audiobookshelf/server/controllers/MiscController.js

const Path = require('path')
const fs = require('../libs/fsExtra')
const Logger = require('../Logger')
const filePerms = require('../utils/filePerms')
const patternValidation = require('../libs/nodeCron/pattern-validation')
const { isObject } = require('../utils/index')

//
// This is a controller for routes that don't have a home yet :(
//
class MiscController {
  constructor() { }

  // POST: api/upload
  async handleUpload(req, res) {
    if (!req.user.canUpload) {
      Logger.warn('User attempted to upload without permission', req.user)
      return res.sendStatus(403)
    }
    var files = Object.values(req.files)
    var title = req.body.title
    var author = req.body.author
    var series = req.body.series
    var libraryId = req.body.library
    var folderId = req.body.folder

    var library = this.db.libraries.find(lib => lib.id === libraryId)
    if (!library) {
      return res.status(404).send(`Library not found with id ${libraryId}`)
    }
    var folder = library.folders.find(fold => fold.id === folderId)
    if (!folder) {
      return res.status(404).send(`Folder not found with id ${folderId} in library ${library.name}`)
    }

    if (!files.length || !title) {
      return res.status(500).send(`Invalid post data`)
    }

    // For setting permissions recursively
    var outputDirectory = ''
    var firstDirPath = ''

    if (library.isPodcast) { // Podcasts only in 1 folder
      outputDirectory = Path.join(folder.fullPath, title)
      firstDirPath = outputDirectory
    } else {
      firstDirPath = Path.join(folder.fullPath, author)
      if (series && author) {
        outputDirectory = Path.join(folder.fullPath, author, series, title)
      } else if (author) {
        outputDirectory = Path.join(folder.fullPath, author, title)
      } else {
        outputDirectory = Path.join(folder.fullPath, title)
      }
    }

    var exists = await fs.pathExists(outputDirectory)
    if (exists) {
      Logger.error(`[Server] Upload directory "${outputDirectory}" already exists`)
      return res.status(500).send(`Directory "${outputDirectory}" already exists`)
    }

    await fs.ensureDir(outputDirectory)

    Logger.info(`Uploading ${files.length} files to`, outputDirectory)

    for (let i = 0; i < files.length; i++) {
      var file = files[i]

      var path = Path.join(outputDirectory, file.name)
      await file.mv(path).then(() => {
        return true
      }).catch((error) => {
        Logger.error('Failed to move file', path, error)
        return false
      })
    }

    await filePerms.setDefault(firstDirPath)

    res.sendStatus(200)
  }

  // GET: api/tasks
  getTasks(req, res) {
    res.json({
      tasks: this.taskManager.tasks.map(t => t.toJSON())
    })
  }

  // PATCH: api/settings (admin)
  async updateServerSettings(req, res) {
    if (!req.user.isAdminOrUp) {
      Logger.error('User other than admin attempting to update server settings', req.user)
      return res.sendStatus(403)
    }
    var settingsUpdate = req.body
    if (!settingsUpdate || !isObject(settingsUpdate)) {
      return res.status(500).send('Invalid settings update object')
    }

    var madeUpdates = this.db.serverSettings.update(settingsUpdate)
    if (madeUpdates) {
      // If backup schedule is updated - update backup manager
      if (settingsUpdate.backupSchedule !== undefined) {
        this.backupManager.updateCronSchedule()
      }

      await this.db.updateServerSettings()
    }
    return res.json({
      success: true,
      serverSettings: this.db.serverSettings.toJSONForBrowser()
    })
  }

  authorize(req, res) {
    if (!req.user) {
      Logger.error('Invalid user in authorize')
      return res.sendStatus(401)
    }
    const userResponse = this.auth.getUserLoginResponsePayload(req.user, this.rssFeedManager.feedsArray)
    res.json(userResponse)
  }

