From 230cc081827016d1f6144d0bef7a632948fc46f1 Mon Sep 17 00:00:00 2001 From: CrescentLeaf Date: Sat, 1 Nov 2025 19:56:49 +0800 Subject: [PATCH] =?UTF-8?q?fix&rename:=20=E9=87=8D=E5=91=BD=E5=90=8D?= =?UTF-8?q?=E4=B8=AD=E9=97=B4=E4=BB=B6,=20=E4=B8=8A=E4=BC=A0=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E4=B8=AD=E9=97=B4=E4=BB=B6=E6=B2=A1=E8=83=BD=E6=89=A7?= =?UTF-8?q?=E8=A1=8C=E4=B8=8B=E4=B8=80=E4=B8=AA=E5=87=BD=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/fileupload-middleware.ts | 69 +++++++++++++++++++++++++++++++++ server/main.ts | 6 +-- server/middleware.ts | 68 -------------------------------- 3 files changed, 72 insertions(+), 71 deletions(-) create mode 100644 server/fileupload-middleware.ts delete mode 100644 server/middleware.ts diff --git a/server/fileupload-middleware.ts b/server/fileupload-middleware.ts new file mode 100644 index 0000000..7f224d4 --- /dev/null +++ b/server/fileupload-middleware.ts @@ -0,0 +1,69 @@ +import { Request, Response, NextFunction } from "express" +import FileManager from "./data/FileManager.ts" +import TokenManager from "./api/TokenManager.ts" +import UserChatLinker from "./data/UserChatLinker.ts" +import fileUpload from "express-fileupload" + +export default class FileUploadMiddleware { + static checkUser(req: Request, res: Response, chat_id: string | undefined) { + const userToken = TokenManager.decode(req.headers.token || req.cookies.token) + if (!TokenManager.checkToken(userToken, req.headers["device-id"] || req.cookies.device_id)) { + res.status(401).send({ + msg: "401 UnAuthorized", + }) + return false + } + if (chat_id && !UserChatLinker.checkUserIsLinkedToChat(userToken.author, chat_id)) { + res.status(403).send({ + msg: "403 Forbidden", + }) + return false + } + return true + } + + static checkAccessingUploadedFiles(req: Request, res: Response, next: NextFunction) { + const hash = req.params.hash as string + if (hash == null) { + res.status(404).send({ + msg: "404 Not Found", + }) + return + } + const file = FileManager.findByHash(hash) + + if (file == null) { + res.status(404).send({ + msg: "404 Not Found", + }) + return + } + + if (file.getChatId() != null) { + if (!FileUploadMiddleware.checkUser(req, res, file.getChatId() as string)) { + return + } + } + next() + } + + static checkUploadedFile(req: Request, res: Response, next: NextFunction) { + if (!FileUploadMiddleware.checkUser(req, res, req.body.chat_id)) { + return + } + const file = req.files?.file as fileUpload.UploadedFile + if (file?.data == null) { + res.status(400).send({ + msg: "No file was found or multiple files were uploaded", + }) + return + } + if (req.body.file_name == null) { + res.status(400).send({ + msg: "Filename is required", + }) + return + } + next() + } +} diff --git a/server/main.ts b/server/main.ts index 394396b..c01c0b3 100644 --- a/server/main.ts +++ b/server/main.ts @@ -16,12 +16,12 @@ import cookieParser from 'cookie-parser' import fs from 'node:fs/promises' // @ts-types="npm:@types/express-fileupload" import fileUpload from 'express-fileupload' -import { Middleware } from "./middleware.ts" +import FileUploadMiddleware from "./fileupload-middleware.ts" const app = express() app.use('/', express.static(config.data_path + '/page_compiled')) app.use(cookieParser()) -app.get('/uploaded_files/:hash',Middleware.Get_uploaded_files, (req, res) => { +app.get('/uploaded_files/:hash', FileUploadMiddleware.checkAccessingUploadedFiles, (req, res) => { const file = FileManager.findByHash(req.params.hash as string) if (file == null) { @@ -41,7 +41,7 @@ app.use(fileUpload({ tempFileDir: config.data_path + '/upload_cache', abortOnLimit: true, })) -app.post('/upload_file',Middleware.Post_upload_file, async (req, res) => { +app.post('/upload_file', FileUploadMiddleware.checkUploadedFile, async (req, res) => { const file = req.files?.file as fileUpload.UploadedFile const hash = (await FileManager.uploadFile(req.body.file_name, await fs.readFile(file.tempFilePath), req.body.chat_id)).getHash() diff --git a/server/middleware.ts b/server/middleware.ts deleted file mode 100644 index c779c32..0000000 --- a/server/middleware.ts +++ /dev/null @@ -1,68 +0,0 @@ -import { Request, Response, NextFunction } from "express"; -import FileManager from "./data/FileManager.ts"; -import TokenManager from "./api/TokenManager.ts"; -import UserChatLinker from "./data/UserChatLinker.ts"; -import fileUpload from "express-fileupload"; - -export class Middleware { - static Authroize(req: Request, res: Response, chat_id: string | undefined) { - const userToken = TokenManager.decode(req.headers.token || req.cookies.token); - if (!TokenManager.checkToken(userToken, req.headers["device-id"] || req.cookies.device_id)) { - res.status(401).send({ - msg: "401 UnAuthorized", - }); - return false; - } - if (chat_id && !UserChatLinker.checkUserIsLinkedToChat(userToken.author, chat_id)) { - res.status(403).send({ - msg: "403 Forbidden", - }); - return false; - } - return true; - } - - static Get_uploaded_files(req: Request, res: Response, next: NextFunction) { - const hash = req.params.hash as string; - if (hash == null) { - res.status(404).send({ - msg: "404 Not Found", - }); - return; - } - const file = FileManager.findByHash(hash); - - if (file == null) { - res.status(404).send({ - msg: "404 Not Found", - }); - return; - } - - if (file.getChatId() != null) { - if (!Middleware.Authroize(req, res, file.getChatId() as string)) { - return; - } - } - next(); - } - - static Post_upload_file(req: Request, res: Response, next: NextFunction) { - if (!Middleware.Authroize(req, res, req.body.chat_id)) { - return; - } - const file = req.files?.file as fileUpload.UploadedFile; - if (file?.data == null) { - res.status(400).send({ - msg: "No file was found or multiple files were uploaded", - }); - return; - } - if (req.body.file_name == null) { - res.status(400).send({ - msg: "Filename is required", - }); - return; - } - } -}