refactor: removed useless code, cleaned up, fixed permissions

src/api/database/seeds/initial.js

@@ -3,7 +3,7 @@ const moment = require('moment');
 
 exports.seed = async db => {
 	const now = moment.utc().toDate();
-	const user = await db.table('users').where({ username: 'root' }).first();
+	const user = await db.table('users').where({ username: process.env.ADMIN_ACCOUNT }).first();
 	if (user) return;
 	try {
 		const hash = await bcrypt.hash(process.env.ADMIN_PASSWORD, 10);

src/api/routes/albums/albumDELETE.js

@@ -14,7 +14,7 @@ class albumDELETE extends Route {
 			Check if the album exists
 		*/
 		const album = await db.table('albums').where({ id, userId: user.id }).first();
-		if (!album) return res.status(400).json({ message: 'The file doesn\'t exist or doesn\'t belong to the user' });
+		if (!album) return res.status(400).json({ message: 'The album doesn\'t exist or doesn\'t belong to the user' });
 
 		try {
 			/*

src/api/routes/albums/albumPurgeDELETE.js

@@ -14,7 +14,7 @@ class albumDELETE extends Route {
 			Check if the album exists
 		*/
 		const album = await db.table('albums').where({ id, userId: user.id }).first();
-		if (!album) return res.status(400).json({ message: 'The file doesn\'t exist or doesn\'t belong to the user' });
+		if (!album) return res.status(400).json({ message: 'The album doesn\'t exist or doesn\'t belong to the user' });
 
 		try {
 			await Util.deleteAllFilesFromAlbum(id);

src/api/routes/albums/albumsGET.js

@@ -18,6 +18,8 @@ class albumsGET extends Route {
 			.select('id', 'name', 'createdAt', 'editedAt');
 
 		for (const album of albums) {
+			// TODO: Optimize the shit out of this.
+
 			/*
 				Fetch every public link the album has
 			*/

src/api/routes/albums/link/linkDELETE.js

@@ -6,13 +6,13 @@ class linkDELETE extends Route {
 		super('/album/link/delete/:identifier', 'delete');
 	}
 
-	async run(req, res, db) {
+	async run(req, res, db, user) {
 		const { identifier } = req.params;
 		if (!identifier) return res.status(400).json({ message: 'Invalid identifier supplied' });
 
 		try {
 			const link = await db.table('links')
-				.where({ identifier })
+				.where({ identifier, userId: user.id })
 				.first();
 
 			dump(link);

src/api/routes/albums/link/linkPOST.js

@@ -1,6 +1,5 @@
 const Route = require('../../../structures/Route');
 const Util = require('../../../utils/Util');
-const log = require('../../../utils/Log');
 
 class linkPOST extends Route {
 	constructor() {
@@ -15,7 +14,7 @@ class linkPOST extends Route {
 		/*
 			Make sure the album exists
 		*/
-		const exists = await db.table('albums').where('id', albumId).first();
+		const exists = await db.table('albums').where({ id: albumId, userId: user.id }).first();
 		if (!exists) return res.status(400).json({ message: 'Album doesn\t exist' });
 
 		/*

src/api/routes/baseGET.js

@@ -1,13 +0,0 @@
-const Route = require('../structures/Route');
-
-class verifyGET extends Route {
-	constructor() {
-		super('/', 'get', { bypassAuth: true });
-	}
-
-	run(req, res) {
-		return res.json({ message: 'Hai hai api desu.' });
-	}
-}
-
-module.exports = verifyGET;

src/api/routes/files/albumAddPOST.js

@@ -5,11 +5,17 @@ class albumAddPOST extends Route {
 		super('/file/album/add', 'post');
 	}
 
-	async run(req, res, db) {
+	async run(req, res, db, user) {
 		if (!req.body) return res.status(400).json({ message: 'No body provided' });
 		const { fileId, albumId } = req.body;
 		if (!fileId || !albumId) return res.status(400).json({ message: 'No id provided' });
 
+		// Make sure both file and album belong to the user
+		const file = await db.table('files').where({ id: fileId, userId: user.id }).first();
+		if (!file) return res.status(400).json({ message: 'File doesn\'t exist.' });
+		const album = await db.table('albums').where({ id: albumId, userId: user.id }).first();
+		if (!album) return res.status(400).json({ message: 'Album doesn\'t exist.' });
+
 		try {
 			await db.table('albumsFiles')
 				.insert({ fileId, albumId });

src/api/routes/files/albumDelPOST.js

@@ -5,11 +5,17 @@ class albumDelPOST extends Route {
 		super('/file/album/del', 'post');
 	}
 
