|
|
import path from 'node:path'; |
|
|
import fs from 'node:fs'; |
|
|
|
|
|
import express from 'express'; |
|
|
import sanitize from 'sanitize-filename'; |
|
|
import { Jimp } from '../jimp.js'; |
|
|
import { sync as writeFileAtomicSync } from 'write-file-atomic'; |
|
|
|
|
|
import { getImages, tryParse } from '../util.js'; |
|
|
import { getFileNameValidationFunction } from '../middleware/validateFileName.js'; |
|
|
import { applyAvatarCropResize } from './characters.js'; |
|
|
import { invalidateThumbnail } from './thumbnails.js'; |
|
|
import cacheBuster from '../middleware/cacheBuster.js'; |
|
|
|
|
|
export const router = express.Router(); |
|
|
|
|
|
router.post('/get', function (request, response) { |
|
|
const images = getImages(request.user.directories.avatars); |
|
|
response.send(images); |
|
|
}); |
|
|
|
|
|
router.post('/delete', getFileNameValidationFunction('avatar'), function (request, response) { |
|
|
if (!request.body) return response.sendStatus(400); |
|
|
|
|
|
if (request.body.avatar !== sanitize(request.body.avatar)) { |
|
|
console.error('Malicious avatar name prevented'); |
|
|
return response.sendStatus(403); |
|
|
} |
|
|
|
|
|
const fileName = path.join(request.user.directories.avatars, sanitize(request.body.avatar)); |
|
|
|
|
|
if (fs.existsSync(fileName)) { |
|
|
fs.unlinkSync(fileName); |
|
|
invalidateThumbnail(request.user.directories, 'persona', sanitize(request.body.avatar)); |
|
|
return response.send({ result: 'ok' }); |
|
|
} |
|
|
|
|
|
return response.sendStatus(404); |
|
|
}); |
|
|
|
|
|
router.post('/upload', getFileNameValidationFunction('overwrite_name'), async (request, response) => { |
|
|
if (!request.file) return response.sendStatus(400); |
|
|
|
|
|
try { |
|
|
const pathToUpload = path.join(request.file.destination, request.file.filename); |
|
|
const crop = tryParse(request.query.crop); |
|
|
const rawImg = await Jimp.read(pathToUpload); |
|
|
const image = await applyAvatarCropResize(rawImg, crop); |
|
|
|
|
|
|
|
|
if (request.body.overwrite_name) { |
|
|
invalidateThumbnail(request.user.directories, 'persona', sanitize(request.body.overwrite_name)); |
|
|
cacheBuster.bust(request, response); |
|
|
} |
|
|
|
|
|
const filename = sanitize(request.body.overwrite_name || `${Date.now()}.png`); |
|
|
const pathToNewFile = path.join(request.user.directories.avatars, filename); |
|
|
writeFileAtomicSync(pathToNewFile, image); |
|
|
fs.unlinkSync(pathToUpload); |
|
|
return response.send({ path: filename }); |
|
|
} catch (err) { |
|
|
console.error('Error uploading user avatar:', err); |
|
|
return response.status(400).send('Is not a valid image'); |
|
|
} |
|
|
}); |
|
|
|
