Merge branch 'main' into main

Author: stepbystepcode

file_controller.cc

@@ -1,5 +1,5 @@
 #include "file_controller.h"
-
+#include "jwt_controller.h"
 #include <json/json.h>
 #include <stdio.h>
 #include <mysql.h>
@@ -47,92 +47,121 @@ std::string shell_commons(const char *cmd)
 
 void genTree(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)> &&callback)
 {
-    char *pathvar;
-    pathvar = getenv("PWD");
-    std::string result = shell_commons(("cd " + std::string(pathvar) + "/.. " + "&&" + "tree -J root").c_str());
     auto res = HttpResponse::newHttpResponse();
-    res->addHeader("Access-Control-Allow-Origin", "*");
-    res->setBody(result);
-    callback(res);
+    if (jwtVerify(req))
+    {
+        char *pathvar;
+        pathvar = getenv("PWD");
+        std::string result = shell_commons(("cd " + std::string(pathvar) + "/.. " + "&&" + "tree -J root").c_str());
+        res->addHeader("Access-Control-Allow-Origin", "*");
+        res->setBody(result);
+        callback(res);
+    }
+    else{
+        res->setBody("No Authorization");
+    }
 }
+
 void catFile(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)> &&callback)
 {
-    char *pathvar;
-    pathvar = getenv("PWD");
-    std::string path = req->getParameter("path");
+
     auto res = HttpResponse::newHttpResponse();
-    res->addHeader("Access-Control-Allow-Origin", "*");
-    std::string result = shell_commons(("cat " + std::string(pathvar) + "/../root/" + path).c_str());
-    res->setBody(result);
-    callback(res);
+    if (jwtVerify(req))
+    {
+        char *pathvar;
+        pathvar = getenv("PWD");
+        std::string path = req->getParameter("path");
+        std::string result = shell_commons(("cat " + std::string(pathvar) + "/../root/" + path).c_str());
+
+        res->addHeader("Access-Control-Allow-Origin", "*");
+        res->setBody(result);
+
+        callback(res);
+    }
+    else
+    {
+        res->setBody("No Authorization");
+    }
 }
+
 void saveFile(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)> &&callback)
 {
-    auto body = req->getBody();
-    Json::Value req_json;
-    Json::Reader reader;
-    std::string bodyStr(body);
-    if (!reader.parse(bodyStr, req_json))
+    auto res = HttpResponse::newHttpResponse();
+    if (jwtVerify(req))
+    {
+        auto body = req->getBody();
+        Json::Value req_json;
+        Json::Reader reader;
+        std::string bodyStr(body);
+        if (!reader.parse(bodyStr, req_json))
+        {
+            std::cout << "parse failed" << std::endl;
+            callback(HttpResponse::newHttpResponse());
+            return;
+        }
+        char *pathvar;
+        pathvar = getenv("PWD");
+        std::string filename = req_json["filename"].asString();
+        std::string content = req_json["content"].asString();
+        std::string result = shell_commons(("echo '" + content + "'>" + std::string(pathvar) + "/../root/" + filename).c_str());
+        
+        sql_unlocked(filename);
+        
+        res->addHeader("Access-Control-Allow-Origin", "*");
+        res->setBody("success");
+        callback(res);
+    }
+    else
     {
-        std::cout << "parse failed" << std::endl;
-        callback(HttpResponse::newHttpResponse());
-        return;
+        res->setBody("No Authorization");
     }
-    char *pathvar;
-    pathvar = getenv("PWD");
-    std::string filename = req_json["filename"].asString();
-    std::string content = req_json["content"].asString();
-    std::string result = shell_commons(("echo '" + content + "'>" + std::string(pathvar) + "/../root/" + filename).c_str());
-    auto res = HttpResponse::newHttpResponse();
-    res->addHeader("Access-Control-Allow-Origin", "*");
-    res->setBody("success");
-    callback(res);
 }
 