-	async run(req, res, db) {
+	async run(req, res, db, user) {
 		if (!req.body) return res.status(400).json({ message: 'No body provided' });
 		const { fileId, albumId } = req.body;
 		if (!fileId || !albumId) return res.status(400).json({ message: 'No id provided' });
 
+		// Make sure both file and album belong to the user
+		const file = await db.table('files').where({ id: fileId, userId: user.id }).first();
+		if (!file) return res.status(400).json({ message: 'File doesn\'t exist.' });
+		const album = await db.table('albums').where({ id: albumId, userId: user.id }).first();
+		if (!album) return res.status(400).json({ message: 'Album doesn\'t exist.' });
+
 		try {
 			await db.table('albumsFiles')
 				.where({ fileId, albumId })

src/api/routes/files/tagAddPOST.js

@@ -5,11 +5,15 @@ class tagAddPOST extends Route {
 		super('/file/tag/add', 'post');
 	}
 
-	run(req, res, db) {
+	async run(req, res, db, user) {
 		if (!req.body) return res.status(400).json({ message: 'No body provided' });
 		const { fileId, tagNames } = req.body;
 		if (!fileId || !tagNames.length) return res.status(400).json({ message: 'No tags provided' });
 
+		// Make sure the file belongs to the user
+		const file = await db.table('files').where({ id: fileId, userId: user.id }).first();
+		if (!file) return res.status(400).json({ message: 'File doesn\'t exist.' });
+
 		tagNames.forEach(async tag => {
 			try {
 				await db.table('fileTags').insert({ fileId, tag });

src/api/routes/files/tagDelPOST.js

@@ -1,27 +0,0 @@
-const Route = require('../../structures/Route');
-
-class albumDelPOST extends Route {
-	constructor() {
-		super('/file/album/del', 'post');
-	}
-
-	async run(req, res, db) {
-		if (!req.body) return res.status(400).json({ message: 'No body provided' });
-		const { fileId, albumId } = req.body;
-		if (!fileId || !albumId) return res.status(400).json({ message: 'No id provided' });
-
-		try {
-			await db.table('albumsFiles')
-				.where({ fileId, albumId })
-				.delete();
-		} catch (error) {
-			return super.error(res, error);
-		}
-
-		return res.json({
-			message: 'Successfully removed file from album'
-		});
-	}
-}
-
-module.exports = albumDelPOST;

src/api/routes/files/uploadPOST.js

@@ -19,10 +19,14 @@ class uploadPOST extends Route {
 		super('/upload.....', 'post', { bypassAuth: true });
 	}
 
-	async run(req, res, db) {
+	run(req, res) {
+		return res.status(201).send();
+
+		/*
 		const user = await Util.isAuthorized(req);
 		if (!user && process.env.PUBLIC_MODE == 'false') return res.status(401).json({ message: 'Not authorized to use this resource' });
 		return this.uploadFile(req, res, db, user);
+		*/
 	}
 
 	async processFile(req, res, db, user, file) {

src/api/routes/verifyGET.js

@@ -6,15 +6,13 @@ class verifyGET extends Route {
 	}
 
 	run(req, res, db, user) {
-		const returnUser = {
-			id:	user.id,
-			username: user.username,
-			isAdmin: user.isAdmin
-		};
-
 		return res.json({
 			message: 'Successfully verified token',
-			user: returnUser
+			user: {
+				id:	user.id,
+				username: user.username,
+				isAdmin: user.isAdmin
+			}
 		});
 	}
 }

src/site/assets/styles/style.scss

@@ -83,6 +83,16 @@ div#drag-overlay {
 	}
 }
 
+
+section.hero {
+	&.dashboard {
+		// background-color: $backgroundLight1 !important;
+		div.hero-body {
+			align-items: baseline;
+		}
+	}
+}
+
 section input, section a.button {
 	font-size: 14px !important;
 }

src/site/components/grid/Grid.vue

@@ -172,11 +172,6 @@ export default {
 			searchTerm: null
 		};
 	},
-	computed: {
-		config() {
-			return this.$store.state.config;
-		}
-	},
 	mounted() {
 		this.$search.items(this.files);
 	},

src/site/components/navbar/Navbar.vue

@@ -50,30 +50,6 @@
 				<i class="icon-ecommerce-safebox" /> {{ config.serviceName }}
 			</router-link>
 
