Rewrote token handling and upload.js
This commit is contained in:
kanadeko
parent
79e786f3b8
commit
a114d298d0
|
|
@ -0,0 +1,27 @@
|
|||
const config = require('../config.js')
|
||||
const db = require('knex')(config.database)
|
||||
|
||||
let tokenController = {}
|
||||
|
||||
tokenController.verify = function(req, res, next){
|
||||
let type = req.headers.type
|
||||
let token = req.headers.token
|
||||
|
||||
if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
|
||||
if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
|
||||
if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
|
||||
|
||||
if(type === 'client'){
|
||||
if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
|
||||
return res.json({ success: true })
|
||||
}
|
||||
|
||||
if(type === 'admin'){
|
||||
if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
|
||||
return res.json({ success: true })
|
||||
}
|
||||
|
||||
return res.json({ success: false, description: '(╯°□°)╯︵ ┻━┻' })
|
||||
}
|
||||
|
||||
module.exports = tokenController
|
||||
|
|
@ -45,8 +45,6 @@
|
|||
<div class="column"></div>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
<div id="uploads">
|
||||
<div id="template" class="columns">
|
||||
<div class="column">
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ window.onload = function () {
|
|||
// xhr.responseText
|
||||
}
|
||||
}
|
||||
xhr.open('GET', '/api/verify', true);
|
||||
xhr.open('GET', '/api/token/verify', true);
|
||||
xhr.setRequestHeader('type', 'admin');
|
||||
xhr.setRequestHeader('token', document.getElementById('token').value);
|
||||
xhr.send(null);
|
||||
|
|
|
|||
|
|
@ -1,127 +1,131 @@
|
|||
var upload = {};
|
||||
|
||||
window.onload = function () {
|
||||
upload.isPrivate = true;
|
||||
upload.token = localStorage.token;
|
||||
|
||||
var USINGTOKEN;
|
||||
var maxSize = '512';
|
||||
|
||||
// First check to see if the service is using token or not
|
||||
upload.checkIfPublic = function(){
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
USINGTOKEN = JSON.parse(xhr.responseText).private;
|
||||
prepareTokenThing();
|
||||
upload.isPublic = JSON.parse(xhr.responseText).private;
|
||||
upload.preparePage();
|
||||
}
|
||||
}
|
||||
xhr.open('GET', '/api/check', true);
|
||||
xhr.send(null);
|
||||
}
|
||||
|
||||
function prepareTokenThing(){
|
||||
|
||||
if(!USINGTOKEN) return getInfo();
|
||||
|
||||
if(!localStorage.token){
|
||||
document.getElementById('tokenSubmit').addEventListener('click', function(){
|
||||
getInfo(document.getElementById('token').value)
|
||||
});
|
||||
return document.getElementById('tokenContainer').style.display = 'flex';
|
||||
}
|
||||
|
||||
getInfo(localStorage.token);
|
||||
|
||||
upload.preparePage = function(){
|
||||
if(!upload.isPrivate) return upload.prepareUpload();
|
||||
if(!upload.token){
|
||||
document.getElementById('tokenSubmit').addEventListener('click', function(){
|
||||
upload.verifyToken(document.getElementById('token').value)
|
||||
});
|
||||
document.getElementById('tokenContainer').style.display = 'flex';
|
||||
return;
|
||||
}
|
||||
upload.verifyToken(upload.token, true);
|
||||
}
|
||||
|
||||
function prepareDropzone(){
|
||||
upload.verifyToken = function(token, reloadOnError = false){
|
||||
var xhr = new XMLHttpRequest();
|
||||
|
||||
var previewNode = document.querySelector('#template');
|
||||
previewNode.id = '';
|
||||
var previewTemplate = previewNode.parentNode.innerHTML;
|
||||
previewNode.parentNode.removeChild(previewNode);
|
||||
|
||||
var dropzone = new Dropzone('div#dropzone', {
|
||||
url: '/api/upload',
|
||||
paramName: 'files[]',
|
||||
maxFilesize: maxSize,
|
||||
parallelUploads: 2,
|
||||
uploadMultiple: false,
|
||||
