Update index.js

index.js

@@ -1,255 +1,387 @@
-import os from 'node:os';
-import path from 'node:path';
-import fs from 'node:fs/promises';
-import express from 'express';
-import serveIndex from 'serve-index';
-import bytes from 'bytes';
-import { fileTypeFromBuffer } from 'file-type';
-import cloudcmd from 'cloudcmd';
-
-const PORT = Number(process.env.PORT || 7860);
-const LIMIT_SIZE = process.env.LIMIT_SIZE || '500mb';
-const TMP_DIR = process.env.TMP_DIR || path.join(os.tmpdir());
-const MAX_BYTES = typeof LIMIT_SIZE === 'string' ? bytes.parse(LIMIT_SIZE) : LIMIT_SIZE;
-
-const toHuman = (n) =>
-  typeof bytes.format === 'function'
-    ? bytes.format(n, { unitSeparator: ' ' })
-    : bytes(n, { unitSeparator: ' ' });
-
-await fs.mkdir(TMP_DIR, { recursive: true });
+import express from "express";
+import path from "node:path";
+import fs from "node:fs";
+import { promises as fsp } from "node:fs";
+import fsExtra from "fs-extra";
+import multer from "multer";
+import archiver from "archiver";
+import extract from "extract-zip";
+import tar from "tar";
+import axios from "axios";
+import os from "node:os";
+import { pipeline } from "node:stream/promises";
+import { fileURLToPath } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
 
 const app = express();
-app.set('json spaces', 4);
-app.use(express.json({ limit: LIMIT_SIZE }));
-app.use(express.urlencoded({ extended: true, limit: LIMIT_SIZE }));
-
-// Logger
-app.use((req, _res, next) => {
-  const time = new Date().toLocaleString('id-ID', { timeZone: 'Asia/Jakarta' });
-  console.log(`[${time}] ${req.method}: ${req.url}`);
-  next();
-});
-
-// Static + directory listing
-app.use('/file', express.static(TMP_DIR));
-app.use('/file', serveIndex(TMP_DIR, { hidden: true, icons: true }));
-
-app.use(
-  '/manage',
-  cloudcmd({
-    root: TMP_DIR,
-    prefix: '/manage',
-  })
-);
-
-// Helper: buat URL absolut untuk file
-function fileUrl(req, fileName) {
-  const host = process.env.SPACE_HOST || req.get('host');
-  const proto = req.headers['x-forwarded-proto'] || req.protocol || 'http';
-  return `${proto}://${host}/file/${encodeURIComponent(fileName)}`;
-}
-
-// Helper: decode base64 (dukungan data URL + base64url)
-function decodeBase64ToBuffer(input) {
-  if (typeof input !== 'string') {
-    throw new Error('Input harus string base64');
+app.use(express.json({ limit: "50mb" }));
+app.use(express.urlencoded({ extended: true }));
+
+// ROOT_DIR default ke os.tmpdir(), bisa override via env ROOT_DIR
+const ROOT_DIR = path.resolve(process.env.ROOT_DIR || os.tmpdir());
+fsExtra.ensureDirSync(ROOT_DIR);
+
+// Multer temp dir juga pakai tmp
+const uploadTmpDir = path.join(os.tmpdir(), "filemgr_uploads");
+fsExtra.ensureDirSync(uploadTmpDir);
+const upload = multer({ dest: uploadTmpDir });
+
+// Utils
+const toPosix = (p) => p.replace(/\\/g, "/");
+const badName = (name) => !name || name.includes("..") || name.includes("/") || name.includes("\\");
+function safeResolve(rel = "") {
+  const relNorm = String(rel).replace(/^[/\```+/, "");
+  const full = path.resolve(ROOT_DIR, relNorm);
+  if (!full.startsWith(ROOT_DIR)) {
+    const err = new Error("Path outside ROOT_DIR");
+    err.status = 400;
+    throw err;
   }
-  let raw = input.trim();
-
-  // data:[mime];base64,<data>
-  const comma = raw.indexOf(',');
-  if (raw.startsWith('data:') && comma !== -1) {
-    raw = raw.slice(comma + 1);
+  return full;
+}
+function buildBreadcrumb(rel = "") {
+  const parts = toPosix(rel).split("/").filter(Boolean);
+  let acc = "";
+  const crumbs = [{ name: "root", path: "" }];
+  for (const p of parts) {
+    acc = acc ? `${acc}/${p}` : p;
+    crumbs.push({ name: p, path: acc });
   }
-
-  raw = raw.replace(/\s+/g, '');
-  // dukung base64url
-  raw = raw.replace(/-/g, '+').replace(/_/g, '/');
-  const pad = raw.length % 4;
-  if (pad) raw += '='.repeat(4 - pad);
-
-  const buf = Buffer.from(raw, 'base64');
-  // validasi round-trip
-  const reEncoded = buf.toString('base64').replace(/=+$/, '');
-  const normalized = raw.replace(/=+$/, '');
-  if (reEncoded !== normalized) throw new Error('Base64 tidak valid');
-  return buf;
+  return crumbs;
+}
+function detectExtFull(name) {
+  const lower = name.toLowerCase();
+  if (lower.endsWith(".tar.gz")) return "tar.gz";
+  if (lower.endsWith(".tgz")) return "tgz";
+  return path.extname(lower).slice(1);
+}
+function archiveFormatFromName(name) {
+  const e = detectExtFull(name);
+  if (e === "zip") return "zip";
+  if (e === "tar") return "tar";
+  if (e === "tgz" || e === "tar.gz") return "tgz";
+  return null;
+}
+function stripArchiveExt(baseName) {
+  return baseName
+    .replace(/\.tar\.gz$/i, "")
+    .replace(/\.tgz$/i, "")
+    .replace(/\.zip$/i, "")
+    .replace(/\.tar$/i, "");
 }
 
