1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159
| const express = require('express'); const ejs = require('ejs'); const session = require('express-session'); const bodyParse = require('body-parser'); const multer = require('multer'); const fs = require('fs'); const path = require("path");
function createDirectoriesForFilePath(filePath) { const dirname = path.dirname(filePath); fs.mkdirSync(dirname, { recursive: true }); }
function IfLogin(req, res, next) { if (req.session.user != null) { next(); } else { res.redirect('/login'); } }
const storage = multer.diskStorage({ destination: function (req, file, cb) { cb(null, path.join(__dirname, 'uploads')); }, filename: function (req, file, cb) { cb(null, file.originalname); } });
const upload = multer({ storage: storage, fileFilter: (req, file, cb) => { const fileExt = path.extname(file.originalname).toLowerCase(); if (fileExt === '.ejs') { return cb(new Error('Upload of .ejs files is not allowed'), false); } cb(null, true); } });
const admin = { "username": "ADMIN", "password": "123456" };
const app = express();
app.use(express.static(path.join(__dirname, 'uploads'))); app.use(express.json()); app.use(bodyParse.urlencoded({ extended: false })); app.set('view engine', 'ejs'); app.use(session({ secret: 'Can_U_hack_me?', resave: false, saveUninitialized: true, cookie: { maxAge: 3600 * 1000 } }));
app.get('/', (req, res) => { res.redirect('/login'); });
app.get('/login', (req, res) => { res.render('login'); });
app.post('/login', (req, res) => { const { username, password } = req.body; if (username === 'admin') { return res.status(400).send('you can not be admin'); } const new_username = username.toUpperCase(); if (new_username === admin.username && password === admin.password) { req.session.user = "ADMIN"; res.redirect('/rename'); } else { res.redirect('/login'); } });
app.get('/upload', (req, res) => { res.render('upload'); });
app.post('/upload', upload.single('fileInput'), (req, res) => { if (!req.file) { return res.status(400).send('No file uploaded'); } res.send('File uploaded successfully: ' + req.file.originalname); });
app.get('/render', (req, res) => { const { filename } = req.query; if (!filename) { return res.status(400).send('Filename parameter is required'); } const filePath = path.join(__dirname, 'uploads', filename); if (filePath.endsWith('.ejs')) { return res.status(400).send('Invalid file type.'); } res.render(filePath); });
app.get('/rename', IfLogin, (req, res) => { if (req.session.user !== 'ADMIN') { return res.status(403).send('Access forbidden'); } const { oldPath, newPath } = req.query; if (!oldPath || !newPath) { return res.status(400).send('Missing oldPath or newPath'); } if (newPath && /app\.js|\\|\.ejs/i.test(newPath)) { return res.status(400).send('Invalid file name'); } if (oldPath && /\.\.|flag/i.test(oldPath)) { return res.status(400).send('Invalid file name'); } const new_file = newPath.toLowerCase(); const oldFilePath = path.join(__dirname, 'uploads', oldPath); const newFilePath = path.join(__dirname, 'uploads', new_file); if (newFilePath.endsWith('.ejs')) { return res.status(400).send('Invalid file type.'); } if (!oldPath) { return res.status(400).send('oldPath parameter is required'); } if (!fs.existsSync(oldFilePath)) { return res.status(404).send('Old file not found'); } if (fs.existsSync(newFilePath)) { return res.status(409).send('New file path already exists'); } createDirectoriesForFilePath(newFilePath) fs.rename(oldFilePath, newFilePath, (err) => { if (err) { console.error('Error renaming file:', err); return res.status(500).send('Error renaming file'); } res.send('File renamed successfully'); }); });
app.listen('3000', () => { console.log(`http://localhost:3000`); });
|