diff --git a/src/controllers/FileController.ts b/src/controllers/FileController.ts index f997260..99284d9 100644 --- a/src/controllers/FileController.ts +++ b/src/controllers/FileController.ts @@ -1,5 +1,5 @@ import Controller from "swaf/Controller"; -import {RequireAuthMiddleware} from "swaf/auth/AuthComponent"; +import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent"; import {NextFunction, Request, Response} from "express"; import {BadRequestError, ForbiddenHttpError, ServerError} from "swaf/HttpError"; import FileModel from "../models/FileModel"; @@ -54,7 +54,12 @@ export default class FileController extends Controller { ); } - public static async handleFileUpload(slug: string, req: Request, res: Response): Promise { + public static async handleFileUpload( + slug: string, + req: Request, + res: Response, + requestAuth: boolean = false, + ): Promise { // Check for file upload if (Object.keys(req.files).indexOf('upload') < 0) { throw new BadRequestError('No file received.', 'You must upload exactly one (1) file.', req.url); @@ -68,7 +73,7 @@ export default class FileController extends Controller { if (req.body.ttl !== undefined) ttl = parseInt(req.body.ttl); else if (req.body.expire_after_days !== undefined) ttl = parseInt(req.body.expire_after_days) * 24 * 3600; - const user = req.as(RequireAuthMiddleware).getUser(); + const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser(); const file = FileModel.create({ user_id: user.id, @@ -97,14 +102,19 @@ export default class FileController extends Controller { }); } - public static async deleteFileRoute(req: Request, res: Response, next: NextFunction): Promise { + public static async deleteFileRoute( + req: Request, + res: Response, + next: NextFunction, + requestAuth: boolean = false, + ): Promise { const slug = req.params.slug; if (!slug) throw new BadRequestError('Cannot delete nothing.', 'Please provide a slug.', req.url); const file = await FileModel.getBySlug(req.params.slug); if (!file) return next(); - const user = req.as(RequireAuthMiddleware).getUser(); + const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser(); if (!file.canDelete(user.getOrFail('id'))) throw new ForbiddenHttpError('file', req.url); switch (file.storage_type) { diff --git a/src/controllers/LinkController.ts b/src/controllers/LinkController.ts index 6535e28..2f33279 100644 --- a/src/controllers/LinkController.ts +++ b/src/controllers/LinkController.ts @@ -16,14 +16,14 @@ import {log} from "swaf/Logger"; export default class LinkController extends Controller { public routes(): void { this.post('/', this.postFile, 'post-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware); - this.delete('/:slug', FileController.deleteFileRoute, 'delete-file', RequireRequestAuthMiddleware); + this.delete('/:slug', this.deleteFile, 'delete-file', RequireRequestAuthMiddleware); this.get('/:slug', this.getFile, 'get-file'); this.put('/:slug', this.putFile, 'put-file', RequireRequestAuthMiddleware, FileUploadFormMiddleware); - this.post('/', URLRedirectController.addURL, 'post-url', RequireRequestAuthMiddleware); + this.post('/', this.addURL, 'post-url', RequireRequestAuthMiddleware); this.delete('/:slug', this.deleteURL, 'delete-url', RequireRequestAuthMiddleware); this.get('/:slug', this.getURLRedirect, 'get-url'); - this.put('/:slug', URLRedirectController.addURL, 'put-url', RequireRequestAuthMiddleware); + this.put('/:slug', this.addURL, 'put-url', RequireRequestAuthMiddleware); this.get(/(.*)/, this.domainFilter); } @@ -69,7 +69,7 @@ export default class LinkController extends Controller { protected async postFile(req: Request, res: Response, next: NextFunction): Promise { if (req.body.type !== 'file') return next(); - await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res); + await FileController.handleFileUpload(req.body.slug || await generateSlug(10), req, res, true); } protected async putFile(req: Request, res: Response, next: NextFunction): Promise { @@ -77,7 +77,15 @@ export default class LinkController extends Controller { const slug = req.params.slug; if (!slug) throw new BadRequestError('Cannot put without a slug.', 'Either provide a slug or use POST method instead.', req.url); - await FileController.handleFileUpload(slug, req, res); + await FileController.handleFileUpload(slug, req, res, true); + } + + protected async deleteFile(req: Request, res: Response, next: NextFunction): Promise { + return await FileController.deleteFileRoute(req, res, next, true); + } + + protected async addURL(req: Request, res: Response, next: NextFunction): Promise { + return await URLRedirectController.addURL(req, res, next, undefined, true); } protected async getURLRedirect(req: Request, res: Response, next: NextFunction): Promise { diff --git a/src/controllers/URLRedirectController.ts b/src/controllers/URLRedirectController.ts index 7e1a73c..6e2c647 100644 --- a/src/controllers/URLRedirectController.ts +++ b/src/controllers/URLRedirectController.ts @@ -1,7 +1,7 @@ import Controller from "swaf/Controller"; import {NextFunction, Request, Response} from "express"; import URLRedirect from "../models/URLRedirect"; -import {RequireAuthMiddleware} from "swaf/auth/AuthComponent"; +import {RequireAuthMiddleware, RequireRequestAuthMiddleware} from "swaf/auth/AuthComponent"; import generateSlug from "../SlugGenerator"; import config from "config"; import AuthToken from "../models/AuthToken"; @@ -47,10 +47,16 @@ export default class URLRedirectController extends Controller { ); } - public static async addURL(req: Request, res: Response, next: NextFunction, slug?: string): Promise { + public static async addURL( + req: Request, + res: Response, + next: NextFunction, + slug?: string, + requestAuth: boolean = false, + ): Promise { if (req.body.type !== 'url') return next(); - const user = req.as(RequireAuthMiddleware).getUser(); + const user = (requestAuth ? req.as(RequireRequestAuthMiddleware) : req.as(RequireAuthMiddleware)).getUser(); slug = slug || req.params.slug || req.body.slug || await generateSlug(10); const urlRedirect = URLRedirect.create({ user_id: user.id,