previewsContainer: 'div#uploads',
|
||||
previewTemplate: previewTemplate,
|
||||
createImageThumbnails: false,
|
||||
maxFiles: 1000,
|
||||
autoProcessQueue: true,
|
||||
headers: {
|
||||
'auth': localStorage.token
|
||||
},
|
||||
init: function() {
|
||||
this.on('addedfile', function(file) {
|
||||
document.getElementById('uploads').style.display = 'block';
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
// Update the total progress bar
|
||||
dropzone.on('uploadprogress', function(file, progress) {
|
||||
file.previewElement.querySelector('.progress').style.width = progress + '%';
|
||||
});
|
||||
|
||||
dropzone.on('success', function(file, response) {
|
||||
|
||||
// Handle the responseText here. For example, add the text to the preview element:
|
||||
|
||||
if(response.success === false){
|
||||
var span = document.createElement('span');
|
||||
span.innerHTML = response.description;
|
||||
file.previewTemplate.querySelector('.link').appendChild(span);
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
|
||||
var json = JSON.parse(xhr.responseText);
|
||||
if(json.success === false){
|
||||
alert(json.description);
|
||||
if(reloadOnError){
|
||||
localStorage.removeItem("token");
|
||||
location.reload();
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
a = document.createElement('a');
|
||||
a.href = response.files[0].url;
|
||||
a.target = '_blank';
|
||||
a.innerHTML = response.files[0].url;
|
||||
file.previewTemplate.querySelector('.link').appendChild(a);
|
||||
|
||||
file.previewTemplate.querySelector('.progress').style.display = 'none';
|
||||
|
||||
});
|
||||
localStorage.token = token;
|
||||
upload.token = token;
|
||||
return upload.prepareUpload();
|
||||
|
||||
}
|
||||
|
||||
function getInfo(token) {
|
||||
var xhr = new XMLHttpRequest();
|
||||
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
|
||||
if(xhr.responseText === 'not-authorized')
|
||||
return notAuthorized();
|
||||
|
||||
div = document.createElement('div');
|
||||
div.id = 'dropzone';
|
||||
div.innerHTML = 'Click here or drag and drop files';
|
||||
div.style.display = 'flex';
|
||||
|
||||
document.getElementById('btnGithub').style.display = 'none';
|
||||
document.getElementById('tokenContainer').style.display = 'none';
|
||||
document.getElementById('uploadContainer').appendChild(div);
|
||||
document.getElementById('panel').style.display = 'block';
|
||||
|
||||
if(xhr.responseText.maxFileSize) maxSize = JSON.parse(xhr.responseText).maxFileSize;
|
||||
if(token) localStorage.token = token;
|
||||
|
||||
prepareDropzone();
|
||||
|
||||
}
|
||||
}
|
||||
xhr.open('GET', '/api/info', true);
|
||||
|
||||
if(token !== undefined)
|
||||
xhr.setRequestHeader('auth', token);
|
||||
|
||||
xhr.send(null);
|
||||
}
|
||||
xhr.open('GET', '/api/token/verify', true);
|
||||
xhr.setRequestHeader('type', 'client');
|
||||
xhr.setRequestHeader('token', token);
|
||||
xhr.send(null);
|
||||
}
|
||||
|
||||
function notAuthorized() {
|
||||
localStorage.removeItem("token");
|
||||
location.reload();
|
||||
}
|
||||
upload.prepareUpload = function(){
|
||||
|
||||
div = document.createElement('div');
|
||||
div.id = 'dropzone';
|
||||
div.innerHTML = 'Click here or drag and drop files';
|
||||
div.style.display = 'flex';
|
||||
|
||||
document.getElementById('btnGithub').style.display = 'none';
|
||||
document.getElementById('tokenContainer').style.display = 'none';
|
||||
document.getElementById('uploadContainer').appendChild(div);
|
||||
document.getElementById('panel').style.display = 'block';
|
||||
|
||||
upload.prepareDropzone();
|
||||
|
||||
}
|
||||
|
||||
upload.prepareDropzone = function(){
|
||||
|
||||
var previewNode = document.querySelector('#template');
|
||||
