Make file actions post requests

2020-07-05 19:40:51 +02:00 · 2020-07-05 19:40:51 +02:00 · 7dbe9192cd
parent e10332d0bd
commit 7dbe9192cd
3 changed files with 10 additions and 6 deletions
--- a/src/controllers/FileController.ts
+++ b/src/controllers/FileController.ts
@ -18,12 +18,12 @@ export default class FileController extends Controller {
        this.get('/files/upload/script', this.downloadLinuxScript, 'linux-script');
        this.post('/files/post', this.postFileFrontend, 'post-file-frontend', REQUIRE_AUTH_MIDDLEWARE, FILE_UPLOAD_FORM_MIDDLEWARE);
        this.get('/files/:page([0-9]+)?', this.getFileManager, 'file-manager', REQUIRE_AUTH_MIDDLEWARE);
-        this.get('/files/delete/:slug', this.deleteFile, 'delete-file-frontend', REQUIRE_AUTH_MIDDLEWARE);
+        this.post('/files/delete/:slug', this.deleteFile, 'delete-file-frontend', REQUIRE_AUTH_MIDDLEWARE);
        this.post('/gen-auth-token', this.postGenAuthToken, 'generate-token', REQUIRE_AUTH_MIDDLEWARE);
-        this.get('/revoke-auth-token/:id', this.getRevokeAuthToken, 'revoke-token', REQUIRE_AUTH_MIDDLEWARE);
+        this.post('/revoke-auth-token/:id', this.postRevokeAuthToken, 'revoke-token', REQUIRE_AUTH_MIDDLEWARE);

        this.post('/', this.postFile, 'post-file', REQUIRE_REQUEST_AUTH_MIDDLEWARE, FILE_UPLOAD_FORM_MIDDLEWARE);
-        this.delete('/delete/:slug', this.deleteFile, 'delete-file', REQUIRE_REQUEST_AUTH_MIDDLEWARE);
+        this.delete('/:slug', this.deleteFile, 'delete-file', REQUIRE_REQUEST_AUTH_MIDDLEWARE);
        this.get('/:slug', this.downloadFile, 'get-file');
        this.put('/:slug', this.putFile, 'put-file', REQUIRE_REQUEST_AUTH_MIDDLEWARE, FILE_UPLOAD_FORM_MIDDLEWARE);
    }
@ -55,7 +55,7 @@ export default class FileController extends Controller {
        res.redirectBack(Controller.route('file-upload'));
    }

-    protected async getRevokeAuthToken(req: Request, res: Response): Promise<void> {
+    protected async postRevokeAuthToken(req: Request, res: Response): Promise<void> {
        const id = req.params.id;
        if (!id) throw new BadRequestError('Cannot revoke token without an id.', 'Please provide an id.', req.url);

--- a/views/file-manager.njk
+++ b/views/file-manager.njk
@ -39,7 +39,9 @@
                    {% set expires_at = file.getExpirationDate() %}
                    <td>{% if expires_at %}{{ expires_at.toISOString() }}{% else %}Never{% endif %}</td>
                    <td>
-                        <a href="{{ route('delete-file-frontend', file.slug) }}" class="button danger"><i data-feather="trash"></i> Delete</a>
+                        <form action="{{ route('delete-file-frontend', file.slug) }}" method="post">
+                            <button class="button danger"><i data-feather="trash"></i> Delete</button>
+                        </form>
                    </td>
                </tr>
            {% endfor %}
--- a/views/file-upload.njk
+++ b/views/file-upload.njk
@ -147,7 +147,9 @@ https://ily.li/</pre>
                    <td>{{ token.created_at.toISOString() }}</td>
                    <td>{{ token.used_at.toISOString() }}</td>
                    <td>
-                        <a href="{{ route('revoke-token', token.id) }}" class="button danger"><i data-feather="trash"></i> Revoke</a>
+                        <form action="{{ route('revoke-token', token.id) }}" method="POST">
+                            <button class="button danger"><i data-feather="trash"></i> Revoke</button>
+                        </form>
                    </td>
                </tr>
            {% endfor %}