-// FE sederhana
-app.get('/', (_req, res) => {
-  res.type('html').send(`<!doctype html>
-<html lang="id">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width,initial-scale=1" />
-  <title>Downloader -> tmp</title>
-  <style>
-    body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Helvetica,Arial,sans-serif;max-width:720px;margin:40px auto;padding:0 16px;}
-    form{display:flex;gap:8px}
-    input[type=url]{flex:1;padding:10px;border:1px solid #ccc;border-radius:8px}
-    button{padding:10px 14px;border:0;background:#0b5;color:#fff;border-radius:8px;cursor:pointer}
-    button:disabled{opacity:.6;cursor:not-allowed}
-    .result{margin-top:16px;white-space:pre-wrap;background:#f7f7f7;padding:12px;border-radius:8px;border:1px solid #eee}
-    .tips{margin-top:10px;font-size:.9em;color:#555}
-    a{color:#06c;text-decoration:none}
-  </style>
-</head>
-<body>
-  <h1>Download ke tmp folder</h1>
-  <p class="tips">Limit ukuran: ${LIMIT_SIZE}. Lihat daftar file di <a href="/file" target="_blank">/file</a> atau kelola di <a href="/manage" target="_blank">/manage</a>.</p>
-
-  <form id="dl-form">
-    <input id="url" type="url" placeholder="https://contoh.com/file.jpg" required />
-    <button id="submit" type="submit">Download</button>
-  </form>
-
-  <div id="out" class="result" hidden></div>
-
-  <script>
-  const form = document.getElementById('dl-form');
-  const out = document.getElementById('out');
-  const btn = document.getElementById('submit');
-
-  form.addEventListener('submit', async (e) => {
-    e.preventDefault();
-    const url = document.getElementById('url').value.trim();
-    if (!url) return;
-
-    btn.disabled = true;
-    out.hidden = true;
-    out.textContent = '';
-
-    try {
-      const resp = await fetch('/download', {
-        method: 'POST',
-        headers: {'Content-Type': 'application/json'},
-        body: JSON.stringify({ url })
-      });
-      const data = await resp.json();
-      btn.disabled = false;
-      out.hidden = false;
-
-      if (!resp.ok) {
-        out.textContent = 'Error: ' + (data.message || resp.statusText);
-        return;
-      }
+// Routes
+app.get("/api/list", async (req, res, next) => {
+  try {
+    const rel = req.query.path ? String(req.query.path) : "";
+    const dirFull = safeResolve(rel);
+    const stat = await fsExtra.stat(dirFull);
+    if (!stat.isDirectory()) return res.status(400).json({ error: "Not a directory" });
+
+    const items = await fsp.readdir(dirFull, { withFileTypes: true });
+    const details = await Promise.all(
+      items.map(async (d) => {
+        const full = path.join(dirFull, d.name);
+        const s = await fsExtra.stat(full);
+        const isDir = s.isDirectory();
+        const ext = isDir ? "" : path.extname(d.name).slice(1).toLowerCase();
+        const extFull = isDir ? "" : detectExtFull(d.name);
+        const archFormat = isDir ? null : archiveFormatFromName(d.name);
+        return {
+          name: d.name,
+          relPath: toPosix(path.join(rel, d.name)),
+          isDir,
+          size: isDir ? null : s.size,
+          mtime: s.mtimeMs,
+          ext,
+          extFull,
+          archFormat
+        };
+      })
+    );
+
+    details.sort((a, b) => {
+      if (a.isDir && !b.isDir) return -1;
+      if (!a.isDir && b.isDir) return 1;
+      return a.name.localeCompare(b.name);
+    });
 
