| import path from 'node:path'; |
| import fs from 'node:fs'; |
|
|
| import express from 'express'; |
| import sanitize from 'sanitize-filename'; |
| import { sync as writeFileSyncAtomic } from 'write-file-atomic'; |
|
|
| import { validateAssetFileName } from './assets.js'; |
| import { clientRelativePath } from '../util.js'; |
|
|
| export const router = express.Router(); |
|
|
| router.post('/sanitize-filename', async (request, response) => { |
| try { |
| const fileName = String(request.body.fileName); |
| if (!fileName) { |
| return response.status(400).send('No fileName specified'); |
| } |
|
|
| const sanitizedFilename = sanitize(fileName); |
| return response.send({ fileName: sanitizedFilename }); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/upload', async (request, response) => { |
| try { |
| if (!request.body.name) { |
| return response.status(400).send('No upload name specified'); |
| } |
|
|
| if (!request.body.data) { |
| return response.status(400).send('No upload data specified'); |
| } |
|
|
| |
| const validation = validateAssetFileName(request.body.name); |
| if (validation.error) |
| return response.status(400).send(validation.message); |
|
|
| const pathToUpload = path.join(request.user.directories.files, request.body.name); |
| writeFileSyncAtomic(pathToUpload, request.body.data, 'base64'); |
| const url = clientRelativePath(request.user.directories.root, pathToUpload); |
| console.info(`Uploaded file: ${url} from ${request.user.profile.handle}`); |
| return response.send({ path: url }); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/delete', async (request, response) => { |
| try { |
| if (!request.body.path) { |
| return response.status(400).send('No path specified'); |
| } |
|
|
| const pathToDelete = path.join(request.user.directories.root, request.body.path); |
| if (!pathToDelete.startsWith(request.user.directories.files)) { |
| return response.status(400).send('Invalid path'); |
| } |
|
|
| if (!fs.existsSync(pathToDelete)) { |
| return response.status(404).send('File not found'); |
| } |
|
|
| fs.unlinkSync(pathToDelete); |
| console.info(`Deleted file: ${request.body.path} from ${request.user.profile.handle}`); |
| return response.sendStatus(200); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
| router.post('/verify', async (request, response) => { |
| try { |
| if (!Array.isArray(request.body.urls)) { |
| return response.status(400).send('No URLs specified'); |
| } |
|
|
| const verified = {}; |
|
|
| for (const url of request.body.urls) { |
| const pathToVerify = path.join(request.user.directories.root, url); |
| if (!pathToVerify.startsWith(request.user.directories.files)) { |
| console.warn(`File verification: Invalid path: ${pathToVerify}`); |
| continue; |
| } |
| const fileExists = fs.existsSync(pathToVerify); |
| verified[url] = fileExists; |
| } |
|
|
| return response.send(verified); |
| } catch (error) { |
| console.error(error); |
| return response.sendStatus(500); |
| } |
| }); |
|
|
