74 lines
2.0 KiB
JavaScript
74 lines
2.0 KiB
JavaScript
const asyncHandler = require('express-async-handler');
|
|
const AuthTokens = require('../../authtokens');
|
|
const resolvePath = require('resolve-path');
|
|
|
|
|
|
module.exports = (repository, router) =>
|
|
{
|
|
router.get('/uploads', asyncHandler(async (req, res) =>
|
|
{
|
|
var files = await repository.uploads.list(req.user.hasAuth(AuthTokens.ViewAllUploads) ? null : req.user.id);
|
|
var usernames = await repository.users.getNames();
|
|
var codedescriptions = await repository.codes.getDescriptions();
|
|
|
|
files.forEach((item) =>
|
|
{
|
|
item.username = item.userId !== null ? usernames[item.userId] : null;
|
|
item.codedescription = item.codeId !== null ? codedescriptions[item.codeId] : null;
|
|
});
|
|
|
|
res.send(files);
|
|
}));
|
|
|
|
|
|
router.delete('/uploads/:id', asyncHandler(async (req, res) =>
|
|
{
|
|
var upload = await repository.uploads.get(req.params.id);
|
|
if (upload == null || (upload.userId !== req.user.id && !req.user.hasAuth(AuthTokens.ViewAllUploads)))
|
|
{
|
|
res.sendStatus(404);
|
|
return;
|
|
}
|
|
|
|
await repository.uploads.delete(upload.id);
|
|
res.sendStatus(200);
|
|
}));
|
|
|
|
|
|
router.delete('/codeuploads/:code', asyncHandler(async (req, res) =>
|
|
{
|
|
var uploads = await repository.uploads.listForCode(req.params.code);
|
|
if (uploads === null)
|
|
{
|
|
res.sendStatus(404);
|
|
return;
|
|
}
|
|
|
|
if (!req.user.hasAuth(AuthTokens.ViewAllUploads))
|
|
{
|
|
for (let i = 0; i < uploads.length; i++)
|
|
{
|
|
if (uploads[i].userId !== req.user.id)
|
|
{
|
|
res.sendStatus(404);
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
for (let i = 0; i < uploads.length; i++)
|
|
await repository.uploads.delete(uploads[i].id);
|
|
|
|
res.sendStatus(200);
|
|
}));
|
|
|
|
|
|
router.get('/download/:fileid/:displayname', asyncHandler(async (req, res) =>
|
|
{
|
|
// TODO should we check if the user has access to the file?
|
|
// for now not that important, if you know the file's UID and are logged in
|
|
|
|
var fullpath = resolvePath(config.fileUpload.path, req.params.fileid);
|
|
res.download(fullpath, req.params.displayname);
|
|
}));
|
|
} |