-      const link = data.url || ('/file/' + encodeURIComponent(data.name));
-      out.innerHTML = 'Saved as: <b>' + data.name + '</b> (' + data.size.readable + ')<br/>' +
-        'Type: ' + (data.type && data.type.mime) + '<br/>' +
-        'Open: <a href="' + link + '" target="_blank" rel="noopener">' + link + '</a>';
-    } catch (err) {
-      btn.disabled = false;
-      out.hidden = false;
-      out.textContent = 'Error: ' + err.message;
-    }
-  });
-  </script>
-</body>
-</html>`);
+    res.json({ path: toPosix(rel), breadcrumb: buildBreadcrumb(rel), items: details });
+  } catch (err) {
+    next(err);
+  }
 });
 
-// Upload base64
-app.post('/upload', async (req, res) => {
-  const { file } = req.body || {};
-  if (!file || typeof file !== 'string') {
-    return res.status(400).json({ message: 'Payload body "file" harus base64 string' });
+app.post("/api/folder", async (req, res, next) => {
+  try {
+    const { parent = "", name } = req.body;
+    if (badName(name)) return res.status(400).json({ error: "Invalid folder name" });
+    const dirFull = safeResolve(parent);
+    await fsExtra.ensureDir(path.join(dirFull, name));
+    res.json({ ok: true });
+  } catch (err) {
+    next(err);
   }
+});
 
+app.post("/api/file", async (req, res, next) => {
   try {
-    const fileBuffer = decodeBase64ToBuffer(file);
-    const ftype = (await fileTypeFromBuffer(fileBuffer)) || {
-      mime: 'application/octet-stream',
-      ext: 'bin',
-    };
-
-    const name = `${(ftype.mime.split('/')[0] || 'file')}-${Math.random().toString(36).slice(2)}.${ftype.ext}`;
-    await fs.writeFile(path.join(TMP_DIR, name), fileBuffer);
-
-    return res.json({
-      name,
-      size: { bytes: fileBuffer.length, readable: toHuman(fileBuffer.length) },
-      type: ftype,
-      url: fileUrl(req, name),
-    });
+    const { parent = "", name, content = "" } = req.body;
+    if (badName(name)) return res.status(400).json({ error: "Invalid file name" });
+    const dirFull = safeResolve(parent);
+    const dest = path.join(dirFull, name);
+    await fsExtra.ensureDir(path.dirname(dest));
+    await fsp.writeFile(dest, content, "utf8");
+    res.json({ ok: true });
   } catch (err) {
-    return res.status(400).json({ message: err.message || 'Gagal memproses base64' });
+    next(err);
   }
 });
 
