Тест без кодекаса
This commit is contained in:
57
server.js
57
server.js
@@ -5,6 +5,9 @@ const session = require('express-session');
|
||||
const cors = require('cors');
|
||||
const crypto = require('crypto');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const multer = require('multer');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const {
|
||||
ALLOWED_SQL_TYPES,
|
||||
canAccessFolder,
|
||||
@@ -37,6 +40,7 @@ const {
|
||||
listBackups,
|
||||
pruneBackups,
|
||||
restoreBackup,
|
||||
uploadBackup,
|
||||
} = require('./src/services/backups');
|
||||
const {
|
||||
notifyError,
|
||||
@@ -50,6 +54,20 @@ const {
|
||||
|
||||
const app = express();
|
||||
|
||||
// Multer configuration for file uploads
|
||||
const upload = multer({
|
||||
storage: multer.memoryStorage(),
|
||||
limits: { fileSize: 500 * 1024 * 1024 }, // 500MB limit for backups
|
||||
fileFilter: (req, file, cb) => {
|
||||
// Only accept tar.gz files
|
||||
if (file.originalname.endsWith('.tar.gz') || file.mimetype === 'application/gzip' || file.mimetype === 'application/x-gzip') {
|
||||
cb(null, true);
|
||||
} else {
|
||||
cb(new Error('Only .tar.gz files are supported'));
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// Middleware
|
||||
app.use(cors());
|
||||
app.use(express.json({ limit: '1mb' }));
|
||||
@@ -437,6 +455,45 @@ app.post('/api/backups/:filename/restore', requireAuth, requirePermission(
|
||||
}
|
||||
});
|
||||
|
||||
app.post('/api/backups/upload', requireAuth, requirePermission(
|
||||
(permissions) => permissions.canManageUsers,
|
||||
'Backup access denied'
|
||||
), upload.single('file'), async (req, res) => {
|
||||
try {
|
||||
if (!req.file) {
|
||||
return res.status(400).json({ success: false, error: 'No file provided' });
|
||||
}
|
||||
|
||||
// Write the file to a temporary location first
|
||||
const tempPath = path.join(require('os').tmpdir(), `backup-upload-${Date.now()}.tar.gz`);
|
||||
await fs.promises.writeFile(tempPath, req.file.buffer);
|
||||
|
||||
try {
|
||||
// Upload the backup
|
||||
const settings = getSettings();
|
||||
const backup = await uploadBackup(tempPath, {
|
||||
keepLast: settings.backups.keepLast,
|
||||
});
|
||||
|
||||
appendAudit('backup.uploaded', req.currentUser.username, {
|
||||
filename: backup.filename,
|
||||
originalFilename: req.file.originalname,
|
||||
source: getAuditSource(req)
|
||||
});
|
||||
|
||||
res.json({ success: true, backup });
|
||||
} finally {
|
||||
// Clean up temp file
|
||||
try {
|
||||
await fs.promises.unlink(tempPath);
|
||||
} catch {}
|
||||
}
|
||||
} catch (err) {
|
||||
notifyError('Backup upload failed', err, { actor: req.currentUser.username }).catch(() => {});
|
||||
res.status(500).json({ success: false, error: err.message });
|
||||
}
|
||||
});
|
||||
|
||||
app.get('/api/settings', requireAuth, requirePermission(
|
||||
(permissions) => permissions.canManageUsers,
|
||||
'Settings access denied'
|
||||
|
||||
Reference in New Issue
Block a user