From 83aaef0f824e8776ddf4c60a44e6d56c21a0efcc Mon Sep 17 00:00:00 2001
From: Pitu <seligmannkevin@gmail.com>
Date: Thu, 19 Jan 2017 02:37:35 -0300
Subject: [PATCH] Changed request system and post data

Changed from XMLHttpRequest to Axiios and made every POST call to look for params or json and not pass the values as headers. Token is still a header though
---
 controllers/albumsController.js |  10 +-
 controllers/tokenController.js  |  12 +-
 controllers/uploadController.js |  17 +-
 lolisafe.js                     |   4 +
 package.json                    |   1 +
 pages/home.html                 |   1 +
 pages/panel.html                |   1 +
 public/js/panel.js              | 486 +++++++++++++++-----------------
 public/js/upload.js             |  75 ++---
 routes/api.js                   |   6 +-
 10 files changed, 303 insertions(+), 310 deletions(-)

diff --git a/controllers/albumsController.js b/controllers/albumsController.js
index 9c666be..55885f5 100644
--- a/controllers/albumsController.js
+++ b/controllers/albumsController.js
@@ -6,16 +6,16 @@ let albumsController = {}
 albumsController.list = function(req, res, next){
 	
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	let fields = ['id', 'name']
 
-	if(req.headers.extended !== undefined)
+	if(req.params.sidebar === undefined)
 		fields.push('timestamp')
 	
 	db.table('albums').select(fields).where('enabled', 1).then((albums) => {
 		
-		if(req.headers.extended === undefined)
+		if(req.params.sidebar !== undefined)
 			return res.json({ success: true, albums })
 
 		let ids = []
@@ -42,9 +42,9 @@ albumsController.list = function(req, res, next){
 albumsController.create = function(req, res, next){
 	
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let name = req.headers.name
+	let name = req.body.name
 	if(name === undefined || name === '')
 		return res.json({ success: false, description: 'No album name specified' })	
 
diff --git a/controllers/tokenController.js b/controllers/tokenController.js
index 91cc292..e302869 100644
--- a/controllers/tokenController.js
+++ b/controllers/tokenController.js
@@ -4,8 +4,8 @@ const db = require('knex')(config.database)
 let tokenController = {}
 
 tokenController.verify = function(req, res, next){
-	let type = req.headers.type
-	let token = req.headers.token
+	let type = req.body.type
+	let token = req.body.token
 
 	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
 	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
@@ -26,7 +26,7 @@ tokenController.verify = function(req, res, next){
 
 tokenController.list = function(req, res, next){
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	return res.json({
 		clientToken: config.clientToken,
@@ -36,10 +36,10 @@ tokenController.list = function(req, res, next){
 
 tokenController.change = function(req, res, next){
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let type = req.headers.type
-	let token = req.headers.token
+	let type = req.body.type
+	let token = req.body.token
 
 	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
 	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index 6b962c3..499bdb7 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -24,13 +24,13 @@ uploadsController.upload = function(req, res, next){
 
 	if(config.private === true)
 		if(req.headers.auth !== config.clientToken)
-			return res.status(401).send('not-authorized')
+			return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let album = req.headers.album
+	let album = req.body.album
 	
 	if(album !== undefined)
 		if(req.headers.adminauth !== config.adminToken)
-			return res.status(401).send('not-authorized')
+			return res.status(401).json({ success: false, description: 'not-authorized'})
 	
 	upload(req, res, function (err) {
 		if (err) {
@@ -81,14 +81,14 @@ uploadsController.upload = function(req, res, next){
 uploadsController.list = function(req, res){
 
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	db.table('files')
 	.where(function(){
-		if(req.headers.albumid === undefined)
+		if(req.params.id === undefined)
 			this.where('id', '<>', '')
 		else
-			this.where('albumid', req.headers.albumid)
+			this.where('albumid', req.params.id)
 	})
 	.then((files) => {
 		db.table('albums').then((albums) => {
@@ -114,7 +114,10 @@ uploadsController.list = function(req, res){
 
 			}
 
-			return res.json(files)
+			return res.json({
+				success: true,
+				files
+			})
 		})
 