-// Download by URL -> simpan ke TMP_DIR
-app.post('/download', async (req, res) => {
-  const { url } = req.body || {};
-  if (!url || typeof url !== 'string') {
-    return res.status(400).json({ message: 'Body.url wajib diisi' });
+app.put("/api/file", async (req, res, next) => {
+  try {
+    const { path: rel, content = "" } = req.body;
+    if (!rel) return res.status(400).json({ error: "Missing path" });
+    const full = safeResolve(rel);
+    const s = await fsExtra.stat(full);
+    if (!s.isFile()) return res.status(400).json({ error: "Not a file" });
+    await fsp.writeFile(full, content, "utf8");
+    res.json({ ok: true });
+  } catch (err) {
+    next(err);
   }
+});
 
-  let resp;
+app.get("/api/file", async (req, res, next) => {
   try {
-    resp = await fetch(url, { redirect: 'follow' });
+    const rel = String(req.query.path || "");
+    const full = safeResolve(rel);
+    const s = await fsExtra.stat(full);
+    if (!s.isFile()) return res.status(400).json({ error: "Not a file" });
+    if (s.size > 2 * 1024 * 1024) return res.status(400).json({ error: "File too large to view" });
+    const buf = await fsp.readFile(full);
+    res.json({ content: buf.toString("utf8") });
   } catch (err) {
-    return res.status(400).json({ message: `Gagal mengunduh URL: ${err.message}` });
+    next(err);
   }
+});
 
-  if (!resp.ok) {
-    return res.status(resp.status).json({ message: `Gagal mengunduh (${resp.status} ${resp.statusText})` });
+app.post("/api/rename", async (req, res, next) => {
+  try {
+    const { path: rel, newName } = req.body;
+    if (!rel || badName(newName)) return res.status(400).json({ error: "Invalid input" });
+    const full = safeResolve(rel);
+    const parentRel = toPosix(path.dirname(rel));
+    const dest = path.join(safeResolve(parentRel), newName);
+    await fsExtra.move(full, dest, { overwrite: false });
+    res.json({ ok: true, newPath: toPosix(path.join(parentRel, newName)) });
+  } catch (err) {
+    next(err);
   }
+});
 
-  // Early check lewat Content-Length
-  const contentLengthHeader = resp.headers.get('content-length');
-  const contentLength = contentLengthHeader ? Number(contentLengthHeader) : null;
-  if (contentLength && contentLength > MAX_BYTES) {
-    return res.status(413).json({ message: `Ukuran file (${toHuman(contentLength)}) melebihi limit ${LIMIT_SIZE}` });
+app.post("/api/move", async (req, res, next) => {
+  try {
+    const { from, toDir } = req.body;
+    if (!from) return res.status(400).json({ error: "Missing from" });
+    const srcFull = safeResolve(from);
+    const toDirFull = safeResolve(toDir || "");
+    const base = path.basename(srcFull);
+    const destFull = path.join(toDirFull, base);
+    await fsExtra.move(srcFull, destFull, { overwrite: false });
+    res.json({ ok: true, newPath: toPosix(path.join(toDir || "", base)) });
+  } catch (err) {
+    next(err);
   }
+});
 
-  // Baca body ke Buffer dengan limit
-  if (!resp.body) {
-    return res.status(400).json({ message: 'Response tidak memiliki body' });
+app.delete("/api/entry", async (req, res, next) => {
+  try {
+    const rel = String(req.query.path || "");
+    const full = safeResolve(rel);
+    await fsExtra.remove(full);
+    res.json({ ok: true });
+  } catch (err) {
+    next(err);
   }
+});
 
