w0bm/f0bm
4
0
Fork 1
Code Pull Requests Activity

realizing webupload with approval functionality

Browse Source
This commit is contained in:
x
2026-01-23 23:35:12 +01:00
parent 42f4e19897
commit 577d73af11
9 changed files with 1433 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
src/inc/routes/admin.mjs
View File

@@ -5,7 +5,7 @@ import { promises as fs } from "fs";
export default (router, tpl) => {
router.get(/^\/login(\/)?$/, async (req, res) => {
if(req.cookies.session) {
if (req.cookies.session) {
return res.reply({
body: tpl.render('error', {
message: "you're already logged in lol",
@@ -17,7 +17,7 @@ export default (router, tpl) => {
body: tpl.render("login", { theme: req.cookies.theme ?? "f0ck" })
});
});
router.post(/^\/login(\/)?$/, async (req, res) => {
const user = await db`
select *
@@ -25,9 +25,9 @@ export default (router, tpl) => {
where "login" = ${req.post.username.toLowerCase()}
limit 1
`;
if(user.length === 0)
if (user.length === 0)
return res.reply({ body: "user doesn't exist or wrong password" });
if(!(await lib.verify(req.post.password, user[0].password)))
if (!(await lib.verify(req.post.password, user[0].password)))
return res.reply({ body: "user doesn't exist or wrong password" });
const stamp = ~~(Date.now() / 1e3);
@@ -36,7 +36,7 @@ export default (router, tpl) => {
where last_action <= ${(Date.now() - 6048e5)}
and kmsi = 0
`;
const session = lib.md5(lib.createID());
const blah = {
user_id: user[0].id,
@@ -49,8 +49,7 @@ export default (router, tpl) => {
};
await db`
insert into "user_sessions" ${
db(blah, 'user_id', 'session', 'browser', 'created_at', 'last_used', 'last_action', 'kmsi')
insert into "user_sessions" ${db(blah, 'user_id', 'session', 'browser', 'created_at', 'last_used', 'last_action', 'kmsi')
}
`;
@@ -60,16 +59,16 @@ export default (router, tpl) => {
"Location": "/"
}).end();
});
router.get(/^\/logout$/, lib.loggedin, async (req, res) => {
const usersession = await db`
select *
from "user_sessions"
where id = ${+req.session.sess_id}
`;
if(usersession.length === 0)
if (usersession.length === 0)
return res.reply({ body: "nope 2" });
await db`
delete from "user_sessions"
where id = ${+req.session.sess_id}
@@ -80,7 +79,7 @@ export default (router, tpl) => {
"Location": "/"
}).end();
});
router.get(/^\/login\/pwdgen$/, async (req, res) => {
res.reply({
body: "<form action=\"/login/pwdgen\" method=\"post\"><input type=\"text\" name=\"pwd\" placeholder=\"pwd\" /><input type=\"submit\" value=\"f0ck it\" /></form>"
@@ -102,7 +101,7 @@ export default (router, tpl) => {
}, req)
});
});
router.get(/^\/admin\/sessions(\/)?$/, lib.auth, async (req, res) => {
const rows = await db`
select "user_sessions".*, "user".user
@@ -110,7 +109,7 @@ export default (router, tpl) => {
left join "user" on "user".id = "user_sessions".user_id
order by "user_sessions".last_used desc
`;
res.reply({
body: tpl.render("admin/sessions", {
session: req.session,
@@ -121,79 +120,142 @@ export default (router, tpl) => {
});
});
// router.get(/^\/admin\/log(\/)?$/, lib.auth, async (req, res) => {
// // Funktioniert ohne systemd service natürlich nicht.
// exec("journalctl -qeu f0ck --no-pager", (err, stdout) => {
// res.reply({
// body: tpl.render("admin/log", {
// log: stdout.split("\n").slice(0, -1),
// tmp: null
// }, req)
// });
// });
// });
router.get(/^\/admin\/approve\/?/, lib.auth, async (req, res) => {
if (req.url.qs?.id) {
const id = +req.url.qs.id;
const f0ck = await db`
select dest, mime
from "items"
where
id = ${id} and
active = 'false'
limit 1
`;
if (f0ck.length === 0) {
return res.reply({
body: `f0ck ${id}: f0ck not found`
});
}
// router.get(/^\/admin\/recover\/?/, lib.auth, async (req, res) => {
// Gelöschte Objekte werden nicht aufgehoben.
// if(req.url.qs?.id) {
// const id = +req.url.qs.id;
// const f0ck = await db`
// select dest, mime
// from "items"
// where
// id = ${id} and
// active = 'false'
// limit 1
// `;
// if(f0ck.length === 0) {
// return res.reply({
// body: `f0ck ${id}: f0ck not found`
// });
// }
await db`update "items" set active = 'true' where id = ${id}`;
// await db`update "items" set active = 'true' where id = ${id}`;
// Check if files need moving (if they are in deleted/)
try {
