Home Explore Help
Register Sign In
isundil
/
photochamber-webserver
1
0
Fork 0
Files Issues 7
Tree: 16e99f81f6
Branches Tags
photochamber-we...
/
router
/
api.js

api.js 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334 
  1. 

  2. const mime = require("mime-types");
    3. 

  3. const fs = require('fs');
    4. 

  4. const Path = require('path');
    5. 

  5. const Security = require('../src/security.js');
    6. 

  6. const MediaService = require('../model/mediaService.js');
    7. 

  7. const MediaFileMetaModel = require('../model/mediaItemMeta.js').MediaFileMetaModel;
    8. 

  8. const MediaFileTagModel = require('../model/mediaItemTag.js').MediaFileTagModel;
    9. 

  9. const { AccessModel, ACCESS_TYPE, ACCESS_GRANT, ACCESS_TO } = require('../model/access.js');
    10. 

  10. 

  11. function MediaToJson(mediaData) {
    12. 

  12.     if (!mediaData)
    13. 

  13.         return null;
    14. 

  14.     if (mediaData.accessType === ACCESS_GRANT.readNoMeta)
    15. 

  15.         mediaData.meta = {
    16. 

  16.             height: mediaData.meta?.height,
    17. 

  17.             width: mediaData.meta?.width
    18. 

  18.         };
    19. 

  19.     return mediaData;
    20. 

  20. }
    21. 

  21. 

  22. function accessToJson(access) {
    23. 

  23.     const typeStr = [ "unknown", "ldapAccount", "email", "link", "every one" ][access.type];
    24. 

  24.     const accessToStr = [ "unknown", "item", "tag", "meta", "everything", "admin"][access.accessTo];
    25. 

  25.     const grantStr = [ "none", "read", "write", "read without meta"][access.grant];
    26. 

  26.     return {
    27. 

  27.         id: access.id,
    28. 

  28.         type: typeStr,
    29. 

  29.         typeLabel: access.typeLabel,
    30. 

  30.         typeData: access.typeData,
    31. 

  31.         accessTo: accessToStr,
    32. 

  32.         accessToData: access.accessToData,
    33. 

  33.         grant: grantStr
    34. 

  34.     };
    35. 

  35. }
    36. 

  36. 

  37. async function accessListToJson(app, req) {
    38. 

  38.     let result = {
    39. 

  39.         ...(req.sessionObj?.accessList || {})
    40. 

  40.     };
    41. 

  41.     result.isAdmin = await req.sessionObj?.accessList?.isAdmin?.(app, result) || false;
    42. 

  42.     delete result.isAdmin_;
    43. 

  43.     return result;
    44. 

  44. }
    45. 

  45. 

  46. module.exports = { register: app => {
    47. 

  47.     app.router.post("/api/server/reboot", async (req, res) => {
    48. 

  48.         app.routerUtils.onApiRequest(req, res);
    49. 

  49.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList))
    50. 

  50.             return app.routerUtils.onBadRequest(res);
    51. 

  51.         console.log("Starting reboot process, initiaed from ", res.sessionObj);
    52. 

  52.         app.server.close(() => {
    53. 

  53.             require("child_process").spawn(process.argv.shift(), process.argv, {
    54. 

  54.                 cwd: process.cwd(),
    55. 

  55.                 detached : true,
    56. 

  56.                 stdio: "inherit"
    57. 

  57.             }).unref();
    58. 

  58.             setTimeout(() => process.exit(), 500);
    59. 

  59.         });
    60. 

  60.         app.routerUtils.jsonResponse(res, {});
    61. 

  61.     });
    62. 

  62.     app.router.post("/api/database/reload", async (req, res) => {
    63. 

  63.         app.routerUtils.onApiRequest(req, res);
    64. 

  64.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList))
    65. 

  65.             return app.routerUtils.onBadRequest(res);
    66. 

  66.         app.libraryManager.forceReload(app);
    67. 

  67.         app.routerUtils.jsonResponse(res, {});
    68. 

  68.     });
    69. 

  69.     app.router.post("/api/database/scan", async (req, res) => {
    70. 

  70.         app.routerUtils.onApiRequest(req, res);
    71. 

  71.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList))
    72. 

  72.             return app.routerUtils.onBadRequest(res);
    73. 

