@ -7,21 +7,25 @@ try {
}
// Load the config
const { host , port , domain , useSsl , resourceIdSize , gfyIdSize , resourceIdType , isProxied , diskFilePath, saveWithDate , saveAsOriginal } = require ( './config.json' ) ;
const { host , port , domain , useSsl , resourceIdSize , gfyIdSize , resourceIdType , isProxied , s3enabled , saveAsOriginal } = require ( './config.json' ) ;
//#region Imports
const fs = require ( 'fs-extra' ) ;
const express = require ( 'express' ) ;
const escape = require ( 'escape-html' ) ;
const useragent = require ( 'express-useragent' ) ;
const rateLimit = require ( "express-rate-limit" ) ;
const fetch = require ( 'node-fetch' ) ;
const marked = require ( 'marked' ) ;
const multer = require ( 'multer' ) ;
const DateTime = require ( 'luxon' ) . DateTime ;
const { WebhookClient , MessageEmbed } = require ( 'discord.js' ) ;
const OpenGraph = require ( './ogp' ) ;
const Thumbnail = require ( './thumbnails' ) ;
const Vibrant = require ( './vibrant' ) ;
const { path , saveData , log , verify , generateToken , generateId , formatBytes , randomHexColour , arrayEquals } = require ( './utils' ) ;
const Hash = require ( './hash' ) ;
const Path = require ( 'path' ) ;
const { uploadLocal , uploadS3 , deleteS3 } = require ( './storage' ) ;
const { path , saveData , log , verify , generateToken , generateId , formatBytes , arrayEquals , getS3url , downloadTempS3 , sanitize } = require ( './utils' ) ;
//#endregion
//#region Variables, module setup
@ -29,23 +33,6 @@ const ASS_LOGO = 'https://cdn.discordapp.com/icons/848274994375294986/8d339d4a2f
const app = express ( ) ;
// Configure filename and location settings
const storage = multer . diskStorage ( {
filename : saveAsOriginal ? ( _req , file , callback ) => callback ( null , file . originalname ) : null ,
destination : ! saveWithDate ? diskFilePath : ( _req , _file , callback ) => {
// Get current month and year
let [ month , _day , year ] = new Date ( ) . toLocaleDateString ( "en-US" ) . split ( "/" ) ;
// Add 0 before single digit months eg ( 6 turns into 06)
let folder = ` ${ diskFilePath } / ${ year } - ${ ( "0" + month ) . slice ( - 2 ) } ` ;
// Create folder if it doesn't exist
fs . ensureDirSync ( folder ) ;
callback ( null , folder ) ;
}
} ) ;
var upload = multer ( { storage } ) ;
var users = { } ;
var data = { } ;
//#endregion
@ -88,32 +75,73 @@ function startup() {
app . set ( 'view engine' , 'pug' ) ;
app . use ( useragent . express ( ) ) ;
// Rate limit
app . use ( rateLimit ( {
windowMs : 1000 * 60 , // 60 seconds
max : 90 // Limit each IP to 30 requests per windowMs
} ) ) ;
// Don't process favicon requests
app . use ( ( req , res , next ) => req . url . includes ( 'favicon.ico' ) ? res . sendStatus ( 204 ) : next ( ) ) ;
// Middleware for parsing the resource ID and handling 404
app . use ( '/:resourceId' , ( req , res , next ) => {
// Parse the resource ID
req . ass = { resourceId : req . params . resourceId . split ( '.' ) [ 0 ] } ;
// If the ID is invalid, return 404. Otherwise, continue normally
( ! req . ass . resourceId || ! data [ req . ass . resourceId ] ) ? res . sendStatus ( 404 ) : next ( ) ;
} ) ;
// Index
app . get ( '/' , ( _req , res ) => fs . readFile ( path ( 'README.md' ) ) . then ( ( bytes ) => bytes . toString ( ) ) . then ( marked ) . then ( ( data ) => res . render ( 'index' , { data } ) ) ) ;
// Rate limit
app . post ( '/' , rateLimit ( {
windowMs: 1000 * 60 , // 60 seconds
max : 30 // Limit each IP to 30 requests per windowMs
} ) ) ;
// Block unauthorized requests and attempt token sanitization
app . post ( '/' , ( req , res , next ) => {
req . token = req . headers . authorization . replace ( /[^\da-z]/gi , '' ) ;
! verify ( req , users ) ? res . sendStatus ( 401 ) : next ( ) ;
} ) ;
// Upload file
app . post ( '/' , upload . single ( 'file' ) , ( req , res ) => {
// Prevent uploads from unauthorized clients
