diff --git a/client/pages/connectpage.js b/client/pages/connectpage.js index 398ae72a..40cf7fbf 100644 --- a/client/pages/connectpage.js +++ b/client/pages/connectpage.js @@ -48,8 +48,7 @@ export class ConnectPage extends React.Component { Session.authenticate(params) .then((ok) => { cache.destroy(); - const path = params.path && /^\//.test(params.path)? /\/$/.test(params.path) ? params.path : params.path+'/' : '/'; - this.props.history.push('/files'+path); + this.props.history.push('/files/'); }) .catch((err) => { this.setState({loading: false}); diff --git a/server/ctrl/files.js b/server/ctrl/files.js index bd0dd588..e7718ee9 100644 --- a/server/ctrl/files.js +++ b/server/ctrl/files.js @@ -1,5 +1,6 @@ var express = require('express'), app = express.Router(), + path = require('path'), crypto = require('../utils/crypto'), Files = require('../model/files'), multiparty = require('multiparty'), @@ -17,7 +18,7 @@ app.use(function(req, res, next){ // list files app.get('/ls', function(req, res){ - let path = decodeURIComponent(req.query.path); + let path = pathBuilder(req); if(path){ Files .ls(path, req.cookies.auth) @@ -34,7 +35,7 @@ app.get('/ls', function(req, res){ // get a file content app.get('/cat', function(req, res){ - let path = decodeURIComponent(req.query.path); + let path = pathBuilder(req); res.cookie('download', path, { maxAge: 1000 }); if(path){ Files.cat(path, req.cookies.auth, res) @@ -54,7 +55,7 @@ app.get('/cat', function(req, res){ // https://github.com/pillarjs/multiparty app.post('/cat', function(req, res){ var form = new multiparty.Form(), - path = decodeURIComponent(req.query.path); + path = pathBuilder(req); if(path){ form.on('part', function(part) { @@ -98,7 +99,7 @@ app.get('/mv', function(req, res){ // delete a file/directory app.get('/rm', function(req, res){ - let path = decodeURIComponent(req.query.path); + let path = pathBuilder(req); if(path){ Files.rm(path, req.cookies.auth) .then((message) => { @@ -114,7 +115,7 @@ app.get('/rm', function(req, res){ // create a directory app.get('/mkdir', function(req, res){ - let path = decodeURIComponent(req.query.path); + let path = pathBuilder(req); if(path){ Files.mkdir(path, req.cookies.auth) .then((message) => { @@ -129,7 +130,7 @@ app.get('/mkdir', function(req, res){ }); app.get('/touch', function(req, res){ - let path = decodeURIComponent(req.query.path); + let path = pathBuilder(req); if(path){ Files.touch(path, req.cookies.auth) .then((message) => { @@ -145,3 +146,7 @@ app.get('/touch', function(req, res){ module.exports = app; + +function pathBuilder(req){ + return path.join(req.cookies.auth.payload.path, decodeURIComponent(req.query.path)); +} diff --git a/server/ctrl/session.js b/server/ctrl/session.js index 548e2b64..4b758657 100644 --- a/server/ctrl/session.js +++ b/server/ctrl/session.js @@ -13,9 +13,11 @@ app.get('/', function(req, res){ } }); -app.post('/', function(req, res){ +app.post('/', function(req, res){ Session.test(req.body) .then((state) => { + if(!state.path) state.path = ""; + else{ state.path = state.path.replace(/\/$/, ''); } let persist = { type: req.body.type, payload: state @@ -25,7 +27,7 @@ app.post('/', function(req, res){ res.send({status: 'error', message: 'we can\'t authenticate you', }) }else{ res.cookie('auth', crypto.encrypt(persist), { maxAge: 365*24*60*60*1000, httpOnly: true }); - res.send({status: 'ok', result: 'pong'}); + res.send({status: 'ok'}); } }) .catch((err) => { @@ -35,7 +37,7 @@ app.post('/', function(req, res){ t += ' ('+err.code+')'; } return t; - } + } res.send({status: 'error', message: message(err), code: err.code}); }); });