 void imageUpload(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)> &&callback)
 {
-    MultiPartParser fileUpload;
-    if (fileUpload.parse(req) != 0 || fileUpload.getFiles().size() != 1)
-    {
-        auto resp = HttpResponse::newHttpResponse();
-        resp->setBody("Must only be one file");
-        resp->setStatusCode(k403Forbidden);
-        callback(resp);
-        return;
-    }
-    auto &file = fileUpload.getFiles()[0];
-    auto now = std::chrono::system_clock::now();
-    auto ms = std::chrono::duration_cast<std::chrono::milliseconds>(now.time_since_epoch()).count();
-    std::string timestamp = std::to_string(ms) + '.' + std::string(file.getFileExtension());
     auto resp = HttpResponse::newHttpResponse();
-    resp->addHeader("Access-Control-Allow-Origin", "*");
-    resp->setBody(timestamp);
-    file.save();
-    shell_commons(("mv  ./uploads/" + file.getFileName() + " ./uploads/" + timestamp).c_str());
-
-    LOG_INFO << "The uploaded file has been saved to the ./uploads "
-                "directory";
-    callback(resp);
-    // auto now = std::chrono::high_resolution_clock::now();
-    // auto ms = std::chrono::time_point_cast<std::chrono::milliseconds>(now);
-    // auto timestamp = std::chrono::duration_cast<std::chrono::milliseconds>(ms.time_since_epoch());
+    if (jwtVerify(req))
+    {
+        MultiPartParser fileUpload;
+        if (fileUpload.parse(req) != 0 || fileUpload.getFiles().size() != 1)
+        {
+            auto resp = HttpResponse::newHttpResponse();
+            resp->setBody("Must only be one file");
+            resp->setStatusCode(k403Forbidden);
+            callback(resp);
+            return;
+        }
+        auto &file = fileUpload.getFiles()[0];
+        auto now = std::chrono::system_clock::now();
+        auto ms = std::chrono::duration_cast<std::chrono::milliseconds>(now.time_since_epoch()).count();
+        std::string timestamp = std::to_string(ms) + '.' + std::string(file.getFileExtension());
 
-    // std::stringstream ss;
-    // ss << timestamp.count();
-    // std::string fileName = ss.str();
-    //   // Save image to /root folder
-    //   auto imagePath = "/root/" + fileName;
-    //   imageFile->second.save(imagePath);
+        resp->addHeader("Access-Control-Allow-Origin", "*");
+        resp->setBody(timestamp);
+        file.save();
+        shell_commons(("mv  ./uploads/" + file.getFileName() + " ./uploads/" + timestamp).c_str());
 
-    //   // Send back filename in response
-    //   Json::Value resp;
-    //   resp["filename"] = fileName;
-    //   callback(HttpResponse::newHttpJsonResponse(resp));
+        LOG_INFO << "The uploaded file has been saved to the ./uploads "
+                    "directory";
+        callback(resp);
+    }
+    else
+    {
+        resp->setBody("No Authorization");
+    }
 }
+
 void getPicture(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)> &&callback)
 {
     std::string filename = req->getParameter("filename");
     auto resp = HttpResponse::newFileResponse("./uploads/" + filename);
-    resp->addHeader("Access-Control-Allow-Origin", "*");
-    callback(resp);
+    if (jwtVerify(req))
+    {
+        resp->addHeader("Access-Control-Allow-Origin", "*");
+        callback(resp);
+    }
+    else
+    {
+        resp->setBody("No Authorization");
+    }
 }

msg_controller.cc

@@ -26,7 +26,9 @@ void chat(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)
         std::string sender = jwtDecrypt(req->getHeader("Authorization").substr(7));
         std::string content = req_json["content"].asString();
         std::string receiver = req_json["receiver"].asString();
+
         sql_addhistory(sender, receiver, content, "0");
+        
         std::string msg = req_json["content"].asString();
         auto output = writer.write(res_json);
         res->setBody(output);
@@ -68,6 +70,7 @@ void friend_operation(const HttpRequestPtr &req, std::function<void(const HttpRe
         std::string sender = jwtDecrypt(req->getHeader("Authorization").substr(7));
         std::string receiver = req->getParameter("username");
         std::string operation = req->getParameter("operation");
+
         if (operation == "add")
         {
             if (sql_findexist(receiver))
@@ -81,6 +84,7 @@ void friend_operation(const HttpRequestPtr &req, std::function<void(const HttpRe
         else
         {
             sql_delete_operation(sender, receiver);
+
             res->setBody("Success");
         }
     }
@@ -95,8 +99,10 @@ void request_processing(const HttpRequestPtr &req, std::function<void(const Http
 {
     auto res = HttpResponse::newHttpResponse();
     res->addHeader("Access-Control-Allow-Origin", "*");
+
     if (jwtVerify(req))
     {
+
         std::string receiver = jwtDecrypt(req->getHeader("Authorization").substr(7));
         std::string sender = req->getParameter("username");
         std::string attitude = req->getParameter("info");
@@ -107,6 +113,7 @@ void request_processing(const HttpRequestPtr &req, std::function<void(const Http
     {
         res->setBody("No Authorization");
     }
+
     callback(res);
 }
 // get chat info
@@ -125,8 +132,10 @@ void info(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)
     Json::FastWriter writer;
     auto res = HttpResponse::newHttpResponse();
     res->addHeader("Access-Control-Allow-Origin", "*");
+
     if (jwtVerify(req))
     {
+
         me = jwtDecrypt(req->getHeader("Authorization").substr(7));
         if (req_json["person"].asString() == "")
         {
@@ -142,5 +151,6 @@ void info(const HttpRequestPtr &req, std::function<void(const HttpResponsePtr &)
     {
         res->setBody("No Authorization");
     }
+
     callback(res);
 }