2023-09-16 16:39:07 +03:00
const path = require('path');
const fs = require('fs');
2024-04-12 19:53:46 +03:00
const mime = require('mime-types');
2023-12-04 12:40:53 -05:00
const express = require('express');
2023-09-16 16:39:07 +03:00
const sanitize = require('sanitize-filename');
const fetch = require('node-fetch').default;
const { finished } = require('stream/promises');
2024-04-07 01:47:07 +03:00
const { UNSAFE_EXTENSIONS } = require('../constants');
2023-12-04 12:40:53 -05:00
const { jsonParser } = require('../express-common');
2023-12-05 18:04:32 -05:00
const { clientRelativePath } = require('../util');
2023-09-16 16:39:07 +03:00
2024-04-07 01:47:07 +03:00
const VALID_CATEGORIES = ['bgm', 'ambient', 'blip', 'live2d', 'vrm', 'character', 'temp'];
2023-09-16 16:39:07 +03:00
2023-12-05 17:35:11 -05:00
* Validates the input filename for the asset.
2023-09-16 16:39:07 +03:00
* @param {string} inputFilename Input filename
2023-12-05 17:38:23 -05:00
* @returns {{error: boolean, message?: string}} Whether validation failed, and why if so
2023-09-16 16:39:07 +03:00
2023-12-05 17:35:11 -05:00
function validateAssetFileName(inputFilename) {
2023-12-02 10:17:31 -05:00
if (!/^[a-zA-Z0-9_\-.]+$/.test(inputFilename)) {
2023-12-05 17:38:23 -05:00
return {
error: true,
message: 'Illegal character in filename; only alphanumeric, \'_\', \'-\' are accepted.',
2023-09-16 16:39:07 +03:00
2023-12-05 08:10:31 -05:00
const inputExtension = path.extname(inputFilename).toLowerCase();
if (UNSAFE_EXTENSIONS.some(ext => ext === inputExtension)) {
2023-12-05 17:38:23 -05:00
return {
error: true,
message: 'Forbidden file extension.',
2023-09-16 16:39:07 +03:00
if (inputFilename.startsWith('.')) {
2023-12-05 17:38:23 -05:00
return {
error: true,
message: 'Filename cannot start with \'.\'',
2023-09-16 16:39:07 +03:00
2023-12-05 17:35:11 -05:00
if (sanitize(inputFilename) !== inputFilename) {
2023-12-05 17:38:23 -05:00
return {
error: true,
message: 'Reserved or long filename.',
2023-12-05 17:35:11 -05:00
2023-12-05 17:38:23 -05:00
return { error: false };
2023-09-16 16:39:07 +03:00
2024-04-07 01:47:07 +03:00
* Recursive function to get files
* @param {string} dir - The directory to search for files
* @param {string[]} files - The array of files to return
* @returns {string[]} - The array of files
2023-11-12 18:56:01 +01:00
function getFiles(dir, files = []) {
2024-04-24 10:54:55 +03:00
if (!fs.existsSync(dir)) return files;
2023-11-12 18:56:01 +01:00
// Get an array of all files and directories in the passed directory using fs.readdirSync
2023-12-05 18:16:49 -05:00
const fileList = fs.readdirSync(dir, { withFileTypes: true });
2023-11-12 18:56:01 +01:00
// Create the full path of the file/directory by concatenating the passed directory and file/directory name
for (const file of fileList) {
2023-12-05 18:16:49 -05:00
const name = path.join(dir, file.name);
2023-11-12 18:56:01 +01:00
// Check if the current file/directory is a directory using fs.statSync
2023-12-05 18:16:49 -05:00
if (file.isDirectory()) {
2023-11-12 23:02:07 +02:00
// If it is a directory, recursively call the getFiles function with the directory path and the files array
getFiles(name, files);
2023-11-12 18:56:01 +01:00
} else {
2023-11-12 23:02:07 +02:00
// If it is a file, push the full path to the files array
2023-11-12 18:56:01 +01:00
2023-11-12 23:02:07 +02:00
return files;
2023-11-12 18:56:01 +01:00
2024-05-19 03:31:09 +03:00
* Ensure that the asset folders exist.
* @param {import('../users').UserDirectoryList} directories - The user's directories
function ensureFoldersExist(directories) {
const folderPath = path.join(directories.assets);
for (const category of VALID_CATEGORIES) {
const assetCategoryPath = path.join(folderPath, category);
if (fs.existsSync(assetCategoryPath) && !fs.statSync(assetCategoryPath).isDirectory()) {
if (!fs.existsSync(assetCategoryPath)) {
fs.mkdirSync(assetCategoryPath, { recursive: true });
2023-12-04 12:40:53 -05:00
const router = express.Router();
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
* HTTP POST handler function to retrieve name of all files of a given folder path.