 	})
diff --git a/lolisafe.js b/lolisafe.js
index f360902..36e961e 100644
--- a/lolisafe.js
+++ b/lolisafe.js
@@ -1,6 +1,7 @@
 const config = require('./config.js')
 const api = require('./routes/api.js')
 const express = require('express')
+const bodyParser = require('body-parser')
 const db = require('knex')(config.database)
 const fs = require('fs')
 const safe = express()
@@ -10,6 +11,9 @@ require('./database/db.js')(db, config)
 fs.existsSync('./' + config.uploads.folder) || fs.mkdirSync('./' + config.uploads.folder)
 fs.existsSync('./' + config.logsFolder) || fs.mkdirSync('./' + config.logsFolder)
 
+safe.use(bodyParser.urlencoded({ extended: true }))
+safe.use(bodyParser.json())
+
 safe.enable('trust proxy')
 
 safe.use('/', express.static('./uploads'))
diff --git a/package.json b/package.json
index 4a8ce8b..cad67a5 100644
--- a/package.json
+++ b/package.json
@@ -15,6 +15,7 @@
   },
   "license": "MIT",
   "dependencies": {
+    "body-parser": "^1.16.0",
     "express": "^4.14.0",
     "knex": "^0.12.6",
     "multer": "^1.2.1",
diff --git a/pages/home.html b/pages/home.html
index 2a1fae8..2fa0158 100644
--- a/pages/home.html
+++ b/pages/home.html
@@ -7,6 +7,7 @@
         <link rel="stylesheet" type="text/css" href="/css/style.css">
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/dropzone/4.3.0/min/dropzone.min.js"></script>
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/axios/0.15.3/axios.min.js"></script>
         <script type="text/javascript" src="/js/upload.js"></script>
     </head>
 
diff --git a/pages/panel.html b/pages/panel.html
index 641b372..a8ae048 100644
--- a/pages/panel.html
+++ b/pages/panel.html
@@ -6,6 +6,7 @@
         <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.css">
         <link rel="stylesheet" type="text/css" href="/css/style.css">
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/axios/0.15.3/axios.min.js"></script>
         <script type="text/javascript" src="/js/panel.js"></script>
     </head>
     <body>
diff --git a/public/js/panel.js b/public/js/panel.js
index 3f99ef0..f59d3c6 100644
--- a/public/js/panel.js
+++ b/public/js/panel.js
@@ -15,38 +15,38 @@ panel.preparePage = function(){
 }
 
 panel.verifyToken = function(token, reloadOnError = false){
-	var xhr = new XMLHttpRequest();
+	
+	axios.post('/api/tokens/verify', {
+		type: 'admin',
+		token: token
+	})
+  	.then(function (response) {
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false){
+    	if(response.data.success === false){
+    		swal({
+				title: "An error ocurred", 
+				text: response.data.description, 
+				type: "error"
+			}, function(){
+				if(reloadOnError){
+					localStorage.removeItem("admintoken");
+					location.reload();
+				}
+			})
+			return;
+    	}
 
-				swal({
-					title: "An error ocurred", 
-					text: json.description, 
-					type: "error"
-				}, function(){
-					if(reloadOnError){
-						localStorage.removeItem("admintoken");
-						location.reload();
-					}
-				})
-				
-				return;
-			}
+    	axios.defaults.headers.common['auth'] = token;
+    	localStorage.admintoken = token;
+		panel.token = token;
+		return panel.prepareDashboard();
 
-			localStorage.admintoken = token;
-			panel.token = token;
-			return panel.prepareDashboard();
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-		}
-	}
-	xhr.open('GET', '/api/tokens/verify', true);
-	xhr.setRequestHeader('type', 'admin');
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
 }
 
 panel.prepareDashboard = function(){
@@ -70,195 +70,183 @@ panel.prepareDashboard = function(){
 }
 
 panel.getUploads = function(album = undefined){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
 
