diff --git a/.gitignore b/.gitignore index 33ac004..4e41a30 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,7 @@ thewhitesilk_config.json thewhitesilk_data/ deno.lock -node_modules/ \ No newline at end of file +node_modules/ + +#npm +package-lock.json \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index aa097a1..efa5aa5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,4 +12,5 @@ services: restart: always volumes: - ./thewhitesilk_config.json:/app/thewhitesilk_config.json - - ./thewhitesilk_data:/app/thewhitesilk_data \ No newline at end of file + - ./thewhitesilk_data:/app/thewhitesilk_data + network_mode: bridge diff --git a/server/main.ts b/server/main.ts index 36b6992..394396b 100644 --- a/server/main.ts +++ b/server/main.ts @@ -11,50 +11,22 @@ import process from "node:process" import chalk from "chalk" import child_process from "node:child_process" import FileManager from "./data/FileManager.ts" -import TokenManager from "./api/TokenManager.ts" -import UserChatLinker from "./data/UserChatLinker.ts" import path from "node:path" import cookieParser from 'cookie-parser' import fs from 'node:fs/promises' // @ts-types="npm:@types/express-fileupload" import fileUpload from 'express-fileupload' +import { Middleware } from "./middleware.ts" const app = express() app.use('/', express.static(config.data_path + '/page_compiled')) app.use(cookieParser()) -app.get('/uploaded_files/:hash', (req, res) => { - const hash = req.params.hash as string - if (hash == null) { - res.status(404).send({ - msg: "404 Not Found", - }) - return - } - const file = FileManager.findByHash(hash) +app.get('/uploaded_files/:hash',Middleware.Get_uploaded_files, (req, res) => { + const file = FileManager.findByHash(req.params.hash as string) if (file == null) { - res.status(404).send({ - msg: "404 Not Found", - }) - return + return; } - - if (file.getChatId() != null) { - const userToken = TokenManager.decode(req.headers.token || req.cookies.token) - if (!TokenManager.checkToken(userToken, req.headers['device-id'] || req.cookies.device_id)) { - res.status(401).send({ - msg: "401 UnAuthorized", - }) - return - } - if (!UserChatLinker.checkUserIsLinkedToChat(userToken.author, file.getChatId() as string)) { - res.status(403).send({ - msg: "403 Forbidden", - }) - return - } - } - const fileName = encodeURIComponent(file!.getName()?.replaceAll('"', '')) res.setHeader('Content-Disposition', `inline; filename="${fileName}"`) res.setHeader('Content-Type', file!.getMime()) @@ -69,35 +41,8 @@ app.use(fileUpload({ tempFileDir: config.data_path + '/upload_cache', abortOnLimit: true, })) -app.post('/upload_file', async (req, res) => { - const userToken = TokenManager.decode(req.headers.token || req.cookies.token) - if (!TokenManager.checkToken(userToken, req.headers['device-id'] || req.cookies.device_id)) { - res.status(401).send({ - msg: "401 UnAuthorized", - }) - return - } - if (req.body.chat_id && !UserChatLinker.checkUserIsLinkedToChat(userToken.author, req.body.chat_id)) { - res.status(403).send({ - msg: "403 Forbidden", - }) - return - } - +app.post('/upload_file',Middleware.Post_upload_file, async (req, res) => { const file = req.files?.file as fileUpload.UploadedFile - if (file?.data == null) { - res.status(400).send({ - msg: "No file was found or multiple files were uploaded", - }) - return - } - if (req.body.file_name == null) { - res.status(400).send({ - msg: "Filename is required", - }) - return - } - const hash = (await FileManager.uploadFile(req.body.file_name, await fs.readFile(file.tempFilePath), req.body.chat_id)).getHash() res.status(200).send({ diff --git a/server/middleware.ts b/server/middleware.ts new file mode 100644 index 0000000..c779c32 --- /dev/null +++ b/server/middleware.ts @@ -0,0 +1,68 @@ +import { Request, Response, NextFunction } from "express"; +import FileManager from "./data/FileManager.ts"; +import TokenManager from "./api/TokenManager.ts"; +import UserChatLinker from "./data/UserChatLinker.ts"; +import fileUpload from "express-fileupload"; + +export class Middleware { + static Authroize(req: Request, res: Response, chat_id: string | undefined) { + const userToken = TokenManager.decode(req.headers.token || req.cookies.token); + if (!TokenManager.checkToken(userToken, req.headers["device-id"] || req.cookies.device_id)) { + res.status(401).send({ + msg: "401 UnAuthorized", + }); + return false; + } + if (chat_id && !UserChatLinker.checkUserIsLinkedToChat(userToken.author, chat_id)) { + res.status(403).send({ + msg: "403 Forbidden", + }); + return false; + } + return true; + } + + static Get_uploaded_files(req: Request, res: Response, next: NextFunction) { + const hash = req.params.hash as string; + if (hash == null) { + res.status(404).send({ + msg: "404 Not Found", + }); + return; + } + const file = FileManager.findByHash(hash); + + if (file == null) { + res.status(404).send({ + msg: "404 Not Found", + }); + return; + } + + if (file.getChatId() != null) { + if (!Middleware.Authroize(req, res, file.getChatId() as string)) { + return; + } + } + next(); + } + + static Post_upload_file(req: Request, res: Response, next: NextFunction) { + if (!Middleware.Authroize(req, res, req.body.chat_id)) { + return; + } + const file = req.files?.file as fileUpload.UploadedFile; + if (file?.data == null) { + res.status(400).send({ + msg: "No file was found or multiple files were uploaded", + }); + return; + } + if (req.body.file_name == null) { + res.status(400).send({ + msg: "Filename is required", + }); + return; + } + } +}