diff --git a/main.py b/main.py
index 39aff04..14a1878 100644
--- a/main.py
+++ b/main.py
@@ -186,17 +186,31 @@ async def delete_file(url: str, key: str = ""):
return JSONResponse(content={"status": "error", "message": "invalid unique key"}, status_code=400)
-@app.get("/api/getFiles") # get files handler
-@app.get("/api/get_files") # get files handler
+@app.get("/api/getFiles/{group_id}") # get files handler
+@app.get("/api/get_files/{group_id}") # get files handler
@limiter.limit(dynamic_limit_provider)
-async def getFiles(request: Request,
+async def getFiles(group_id: str, request: Request,
Authorization: Annotated[Union[str, None], Header(convert_underscores=False)] = None):
token_db, auth_error = await check_token(Authorization) # Check token validity
if not token_db: # If token is not valid
return JSONResponse(content={"status": "error", "message": "Auth error", "auth_error": auth_error}, status_code=401)
- files = await db.file.find_many(where={"user_id": token_db.user_id}) # Get all user files from db
- user = await db.user.find_first(where={"id": token_db.user_id}) # Get all user files from db
+ user = await db.user.find_first(where={"id": token_db.user_id}) # Get user files from db
+
+ if group_id == "private":
+ user_id = user.id
+ else:
+ if not group_id.isnumeric():
+ return JSONResponse(content={"status": "error", "message": "Invalid group id"}, status_code=400)
+
+ group = await db.group.find_first(where={"group_id": group_id}, include={"members": True})
+ if not group:
+ return JSONResponse(content={"status": "error", "message": "Group not found"}, status_code=404)
+ if user not in group.members:
+ return JSONResponse({"status": "error", "message": "You are not in the group"}, status_code=400)
+
+ user_id = -int(group_id)
+ files = await db.file.find_many(where={"user_id": user_id}) # Get all user files from db
files_response = []
for file in files:
user_filename = file.user_filename[:50] + ("..." if len(file.user_filename) > 50 else "")
@@ -368,6 +382,8 @@ async def create_group(request: Request,
if not token_db: # If token is not valid
return JSONResponse(content={"status": "error", "message": "Auth error", "auth_error": auth_error}, status_code=401)
+ if len(body["group_name"]) > 50:
+ return JSONResponse(content={"status": "error", "message": "Group name length exceeded (50 chars)"}, status_code=400)
group = await db.group.create(data={
"name": body["group_name"],
"group_id": random.randint(10000000, 99999999),
diff --git a/web/api.js b/web/api.js
index 680b9cf..0196f15 100644
--- a/web/api.js
+++ b/web/api.js
@@ -32,12 +32,10 @@ function append_to_files_arr(data, id){
let newCell = newRow.insertCell();
let newCell2 = newRow.insertCell();
// Append a text node to the cell
- let url = document.createElement("a");
+ let url = document.createElement("p");
url.innerHTML = data['file_url_full'];
url.id = "url";
url.onclick = function(){navigator.clipboard.writeText(data['file_url_full']);}
- //url.href = data['file_url_full'];
- //url.target = "_blank";
let filename = document.createElement("p");
filename.innerHTML = data['user_filename'];
@@ -84,7 +82,7 @@ function append_to_files_arr(data, id){
urls_div.appendChild(url_link_div);
urls_div.appendChild(filename);
-
+
creation_date_div.appendChild(cr_time);
creation_date_div.appendChild(online);
urls_div.appendChild(creation_date_div);
@@ -163,16 +161,7 @@ async function fetch_groups(){
})
if (!response) return;
- /*let logim_page_btn = document.getElementById('login_page_a');
- logim_page_btn.textContent = "Logout";
- logim_page_btn.href = "/";
- logim_page_btn.onclick = function() {if (confirm("Log out?")) {logout()}};
- document.title = "File uploader ยท " + response.data.username;
-
- document.getElementById('login_mess').textContent = "Logged as " + response.data.username;*/
-
let groups = document.getElementById('groups');
-
for (const group of response.data.groups){
