Spaces:
Running
Running
| const express = require('express'); | |
| const path = require('path'); | |
| const fs = require('fs'); | |
| const sanitize = require('sanitize-filename'); | |
| const writeFileAtomicSync = require('write-file-atomic').sync; | |
| const { jsonParser, urlencodedParser } = require('../express-common'); | |
| const { AVATAR_WIDTH, AVATAR_HEIGHT } = require('../constants'); | |
| const { getImages, tryParse } = require('../util'); | |
| // image processing related library imports | |
| const jimp = require('jimp'); | |
| const router = express.Router(); | |
| router.post('/get', jsonParser, function (request, response) { | |
| var images = getImages(request.user.directories.avatars); | |
| response.send(JSON.stringify(images)); | |
| }); | |
| router.post('/delete', jsonParser, function (request, response) { | |
| if (!request.body) return response.sendStatus(400); | |
| if (request.body.avatar !== sanitize(request.body.avatar)) { | |
| console.error('Malicious avatar name prevented'); | |
| return response.sendStatus(403); | |
| } | |
| const fileName = path.join(request.user.directories.avatars, sanitize(request.body.avatar)); | |
| if (fs.existsSync(fileName)) { | |
| fs.rmSync(fileName); | |
| return response.send({ result: 'ok' }); | |
| } | |
| return response.sendStatus(404); | |
| }); | |
| router.post('/upload', urlencodedParser, async (request, response) => { | |
| if (!request.file) return response.sendStatus(400); | |
| try { | |
| const pathToUpload = path.join(request.file.destination, request.file.filename); | |
| const crop = tryParse(request.query.crop); | |
| let rawImg = await jimp.read(pathToUpload); | |
| if (typeof crop == 'object' && [crop.x, crop.y, crop.width, crop.height].every(x => typeof x === 'number')) { | |
| rawImg = rawImg.crop(crop.x, crop.y, crop.width, crop.height); | |
| } | |
| const image = await rawImg.cover(AVATAR_WIDTH, AVATAR_HEIGHT).getBufferAsync(jimp.MIME_PNG); | |
| const filename = request.body.overwrite_name || `${Date.now()}.png`; | |
| const pathToNewFile = path.join(request.user.directories.avatars, filename); | |
| writeFileAtomicSync(pathToNewFile, image); | |
| fs.rmSync(pathToUpload); | |
| return response.send({ path: filename }); | |
| } catch (err) { | |
| return response.status(400).send('Is not a valid image'); | |
| } | |
| }); | |
| module.exports = { router }; | |