more fixessssss

2024-11-09 16:32:37 +01:00 · 2024-02-28 22:08:01 +00:00 · 2024-02-28 22:08:01 +00:00 · 39c084ea00
commit 39c084ea00
parent 59e9250b15
3 changed files with 78 additions and 50 deletions
--- a/app/routes.py
+++ b/app/routes.py
@ -164,42 +164,45 @@ def getData(id):
        return random.choice(Errors.file404)

@csrf.exempt
-@app.route('/<id>/delete')
+@app.route('/<id>/delete', methods=["GET", "POST"])
 def delete(id):
-    if Config.files.find_one({"id": id}) is not None:
+    if request.method == "GET":
+        return "You're not very smart, are you? GET request on a DELETE endpoint LMAOOO\n\n"
+    elif request.method == "POST":
+        if Config.files.find_one({"id": id}) is not None:

-        data = Config.files.find_one({"id": id})
-        
-        if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
-            Config.files.delete_one({"id": id})
-            os.remove(os.path.join(Config.fileDir, secure_filename(id)))
-            return "File deleted."
-        
-        elif data["userid"] == current_user.userid:
-            Config.files.delete_one({"id": id})
-            os.remove(os.path.join(Config.fileDir, secure_filename(id)))
-            return "File deleted."
+            data = Config.files.find_one({"id": id})
+            
+            if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+                Config.files.delete_one({"id": id})
+                os.remove(os.path.join(Config.fileDir, secure_filename(id)))
+                return "File deleted."
+            
+            elif data["userid"] == current_user.userid:
+                Config.files.delete_one({"id": id})
+                os.remove(os.path.join(Config.fileDir, secure_filename(id)))
+                return "File deleted."
+            
+            else:
+                return "You are not the owner of this file."
+
+        elif Config.url.find_one({"id": id}) is not None:
+
+            data = Config.url.find_one({"id": id})
+
+            if data["userid"] == current_user.userid:
+                Config.files.delete_one({"id": id})
+                return "URL deleted."
+            
+            elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+                Config.files.delete_one({"id": id})
+                return "URL deleted."
+            
+            else:
+                return "You are not the owner of this link."
        
        else:
-            return "You are not the owner of this file."
-
-    elif Config.url.find_one({"id": id}) is not None:
-
-        data = Config.url.find_one({"id": id})
-
-        if data["userid"] == current_user.userid:
-            Config.files.delete_one({"id": id})
-            return "URL deleted."
-        
-        elif data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
-            Config.files.delete_one({"id": id})
-            return "URL deleted."
-        
-        else:
-            return "You are not the owner of this link."
-    
-    else:
-        return "This ID does not exist."
+            return "This ID does not exist."

@app.route('/teapot')
 def teapot():
@ -261,22 +264,36 @@ def resetidpass():
        return f"Your new IDPass is \n {idpass}\n This will only be shown once, please save it somewhere safe."

 ### API Endpoints ###
-
-@app.route('/api')
+@csrf.exempt
+@app.route('/api', methods=["GET", "POST"])
 def api():
    return {"error": "Specify an API version."}

-@app.route('/api/v1')
+@csrf.exempt
+@app.route('/api/v1', methods=["GET", "POST"])
 def v3():
    return {"status": "ok"}

-@app.route('/api/v1/user/<id>')
+@csrf.exempt
+@app.route('/api/v1/user/<id>', methods=["GET", "POST"])
 def getUser(id):
-    return worker.userInfo(id)
+    data = Config.users.find_one({"userid": id})
+    if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+        return worker.userInfo(id)
+    else:
+        return "Incorrect userID or IDPass", 401

-@app.route('/api/v1/file/<id>')
+@csrf.exempt
+@app.route('/api/v1/file/<id>', methods=["GET", "POST"])
 def getInfo(id):
-    return worker.idInfo(id)
+    data = Config.files.find_one({"id": id})
+
+    if data["userid"] == request.form.get("userid") and bcrypt.check_password_hash(Config.users.find_one({"userid": data["userid"]})["idpass"], request.form.get("idpass")):
+        cred = True
+    else:
+        cred = False
+
+    return worker.idInfo(id, cred)

 ### Error Handlers ###

--- a/app/templates/dashboard.html
+++ b/app/templates/dashboard.html
@ -17,7 +17,6 @@
    <table>
        <tr>
            <th>ID</th>
-            
            <th>Filename</th>
            <th>Size</th>
            <th>Retention</th>
--- a/app/worker.py
+++ b/app/worker.py
@ -108,17 +108,29 @@ def shortenURL(url, ip, userid, id, retention):

    return f"https://xygt.cc/{id}", 200

-def idInfo(id):
-    # Check files and url for the ID
-    if Config.files.find_one({"id": id}) is not None:
-        check = Config.files.find_one({"id": id}, {'_id': False, "ip": False})
-                                            # "ip": False removes the IP from the returned data.
-    # If it's not there then check url
-    elif Config.url.find_one({"id": id}) is not None:
-        check = Config.url.find_one({"id": id}, {'_id': False, "ip": False}) 
+def idInfo(id, cred):
+    # Check if cred is true
+    if cred:
+        # Check files and url for the ID
+        if Config.files.find_one({"id": id}) is not None:
+            check = Config.files.find_one({"id": id}, {'_id': False})

-    # Return the mongodb info about the file, removing IP if its present
-    return check
+        # If it's not there then check url
+        elif Config.url.find_one({"id": id}) is not None:
+            check = Config.url.find_one({"id": id}, {'_id': False}) 
+
+        # Return the mongodb info about the file
+        return check
+    else:
+        # Check files and url for the ID
+        if Config.files.find_one({"id": id}) is not None:
+            check = Config.files.find_one({"id": id}, {'_id': False, "ip": False, "userid": False})
+        # If it's not there then check url
+        elif Config.url.find_one({"id": id}) is not None:
+            check = Config.url.find_one({"id": id}, {'_id': False, "ip": False, "userid": False}) 
+
+        # Return the mongodb info about the file
+        return check

 def userInfo(id):
    # Grab user entry from userID