aboutsummaryrefslogtreecommitdiff
path: root/src/server/ApiManagers/DeleteManager.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/ApiManagers/DeleteManager.ts')
-rw-r--r--src/server/ApiManagers/DeleteManager.ts83
1 files changed, 58 insertions, 25 deletions
diff --git a/src/server/ApiManagers/DeleteManager.ts b/src/server/ApiManagers/DeleteManager.ts
index 7fbb37658..dcb21c30d 100644
--- a/src/server/ApiManagers/DeleteManager.ts
+++ b/src/server/ApiManagers/DeleteManager.ts
@@ -3,7 +3,7 @@ import { Method, _permission_denied } from "../RouteManager";
import { WebSocket } from "../websocket";
import { Database } from "../database";
import rimraf = require("rimraf");
-import { filesDirectory } from "..";
+import { filesDirectory, AdminPriviliges } from "..";
import { DashUploadUtils } from "../DashUploadUtils";
import { mkdirSync } from "fs";
import RouteSubscriber from "../RouteSubscriber";
@@ -15,38 +15,71 @@ export default class DeleteManager extends ApiManager {
register({
method: Method.GET,
subscription: new RouteSubscriber("delete").add("target?"),
- secureHandler: async ({ req, res, isRelease }) => {
- if (isRelease) {
- return _permission_denied(res, "Cannot perform a delete operation outside of the development environment!");
- }
-
+ secureHandler: async ({ req, res, isRelease, user: { id } }) => {
const { target } = req.params;
- const { doDelete } = WebSocket;
-
- if (!target) {
- await doDelete();
- } else {
- let all = false;
- switch (target) {
- case "all":
- all = true;
- case "database":
- await doDelete(false);
- if (!all) break;
- case "files":
- rimraf.sync(filesDirectory);
- mkdirSync(filesDirectory);
- await DashUploadUtils.buildFileDirectories();
- break;
- default:
- await Database.Instance.dropSchema(target);
+ if (isRelease && process.env.PASSWORD) {
+ if (AdminPriviliges.get(id)) {
+ AdminPriviliges.delete(id);
+ } else {
+ return res.redirect(`/admin/delete${target ? `:${target}` : ``}`);
}
}
+ this.doDelete(target);
res.redirect("/home");
}
});
+ register({
+ method: Method.GET,
+ subscription: new RouteSubscriber("admin").add("previous_target"),
+ secureHandler: ({ res }) => res.render("admin.pug", { title: "Enter Administrator Password" })
+ })
+
+ register({
+ method: Method.POST,
+ subscription: new RouteSubscriber("admin").add("previous_target"),
+ secureHandler: async ({ req, res, isRelease, user: { id } }) => {
+ const { PASSWORD } = process.env;
+ if (!(isRelease && PASSWORD)) {
+ return res.redirect("/home");
+ }
+ const { password } = req.body;
+ const { previous_target } = req.params;
+ let redirect: string;
+ if (password === PASSWORD) {
+ AdminPriviliges.set(id, true);
+ redirect = `/${previous_target.replace(":", "/")}`;
+ } else {
+ redirect = `/admin/${previous_target}`;
+ }
+ res.redirect(redirect);
+ }
+ })
+
+ }
+
+
+ private doDelete = async (target?: string) => {
+ if (!target) {
+ await WebSocket.doDelete();
+ } else {
+ let all = false;
+ switch (target) {
+ case "all":
+ all = true;
+ case "database":
+ await WebSocket.doDelete(false);
+ if (!all) break;
+ case "files":
+ rimraf.sync(filesDirectory);
+ mkdirSync(filesDirectory);
+ await DashUploadUtils.buildFileDirectories();
+ break;
+ default:
+ await Database.Instance.dropSchema(target);
+ }
+ }
}
} \ No newline at end of file
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-10-09 19:47:20 +0000