* @param {Object} request - HTTP Request object. Require folder path in query
* @param {Object} response - HTTP Response object will contain a list of file path.
* @returns {void}
2023-09-16 16:39:07 +03:00
2024-04-07 01:47:07 +03:00
router.post('/get', jsonParser, async (request, response) => {
const folderPath = path.join(request.user.directories.assets);
2023-12-04 12:40:53 -05:00
let output = {};
try {
if (fs.existsSync(folderPath) && fs.statSync(folderPath).isDirectory()) {
2024-04-07 01:47:07 +03:00
2024-05-19 03:31:09 +03:00
2024-04-07 01:47:07 +03:00
2023-12-05 18:16:49 -05:00
const folders = fs.readdirSync(folderPath, { withFileTypes: true })
.filter(file => file.isDirectory());
2023-09-16 16:39:07 +03:00
2023-12-05 18:16:49 -05:00
for (const { name: folder } of folders) {
2023-12-04 12:40:53 -05:00
if (folder == 'temp')
2023-10-22 19:21:10 +02:00
2023-12-04 12:40:53 -05:00
// Live2d assets
if (folder == 'live2d') {
2023-09-16 16:39:07 +03:00
output[folder] = [];
2023-12-04 12:40:53 -05:00
const live2d_folder = path.normalize(path.join(folderPath, folder));
const files = getFiles(live2d_folder);
//console.debug("FILE FOUND:",files)
for (let file of files) {
if (file.includes('model') && file.endsWith('.json')) {
//console.debug("Asset live2d model found:",file)
2024-04-07 01:47:07 +03:00
output[folder].push(clientRelativePath(request.user.directories.root, file));
2023-12-04 12:40:53 -05:00
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
2024-01-05 07:00:23 +01:00
// VRM assets
if (folder == 'vrm') {
2024-01-21 15:19:13 +02:00
output[folder] = { 'model': [], 'animation': [] };
2024-01-05 07:00:23 +01:00
// Extract models
const vrm_model_folder = path.normalize(path.join(folderPath, 'vrm', 'model'));
let files = getFiles(vrm_model_folder);
//console.debug("FILE FOUND:",files)
for (let file of files) {
if (!file.endsWith('.placeholder')) {
//console.debug("Asset VRM model found:",file)
2024-04-07 01:47:07 +03:00
output['vrm']['model'].push(clientRelativePath(request.user.directories.root, file));
2024-01-05 07:00:23 +01:00
// Extract models
const vrm_animation_folder = path.normalize(path.join(folderPath, 'vrm', 'animation'));
files = getFiles(vrm_animation_folder);
//console.debug("FILE FOUND:",files)
for (let file of files) {
if (!file.endsWith('.placeholder')) {
//console.debug("Asset VRM animation found:",file)
2024-04-07 01:47:07 +03:00
output['vrm']['animation'].push(clientRelativePath(request.user.directories.root, file));
2024-01-05 07:00:23 +01:00
2023-12-04 12:40:53 -05:00
// Other assets (bgm/ambient/blip)
const files = fs.readdirSync(path.join(folderPath, folder))
.filter(filename => {
return filename != '.placeholder';
output[folder] = [];
for (const file of files) {
2023-12-05 18:04:32 -05:00
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
catch (err) {
return response.send(output);
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
* HTTP POST handler function to download the requested asset.
* @param {Object} request - HTTP Request object, expects a url, a category and a filename.
* @param {Object} response - HTTP Response only gives status.
* @returns {void}
router.post('/download', jsonParser, async (request, response) => {
const url = request.body.url;
const inputCategory = request.body.category;
// Check category
let category = null;
for (let i of VALID_CATEGORIES)
if (i == inputCategory)
category = i;
if (category === null) {
2024-04-07 01:47:07 +03:00
console.debug('Bad request: unsupported asset category.');
2023-12-04 12:40:53 -05:00
return response.sendStatus(400);
2023-09-16 16:39:07 +03:00
2023-12-05 17:38:23 -05:00
// Validate filename
2024-05-19 03:31:09 +03:00
2023-12-05 17:38:23 -05:00
const validation = validateAssetFileName(request.body.filename);
if (validation.error)
return response.status(400).send(validation.message);
2023-12-04 12:40:53 -05:00
2024-04-07 01:47:07 +03:00
const temp_path = path.join(request.user.directories.assets, 'temp', request.body.filename);
const file_path = path.join(request.user.directories.assets, category, request.body.filename);
2023-12-04 12:40:53 -05:00
console.debug('Request received to download', url, 'to', file_path);
try {
// Download to temp
const res = await fetch(url);
if (!res.ok || res.body === null) {
throw new Error(`Unexpected response ${res.statusText}`);
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
const destination = path.resolve(temp_path);
// Delete if previous download failed
if (fs.existsSync(temp_path)) {
fs.unlink(temp_path, (err) => {
if (err) throw err;
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
const fileStream = fs.createWriteStream(destination, { flags: 'wx' });
2024-04-07 01:47:07 +03:00
// @ts-ignore
2023-12-04 12:40:53 -05:00
await finished(res.body.pipe(fileStream));
2023-09-16 16:39:07 +03:00
2024-02-16 20:42:56 +02:00
if (category === 'character') {
2024-04-12 19:53:46 +03:00
const fileContent = fs.readFileSync(temp_path);
const contentType = mime.lookup(temp_path) || 'application/octet-stream';
response.setHeader('Content-Type', contentType);
2024-02-16 20:42:56 +02:00
2023-12-04 12:40:53 -05:00
// Move into asset place
console.debug('Download finished, moving file from', temp_path, 'to', file_path);
2024-04-18 15:50:27 -04:00
fs.copyFileSync(temp_path, file_path);
2023-12-04 12:40:53 -05:00
catch (error) {
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
* HTTP POST handler function to delete the requested asset.