-			<!--
-			<template v-if="loggedIn">
-				<router-link
-					to="/dashboard/uploads"
-					class="navbar-item no-active"
-					exact><i class="hidden"/>Uploads</router-link>
-
-				<router-link
-					to="/dashboard/albums"
-					class="navbar-item no-active"
-					exact><i class="hidden"/>Albums</router-link>
-
-				<router-link
-					to="/dashboard/tags"
-					class="navbar-item no-active"
-					exact><i class="hidden"/>Tags</router-link>
-
-				<router-link
-					to="/dashboard/settings"
-					class="navbar-item no-active"
-					exact><i class="hidden"/>Settings</router-link>
-			</template>
-			-->
-
 			<div class="spacer" />
 
 			<template v-if="loggedIn">
@@ -126,9 +102,6 @@ export default {
 		loggedIn() {
 			return this.$store.state.loggedIn;
 		},
-		user() {
-			return this.$store.state.user;
-		},
 		config() {
 			return this.$store.state.config;
 		}

src/site/pages/dashboard/account.vue

@@ -1,21 +1,5 @@
-<style lang="scss" scoped>
-	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-	div.search-container {
-		display: flex;
-		justify-content: center;
-	}
-</style>
-<style lang="scss">
-	@import '~/assets/styles/_colors.scss';
-</style>
-
-
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">
@@ -95,11 +79,6 @@ export default {
 			user: {}
 		};
 	},
-	computed: {
-		config() {
-			return this.$store.state.config;
-		}
-	},
 	metaInfo() {
 		return { title: 'Account' };
 	},

src/site/pages/dashboard/albums/_id.vue

@@ -9,7 +9,7 @@
 </style>
 
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">
@@ -71,11 +71,6 @@ export default {
 			showingModalForFile: null
 		};
 	},
-	computed: {
-		config() {
-			return this.$store.state.config;
-		}
-	},
 	metaInfo() {
 		return { title: 'Album' };
 	},

src/site/pages/dashboard/albums/index.vue

@@ -1,14 +1,5 @@
 <style lang="scss" scoped>
 	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-	div.search-container {
-		display: flex;
-		justify-content: center;
-	}
-
 	div.view-container {
 		padding: 2rem;
 	}
@@ -130,7 +121,7 @@
 
 
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">

src/site/pages/dashboard/index.vue

@@ -1,15 +1,9 @@
 <style lang="scss" scoped>
-	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-
 	.albumsModal .columns .column { padding: .25rem; }
 </style>
 
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">
@@ -71,11 +65,6 @@ export default {
 			showingModalForFile: null
 		};
 	},
-	computed: {
-		config() {
-			return this.$store.state.config;
-		}
-	},
 	metaInfo() {
 		return { title: 'Uploads' };
 	},

src/site/pages/dashboard/settings.vue

@@ -1,21 +1,5 @@
-<style lang="scss" scoped>
-	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-	div.search-container {
-		display: flex;
-		justify-content: center;
-	}
-</style>
-<style lang="scss">
-	@import '~/assets/styles/_colors.scss';
-</style>
-
-
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">
@@ -25,11 +9,6 @@
 					<div class="column">
 						<h2 class="subtitle">Service settings</h2>
 						<hr>
-						<!--
-						<h1 class="title">Uploads</h1>
-						<h2 class="subtitle">Keep track of all your uploads in here</h2>
-						<hr>
-						-->
 
 						<b-field label="Service name"
 							message="Please enter the name which this service is gonna be identified as"
@@ -130,11 +109,6 @@ export default {
 			options: {}
 		};
 	},
-	computed: {
-		config() {
-			return this.$store.state.config;
-		}
-	},
 	metaInfo() {
 		return { title: 'Settings' };
 	},

src/site/pages/dashboard/tags/index.vue

@@ -1,14 +1,5 @@
 <style lang="scss" scoped>
 	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-	div.search-container {
-		display: flex;
-		justify-content: center;
-	}
-
 	div.view-container {
 		padding: 2rem;
 	}
@@ -130,7 +121,7 @@
 
 
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">

src/site/pages/dashboard/users.vue

@@ -1,14 +1,5 @@
 <style lang="scss" scoped>
 	@import '~/assets/styles/_colors.scss';
-	section { background-color: $backgroundLight1 !important; }
-	section.hero div.hero-body {
-		align-items: baseline;
-	}
-	div.search-container {
-		display: flex;
-		justify-content: center;
-	}
-
 	div.view-container {
 		padding: 2rem;
 	}
@@ -130,7 +121,7 @@
 
 
 <template>
-	<section class="hero is-fullheight">
+	<section class="hero is-fullheight dashboard">
 		<div class="hero-body">
 			<div class="container">
 				<div class="columns">