-  const reader = resp.body.getReader();
-  const chunks = [];
-  let total = 0;
+app.post("/api/upload", upload.array("files"), async (req, res, next) => {
+  try {
+    const rel = String(req.query.path || "");
+    const destDir = safeResolve(rel);
+    await fsExtra.ensureDir(destDir);
+    const moved = [];
+    for (const file of req.files || []) {
+      const target = path.join(destDir, file.originalname);
+      await fsExtra.move(file.path, target, { overwrite: true });
+      moved.push({ name: file.originalname });
+    }
+    res.json({ ok: true, files: moved });
+  } catch (err) {
+    next(err);
+  }
+});
 
+app.post("/api/fetch-url", async (req, res, next) => {
   try {
-    while (true) {
-      const { done, value } = await reader.read();
-      if (done) break;
-      total += value.byteLength;
-      if (total > MAX_BYTES) {
-        try { reader.cancel(); } catch {}
-        return res.status(413).json({ message: `Ukuran file melebihi limit ${LIMIT_SIZE}` });
+    const { url, destDir = "", filename } = req.body;
+    if (!url) return res.status(400).json({ error: "Missing url" });
+    const destDirFull = safeResolve(destDir);
+    await fsExtra.ensureDir(destDirFull);
+
+    let name = filename;
+    const resp = await axios.get(url, { responseType: "stream", validateStatus: (s) => s >= 200 && s < 400 });
+    if (!name) {
+      const cd = resp.headers["content-disposition"];
+      if (cd) {
+        const m = /filename\*?=(?:UTF-8'')?["']?([^"';]+)["']?/i.exec(cd);
+        if (m) name = decodeURIComponent(m[1]);
+      }
+      if (!name) {
+        try {
+          const u = new URL(url);
+          const base = path.basename(u.pathname);
+          name = base || "downloaded.file";
+        } catch {}
       }
-      chunks.push(Buffer.from(value));
     }
+    if (badName(name)) name = `downloaded-${Date.now()}`;
+    const destFull = path.join(destDirFull, name);
+    const ws = fs.createWriteStream(destFull);
+    await pipeline(resp.data, ws);
+    res.json({ ok: true, savedAs: toPosix(path.join(destDir, name)) });
   } catch (err) {
-    try { reader.cancel(); } catch {}
-    return res.status(400).json({ message: `Gagal membaca stream: ${err.message}` });
+    next(err);
   }
+});
 
-  const fileBuffer = Buffer.concat(chunks);
+app.post("/api/archive", async (req, res, next) => {
+  try {
+    const { path: rel = "", entries = [], name, format = "zip" } = req.body;
+    const dirFull = safeResolve(rel);
+    if (!Array.isArray(entries) || entries.length === 0) {
+      return res.status(400).json({ error: "No entries to archive" });
+    }
 
-  let ftype = await fileTypeFromBuffer(fileBuffer);
-  if (!ftype) ftype = { mime: 'application/octet-stream', ext: 'bin' };
+    const fmt = String(format).toLowerCase();
+    let extName, archiverType, archiverOpts;
+    if (fmt === "zip") {
+      extName = "zip";
+      archiverType = "zip";
+      archiverOpts = { zlib: { level: 9 } };
+    } else if (fmt === "tar") {
+      extName = "tar";
+      archiverType = "tar";
+      archiverOpts = { gzip: false };
+    } else if (fmt === "tgz" || fmt === "tar.gz") {
+      extName = "tar.gz";
+      archiverType = "tar";
+      archiverOpts = { gzip: true, gzipOptions: { level: 9 } };
+    } else {
+      return res.status(400).json({ error: "Unsupported format" });
+    }
 