if ( ! verify ( req , users ) ) return res . sendStatus ( 401 ) ;
// Generate ID's to use for other functions
app . post ( '/' , ( req , _res , next ) => ( req . randomId = generateId ( 'random' , 32 , null , null ) , next ( ) ) ) ;
app . post ( '/' , ( req , _res , next ) => ( req . deleteId = generateId ( 'random' , 32 , null , null ) , next ( ) ) ) ;
// Upload file (local & S3)
s3enabled
? app . post ( '/' , ( req , res , next ) => uploadS3 ( req , res , ( error ) => ( ( error ) && console . error ( error ) , next ( ) ) ) )
: app . post ( '/' , uploadLocal , ( { next } ) => next ( ) ) ;
// Pre-response operations
app . post ( '/' , ( req , _res , next ) => {
req . file . randomId = req . randomId ;
req . file . deleteId = req . deleteId ;
// Sanitize filename just in case Multer didn't catch it
req . file . originalname = sanitize ( req . file . originalname ) ;
// Download a temp copy to work with if using S3 storage
( s3enabled ? downloadTempS3 ( req . file ) : new Promise ( ( resolve ) => resolve ( ) ) )
// Generate the Thumbnail, Vibrant, and SHA1 hash
. then ( ( ) => Promise . all ( [ Thumbnail ( req . file ) , Vibrant ( req . file ) , Hash ( req . file ) ] ) )
. then ( ( [ thumbnail , vibrant , sha1 ] ) => (
req . file . thumbnail = thumbnail ,
req . file . vibrant = vibrant ,
req . file . sha1 = sha1
) )
// Remove the temp file if using S3 storage, otherwise rename the local file
. then ( ( ) => s3enabled ? fs . remove ( path ( 'uploads/' , req . file . originalname ) ) : renameFile ( saveAsOriginal ? req . file . originalname : req . file . sha1 ) )
. then ( ( ) => next ( ) )
. catch ( ( err ) => next ( err ) ) ;
function renameFile ( newName ) {
return new Promise ( ( resolve , reject ) => {
try {
let paths = [ req . file . destination , newName ] ;
fs . rename ( path ( req . file . path ) , path ( ... paths ) ) ;
req . file . path = Path . join ( ... paths ) ;
resolve ( ) ;
} catch ( err ) {
reject ( err ) ;
}
} ) ;
}
} ) ;
// Process uploaded file
app . post ( '/' , ( req , res ) => {
// Load overrides
let trueDomain = getTrueDomain ( req . headers [ "x-ass-domain" ] ) ;
let generator = req . headers [ "x-ass-access" ] || resourceIdType ;
@ -122,8 +150,7 @@ function startup() {
req . file . timestamp = DateTime . now ( ) . toMillis ( ) ;
// Keep track of the token that uploaded the resource
let uploadToken = req . headers . authorization ;
req . file . token = uploadToken ;
req . file . token = req . token ;
// Attach any embed overrides, if necessary
req . file . opengraph = {
@ -136,80 +163,98 @@ function startup() {
color : req . headers [ 'x-ass-og-color' ]
} ;
// Generate a thumbnail & get the Vibrant colour
Promise . all ( [ Thumbnail ( req . file ) , ( req . file . mimetype . includes ( 'video' ) ? randomHexColour ( ) : Vibrant ( req . file ) ) ] )
. then ( ( [ thumbnail , vibrant ] ) => ( req . file . thumbnail = thumbnail , req . file . vibrant = vibrant ) )
. catch ( console . error )
// Finish processing the file
. then ( ( ) => {
// Save the file information
let resourceId = generateId ( generator , resourceIdSize , req . headers [ 'x-ass-gfycat' ] || gfyIdSize , req . file . originalname ) ;
data [ resourceId . split ( '.' ) [ 0 ] ] = req . file ;
saveData ( data ) ;
// Save the file information
let resourceId = generateId ( generator , resourceIdSize , req . headers [ 'x-ass-gfycat' ] || gfyIdSize , req . file . originalname ) ;
data [ resourceId . split ( '.' ) [ 0 ] ] = req . file ;
saveData ( data ) ;
// Log the upload
let logInfo = ` ${ req . file . originalname } ( ${ req . file . mimetype } ) ` ;
log ( ` Uploaded: ${ logInfo } (user: ${ users [ uploadToken ] ? users [ uploadToken ] . username : '<token-only>' } ) ` ) ;
// Build the URLs
let resourceUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } / ${ resourceId } ` ;
let thumbnailUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } / ${ resourceId } /thumbnail ` ;
let deleteUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } /delete/ ${ req . file . filename } ` ;
// Send the response
res . type ( 'json' ) . send ( { resource : resourceUrl , thumbnail : thumbnailUrl , delete : deleteUrl } )
. on ( 'finish' , ( ) => {
// After we have sent the user the response, also send a Webhook to Discord (if headers are present)
if ( req . headers [ 'x-ass-webhook-client' ] && req . headers [ 'x-ass-webhook-token' ] ) {
// Build the webhook client & embed
let whc = new WebhookClient ( req . headers [ 'x-ass-webhook-client' ] , req . headers [ 'x-ass-webhook-token' ] ) ;
let embed = new MessageEmbed ( )
. setTitle ( logInfo )
. setURL ( resourceUrl )
. setDescription ( ` **Size:** \` ${ formatBytes ( req . file . size ) } \` \n **[Delete]( ${ deleteUrl } )** ` )
. setThumbnail ( thumbnailUrl )
. setColor ( req . file . vibrant )
. setTimestamp ( req . file . timestamp ) ;
// Send the embed to the webhook, then delete the client after to free resources
whc . send ( null , {
username : req . headers [ 'x-ass-webhook-username' ] || 'ass' ,
avatarURL : req . headers [ 'x-ass-webhook-avatar' ] || ASS _LOGO ,
embeds : [ embed ]
} ) . then ( ( _msg ) => whc . destroy ( ) ) ;
}
// Also update the users upload count
if ( ! users [ uploadToken ] ) {
let generator = ( ) => generateId ( 'random' , 20 , null ) ;
let username = generator ( ) ;
while ( Object . values ( users ) . findIndex ( ( user ) => user . username == username ) != - 1 )
username = generator ( ) ;
users [ uploadToken ] = { username , count : 0 } ;
}
users [ uploadToken ] . count += 1 ;
fs . writeJsonSync ( path ( 'auth.json' ) , { users } , { spaces : 4 } )
} ) ;
// Log the upload
let logInfo = ` ${ req . file . originalname } ( ${ req . file . mimetype } ) ` ;
log ( ` Uploaded: ${ logInfo } (user: ${ users [ req . token ] ? users [ req . token ] . username : '<token-only>' } ) ` ) ;
// Build the URLs
let resourceUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } / ${ resourceId } ` ;
let thumbnailUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } / ${ resourceId } /thumbnail ` ;
let deleteUrl = ` ${ getTrueHttp ( ) } ${ trueDomain } / ${ resourceId } /delete/ ${ req . file . deleteId } ` ;
// Send the response
res . type ( 'json' ) . send ( { resource : resourceUrl , thumbnail : thumbnailUrl , delete : deleteUrl } )
. on ( 'finish' , ( ) => {
// After we have sent the user the response, also send a Webhook to Discord (if headers are present)
if ( req . headers [ 'x-ass-webhook-client' ] && req . headers [ 'x-ass-webhook-token' ] ) {
// Build the webhook client & embed
let whc = new WebhookClient ( req . headers [ 'x-ass-webhook-client' ] , req . headers [ 'x-ass-webhook-token' ] ) ;
let embed = new MessageEmbed ( )
. setTitle ( logInfo )
. setURL ( resourceUrl )
. setDescription ( ` **Size:** \` ${ formatBytes ( req . file . size ) } \` \n **[Delete]( ${ deleteUrl } )** ` )
. setThumbnail ( thumbnailUrl )
. setColor ( req . file . vibrant )
. setTimestamp ( req . file . timestamp ) ;
// Send the embed to the webhook, then delete the client after to free resources
whc . send ( null , {
username : req . headers [ 'x-ass-webhook-username' ] || 'ass' ,
avatarURL : req . headers [ 'x-ass-webhook-avatar' ] || ASS _LOGO ,
embeds : [ embed ]
} ) . then ( ( _msg ) => whc . destroy ( ) ) ;
}
// Also update the users upload count
if ( ! users [ req . token ] ) {
let generator = ( ) => generateId ( 'random' , 20 , null ) ;
let username = generator ( ) ;
while ( Object . values ( users ) . findIndex ( ( user ) => user . username == username ) != - 1 )
username = generator ( ) ;
users [ req . token ] = { username , count : 0 } ;
}
users [ req . token ] . count += 1 ;
fs . writeJsonSync ( path ( 'auth.json' ) , { users } , { spaces : 4 } )
} ) ;
} ) ;
// Middleware for parsing the resource ID and handling 404
