Added file upload capabilties via the add pin dialog or drag-and-drop on the board page

server/auth.js

@@ -8,6 +8,36 @@ function sendAuthCookie(res, c){
     res.cookie('s', tokenUtils.encrypt(c), {maxAge: 315569520000}); // 10 years
 }
 
+function maybeGetUser(req){
+
+    if ( !req.cookies ){
+        return null;
+    }
+
+    // if we made it this far, we're eady to check for the cookie
+    let s = req.cookies.s;
+
+    // TODO: should probably check if the user's access has been revoked,
+    // but we currently don't allow deleting users anyway.  A key rotation would 
+    // be the other solution, but that would log out all users and require new tokens
+    // to be created.
+    if ( s ){
+        try {
+            s = tokenUtils.decrypt(s);
+            if ( s.i && s.u ){
+                return {
+                    id: s.i,
+                    name: s.u
+                }
+            }
+        } catch (err) {
+            console.log(`error parsing cookie: `, err);
+        }
+    }
+
+    return null;
+}
+
 module.exports = async (req, res, next) => {
 
     // we will also accept the auth token in the x-api-key header
@@ -60,6 +90,13 @@ module.exports = async (req, res, next) => {
         next();
         return;
     } if ( req.method == "GET" && req.originalUrl == "/login" ){
+
+
+        if ( maybeGetUser(req) ){
+            res.redirect("./");
+            return;
+        }
+
         console.log("login");
         // res.type("html").sendFile(path.resolve('./templates/login.html'));
         res.render("login", { registerEnabled: dao.getProperty("registerEnabled") });
@@ -135,26 +172,27 @@ module.exports = async (req, res, next) => {
         return;
     } 
 
-    // if we made it this far, we're eady to check for the cookie
-    let s = req.cookies.s;
+    // // if we made it this far, we're eady to check for the cookie
+    // let s = req.cookies.s;
 
-    // TODO: should probably check if the user's access has been revoked,
-    // but we currently don't allow deleting users anyway.  A key rotation would 
-    // be the other solution, but that would log out all users and require new tokens
-    // to be created.
-    if ( s ){
-        try {
-            s = tokenUtils.decrypt(s);
-            if ( s.i && s.u ){
-                req.user = {
-                    id: s.i,
-                    name: s.u
-                }
-            }
-        } catch (err) {
-            console.error(`error parsing cookie: `, err);
-        }
-    }
+    // // TODO: should probably check if the user's access has been revoked,
+    // // but we currently don't allow deleting users anyway.  A key rotation would 
+    // // be the other solution, but that would log out all users and require new tokens
+    // // to be created.
+    // if ( s ){
+    //     try {
+    //         s = tokenUtils.decrypt(s);
+    //         if ( s.i && s.u ){
+    //             req.user = {
+    //                 id: s.i,
+    //                 name: s.u
+    //             }
+    //         }
+    //     } catch (err) {
+    //         console.error(`error parsing cookie: `, err);
+    //     }
+    // }
+    req.user = maybeGetUser(req);
 
     if ( !req.user ){
         res.redirect("/login");

server/server.js

@@ -1,6 +1,7 @@
 const yargs = require('yargs');
 const express = require('express');
 const bodyParser = require('body-parser');
+const multer = require("multer")
 const path = require('path');
 const cookieParser = require('cookie-parser');
 const tokenUtil = require('./token-utils.js');
@@ -10,6 +11,9 @@ const imageUtils = require('./image-utils.js');
 var eta = require("eta");
 const tokenUtils = require('./token-utils.js');
 
+// consider using temp files, but we're going to limit the size so should be ok
+const upload = multer({storage:multer.memoryStorage(), limits: {fileSize: 26214400, files: 1}}); // 1 - 25MB file
+
 module.exports = async () => {
 
     process.on('SIGINT', () => {
@@ -340,6 +344,7 @@ module.exports = async () => {
         res.status(200).send({t: token});
     });
 
+    // handle raw uploads for pin creation
     app.post("/up", async (req, res) => {
 
         try {
@@ -358,7 +363,7 @@ module.exports = async () => {
                 board = dao.createBoard(req.user.id, boardName, 0);
             }
             
-            let pin = dao.createPin(req.user.id, board.id, null, null, null, null, image.original.height, image.original.width, image.thumbnail.height, image.thumbnailWidth);
+            let pin = dao.createPin(req.user.id, board.id, null, null, null, null, image.original.height, image.original.width, image.thumbnail.height, image.thumbnail.height);
 
             await imageUtils.saveImage(req.user.id, pin.id, image);
 
@@ -371,6 +376,38 @@ module.exports = async () => {
         }
     });
 
+
+    // handle multipart uploads for pin creation
+    app.post("/multiup", upload.single('file'), async(req, res) => {
+        try {
+
+            let image = await imageUtils.processImage(req.file.buffer); // file.buffer only works with the Memory store for multer.  
+
+            let boardId = req.body.boardId;
+
+            let board = null;
+
+            if ( boardId == "new" ){
+                board = dao.createBoard(req.user.id, req.body.newBoardName, 0);
+            } else {
+                board = dao.getBoard(req.user.id, boardId);
+            } 
+
+            console.log(image);
+
+            let pin = dao.createPin(req.user.id, board.id, null, req.body.siteUrl, req.body.description, null, image.original.height, image.original.width, image.thumbnail.height, image.thumbnail.height);
+
+            await imageUtils.saveImage(req.user.id, pin.id, image);
+
+            broadcast(req.user.id, {updateBoard:board.id});
+            res.status(200).send(pin);
+
+        } catch (err) {
+            console.log(`Error creating pin via multipart upload`, err);
+            res.status(500).send(SERVER_ERROR);
+        }
+    });
+
     app.get("/api/apikey", (req,res) => {
         let s = req.cookies['s'];
         console.log("s=" + s);