more fixessssss

app/routes.py

@@ -164,8 +164,11 @@ def getData(id):
         return random.choice(Errors.file404)
 
 @csrf.exempt
-@app.route('/<id>/delete')
+@app.route('/<id>/delete', methods=["GET", "POST"])
 def delete(id):
+    if request.method == "GET":
+        return "You're not very smart, are you? GET request on a DELETE endpoint LMAOOO\n\n"
+    elif request.method == "POST":
         if Config.files.find_one({"id": id}) is not None:
 
             data = Config.files.find_one({"id": id})
@@ -261,22 +264,36 @@ def resetidpass():
         return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe."
 
 ### API Endpoints ###
-
+@csrf.exempt
-@app.route('/api')
+@app.route('/api', methods=["GET", "POST"])
 def api():
     return {"error": "Specify an API version."}
 
-@app.route('/api/v1')
+@csrf.exempt
+@app.route('/api/v1', methods=["GET", "POST"])
 def v3():
     return {"status": "ok"}
 
-@app.route('/api/v1/user/<id>')
+@csrf.exempt
+@app.route('/api/v1/user/<id>', methods=["GET", "POST"])
 def getUser(id):
+    data = Config.users.find_one({"userid": id})
+    if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
         return worker.userInfo(id)
+    else:
+        return "Incorrect userID or IDPass", 401
 
-@app.route('/api/v1/file/<id>')
+@csrf.exempt
+@app.route('/api/v1/file/<id>', methods=["GET", "POST"])
 def getInfo(id):
-    return worker.idInfo(id)
+    data = Config.files.find_one({"id": id})
+
+    if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+        cred = True
+    else:
+        cred = False
+
+    return worker.idInfo(id, cred)
 
 ### Error Handlers ###
 

app/templates/dashboard.html

@@ -17,7 +17,6 @@
     <table>
         <tr>
             <th>ID</th>
-            
             <th>Filename</th>
             <th>Size</th>
             <th>Retention</th>

app/worker.py

@@ -108,16 +108,28 @@ def shortenURL(url, ip, userid, id, retention):
 
     return f"https://xygt.cc/{id}", 200
 
-def idInfo(id):
+def idInfo(id, cred):
+    # Check if cred is true
+    if cred:
         # Check files and url for the ID
         if Config.files.find_one({"id": id}) is not None:
-        check = Config.files.find_one({"id": id}, {'_id': False, "ip": False})
+            check = Config.files.find_one({"id": id}, {'_id': False})
-                                            # "ip": False removes the IP from the returned data.
+
         # If it's not there then check url
         elif Config.url.find_one({"id": id}) is not None:
-        check = Config.url.find_one({"id": id}, {'_id': False, "ip": False}) 
+            check = Config.url.find_one({"id": id}, {'_id': False}) 
 
-    # Return the mongodb info about the file, removing IP if its present
+        # Return the mongodb info about the file
+        return check
+    else:
+        # Check files and url for the ID
+        if Config.files.find_one({"id": id}) is not None:
+            check = Config.files.find_one({"id": id}, {'_id': False, "ip": False, "userid": False})
+        # If it's not there then check url
+        elif Config.url.find_one({"id": id}) is not None:
+            check = Config.url.find_one({"id": id}, {'_id': False, "ip": False, "userid": False}) 
+
+        # Return the mongodb info about the file
         return check
 
 def userInfo(id):