  getAllTags(req, res) {
    if (!req.user.isAdminOrUp) {
      Logger.error(`[MiscController] Non-admin user attempted to getAllTags`)
      return res.sendStatus(404)
    }
    var tags = []
    this.db.libraryItems.forEach((li) => {
      if (li.media.tags && li.media.tags.length) {
        li.media.tags.forEach((tag) => {
          if (!tags.includes(tag)) tags.push(tag)
        })
      }
    })
    res.json(tags)
  }

  validateCronExpression(req, res) {
    const expression = req.body.expression
    if (!expression) {
      return res.sendStatus(400)
    }

    try {
      patternValidation(expression)
      res.sendStatus(200)
    } catch (error) {
      Logger.warn(`[MiscController] Invalid cron expression ${expression}`, error.message)
      res.status(400).send(error.message)
    }
  }
}
module.exports = new MiscController()
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`const Path = require('path')`
Remove fs-extra dependency 2022-07-06 02:53:01 +02:00			`const fs = require('../libs/fsExtra')`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`const Logger = require('../Logger')`
Update uploader to support podcast folder structure 2022-04-15 01:24:24 +02:00			`const filePerms = require('../utils/filePerms')`
Add:Cron validation api endpoint 2022-08-02 01:06:22 +02:00			`const patternValidation = require('../libs/nodeCron/pattern-validation')`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`const { isObject } = require('../utils/index')`

			`//`
			`// This is a controller for routes that don't have a home yet :(`
			`//`
			`class MiscController {`
			`constructor() { }`

			`// POST: api/upload`
			`async handleUpload(req, res) {`
			`if (!req.user.canUpload) {`
			`Logger.warn('User attempted to upload without permission', req.user)`
			`return res.sendStatus(403)`
			`}`
			`var files = Object.values(req.files)`
			`var title = req.body.title`
			`var author = req.body.author`
			`var series = req.body.series`
			`var libraryId = req.body.library`
			`var folderId = req.body.folder`

			`var library = this.db.libraries.find(lib => lib.id === libraryId)`
			`if (!library) {`
Update:API status codes and update server settings response payload 2022-11-21 14:52:33 +01:00			return res.status(404).send(`Library not found with id ${libraryId}`)
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`}`
			`var folder = library.folders.find(fold => fold.id === folderId)`
			`if (!folder) {`
Update:API status codes and update server settings response payload 2022-11-21 14:52:33 +01:00			return res.status(404).send(`Folder not found with id ${folderId} in library ${library.name}`)
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`}`

			`if (!files.length \|\| !title) {`
			return res.status(500).send(`Invalid post data`)
			`}`

			`// For setting permissions recursively`
			`var outputDirectory = ''`
Update uploader to support podcast folder structure 2022-04-15 01:24:24 +02:00			`var firstDirPath = ''`

			`if (library.isPodcast) { // Podcasts only in 1 folder`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`outputDirectory = Path.join(folder.fullPath, title)`
Update uploader to support podcast folder structure 2022-04-15 01:24:24 +02:00			`firstDirPath = outputDirectory`
			`} else {`
			`firstDirPath = Path.join(folder.fullPath, author)`
			`if (series && author) {`
			`outputDirectory = Path.join(folder.fullPath, author, series, title)`
			`} else if (author) {`
			`outputDirectory = Path.join(folder.fullPath, author, title)`
			`} else {`
			`outputDirectory = Path.join(folder.fullPath, title)`
			`}`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`}`

			`var exists = await fs.pathExists(outputDirectory)`
			`if (exists) {`
			Logger.error(`[Server] Upload directory "${outputDirectory}" already exists`)
			return res.status(500).send(`Directory "${outputDirectory}" already exists`)
			`}`

			`await fs.ensureDir(outputDirectory)`

			Logger.info(`Uploading ${files.length} files to`, outputDirectory)

