Fix Kurz-URL: Shortening server-seitig beim Erstellen, kein CORS, sync kopieren

This commit is contained in:
2026-06-06 01:55:14 +02:00
parent 6c3ab332c0
commit 9d05233fe1
3 changed files with 42 additions and 44 deletions

View File

@@ -521,13 +521,11 @@ if (!db.prepare("SELECT name FROM sqlite_master WHERE type='table' AND name='cal
`);
}
// upload_shares Fehlversuche-Tracking
// short_url auf upload_shares
{
const usCols = db.pragma('table_info(upload_shares)').map(c => c.name);
if (!usCols.includes('failed_attempts'))
db.exec('ALTER TABLE upload_shares ADD COLUMN failed_attempts INTEGER DEFAULT 0');
if (!usCols.includes('deactivated_reason'))
db.exec("ALTER TABLE upload_shares ADD COLUMN deactivated_reason TEXT DEFAULT NULL");
const cols = db.pragma('table_info(upload_shares)').map(c => c.name);
if (!cols.includes('short_url'))
db.exec('ALTER TABLE upload_shares ADD COLUMN short_url TEXT DEFAULT NULL');
}
module.exports = db;

View File

@@ -1,4 +1,5 @@
const express = require('express');
const https = require('https');
const bcrypt = require('bcryptjs');
const crypto = require('crypto');
const multer = require('multer');
@@ -8,6 +9,20 @@ const db = require('../../db');
const { authenticate, requireAdmin } = require('../../middleware/auth');
const router = express.Router();
// Node-seitige URL-Kürzung (kein CORS-Problem)
function shortenUrl(longUrl) {
return new Promise(resolve => {
const url = `https://is.gd/create.php?format=simple&url=${encodeURIComponent(longUrl)}`;
const req = https.get(url, { headers:{'User-Agent':'DickenDock/1.0'} }, res => {
let data = '';
res.on('data', d => data += d);
res.on('end', () => resolve(data.trim().startsWith('http') ? data.trim() : null));
});
req.on('error', () => resolve(null));
req.setTimeout(5000, () => { req.destroy(); resolve(null); });
});
}
const UPLOAD_DIR = process.env.UPLOAD_DIR || '/data/uploads';
function generateToken() { return crypto.randomBytes(20).toString('base64url'); }
@@ -40,7 +55,7 @@ router.get('/', authenticate, (req, res) => {
res.json({ shares, folder });
});
router.post('/', authenticate, (req, res) => {
router.post('/', authenticate, async (req, res) => {
if (!canUseUploadShare(req.user.id)) return res.status(403).json({ error:'Keine Berechtigung' });
const { password, expires_hours=24, max_size_mb=10 } = req.body;
if (!password?.trim()) return res.status(400).json({ error:'Passwort erforderlich' });
@@ -53,7 +68,13 @@ router.post('/', authenticate, (req, res) => {
VALUES (?,?,?,?,?,?,datetime('now','localtime'))
`).run(req.user.id, token, hash, expires, Number(max_size_mb), folder.id);
const share = db.prepare('SELECT * FROM upload_shares WHERE id=?').get(r.lastInsertRowid);
res.json({ ...share, url:`/u/${token}` });
// URL direkt beim Erstellen kürzen (server-seitig, kein CORS)
const baseUrl = `${req.protocol}://${req.get('host')}`;
const fullUrl = `${baseUrl}/u/${token}`;
let shortUrl = null;
try { shortUrl = await shortenUrl(fullUrl); } catch {}
if (shortUrl) db.prepare('UPDATE upload_shares SET short_url=? WHERE id=?').run(shortUrl, share.id);
res.json({ ...share, short_url: shortUrl, url: fullUrl });
});
router.delete('/:id', authenticate, (req, res) => {