* @param {Object} request - HTTP Request object, expects a category and a filename
* @param {Object} response - HTTP Response only gives stats.
* @returns {void}
router.post('/delete', jsonParser, async (request, response) => {
const inputCategory = request.body.category;
// Check category
let category = null;
for (let i of VALID_CATEGORIES)
if (i == inputCategory)
category = i;
if (category === null) {
2024-04-07 01:47:07 +03:00
console.debug('Bad request: unsupported asset category.');
2023-12-04 12:40:53 -05:00
return response.sendStatus(400);
2023-09-16 16:39:07 +03:00
2023-12-05 17:38:23 -05:00
// Validate filename
const validation = validateAssetFileName(request.body.filename);
if (validation.error)
return response.status(400).send(validation.message);
2023-12-04 12:40:53 -05:00
2024-04-07 01:47:07 +03:00
const file_path = path.join(request.user.directories.assets, category, request.body.filename);
2023-12-04 12:40:53 -05:00
console.debug('Request received to delete', category, file_path);
try {
// Delete if previous download failed
if (fs.existsSync(file_path)) {
fs.unlink(file_path, (err) => {
if (err) throw err;
console.debug('Asset deleted.');
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
else {
console.debug('Asset not found.');
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
// Move into asset place
catch (error) {
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
* HTTP POST handler function to retrieve a character background music list.
* @param {Object} request - HTTP Request object, expects a character name in the query.
* @param {Object} response - HTTP Response object will contain a list of audio file path.
* @returns {void}
router.post('/character', jsonParser, async (request, response) => {
if (request.query.name === undefined) return response.sendStatus(400);
2023-12-05 17:35:11 -05:00
// For backwards compatibility, don't reject invalid character names, just sanitize them
2023-12-04 12:40:53 -05:00
const name = sanitize(request.query.name.toString());
const inputCategory = request.query.category;
// Check category
let category = null;
for (let i of VALID_CATEGORIES)
if (i == inputCategory)
category = i;
if (category === null) {
2024-04-07 01:47:07 +03:00
console.debug('Bad request: unsupported asset category.');
2023-12-04 12:40:53 -05:00
return response.sendStatus(400);
2023-10-19 00:36:19 +02:00
2024-04-07 01:47:07 +03:00
const folderPath = path.join(request.user.directories.characters, name, category);
2023-12-04 12:40:53 -05:00
let output = [];
try {
if (fs.existsSync(folderPath) && fs.statSync(folderPath).isDirectory()) {
// Live2d assets
if (category == 'live2d') {
2023-12-05 18:16:49 -05:00
const folders = fs.readdirSync(folderPath, { withFileTypes: true });
for (const folderInfo of folders) {
if (!folderInfo.isDirectory()) continue;
const modelFolder = folderInfo.name;
2023-12-04 12:40:53 -05:00
const live2dModelPath = path.join(folderPath, modelFolder);
2023-12-05 18:16:49 -05:00
for (let file of fs.readdirSync(live2dModelPath)) {
//console.debug("Character live2d model found:", file)
if (file.includes('model') && file.endsWith('.json'))
output.push(path.join('characters', name, category, modelFolder, file));
2023-10-19 00:36:19 +02:00
2023-12-04 12:40:53 -05:00
return response.send(output);
2023-10-19 00:36:19 +02:00
2023-12-04 12:40:53 -05:00
// Other assets
const files = fs.readdirSync(folderPath)
.filter(filename => {
return filename != '.placeholder';
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
for (let i of files)
2023-09-16 16:39:07 +03:00
2023-12-04 12:40:53 -05:00
return response.send(output);
catch (err) {
return response.sendStatus(500);
2023-11-29 17:51:30 +02:00
2023-12-05 17:35:11 -05:00
module.exports = { router, validateAssetFileName };