-  const name = `${(ftype.mime.split('/')[0] || 'file')}-${Math.random().toString(36).slice(2)}.${ftype.ext}`;
-  await fs.writeFile(path.join(TMP_DIR, name), fileBuffer);
+    let outName = name;
+    if (!outName) {
+      const ts = new Date().toISOString().replace(/[:.]/g, "-");
+      outName = `archive-${ts}.${extName}`;
+    } else {
+      const lower = outName.toLowerCase();
+      const needExt =
+        (extName === "zip" && !lower.endsWith(".zip")) ||
+        (extName === "tar" && !lower.endsWith(".tar")) ||
+        (extName === "tar.gz" && !(lower.endsWith(".tar.gz") || lower.endsWith(".tgz")));
+      if (needExt) outName += `.${extName}`;
+    }
+    if (badName(outName)) return res.status(400).json({ error: "Invalid archive name" });
+
+    const outFull = path.join(dirFull, outName);
+
+    await new Promise((resolve, reject) => {
+      const output = fs.createWriteStream(outFull);
+      const archive = archiver(archiverType, archiverOpts);
+      output.on("close", resolve);
+      output.on("error", reject);
+      archive.on("error", reject);
+      archive.pipe(output);
+
+      for (const name of entries) {
+        if (badName(path.basename(name))) {
+          archive.destroy(new Error("Invalid entry name"));
+          return;
+        }
+        const full = path.join(dirFull, name);
+        const nameInArchive = path.basename(name);
+        if (fs.existsSync(full)) {
+          const stat = fs.lstatSync(full);
+          if (stat.isDirectory()) archive.directory(full, nameInArchive);
+          else archive.file(full, { name: nameInArchive });
+        }
+      }
+      archive.finalize();
+    });
 
-  return res.json({
-    name,
-    size: { bytes: fileBuffer.length, readable: toHuman(fileBuffer.length) },
-    type: ftype,
-    url: fileUrl(req, name),
-  });
+    res.json({ ok: true, archive: toPosix(path.join(rel, outName)) });
+  } catch (err) {
+    next(err);
+  }
 });
 
-app.all('/', (_req, res, next) => next()); // biar GET / tetap ke FE
+app.post("/api/unarchive", async (req, res, next) => {
+  try {
+    const { zipPath, destDir } = req.body;
+    if (!zipPath) return res.status(400).json({ error: "archive path required" });
+    const archiveFull = safeResolve(zipPath);
+    const format = archiveFormatFromName(archiveFull);
+    if (!format) return res.status(400).json({ error: "Unsupported archive format" });
+
+    let destRel = destDir;
+    if (!destRel) {
+      const base = stripArchiveExt(path.basename(archiveFull));
+      destRel = toPosix(path.join(path.dirname(zipPath), base));
+    }
+    const destFull = safeResolve(destRel);
+    await fsExtra.ensureDir(destFull);
+
+    if (format === "zip") {
+      await extract(archiveFull, { dir: destFull });
+    } else if (format === "tar") {
+      await tar.x({ file: archiveFull, cwd: destFull, gzip: false });
+    } else if (format === "tgz") {
+      await tar.x({ file: archiveFull, cwd: destFull, gzip: true });
+    }
+
+    res.json({ ok: true, extractedTo: destRel });
+  } catch (err) {
+    next(err);
+  }
+});
+
+app.get("/api/download", async (req, res, next) => {
+  try {
+    const rel = String(req.query.path || "");
+    const full = safeResolve(rel);
+    const s = await fsExtra.stat(full);
+    if (!s.isFile()) return res.status(400).json({ error: "Not a file" });
+    res.download(full, path.basename(full));
+  } catch (err) {
+    next(err);
+  }
+});
+
+// UI
+app.use("/", express.static(path.join(__dirname, "public")));
+
+app.use((err, req, res, next) => {
+  console.error(err);
+  const status = err.status || 500;
+  res.status(status).json({ error: err.message || "Internal error" });
+});
 
+const PORT = process.env.PORT || 3000;
 app.listen(PORT, () => {
-  console.log(`App running on port ${PORT}`);
-  console.log(`Files dir: ${TMP_DIR}`);
-  console.log(`Listing:   http://localhost:${PORT}/file`);
-  console.log(`Manager:   http://localhost:${PORT}/manage`);
+  console.log(`File Manager (ESM) at http://localhost:${PORT}`);
+  console.log(`ROOT_DIR = ${ROOT_DIR}`);
 });