previewNode.id = '';
|
||||
var previewTemplate = previewNode.parentNode.innerHTML;
|
||||
previewNode.parentNode.removeChild(previewNode);
|
||||
|
||||
var dropzone = new Dropzone('div#dropzone', {
|
||||
url: '/api/upload',
|
||||
paramName: 'files[]',
|
||||
parallelUploads: 2,
|
||||
uploadMultiple: false,
|
||||
previewsContainer: 'div#uploads',
|
||||
previewTemplate: previewTemplate,
|
||||
createImageThumbnails: false,
|
||||
maxFiles: 1000,
|
||||
autoProcessQueue: true,
|
||||
headers: {
|
||||
'auth': localStorage.token
|
||||
},
|
||||
init: function() {
|
||||
this.on('addedfile', function(file) {
|
||||
document.getElementById('uploads').style.display = 'block';
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
// Update the total progress bar
|
||||
dropzone.on('uploadprogress', function(file, progress) {
|
||||
file.previewElement.querySelector('.progress').style.width = progress + '%';
|
||||
});
|
||||
|
||||
dropzone.on('success', function(file, response) {
|
||||
|
||||
// Handle the responseText here. For example, add the text to the preview element:
|
||||
|
||||
if(response.success === false){
|
||||
var span = document.createElement('span');
|
||||
span.innerHTML = response.description;
|
||||
file.previewTemplate.querySelector('.link').appendChild(span);
|
||||
return;
|
||||
}
|
||||
|
||||
a = document.createElement('a');
|
||||
a.href = response.files[0].url;
|
||||
a.target = '_blank';
|
||||
a.innerHTML = response.files[0].url;
|
||||
file.previewTemplate.querySelector('.link').appendChild(a);
|
||||
|
||||
file.previewTemplate.querySelector('.progress').style.display = 'none';
|
||||
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
window.onload = function () {
|
||||
upload.checkIfPublic();
|
||||
};
|
||||
|
|
@ -2,33 +2,12 @@ const config = require('../config.js')
|
|||
const routes = require('express').Router()
|
||||
const uploadController = require('../controllers/uploadController')
|
||||
const galleryController = require('../controllers/galleryController')
|
||||
const tokenController = require('../controllers/tokenController')
|
||||
|
||||
routes.get ('/check', (req, res, next) => {
|
||||
return res.json({ private: config.private })
|
||||
})
|
||||
|
||||
routes.get ('/verify', (req, res, next) => {
|
||||
let type = req.headers.type
|
||||
let token = req.headers.token
|
||||
|
||||
if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
|
||||
if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
|
||||
if(type !== 'client' && type !== 'admin') return res.json({ success: false, description: 'Wrong type provided.' })
|
||||
|
||||
if(type === 'client'){
|
||||
if(token !== config.clientToken) return res.json({ success: false, description: 'Token mismatch.' })
|
||||
return res.json({ success: true })
|
||||
}
|
||||
|
||||
if(type === 'admin'){
|
||||
if(token !== config.adminToken) return res.json({ success: false, description: 'Token mismatch.' })
|
||||
return res.json({ success: true })
|
||||
}
|
||||
|
||||
return res.json({ success: false, description: '(╯°□°)╯︵ ┻━┻' })
|
||||
|
||||
})
|
||||
|
||||
routes.get('/info', (req, res, next) => {
|
||||
|
||||
if(config.private === true)
|
||||
|
|
@ -44,5 +23,6 @@ routes.get ('/uploads', (req, res, next) => uploadController.list(req, res))
|
|||
routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
|
||||
routes.get ('/gallery', (req, res, next) => galleryController.list(req, res, next))
|
||||
routes.get ('/gallery/test', (req, res, next) => galleryController.test(req, res, next))
|
||||
routes.get ('/token/verify', (req, res, next) => tokenController.verify(req, res))
|
||||
|
||||
module.exports = routes
|
||||
|
|
|
|||
Loading…
Reference in New Issue