From e9c364ba7acf7621fbb11da6fd29b864ff3ed8a8 Mon Sep 17 00:00:00 2001 From: Azalea <22280294+hykilpikonna@users.noreply.github.com> Date: Sat, 25 Oct 2025 22:11:10 +0800 Subject: [PATCH] Update index.ts --- src/index.ts | 91 ++++++++++++++++++++++------------------------------ 1 file changed, 39 insertions(+), 52 deletions(-) diff --git a/src/index.ts b/src/index.ts index c01478a..9e12c6d 100644 --- a/src/index.ts +++ b/src/index.ts @@ -76,7 +76,7 @@ console.log("Server starting with valid 'secrets.json'.") function checkHeaderKey(headers: Record, expectList: string[] = [INSTANT_KEY]) { const key = headers["x-instant-key"] - if (!expectList.includes(key ?? "")) throw new HttpError(401, "Invalid authentication key") + if (!expectList.includes(key ?? "")) done(401, "Invalid authentication key") } export const app = new Elysia() @@ -167,65 +167,52 @@ export const app = new Elysia() }) // ----- 3. GET /photos/:id (Static File) ----- - // Returns the static file for the *edited* photo. - // Respects the 'hide' flag. - .get("/photos/:id", async ({ body }) => { - const { id } = body - const metadata = await getMetadata() - const photo = metadata.find((p) => p.id === id) + // Returns the static file for the *edited* photo. + // Respects the 'hide' flag. + .get("/photos/:id", async ({ body }) => { + const { id } = body + const metadata = await getMetadata() + const photo = metadata.find((p) => p.id === id) - // Not found or hidden - if (!photo || photo.hide === true) throw done(404, "Photo not found") + // Not found or hidden + if (!photo || photo.hide === true) throw done(404, "Photo not found") - const file = Bun.file(photo.edited_photo.path) - if (!(await file.exists())) { - console.error(`Missing file for ID ${id} at ${photo.edited_photo.path}`) - done(404, "Photo file not found on disk") - } - return file - }, { - body: t.Object({ id: t.String() }) - }) + const file = Bun.file(photo.edited_photo.path) + if (!(await file.exists())) { + console.error(`Missing file for ID ${id} at ${photo.edited_photo.path}`) + done(404, "Photo file not found on disk") + } + return file + }, { + body: t.Object({ id: t.String() }) + }) - // ----- 4. POST /edit ----- - // Edits a specific field in the metadata. - .post("/edit", async ({ body, status }) => { - const { id, key, field, value } = body - const metadata = await getMetadata() + // ----- 4. POST /edit ----- + // Edits a specific field in the metadata. + .post("/edit", async ({ headers, body, status }) => { + const { id, key, field, value } = body + const metadata = await getMetadata() - const photoIndex = metadata.findIndex((p) => p.id === id) - if (photoIndex === -1) throw + const photoIndex = metadata.findIndex((p) => p.id === id) + if (photoIndex === -1) done(404, "Photo not found") - const photo = metadata[photoIndex] + const photo = metadata[photoIndex] + checkHeaderKey(headers, [photo.owner_key, INSTANT_KEY]) - // Check authentication (owner key OR site key) - if (key !== photo.owner_key && key !== INSTANT_KEY) { - throw new HttpError(401, "Invalid authentication key") - } + // Prevent editing core, protected fields + const protectedFields = ["id", "owner_key", "upload_time", "original_photo", "edited_photo"] + if (protectedFields.includes(field)) done(400, `Cannot edit protected field: ${field}`) - // Prevent editing core, protected fields - const protectedFields = ["id", "owner_key", "upload_time", "original_photo", "edited_photo"] - if (protectedFields.includes(field)) { - throw new HttpError(400, `Cannot edit protected field: ${field}`) - } + // Apply the edit + console.log(`Editing photo ${id}: Set ${field} = ${value}`) + photo[field] = value + metadata[photoIndex] = photo // Update the photo in the main array - // Apply the edit - console.log(`Editing photo ${id}: Set ${field} = ${value}`) - photo[field] = value - metadata[photoIndex] = photo // Update the photo in the main array - - await saveMetadata(metadata) - - set.status = 200 // OK - return { success: true, id, updated: { [field]: value } } - }, { - body: t.Object({ - id: t.String(), - key: t.String(), - field: t.String(), - value: t.Any() // Allow any type of value (boolean, string, null, etc.) - }) - }) + await saveMetadata(metadata) + done(200, { success: true, id, updated: { [field]: value } }) + }, { + body: t.Object({ id: t.String(), key: t.String(), field: t.String(), value: t.Any() }) + }) .listen(3000)