diff --git a/app.js b/app.js index b5d58057..d7307896 100644 --- a/app.js +++ b/app.js @@ -23,6 +23,11 @@ app.get("/download/:id", function(req, res) { app.get("/assets/download/:id", function(req, res) { + if (!validateID(id)){ + res.send(404); + return; + } + let id = req.params.id; client.hget(id, "filename", function(err, reply) { // maybe some expiration logic too if (!reply) { @@ -44,6 +49,12 @@ app.get("/assets/download/:id", function(req, res) { app.post("/delete/:id", function(req, res) { let id = req.params.id; + + if (!validateID(id)){ + res.send(404); + return; + } + let delete_token = req.body.delete_token; if (!delete_token){ @@ -62,6 +73,11 @@ app.post("/delete/:id", function(req, res) { }); app.post("/upload/:id", function (req, res, next) { + + if (!validateID(req.params.id)){ + res.send(404); + return; + } var fstream; req.pipe(req.busboy); @@ -93,3 +109,6 @@ app.listen(3000, function () { console.log("Portal app listening on port 3000!") }) +function validateID(route_id) { + return route_id.match(/^[0-9a-fA-F]{32}$/) !== null; +} \ No newline at end of file diff --git a/public/download.html b/public/download.html index ed96249b..47ac3dbc 100644 --- a/public/download.html +++ b/public/download.html @@ -9,5 +9,8 @@

+ + diff --git a/public/download.js b/public/download.js index 93a210df..f74ab52e 100644 --- a/public/download.js +++ b/public/download.js @@ -4,7 +4,11 @@ function download() { xhr.open("get", "/assets" + location.pathname.slice(0, -1), true); xhr.responseType = "blob"; - xhr.addEventListener("progress", updateProgress); + var li = document.createElement("li"); + var progress = document.createElement("p"); + li.appendChild(progress); + + xhr.addEventListener("progress", returnBindedLI(li, progress)); xhr.onload = function(e) { if (this.status == 200) { @@ -39,19 +43,26 @@ function download() { key, array) .then(function(decrypted){ - var dataView = new DataView(decrypted); - var blob = new Blob([dataView]); - var downloadUrl = URL.createObjectURL(blob); - var a = document.createElement("a"); - a.href = downloadUrl; - a.download = xhr.getResponseHeader("Content-Disposition").match(/filename="(.+)"/)[1]; - console.log(xhr.getResponseHeader("Content-Disposition")); - document.body.appendChild(a); - a.click(); + var filename = xhr.getResponseHeader("Content-Disposition").match(/filename="(.+)"/)[1]; + + var name = document.createElement("p"); + name.innerHTML = filename; + li.insertBefore(name, li.firstChild); + document.getElementById("downloaded_files").appendChild(li); + + var dataView = new DataView(decrypted); + var blob = new Blob([dataView]); + var downloadUrl = URL.createObjectURL(blob); + var a = document.createElement("a"); + a.href = downloadUrl; + a.download = filename + console.log(xhr.getResponseHeader("Content-Disposition")); + document.body.appendChild(a); + a.click(); }) .catch(function(err){ - alert("This link is either invalid or has expired, or the uploader has deleted the file."); - console.error(err); + alert("This link is either invalid or has expired, or the uploader has deleted the file."); + console.error(err); }); }) .catch(function(err){ @@ -88,9 +99,26 @@ function strToIv(str) { return iv; } -function updateProgress(e) { - if (e.lengthComputable) { - var percentComplete = Math.floor((e.loaded / e.total) * 100); - document.getElementById("downloadProgress").innerHTML = "Progress: " + percentComplete + "%"; - } +function returnBindedLI(li, progress) { + return function updateProgress(e) { + if (e.lengthComputable) { + var percentComplete = Math.floor((e.loaded / e.total) * 100); + progress.innerHTML = "Progress: " + percentComplete + "%"; + } + + if (percentComplete === 100) { + var finished = document.createElement("p"); + finished.innerHTML = "Your download has finished."; + li.appendChild(finished); + + var close = document.createElement("button"); + close.innerHTML = "Ok"; + close.addEventListener("click", function() { + document.getElementById("downloaded_files").removeChild(li); + }); + + li.appendChild(close); + } + + } } \ No newline at end of file