1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-12-03 10:59:13 -05:00
shimapan/app/routes/upload.js

115 lines
3.3 KiB
JavaScript
Executable File

var express = require('express');
var router = express.Router();
var mongoose = require('mongoose');
var User = require('../models/User.js');
var Upload = require('../models/Upload.js');
var Key = require('../models/Key.js');
var multer = require('multer');
var dest = multer({dest: 'uploads/'});
function fileNameExists(name) {
Upload.count({name: name}, function (err, count) {
return count !== 0;
});
}
function genFileName() {
var charset = "abcdefghijklmnopqrstuvwxyz";
do {
var chars = [];
for (var i = 0; i < 6; i++)
chars.push(charset.charAt(Math.floor(Math.random() * charset.length)));
} while (fileNameExists(chars.join('')));
return chars.join('');
}
function updateStats(type, id, size) {
if (type === 'session') {
User.updateOne({username: id}, {$inc: {uploadCount: 1, uploadSize: size}}, function (err) {
if (err) throw err;
});
} else if (type === 'apikey') {
Key.updateOne({key: id}, {$inc: {uploadCount: 1, uploadSize: size}}, function (err) {
if (err) throw err;
});
}
}
var checkApiKey = function (key, cb) {
Key.find({key: key}, function (err, res) {
if (err) throw err;
cb(res.length === 1, res);
});
};
var checkScope = function (type, id, perm, cb) {
if (type === 'session') {
User.findOne({username: id}, function (err, user) {
if (err) throw err;
cb(user.scope.indexOf(perm) !== -1);
});
} else {
Key.findOne({key: id}, function (err, key) {
if (err) throw err;
cb(key.scope.indexOf(perm) !== -1);
});
}
};
function uploadFile(req, res, type, key) {
if (!req.file)
return res.status(400).json({'message': 'No file specified.'});
// Size must be below 128 Megabytes (1024*1024*128 Bytes)
if (req.file.size >= 134217728)
return res.status(413).json({'message': 'File too large.'});
var uploader = type === 'session' ? req.session.passport.user : key[0].username;
var uploadKey = type === 'apikey' ? key[0].key : null;
var id = type === 'session' ? req.session.passport.user : key[0].key;
checkScope(type, id, 'file.upload', function (valid) {
if (!valid)
return res.status(403).json({'message': 'No permission.'});
var entry = {
name: genFileName(),
uploader: uploader,
uploadKey: uploadKey,
date: Date.now(),
file: req.file
};
updateStats(type, id, req.file.size);
Upload.create(entry, function (err) {
if (err) throw err;
res.status(200).json({
name: entry.name,
url: 'https://shimapan.rocks/v/' + entry.name
});
});
});
}
router.post('/', dest.single('file'), function (req, res) {
if (!req.session || !req.session.passport) {
if (!req.body.apikey) {
return res.sendStatus(401);
} else {
checkApiKey(req.body.apikey, function (valid, key) {
if (!valid)
return res.sendStatus(401);
else
uploadFile(req, res, 'apikey', key);
});
}
} else {
uploadFile(req, res, 'session');
}
});
module.exports = router;