await fs.access(`./public/b/${f0ck[0].dest}`);
// Exists in public, good (new upload)
} catch {
// Not in public, likely a deleted item being recovered
await fs.copyFile(`./deleted/b/${f0ck[0].dest}`, `./public/b/${f0ck[0].dest}`).catch(_ => { });
await fs.copyFile(`./deleted/t/${id}.webp`, `./public/t/${id}.webp`).catch(_ => { });
await fs.unlink(`./deleted/b/${f0ck[0].dest}`).catch(_ => { });
await fs.unlink(`./deleted/t/${id}.webp`).catch(_ => { });
// await fs.copyFile(`./deleted/b/${f0ck[0].dest}`, `./public/b/${f0ck[0].dest}`).catch(_=>{});
// await fs.copyFile(`./deleted/t/${id}.webp`, `./public/t/${id}.webp`).catch(_=>{});
// await fs.unlink(`./deleted/b/${f0ck[0].dest}`).catch(_=>{});
// await fs.unlink(`./deleted/t/${id}.webp`).catch(_=>{});
if (f0ck[0].mime.startsWith('audio')) {
await fs.copyFile(`./deleted/ca/${id}.webp`, `./public/ca/${id}.webp`).catch(_ => { });
await fs.unlink(`./deleted/ca/${id}.webp`).catch(_ => { });
}
}
// if(f0ck[0].mime.startsWith('audio')) {
// await fs.copyFile(`./deleted/ca/${id}.webp`, `./public/ca/${id}.webp`).catch(_=>{});
// await fs.unlink(`./deleted/ca/${id}.webp`).catch(_=>{});
// }
return res.writeHead(302, {
"Location": `/${id}`
}).end();
}
// return res.reply({
// body: `f0ck ${id} recovered. <a href="/admin/recover">back</a>`
// });
// }
const _posts = await db`
select id, mime, username, dest
from "items"
where
active = 'false'
order by id desc
`;
// const _posts = await db`
// select id, mime, username
// from "items"
// where
// active = 'false'
// order by id desc
// `;
if (_posts.length === 0) {
return res.reply({
body: tpl.render('admin/approve', { posts: [], tmp: null }, req)
});
}
// if(_posts.length === 0) {
// return res.reply({
// body: 'blah'
// });
// }
const posts = await Promise.all(_posts.map(async p => {
// Try to get thumbnail from public or deleted
let thumb;
try {
// Try public first
thumb = (await fs.readFile(`./public/t/${p.id}.webp`)).toString('base64');
} catch {
try {
thumb = (await fs.readFile(`./deleted/t/${p.id}.webp`)).toString('base64');
} catch {
thumb = ""; // No thumbnail?
}
}
return {
...p,
thumbnail: thumb
};
}));
// const posts = await Promise.all(_posts.map(async p => ({
// ...p,
// thumbnail: (await fs.readFile(`./deleted/t/${p.id}.webp`)).toString('base64')
// })));
res.reply({
body: tpl.render('admin/approve', {
posts,
tmp: null
}, req)
});
});
// res.reply({
// body: tpl.render('admin/recover', {
// posts,
// tmp: null
// }, req)
// });
// });
router.get(/^\/admin\/deny\/?/, lib.auth, async (req, res) => {
console.log('[ADMIN DENY] Logs initiated');
if (req.url.qs?.id) {
const id = +req.url.qs.id;
console.log(`[ADMIN DENY] Denying ID: ${id}`);
try {
const f0ck = await db`
select dest, mime
from "items"
where
id = ${id}
limit 1
`;
if (f0ck.length > 0) {
console.log(`[ADMIN DENY] Found item, deleting files: ${f0ck[0].dest}`);
// Delete files
await fs.unlink(`./public/b/${f0ck[0].dest}`).catch(e => console.log('File error pub/b:', e.message));
await fs.unlink(`./public/t/${id}.webp`).catch(e => console.log('File error pub/t:', e.message));
await fs.unlink(`./deleted/b/${f0ck[0].dest}`).catch(e => console.log('File error del/b:', e.message));
await fs.unlink(`./deleted/t/${id}.webp`).catch(e => console.log('File error del/t:', e.message));
if (f0ck[0].mime.startsWith('audio')) {
await fs.unlink(`./public/ca/${id}.webp`).catch(() => { });
await fs.unlink(`./deleted/ca/${id}.webp`).catch(() => { });
}
// Delete DB entries
console.log('[ADMIN DENY] Deleting DB entries...');
try {
await db`delete from "tags_assign" where item_id = ${id}`;
await db`delete from "favorites" where item_id = ${id}`;
await db`delete from "comments" where item_id = ${id}`.catch(() => { });
await db`delete from "items" where id = ${id}`;
console.log('[ADMIN DENY] Deleted successfully');
} catch (dbErr) {
console.error('[ADMIN DENY DB ERROR]', dbErr);
}
} else {
console.log('[ADMIN DENY] Item not found in DB');
}
} catch (err) {
console.error('[ADMIN DENY ERROR]', err);
}
return res.writeHead(302, {
"Location": `/admin/approve`
}).end();
}
console.log('[ADMIN DENY] No ID provided');
return res.writeHead(302, { "Location": "/admin/approve" }).end();
});
return router;
};