-	xhr.onreadystatechange = function() {
-		if(xhr.readyState == XMLHttpRequest.DONE){
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
-
-			var json = JSON.parse(xhr.responseText);
-
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
-			
-			var container = document.createElement('div');
-			container.innerHTML = `
-				<table class="table is-striped is-narrow">
-			  		<thead>
-			    		<tr>
-						      <th>File</th>
-						      <th>Album</th>
-						      <th>Date</th>
-			    		</tr>
-			  		</thead>
-			  		<tbody id="table">
-			  		</tbody>
-			  	</table>`;
-			panel.page.appendChild(container);
-
-			var table = document.getElementById('table');
-
-			for(var item of json){
-
-				var tr = document.createElement('tr');
-				tr.innerHTML = `
-					<tr>
-				    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
-				      	<th>${item.album}</th>
-				      	<td>${item.date}</td>
-				    </tr>
-				    `;
-
-				table.appendChild(tr);
-			}
-			
-		}
-	}
-	xhr.open('GET', '/api/uploads', true);
+	let url = '/api/uploads'
 	if(album !== undefined)
-		xhr.setRequestHeader('albumid', album);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
+		url = '/api/album/' + album
+
+	axios.get(url)
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+    	
+    	panel.page.innerHTML = '';
+    	var container = document.createElement('div');
+		container.innerHTML = `
+			<table class="table is-striped is-narrow">
+		  		<thead>
+		    		<tr>
+					      <th>File</th>
+					      <th>Album</th>
+					      <th>Date</th>
+		    		</tr>
+		  		</thead>
+		  		<tbody id="table">
+		  		</tbody>
+		  	</table>`;
+		panel.page.appendChild(container);
+
+		var table = document.getElementById('table');
+
+		for(var item of response.data.files){
+
+			var tr = document.createElement('tr');
+			tr.innerHTML = `
+				<tr>
+			    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
+			      	<th>${item.album}</th>
+			      	<td>${item.date}</td>
+			    </tr>
+			    `;
+
+			table.appendChild(tr);
+		}
+
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 panel.getAlbums = function(){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
 
-	var container = document.createElement('div');
-	container.className = "container";
-	container.innerHTML = `
-		<h2 class="subtitle">Create new album</h2>
+	axios.get('/api/albums')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
 
-		<p class="control has-addons has-addons-centered">
-		  	<input id="albumName" class="input" type="text" placeholder="Name">
-		  	<a id="submitAlbum" class="button is-primary">Submit</a>
-		</p>
+  		panel.page.innerHTML = '';
+  		var container = document.createElement('div');
+		container.className = "container";
+		container.innerHTML = `
+			<h2 class="subtitle">Create new album</h2>
 
-		<h2 class="subtitle">List of albums</h2>
+			<p class="control has-addons has-addons-centered">
+			  	<input id="albumName" class="input" type="text" placeholder="Name">
+			  	<a id="submitAlbum" class="button is-primary">Submit</a>
+			</p>
 
-		<table class="table is-striped is-narrow">
-	  		<thead>
-	    		<tr>
-				      <th>Name</th>
-				      <th>Files</th>
-				      <th>Created At</th>
-	    		</tr>
-	  		</thead>
-	  		<tbody id="table">
-	  		</tbody>
-	  	</table>`;
+			<h2 class="subtitle">List of albums</h2>
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+			<table class="table is-striped is-narrow">
+		  		<thead>
+		    		<tr>
+					      <th>Name</th>
+					      <th>Files</th>
+					      <th>Created At</th>
+		    		</tr>
+		  		</thead>
+		  		<tbody id="table">
+		  		</tbody>
+		  	</table>`;
 
-			var json = JSON.parse(xhr.responseText);
+		panel.page.appendChild(container);
+		var table = document.getElementById('table');
 
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
+		for(var item of response.data.albums){
 
-			panel.page.appendChild(container);
-			var table = document.getElementById('table');
+			var tr = document.createElement('tr');
+			tr.innerHTML = `
+				<tr>
+			    	<th>${item.name}</th>
+			      	<th>${item.files}</th>
+			      	<td>${item.date}</td>
+			    </tr>
+			    `;
 
-			for(var item of json.albums){
-
-				var tr = document.createElement('tr');
-				tr.innerHTML = `
-					<tr>
-				    	<th>${item.name}</th>
-				      	<th>${item.files}</th>
-				      	<td>${item.date}</td>
-				    </tr>
-				    `;
-
-				table.appendChild(tr);
-			}
-
-			document.getElementById('submitAlbum').addEventListener('click', function(){
-				panel.submitAlbum();
-			});
-			
+			table.appendChild(tr);
 		}
-	}
 
-	xhr.open('GET', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('extended', '');
-	xhr.send(null);
+		document.getElementById('submitAlbum').addEventListener('click', function(){
+			panel.submitAlbum();
+		});
+
+
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 panel.submitAlbum = function(){
 	
-	var xhr = new XMLHttpRequest();
+	axios.post('/api/albums', {
+		name: document.getElementById('albumName').value
+	})
+  	.then(function (response) {
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
 