let groupel = document.createElement("option");
groupel.innerHTML = group.name;
@@ -190,7 +179,7 @@ async function fetch_groups(){
}
}
-async function fetch_files(accessToken, len){
+async function fetch_files(accessToken, group){
if (!accessToken) return [];
if (!checkAccess(accessToken)){
let new_access = await get_new_tokens(accessToken);
@@ -203,7 +192,7 @@ async function fetch_files(accessToken, len){
localStorage.setItem("accessToken", new_access);
}
try{
- let response = await axios.get(api_url + "/api/get_files", {
+ let response = await axios.get(api_url + "/api/get_files/" + group, {
headers: {
'Authorization': 'Bearer ' + accessToken
}
@@ -218,20 +207,29 @@ async function fetch_files(accessToken, len){
document.getElementById('login_mess').textContent = "Logged as " + response.data.username;
+ let len = 0;
let table = document.getElementById('files_table');
-
- // Insert a row at the start of table
- let newRow = table.insertRow(0);
- newRow.id = "transfer_row";
- // Insert a cell at the end of the row
- let newCell = newRow.insertCell();
- // Append a text node to the cell
- let transfer = document.createElement("button");
- transfer.id = "trensfer";
- transfer.innerHTML = "Transfer local files to an account"
- transfer.onclick = function(){if (confirm("Transfer local files to an active account?")) transfer_func()}
- if (len > 0) newCell.appendChild(transfer);
-
+ table.innerHTML = "";
+ if (group == "private"){
+ let file_history = JSON.parse(localStorage.getItem("file_history") || "[]");
+ if (file_history != []){
+ for (const file of file_history){
+ append_to_files_arr(file, len);
+ len++;
+ }
+ }
+ // Insert a row at the start of table
+ let newRow = table.insertRow(0);
+ newRow.id = "transfer_row";
+ // Insert a cell at the end of the row
+ let newCell = newRow.insertCell();
+ // Append a text node to the cell
+ let transfer = document.createElement("button");
+ transfer.id = "trensfer";
+ transfer.innerHTML = "Transfer local files to an account"
+ transfer.onclick = function(){if (confirm("Transfer local files to an active account?")) transfer_func()}
+ if (len > 0) newCell.appendChild(transfer);
+ }
let it = 0;
for (const file of response.data.data){
append_to_files_arr(file, len + it);
@@ -268,14 +266,13 @@ async function logout(){
'Authorization': 'Bearer ' + accessToken
}
})
- if (!response) return;
+ if (!response) return [];
if (response.status == 401 || response.status == 200){
localStorage.removeItem("accessToken");
let logim_page_btn = document.getElementById('login_page_a');
logim_page_btn.textContent = "Login";
logim_page_btn.href = "https://fu.andcool.ru/login/";
-
}
}catch{
localStorage.removeItem("accessToken");
@@ -284,6 +281,10 @@ async function logout(){
}
addEventListener("DOMContentLoaded", (event) => {
+ document.getElementById('groups').addEventListener("change", (event) => {
+ fetch_files(localStorage.getItem("accessToken"),
+ event.target.value);
+ });
document.getElementById('input_file').addEventListener('change', function(e) {
let fileInput = document.getElementById('input_file');
let load_mess = document.getElementById('load_mess');
@@ -312,17 +313,8 @@ addEventListener("DOMContentLoaded", (event) => {
}
});
- let file_history = JSON.parse(localStorage.getItem("file_history") || "[]");
- if (file_history != []){
- let it = 0;
- for (const file of file_history){
- append_to_files_arr(file, it);
- it++;
- }
- }
fetch_groups();
- fetch_files(localStorage.getItem("accessToken"), file_history.length);
-
+ fetch_files(localStorage.getItem("accessToken"), document.getElementById('groups').value);
let dropContainer = document.getElementById('dropContainer')
dropContainer.ondragover = dropContainer.ondragenter = function(evt) {
diff --git a/web/index.html b/web/index.html
index 05dc8b1..7a08adf 100644
--- a/web/index.html
+++ b/web/index.html
@@ -7,6 +7,9 @@
+
+
+
@@ -77,7 +80,7 @@ File uploader
Select file group:
-