  73.         app.libraryManager.updateLibraries(app);
    74. 

  74.         app.routerUtils.jsonResponse(res, {});
    75. 

  75.     });
    76. 

  76.     app.router.get("/api/access/list", async (req, res) => {
    77. 

  77.         app.routerUtils.onApiRequest(req, res);
    78. 

  78.         app.routerUtils.jsonResponse(res, await accessListToJson(app, req));
    79. 

  79.     });
    80. 

  80.     app.router.post("/api/access/link", async (req, res) => { // /api/access/link, post: { linkIds: [string] (JSON) }
    81. 

  81.         app.routerUtils.onApiRequest(req, res);
    82. 

  82.         if (!req.post?.linkIds?.length)
    83. 

  83.             return app.routerUtils.httpResponse(res, 400, "Missing argument");
    84. 

  84.         try {
    85. 

  85.             for (let i of JSON.parse(req.post.linkIds)) {
    86. 

  86.                 const access = await app.databaseHelper.findOne(AccessModel, { type: ACCESS_TYPE.link, typeData: i });
    87. 

  87.                 if (access) {
    88. 

  88.                     Security.addLinkToSession(req, access.id, i, access.typeLabel);
    89. 

  89.                     if (access.accessTo == ACCESS_TO.admin)
    90. 

  90.                         Security.setAdmin(req, true);
    91. 

  91.                 }
    92. 

  92.             }
    93. 

  93.         }
    94. 

  94.         catch (err) {
    95. 

  95.             console.error(err);
    96. 

  96.             return app.routerUtils.onBadRequest(res);
    97. 

  97.         }
    98. 

  98.         app.routerUtils.jsonResponse(res, await accessListToJson(app, req));
    99. 

  99.     });
    100. 

  100.     app.router.del("/api/access/:id", async (req, res) => {
    101. 

  101.         app.routerUtils.onApiRequest(req, res);
    102. 

  102.         Security.removeFromSession(req, req.params.id);
    103. 

  103.         const access = await app.databaseHelper.fetch(AccessModel, { id: Object.keys(req.sessionObj.accessList).map(i => req.sessionObj.accessList[i]).filter(x => x.dbId).map(x => x.dbId), accessTo: ACCESS_TO.admin });
    104. 

  104.         const result = Security.setAdmin(req, !!(access?.length || 0));
    105. 

  105.         app.routerUtils.jsonResponse(res, result);
    106. 

  106.     });
    107. 

  107.     app.router.post("/api/accessAdmin/create", async (req, res) => {
    108. 

  108.         app.routerUtils.onApiRequest(req, res);
    109. 

  109.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList) || !req.body)
    110. 

  110.             return app.routerUtils.onBadRequest(res);
    111. 

  111.         let access = new AccessModel();
    112. 

  112.         access.type = parseInt(req.body.typeId);
    113. 

  113.         access.typeData = req.body.typeData;
    114. 

  114.         access.typeLabel = req.body.typeLabel;
    115. 

  115.         access.accessTo = parseInt(req.body.accessToId);
    116. 

  116.         access.accessToData = req.body.accessToData;
    117. 

  117.         access.grant = parseInt(req.body.grant);
    118. 

  118.         try {
    119. 

  119.             await app.databaseHelper.insertOne(access);
    120. 

  120.         }
    121. 

  121.         catch (err) {
    122. 

  122.             console.error(err);
    123. 

  123.             return app.routerUtils.onBadRequest(res);
    124. 

  124.         }
    125. 

  125.         app.routerUtils.jsonResponse(res, accessToJson(access));
    126. 

  126.     });
    127. 

  127.     app.router.del("/api/accessAdmin/:id", async (req, res) => {
    128. 

  128.         app.routerUtils.onApiRequest(req, res);
    129. 

  129.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList) || !req.params.id)
    130. 

  130.             return app.routerUtils.onBadRequest(res);
    131. 

  131.         app.databaseHelper.remove(AccessModel, { id: parseInt(req.params.id) });
    132. 

  132.         app.routerUtils.jsonResponse(res, {});
    133. 

  133.     });
    134. 

  134.     app.router.post("/api/accessAdmin/:id", async (req, res) => {
    135. 

  135.         app.routerUtils.onApiRequest(req, res);
    136. 

  136.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList) || !req.params.id || !req.body)
    137. 

  137.             return app.routerUtils.onBadRequest(res);
    138. 

  138.         const access = (await app.databaseHelper.fetch(AccessModel, { id: parseInt(req.params.id) }))?.[0];
    139. 

  139.         if (!access)
    140. 

  140.             return app.routerUtils.onBadRequest(res);
    141. 

  141.         access.typeLabel = req.body.typeLabel;
    142. 

  142.         access.typeData = req.body.typeData;
    143. 

  143.         access.accessTo = parseInt(req.body.accessToId);
    144. 

  144.         access.accessToData = req.body.accessToData;
    145. 

  145.         access.grant = parseInt(req.body.grant);
    146. 

  146.         try {
    147. 

  147.             app.databaseHelper.upsertOne(access);
    148. 

  148.         }
    149. 

  149.         catch (err) {
    150. 

  150.             console.error(err);
    151. 

  151.             return app.routerUtils.onBadRequest(res);
    152. 

  152.         }
    153. 

  153.         app.routerUtils.jsonResponse(res, accessToJson(access));
    154. 

  154.     });
    155. 

  155.     app.router.get("/api/accessAdmin/list", async (req, res) => {
    156. 

  156.         app.routerUtils.onApiRequest(req, res);
    157. 

  157.         if (!await req.sessionObj?.accessList?.isAdmin(app, req.sessionObj?.accessList))
    158. 

  158.             return app.routerUtils.onBadRequest(res);
    159. 

  159.         app.routerUtils.jsonResponse(res, (await app.databaseHelper.fetch(AccessModel)).map(accessToJson));
    160. 

  160.     });
    161. 

  161.     app.router.post("/api/media/:id/tag/del/:tag", async (req, res) => {
    162. 

  162.         app.routerUtils.onApiRequest(req, res);
    163. 

  163.         if (!req.params.id ||!req.params.tag)
    164. 

  164.             return app.routerUtils.onBadRequest(res);
    165. 

  165.         let checksum = [ req.params.id ];
    166. 

  166.         if (req.params.id === "list") {
    167. 

  167.             if (!req.body?.['list[]'])
    168. 

  168.                 return app.routerUtils.onBadRequest(res);
    169. 

  169.             checksum = req.body['list[]'];
    170. 

  170.         }
    171. 

  171. 

  172.         let data = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    173. 

  173.         data = Object.keys(data).map(x => data[x]).filter(x => x.ACCESS_TYPE != ACCESS_GRANT.write);
    174. 

  174.         await Promise.all(data.map(x => MediaService.updateVersionInDb(app, x.fixedSum)));
    175. 

  175. 

  176.         await app.databaseHelper.remove(MediaFileTagModel, { md5sum: data.map(x => x.fixedSum), tag: decodeURIComponent(req.params.tag), fromMeta: 0 });
    177. 

  177.         const allMedias = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    178. 

  178.         app.routerUtils.jsonResponse(res, Object.keys(allMedias).map(x => allMedias[x]).map(x => MediaToJson(x)));
    179. 

  179.     });
    180. 

  180.     app.router.put("/api/media/:id/tag", async (req, res) => {
    181. 

  181.         app.routerUtils.onApiRequest(req, res);
    182. 

  182.         const requestedTag = req.body?.tag;
    183. 

  183.         if (!req.params.id ||!requestedTag)
    184. 

  184.             return app.routerUtils.onBadRequest(res);
    185. 

  185. 

  186.         let checksum = [ req.params.id ];
    187. 

  187.         if (req.params.id === "list") {
    188. 

  188.             if (!req.body?.['list[]'])
    189. 

  189.                 return app.routerUtils.onBadRequest(res);
    190. 

  190.             checksum = req.body['list[]'];
    191. 

  191.         }
    192. 

  192. 

  193.         let data = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    194. 

  194.         data = Object.keys(data)
    195. 

  195.             .map(x => data[x])
    196. 

  196.             .filter(x => {
    197. 

  197.                 if (x.ACCESS_TYPE != ACCESS_GRANT.write)
    198. 

  198.                     return true;
    199. 

  199.                 for (let existingTag of [...x.tags, ...x.fixedTags]) {
    200. 

  200.                     if (existingTag === requestedTag || existingTag.startsWith(`${requestedTag}/`)) {
    201. 

  201.                         return true;
    202. 

  202.                     }
    203. 

  203.                 }
    204. 

  204.             });
    205. 

  205.         await Promise.all(data.map(x => MediaService.updateVersionInDb(app, x.fixedSum)));
    206. 

  206. 

  207.         let tag = data.map(x => new MediaFileTagModel(x.fixedSum, requestedTag, false));
    208. 

  208.         try {
    209. 

  209.             await app.databaseHelper.insertMultipleSameTable(tag);
    210. 

  210.         }
    211. 

  211.         catch (err) {
    212. 

  212.             console.error(err);
    213. 

  213.             return app.routerUtils.onBadRequest(res);
    214. 

  214.         }
    215. 

  215.         const allMedias = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    216. 

  216.         app.routerUtils.jsonResponse(res, Object.keys(allMedias).map(x => allMedias[x]).map(x => MediaToJson(x)));
    217. 

  217.     });
    218. 

  218.     app.router.patch("/api/media/:id/meta/:key", async (req, res) => {
    219. 

  219.         app.routerUtils.onApiRequest(req, res);
    220. 

  220.         if (!req.params.id ||!req.params.key || !Number.isInteger(req.body?.value?.length))
    221. 

  221.             return app.routerUtils.onBadRequest(res);
    222. 

  222. 

  223.         let checksum = [ req.params.id ];
    224. 

  224.         if (req.params.id === "list") {
    225. 

  225.             if (!req.body?.['list[]'])
    226. 

  226.                 return app.routerUtils.onBadRequest(res);
    227. 

  227.             checksum = req.body['list[]'];
    228. 

  228.         }
    229. 

  229. 

  230.         let data = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    231. 

  231.         data = Object.keys(data)
    232. 

  232.             .map(x => data[x])
    233. 

  233.             .filter(x => x.ACCESS_TYPE != ACCESS_GRANT.write);
    234. 

  234. 

  235.         if (!(await MediaService.updateMeta(app, data.map(x => x.fixedSum), req.params.key, req.body.value)))
    236. 

  236.             return app.routerUtils.onBadRequest(res);
    237. 

  237.         const allMedias = await MediaService.fetchMultiple(app, checksum, req.sessionObj?.accessList, 0);
    238. 

  238.         app.routerUtils.jsonResponse(res, Object.keys(allMedias).map(x => allMedias[x]).map(x => MediaToJson(x)));
    239. 

  239.     });
    240. 

  240.     app.router.get("/api/media/list", async (req, res) => {
    241. 

  241.         app.routerUtils.onApiRequest(req, res);
    242. 

  242.         let first = undefined,
    243. 

  243.             last = undefined,
    244. 

  244.             maxVersion = undefined;
    245. 

  245.         if (req.body?.chronology !== undefined) {
    246. 

  246.             let range = await MediaService.getMediaRange(app);
    247. 

  247.             first = range.min;
    248. 

  248.             last = range.max;
    249. 

  249.             maxVersion = range.maxVersion;
    250. 

  250.         }
    251. 

  251.         let fromDate = parseInt(req.body?.from);
    252. 

  252.         let count = parseInt(req.body?.count);
    253. 

  253.         app.routerUtils.jsonResponse(res, {
    254. 

  254.             data: (await MediaService.fetchMediasWithAccess(
    255. 

  255.                 app,
    256. 

  256.                 isNaN(fromDate) ? 0 : fromDate,
    257. 

  257.                 isNaN(count) ? 25 : Math.min(350, count),
    258. 

  258.                 req.sessionObj?.accessList,
    259. 

  259.                 req.body?.version || 0)).map(MediaToJson),
    260. 

  260.             first: first,
    261. 

  261.             last: last,
    262. 

  262.             maxVersion: maxVersion
    263. 

  263.         });
    264. 

  264.     });
    265. 

  265.     app.router.get("/api/media/sumlist", async (req, res) => {
    266. 

  266.         app.routerUtils.onApiRequest(req, res);
    267. 

  267.         app.routerUtils.jsonResponse(res, {
    268. 

  268.             data: await MediaService.fetchMediasSumWithAccess(
    269. 

  269.                 app,
    270. 

  270.                 req.sessionObj?.accessList)
    271. 

  271.         });
    272. 

  272.     });
    273. 

  273.     app.router.del("/api/media/:md5sum", async (req, res) => {
    274. 

  274.         app.routerUtils.onApiRequest(req, res);
    275. 

  275.         let data = MediaToJson(await MediaService.fetchOne(app, req.params.md5sum, req.sessionObj?.accessList, 0));
    276. 

  276.         if (!data)
    277. 

  277.             return app.routerUtils.onPageNotFound(res);
    278. 

  278.         await MediaService.removeMedia(app, data);
    279. 

  279.         app.routerUtils.jsonResponse(res, {});
    280. 

  280.     });
    281. 

  281.     app.router.get("/api/media/:md5sum", async (req, res) => {
    282. 

  282.         app.routerUtils.onApiRequest(req, res);
    283. 

  283.         let data = MediaToJson(await MediaService.fetchOne(app, req.params.md5sum, req.sessionObj?.accessList, 0));
    284. 

  284.         if (!data)
    285. 

  285.             return app.routerUtils.onPageNotFound(res);
    286. 

  286.         app.routerUtils.jsonResponse(res, data);
    287. 

  287.     });
    288. 

  288.     app.router.get("/api/media/thumbnail/:md5sum.jpg", async (req, res) => {
    289. 

  289.         app.routerUtils.onApiRequest(req, res);
    290. 

  290.         let data = await MediaService.fetchOne(app, req.params.md5sum, req.sessionObj?.accessList, 0);
    291. 

  291.         if (!data)
    292. 

  292.             return app.routerUtils.onPageNotFound(res);
    293. 

  293.         try {
    294. 

  294.             let thumbnail = null;
    295. 

  295.             req.body = req.body || {};
    296. 

  296.             req.body.w = parseInt(req.body.w || 0);
    297. 

  297.             req.body.h = parseInt(req.body.h || 0);
    298. 

  298.             req.body.q = parseInt(req.body.q || 6);
    299. 

  299.             try {
    300. 

  300.                 thumbnail = await (await app.libraryManager.findMedia(data.path))?.createThumbnail(req.body.w, req.body.h, req.body.q);
    301. 

  301.             } catch (err) {
    302. 

  302.                 return app.routerUtils.apiError(res);
    303. 

  303.             }
    304. 

  304.             if (!thumbnail)
    305. 

  305.                 return app.routerUtils.onPageNotFound(res);
    306. 

  306.             res.setHeader("Content-Type", "image/jpeg");
    307. 

  307.             res.setHeader("Content-Length", fs.statSync(thumbnail.name)?.size || undefined);
    308. 

  308.             res.setHeader("Cache-Control", "private, max-age=2630000"); // 1 month cache
    309. 

  309.             let rd = fs.createReadStream(thumbnail.name);
    310. 

  310.             rd.once('end', () => thumbnail.removeCallback());
    311. 

  311.             rd.pipe(res);
    312. 

  312.         }
    313. 

  313.         catch (err) {
    314. 

  314.             console.error(err);
    315. 

  315.             app.routerUtils.onPageNotFound(res);
    316. 

  316.         }
    317. 

  317.     });
    318. 

  318.     app.router.get("/api/media/original/:md5sum", async (req, res) => {
    319. 

  319.         app.routerUtils.onApiRequest(req, res);
    320. 

  320.         let data = await MediaService.fetchOne(app, req.params.md5sum, req.sessionObj?.accessList, 0);
    321. 

  321.         if (!data)
    322. 

  322.             return app.routerUtils.onPageNotFound(res);
    323. 

  323.         const fileName = Path.basename(data.path);
    324. 

  324.         res.setHeader("Cache-Control", "private, max-age=2630000"); // 1 month cache
    325. 

  325.         if (data.accessType === ACCESS_GRANT.readNoMeta || req.body?.trim !== undefined) {
    326. 

  326.             console.log("remove meta");//-> trim metadata
    327. 

  327.         }
    328. 

  328.         res.setHeader("Content-Disposition", `attachment; filename="${fileName}"`);
    329. 

  329.         res.setHeader("Content-Type", mime.lookup(data.path));
    330. 

  330.         res.setHeader("Content-Length", fs.statSync(data.path)?.size || undefined);
    331. 

  331.         fs.createReadStream(data.path).pipe(res);
    332. 

  332.     });
    333. 

  333. }};
    334. 

  334.