app . use ( '/:resourceId' , ( req , res , next ) => {
// Parse the resource ID
req . ass = { resourceId : escape ( req . params . resourceId ) . split ( '.' ) [ 0 ] } ;
// If the ID is invalid, return 404. Otherwise, continue normally
( ! req . ass . resourceId || ! data [ req . ass . resourceId ] ) ? res . sendStatus ( 404 ) : next ( ) ;
} ) ;
// View file
app . get ( '/:resourceId' , ( req , res ) => {
let resourceId = req . ass . resourceId ;
let fileData = data [ resourceId ] ;
let requiredItems = {
randomId : fileData . randomId ,
originalname : escape ( fileData . originalname ) ,
mimetype : fileData . mimetype ,
size : fileData . size ,
timestamp : fileData . timestamp ,
opengraph : fileData . opengraph ,
vibrant : fileData . vibrant ,
} ;
// If the client is Discord, send an Open Graph embed
if ( req . useragent . isBot ) return res . type ( 'html' ) . send ( new OpenGraph ( getTrueHttp ( ) , getTrueDomain ( ) , resourceId , data [ resourceId ] ) . build ( ) ) ;
if ( req . useragent . isBot ) return res . type ( 'html' ) . send ( new OpenGraph ( getTrueHttp ( ) , getTrueDomain ( ) , resourceId , requiredItems ) . build ( ) ) ;
// Return the file differently depending on what storage option was used
let uploaders = {
s3 : ( ) => fetch ( getS3url ( fileData . randomId , fileData . mimetype ) ) . then ( ( file ) => {
file . headers . forEach ( ( value , header ) => res . setHeader ( header , value ) ) ;
file . body . pipe ( res ) ;
} ) ,
local : ( ) => {
res . header ( 'Accept-Ranges' , 'bytes' ) . header ( 'Content-Length' , fileData . size ) . type ( fileData . mimetype ) ;
fs . createReadStream ( path ( fileData . path ) ) . pipe ( res ) ;
}
} ;
// Read the file and send it to the client
fs . readFile ( path ( data [ resourceId ] . path ) )
. then ( ( fileData ) => res
. header ( 'Accept-Ranges' , 'bytes' )
. header ( 'Content-Length' , fileData . byteLength )
. type ( data [ resourceId ] . mimetype ) . send ( fileData ) )
. catch ( console . error ) ;
uploaders [ s3enabled ? 's3' : 'local' ] ( ) ;
} ) ;
// Thumbnail response
@ -241,22 +286,28 @@ function startup() {
} ) ;
// Delete file
app . get ( '/delete/:filename' , ( req , res ) => {
let filename = req . params . filename ;
let resourceId = Object . keys ( data ) [ Object . values ( data ) . indexOf ( Object . values ( data ) . find ( ( d ) => d . filename == filename ) ) ] ;
app . get ( '/:resourceId/delete/:deleteId' , ( req , res ) => {
let resourceId = req . ass . resourceId ;
let deleteId = escape ( req . params . deleteId ) ;
let fileData = data [ resourceId ] ;
// If the delete ID doesn't match, don't delete the file
if ( deleteId !== fileData . deleteId ) return res . sendStatus ( 401 ) ;
// If the ID is invalid, return 400 because we are unable to process the resource
if ( ! resourceId || ! data [ resourceId ] ) return res . sendStatus ( 400 ) ;
if ( ! resourceId || ! fileData ) return res . sendStatus ( 400 ) ;
log ( ` Deleted: ${ data[ resourceId ] . originalname } ( ${ data [ resourceId ] . mimetype } ) ` ) ;
log ( ` Deleted: ${ fileData. originalname } ( ${ fileData . mimetype } ) ` ) ;
// Save the file information
fs . rmSync ( path ( data [ resourceId ] . path ) ) ;
delete data [ resourceId ] ;
saveData ( data ) ;
res . type ( 'text' ) . send ( 'File has been deleted!' ) ;
} )
Promise . all ( [ s3enabled ? deleteS3 ( fileData ) : fs . rmSync ( path ( fileData . path ) ) , fs . rmSync ( path ( 'uploads/thumbnails/' , fileData . thumbnail ) ) ] )
. then ( ( ) => {
delete data [ resourceId ] ;
saveData ( data ) ;
res . type ( 'text' ) . send ( 'File has been deleted!' ) ;
} )
. catch ( console . error ) ;
} ) ;
app . listen ( port , host , ( ) => log ( ` Server started on [ ${ host } : ${ port } ] \n Authorized users: ${ Object . keys ( users ) . length } \n Available files: ${ Object . keys ( data ) . length } ` ) ) ;
}