Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
6102b9fa646def6aacc467a2165dca262a849a82
CDN-APP-INSIDER/routes/Dpanel/API/RenameFile.js
Dinawo 4e2e085a63
All checks were successful
continuous-integration/drone/push Build is passing
Details
Update routes and file paths, fix authentication and security issues
2024-04-13 22:17:54 +02:00

106 lines
3.9 KiB
JavaScript
Raw Blame History

const express = require('express');
const fs = require('fs');
const path = require('path');
const router = express.Router();
const fileUpload = require('express-fileupload');
const authMiddleware = require('../../../Middlewares/authMiddleware');
const { loggers } = require('winston');
const ncp = require('ncp').ncp;
const configFile = fs.readFileSync(path.join(__dirname, '../../../data', 'setup.json'), 'utf-8')
const config = JSON.parse(configFile);
const bodyParser = require('body-parser');
const crypto = require('crypto');
const os = require('os');
const { getUserData, getSetupData } = require('../../../Middlewares/watcherMiddleware');
const { logger, logRequestInfo, ErrorLogger, authLogger } = require('../../../config/logs');
let setupData = getSetupData();
let userData = getUserData();
router.use(bodyParser.json());
router.get('/', (req, res) => {
res.status(400).json({ error: 'Bad Request. The request cannot be fulfilled due to bad syntax or missing parameters.' });
});
router.post('/', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const currentPath = path.join('cdn-files', userId || '', currentName);
const newPath = path.join('cdn-files', userId, newName);
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf-8')
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
router.post('/:filePath*', authMiddleware, async (req, res) => {
const userId = req.userData.name;
const { currentName, newName } = req.body;
const filePath = path.join(req.params.filePath, req.params[0] || '');
if (!currentName || !newName) {
return res.status(400).send('Both currentName and newName must be provided.');
}
const userDir = path.join('cdn-files', userId);
const currentPath = path.join(userDir, filePath, currentName);
const newPath = path.join(userDir, filePath, newName);
if (!currentPath.startsWith(userDir) || !newPath.startsWith(userDir)) {
ErrorLogger.error('Unauthorized directory access attempt');
return res.status(403).send('Unauthorized directory access attempt');
}
try {
await fs.promises.rename(currentPath, newPath);
const data = await fs.promises.readFile(path.join(__dirname, '../../../data', 'file_info.json'), 'utf8');
let fileInfo = JSON.parse(data);
let found = false;
for (let i = 0; i < fileInfo.length; i++) {
if (fileInfo[i].fileName === currentName) {
fileInfo[i].fileName = newName;
found = true;
break;
}
}
if (found) {
await fs.promises.writeFile(path.join(__dirname, '../../../data', 'file_info.json'), JSON.stringify(fileInfo, null, 2), 'utf8');
}
res.status(200).send('L\'opération a été effectuée avec succès.');
} catch (err) {
console.error(err);
return res.status(500).send('Erreur lors du changement de nom du fichier.');
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink