nodejs-fm/index.js

const express = require('express')
const bodyParser = require('body-parser')
const fs = require('fs')
const path = require('path')
const processing = require('./processing')

const port = 8080;

app = express()

let settings = JSON.parse(fs.readFileSync("settings.json"))

const DIR=settings.dirname;
app.use(bodyParser.urlencoded({extended:false}))
app.use(bodyParser.json())

// Check if a given directory is within the main defined directory or not
let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirmain).startsWith('..')


//Get folder details
app.post('/files/cat',(req,res,next)=>{
    const location = processing.mergedir(req.body.loc,settings)
    //const nloc = path.normalize(req.body.loc);
    const nloc = path.normalize(path.relative(settings.dirname,location))
    if(inDir(settings.dirname,location)){
        res.download(location,err=>{if(err) next(err)} )
    }
})


app.post('/files/ls',(req,res,next)=>{
    const location = processing.mergedir(req.body.loc,settings)
    //const nloc = path.normalize(req.body.loc);
    const nloc = path.normalize(path.relative(settings.dirname,location))
    //Make sure not escaping the given path; insecure
    if(inDir(settings.dirname,location)){
        fs.readdir(location,{withFileTypes:true},(err,files)=>{
            if(err){
                next(err)
            }
            else{
                res.json({
                    "loc": nloc ,
                    "back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(nloc,'..')):null,
                    "contents":processing.dirprocess(files,location,settings)
                })
            }
        })
    }
    else{
        res.status(404).json({"error":"Access denied","loc":'/'})
    }
    
    //next()
})

app.post('/files/ls',(res,rep,next)=>{

})


//Attempt to upload a file - Placeholder
app.put('/files/upload',(req,res)=>{
    console.log("Upload attempted")
    res.json({'error':500})
})

// Use jquery
app.use('/jquery', express.static( path.join(__dirname ,'node_modules','jquery','dist') ) )

// Use the statics
app.get( '/*', express.static( path.join(__dirname,'static') ) )


//All non-matched end up in this route
app.all('*',(req,res)=>{
    res.status(404).json({'error':404});

})

app.listen(port,()=>{
    console.log(`Listening : ${port}`)
})

app.use((err,req,res,next)=>{
    res.status(500).json({error:`Internal error.Try again.`})
})

module.exports = app;
Add base code 2019-05-19 12:21:40 +05:30			`const express = require('express')`
			`const bodyParser = require('body-parser')`
Indexing basics 2019-05-21 10:38:54 +05:30			`const fs = require('fs')`
Basic HTML framework 2019-05-19 18:48:50 +05:30			`const path = require('path')`
Indexing basics 2019-05-21 10:38:54 +05:30			`const processing = require('./processing')`
Basic HTML framework 2019-05-19 18:48:50 +05:30
Add base code 2019-05-19 12:21:40 +05:30			`const port = 8080;`
Update dependencies, README 2019-05-24 12:04:21 +05:30
Add base code 2019-05-19 12:21:40 +05:30			`app = express()`

Indexing basics 2019-05-21 10:38:54 +05:30			`let settings = JSON.parse(fs.readFileSync("settings.json"))`

			`const DIR=settings.dirname;`
Add base code 2019-05-19 12:21:40 +05:30			`app.use(bodyParser.urlencoded({extended:false}))`
			`app.use(bodyParser.json())`

Introduce sandbox folder 2019-05-24 10:45:06 +05:30			`// Check if a given directory is within the main defined directory or not`
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`let inDir = (dircheck,dirmain) => !path.relative(path.normalize(dircheck), dirmain).startsWith('..')`

Introduce sandbox folder 2019-05-24 10:45:06 +05:30


Implement traversal of folders 2019-05-22 20:22:59 +05:30			`//Get folder details`
Be careful or error logs Implement file downloads 2019-05-24 11:43:48 +05:30			`app.post('/files/cat',(req,res,next)=>{`
			`const location = processing.mergedir(req.body.loc,settings)`
			`//const nloc = path.normalize(req.body.loc);`
			`const nloc = path.normalize(path.relative(settings.dirname,location))`
			`if(inDir(settings.dirname,location)){`
			`res.download(location,err=>{if(err) next(err)} )`
			`}`
			`})`

Indexing basics 2019-05-21 10:38:54 +05:30
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`app.post('/files/ls',(req,res,next)=>{`
			`const location = processing.mergedir(req.body.loc,settings)`
Fix sandboxing(#2) 2019-05-24 11:25:10 +05:30			`//const nloc = path.normalize(req.body.loc);`
			`const nloc = path.normalize(path.relative(settings.dirname,location))`
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`//Make sure not escaping the given path; insecure`
			`if(inDir(settings.dirname,location)){`
			`fs.readdir(location,{withFileTypes:true},(err,files)=>{`
			`if(err){`
			`next(err)`
			`}`
			`else{`
			`res.json({`
Fix sandboxing(#1) 2019-05-24 11:04:51 +05:30			`"loc": nloc ,`
			`"back": inDir(settings.dirname, path.normalize(path.join(location,'..')) )?path.normalize(path.join(nloc,'..')):null,`
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`"contents":processing.dirprocess(files,location,settings)`
			`})`
			`}`
			`})`
			`}`
			`else{`
Fix Travis 2019-05-24 08:48:01 +05:30			`res.status(404).json({"error":"Access denied","loc":'/'})`
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`}`

			`//next()`
			`})`
Indexing basics 2019-05-21 10:38:54 +05:30
Introduce sandbox folder 2019-05-24 10:45:06 +05:30			`app.post('/files/ls',(res,rep,next)=>{`

			`})`


Add routing basics Add jquery 2019-05-21 19:37:11 +05:30			`//Attempt to upload a file - Placeholder`
Push middleware basics 2019-05-19 13:08:23 +05:30			`app.put('/files/upload',(req,res)=>{`
			`console.log("Upload attempted")`
Add routing basics Add jquery 2019-05-21 19:37:11 +05:30			`res.json({'error':500})`
Push middleware basics 2019-05-19 13:08:23 +05:30			`})`

Implement traversal of folders 2019-05-22 20:22:59 +05:30			`// Use jquery`
Add routing basics Add jquery 2019-05-21 19:37:11 +05:30			`app.use('/jquery', express.static( path.join(__dirname ,'node_modules','jquery','dist') ) )`
Add base code 2019-05-19 12:21:40 +05:30
Implement traversal of folders 2019-05-22 20:22:59 +05:30			`// Use the statics`
Add routing basics Add jquery 2019-05-21 19:37:11 +05:30			`app.get( '/*', express.static( path.join(__dirname,'static') ) )`
Indexing basics 2019-05-21 10:38:54 +05:30
Add base code 2019-05-19 12:21:40 +05:30
Add routing basics Add jquery 2019-05-21 19:37:11 +05:30			`//All non-matched end up in this route`
Add base code 2019-05-19 12:21:40 +05:30			`app.all('*',(req,res)=>{`
			`res.status(404).json({'error':404});`

			`})`

			`app.listen(port,()=>{`
Basic HTML framework 2019-05-19 18:48:50 +05:30			console.log(`Listening : ${port}`)
Add base code 2019-05-19 12:21:40 +05:30			`})`
Fix Travis 2019-05-24 08:48:01 +05:30
Introduce sandbox folder 2019-05-24 10:45:06 +05:30			`app.use((err,req,res,next)=>{`
Be careful or error logs Implement file downloads 2019-05-24 11:43:48 +05:30			res.status(500).json({error:`Internal error.Try again.`})
Introduce sandbox folder 2019-05-24 10:45:06 +05:30			`})`

Fix Travis 2019-05-24 08:48:01 +05:30			`module.exports = app;`