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
+    	swal("Woohoo!", "Album was added successfully", "success");
+		panel.getAlbumsSidebar();
+		panel.getAlbums();
+		return;
 
-			swal("Woohoo!", "Album was added successfully", "success");
-			panel.getAlbumsSidebar();
-			panel.getAlbums();
-			return;
-		}
-	}
-
-	xhr.open('POST', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('name', document.getElementById('albumName').value);
-	xhr.send(null);
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
 }
 
 panel.getAlbumsSidebar = function(){
-	var xhr = new XMLHttpRequest();
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+	axios.get('/api/albums/sidebar')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
 
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
+  		var albumsContainer = document.getElementById('albumsContainer');
+		albumsContainer.innerHTML = '';
 
-			var albumsContainer = document.getElementById('albumsContainer');
-			albumsContainer.innerHTML = '';
+		if(response.data.albums === undefined) return;
 
-			if(json.albums === undefined) return;
+		for(var album of response.data.albums){
 
-			for(var album of json.albums){
+			li = document.createElement('li');
+			a = document.createElement('a');
+			a.id = album.id;
+			a.innerHTML = album.name;
 
-				li = document.createElement('li');
-				a = document.createElement('a');
-				a.id = album.id;
-				a.innerHTML = album.name;
+			a.addEventListener('click', function(){
+				panel.getAlbum(this);
+			});
 
-				a.addEventListener('click', function(){
-					panel.getAlbum(this);
-				});
-
-				li.appendChild(a);
-				albumsContainer.appendChild(li);
-			}
+			li.appendChild(a);
+			albumsContainer.appendChild(li);
 		}
-	}
 
-	xhr.open('GET', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
+
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 panel.getAlbum = function(item){
@@ -266,99 +254,89 @@ panel.getAlbum = function(item){
 }
 
 panel.changeTokens = function(){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
 
-	var container = document.createElement('div');
-	container.className = "container";
-	container.innerHTML = `
-		<h2 class="subtitle">Manage your tokens</h2>
+	axios.get('/api/tokens')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
 
-		<label class="label">Client token:</label>
-		<p class="control has-addons">
-		  	<input id="clientToken" class="input is-expanded" type="text" placeholder="Your client token">
-		  	<a id="submitClientToken" class="button is-primary">Save</a>
-		</p>
+  		panel.page.innerHTML = '';
+  		var container = document.createElement('div');
+		container.className = "container";
+		container.innerHTML = `
+			<h2 class="subtitle">Manage your tokens</h2>
 
-		<label class="label">Admin token:</label>
-		<p class="control has-addons">
-		  	<input id="adminToken" class="input is-expanded" type="text" placeholder="Your admin token">
-		  	<a id="submitAdminToken" class="button is-primary">Save</a>
-		</p>
-	`;
+			<label class="label">Client token:</label>
+			<p class="control has-addons">
+			  	<input id="clientToken" class="input is-expanded" type="text" placeholder="Your client token">
+			  	<a id="submitClientToken" class="button is-primary">Save</a>
+			</p>
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+			<label class="label">Admin token:</label>
+			<p class="control has-addons">
+			  	<input id="adminToken" class="input is-expanded" type="text" placeholder="Your admin token">
+			  	<a id="submitAdminToken" class="button is-primary">Save</a>
+			</p>
+		`;
 
-			var json = JSON.parse(xhr.responseText);
+		panel.page.appendChild(container);
 
-			console.log(json);
+		document.getElementById('clientToken').value = response.data.clientToken;
+		document.getElementById('adminToken').value = response.data.adminToken;
 
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
+		document.getElementById('submitClientToken').addEventListener('click', function(){
+			panel.submitToken('client', document.getElementById('clientToken').value);
+		});
 
-			panel.page.appendChild(container);
+		document.getElementById('submitAdminToken').addEventListener('click', function(){
+			panel.submitToken('admin', document.getElementById('adminToken').value);
+		});
 
-			document.getElementById('clientToken').value = json.clientToken;
-			document.getElementById('adminToken').value = json.adminToken;
 
