unauthorized directory access attempt');
return false;
}
if (fs.statSync(filePath).isDirectory()) {
findAndDeleteFile(filePath);
} else if (file === filename) {
try {
fs.unlinkSync(filePath);
console.log('File deleted:', filePath);
return true;
} catch (error) {
console.error('Error deleting file:', error);
return false;
}
}
}
return false;
}
const fileDeleted = findAndDeleteFile(userFolderPath);
if (fileDeleted) {
res.status(200).json({ status: 'success', message: 'Le fichier a été supprimé avec succès.' });
} else {
res.status(404).json({ status: 'error', message: 'Le fichier que vous essayez de supprimer n\'existe pas.' });
}
});
const ncpAsync = (source, destination) => {
const userFolderPath = path.join('cdn-files', userId);
if (!source.startsWith(userFolderPath) || !destination.startsWith(userFolderPath)) {
throw new Error('Unauthorized directory access attempt');
}
return new Promise((resolve, reject) => {
ncp(source, destination, (err) => {
if (err) {
reject(err);
} else {
resolve();
}
});
});
};
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink