Spaces:
Running
Running
File size: 2,320 Bytes
519a20c |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
import path from 'node:path';
import fs from 'node:fs';
import express from 'express';
import sanitize from 'sanitize-filename';
import { Jimp, JimpMime } from '../jimp.js';
import { sync as writeFileAtomicSync } from 'write-file-atomic';
import { AVATAR_WIDTH, AVATAR_HEIGHT } from '../constants.js';
import { getImages, tryParse } from '../util.js';
import { getFileNameValidationFunction } from '../middleware/validateFileName.js';
export const router = express.Router();
router.post('/get', function (request, response) {
var images = getImages(request.user.directories.avatars);
response.send(JSON.stringify(images));
});
router.post('/delete', getFileNameValidationFunction('avatar'), function (request, response) {
if (!request.body) return response.sendStatus(400);
if (request.body.avatar !== sanitize(request.body.avatar)) {
console.error('Malicious avatar name prevented');
return response.sendStatus(403);
}
const fileName = path.join(request.user.directories.avatars, sanitize(request.body.avatar));
if (fs.existsSync(fileName)) {
fs.unlinkSync(fileName);
return response.send({ result: 'ok' });
}
return response.sendStatus(404);
});
router.post('/upload', getFileNameValidationFunction('overwrite_name'), async (request, response) => {
if (!request.file) return response.sendStatus(400);
try {
const pathToUpload = path.join(request.file.destination, request.file.filename);
const crop = tryParse(request.query.crop);
const rawImg = await Jimp.read(pathToUpload);
if (typeof crop == 'object' && [crop.x, crop.y, crop.width, crop.height].every(x => typeof x === 'number')) {
rawImg.crop({ w: crop.width, h: crop.height, x: crop.x, y: crop.y });
}
rawImg.cover({ w: AVATAR_WIDTH, h: AVATAR_HEIGHT });
const image = await rawImg.getBuffer(JimpMime.png);
const filename = request.body.overwrite_name || `${Date.now()}.png`;
const pathToNewFile = path.join(request.user.directories.avatars, filename);
writeFileAtomicSync(pathToNewFile, image);
fs.unlinkSync(pathToUpload);
return response.send({ path: filename });
} catch (err) {
return response.status(400).send('Is not a valid image');
}
});
|