-			document.getElementById('submitClientToken').addEventListener('click', function(){
-				panel.submitToken('client', document.getElementById('clientToken').value);
-			});
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-			document.getElementById('submitAdminToken').addEventListener('click', function(){
-				panel.submitToken('admin', document.getElementById('adminToken').value);
-			});
-		}
-	}
-
-	xhr.open('GET', '/api/tokens', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
 }
 
 panel.submitToken = function(type, token){
 
-	var xhr = new XMLHttpRequest();
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
+	axios.post('/api/tokens/change', {
+		type: type,
+		token: token
+	})
+  	.then(function (response) {
+
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+
+    	swal({
+			title: "Woohoo!", 
+			text: 'Your token was changed successfully.', 
+			type: "success"
+		}, function(){
 			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+			if(type === 'client')
+				localStorage.token = token;
+			else if(type === 'admin')
+				localStorage.admintoken = token
 
-			var json = JSON.parse(xhr.responseText);
-
-			console.log(json);
-
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
-
-			swal({
-				title: "Woohoo!", 
-				text: 'Your token was changed successfully.', 
-				type: "success"
-			}, function(){
+			location.reload();
 				
-				if(type === 'client')
-					localStorage.token = token;
-				else if(type === 'admin')
-					localStorage.admintoken = token
+		})
 
-				location.reload();
-					
-			})
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-		}
-	}
-
-	xhr.open('POST', '/api/tokens/change', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('type', type);
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
 }
 
 window.onload = function () {
diff --git a/public/js/upload.js b/public/js/upload.js
index d6d9b9d..35208f3 100644
--- a/public/js/upload.js
+++ b/public/js/upload.js
@@ -5,16 +5,18 @@ upload.token = localStorage.token;
 upload.maxFileSize;
 
 upload.checkIfPublic = function(){
-	var xhr = new XMLHttpRequest();
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			upload.isPublic = JSON.parse(xhr.responseText).private;
-			upload.maxFileSize = JSON.parse(xhr.responseText).maxFileSize;
-			upload.preparePage();
-		}
-	}
-	xhr.open('GET', '/api/check', true);
-	xhr.send(null);
+
+	axios.get('/api/check')
+  	.then(function (response) {
+    	upload.isPublic = response.data.private;
+		upload.maxFileSize = response.data.maxFileSize;
+		upload.preparePage();
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 upload.preparePage = function(){
@@ -30,38 +32,37 @@ upload.preparePage = function(){
 }
 
 upload.verifyToken = function(token, reloadOnError = false){
-	var xhr = new XMLHttpRequest();
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false){
+	axios.post('/api/tokens/verify', {
+		type: 'client',
+		token: token
+	})
+  	.then(function (response) {
 
-				swal({
-					title: "An error ocurred", 
-					text: json.description, 
-					type: "error"
-				}, function(){
-					if(reloadOnError){
-						localStorage.removeItem("token");
-						location.reload();
-					}
-				})
+    	if(response.data.success === false){
+    		swal({
+				title: "An error ocurred", 
+				text: response.data.description, 
+				type: "error"
+			}, function(){
+				if(reloadOnError){
+					localStorage.removeItem("token");
+					location.reload();
+				}
+			})
+			return;
+    	}
 
-				return;
-			}
+    	localStorage.token = token;
+		upload.token = token;
+		return upload.prepareUpload();
 
-			localStorage.token = token;
-			upload.token = token;
-			return upload.prepareUpload();
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-		}
-	}
-	xhr.open('GET', '/api/tokens/verify', true);
-	xhr.setRequestHeader('type', 'client');
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
 }
 
 upload.prepareUpload = function(){
diff --git a/routes/api.js b/routes/api.js
index 81a15bb..4333c74 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -13,11 +13,15 @@ routes.get ('/check', (req, res, next) => {
 
 routes.get  ('/uploads', (req, res, next) => uploadController.list(req, res))
 routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
+
+routes.get  ('/album/:id', (req, res, next) => uploadController.list(req, res, next))
 routes.get  ('/albums', (req, res, next) => albumsController.list(req, res, next))
+routes.get  ('/albums/:sidebar', (req, res, next) => albumsController.list(req, res, next))
 routes.post ('/albums', (req, res, next) => albumsController.create(req, res, next))
 routes.get  ('/albums/test', (req, res, next) => albumsController.test(req, res, next))
-routes.get  ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
+
 routes.get  ('/tokens', (req, res, next) => tokenController.list(req, res))
+routes.post ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
 routes.post ('/tokens/change', (req, res, next) => tokenController.change(req, res))
 
 module.exports = routes