			`for (let i = 0; i < files.length; i++) {`
			`var file = files[i]`

			`var path = Path.join(outputDirectory, file.name)`
			`await file.mv(path).then(() => {`
			`return true`
			`}).catch((error) => {`
			`Logger.error('Failed to move file', path, error)`
			`return false`
			`})`
			`}`

			`await filePerms.setDefault(firstDirPath)`

			`res.sendStatus(200)`
			`}`

Add:Tasks widget in appbar for merging m4bs & remove old m4b merge routes 2022-10-02 21:16:17 +02:00			`// GET: api/tasks`
			`getTasks(req, res) {`
			`res.json({`
			`tasks: this.taskManager.tasks.map(t => t.toJSON())`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`})`
			`}`

Update:Give full permissions to admin users except updating root or viewing root api token #137 2022-05-04 02:16:16 +02:00			`// PATCH: api/settings (admin)`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`async updateServerSettings(req, res) {`
Update:Give full permissions to admin users except updating root or viewing root api token #137 2022-05-04 02:16:16 +02:00			`if (!req.user.isAdminOrUp) {`
			`Logger.error('User other than admin attempting to update server settings', req.user)`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`return res.sendStatus(403)`
			`}`
			`var settingsUpdate = req.body`
			`if (!settingsUpdate \|\| !isObject(settingsUpdate)) {`
			`return res.status(500).send('Invalid settings update object')`
			`}`

			`var madeUpdates = this.db.serverSettings.update(settingsUpdate)`
			`if (madeUpdates) {`
			`// If backup schedule is updated - update backup manager`
			`if (settingsUpdate.backupSchedule !== undefined) {`
			`this.backupManager.updateCronSchedule()`
			`}`

			`await this.db.updateServerSettings()`
			`}`
			`return res.json({`
			`success: true,`
Update:API status codes and update server settings response payload 2022-11-21 14:52:33 +01:00			`serverSettings: this.db.serverSettings.toJSONForBrowser()`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`})`
			`}`

			`authorize(req, res) {`
			`if (!req.user) {`
			`Logger.error('Invalid user in authorize')`
			`return res.sendStatus(401)`
			`}`
Add:RSS feed icon over library item covers when feed is open #893 2022-08-06 02:23:18 +02:00			`const userResponse = this.auth.getUserLoginResponsePayload(req.user, this.rssFeedManager.feedsArray)`
Fix:Series covers on home page not spread out correctly #505, Update:Server settings are now returned with auth requests 2022-04-30 00:43:46 +02:00			`res.json(userResponse)`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`}`
Add:Restrict user permissions by tag 2022-03-20 12:29:08 +01:00
			`getAllTags(req, res) {`
Update:Give full permissions to admin users except updating root or viewing root api token #137 2022-05-04 02:16:16 +02:00			`if (!req.user.isAdminOrUp) {`
			Logger.error(`[MiscController] Non-admin user attempted to getAllTags`)
Add:Restrict user permissions by tag 2022-03-20 12:29:08 +01:00			`return res.sendStatus(404)`
			`}`
			`var tags = []`
			`this.db.libraryItems.forEach((li) => {`
			`if (li.media.tags && li.media.tags.length) {`
			`li.media.tags.forEach((tag) => {`
			`if (!tags.includes(tag)) tags.push(tag)`
			`})`
			`}`
			`})`
			`res.json(tags)`
			`}`
Add:Cron validation api endpoint 2022-08-02 01:06:22 +02:00
			`validateCronExpression(req, res) {`
			`const expression = req.body.expression`
			`if (!expression) {`
			`return res.sendStatus(400)`
			`}`

			`try {`
			`patternValidation(expression)`
			`res.sendStatus(200)`
			`} catch (error) {`
			Logger.warn(`[MiscController] Invalid cron expression ${expression}`, error.message)
			`res.status(400).send(error.message)`
			`}`
			`}`
Clean up ApiRouter adding MiscController, move upload and scan to api endpoints 2022-03-18 17:51:55 +01:00			`}`
			`module.exports = new MiscController()`