!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!

Software: Apache/2.4.41 (Ubuntu). PHP/8.0.30 

uname -a: Linux apirnd 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/usr/local/lib/node_modules/homebridge-camera-ui/server/components/users/   drwxr-xr-x
Free 13.3 GB of 57.97 GB (22.94%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    


Viewing file:     users.controller.js (4.49 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
/* eslint-disable unicorn/prevent-abbreviations */
'use-strict';

const crypto = require('crypto');
const multer = require('multer');
const path = require('path');

const config = require('../../../services/config/config.service');
const UserModel = require('./users.model');

exports.insert = async (req, res) => {
  try {
    const userExist = await UserModel.findByName(req.body.username);

    if (userExist) {
      return res.status(409).send({
        statusCode: 409,
        message: 'User already exists',
      });
    }

    const users = await UserModel.list();

    if (users.some((usr) => usr.permissionLevel.includes('admin')) && req.body.permissionLevel.includes('admin')) {
      return res.status(409).send({
        statusCode: 409,
        message: 'User with ADMIN permission level already exists',
      });
    }

    let salt = crypto.randomBytes(16).toString('base64');
    let hash = crypto.createHmac('sha512', salt).update(req.body.password).digest('base64');

    req.body.password = salt + '$' + hash;

    await UserModel.createUser(req.body);

    res.status(201).send({
      username: req.body.username,
      permissionLevel: req.body.permissionLevel,
    });
  } catch (error) {
    res.status(500).send({
      statusCode: 500,
      message: error.message,
    });
  }
};

exports.list = async (req, res, next) => {
  try {
    let result = await UserModel.list();

    for (const user of result) {
      delete user.password;
      //delete user.permissionLevel;
    }

    res.locals.items = result;

    return next();
  } catch (error) {
    res.status(500).send({
      statusCode: 500,
      message: error.message,
    });
  }
};

exports.getByName = async (req, res) => {
  try {
    const user = await UserModel.findByName(req.params.name);

    if (!user) {
      return res.status(404).send({
        statusCode: 404,
        message: 'User not exists',
      });
    }

    delete user.password;

    res.status(200).send(user);
  } catch (error) {
    res.status(500).send({
      statusCode: 500,
      message: error.message,
    });
  }
};

exports.patchByName = async (req, res) => {
  try {
    let user = await UserModel.findByName(req.params.name);

    if (!user) {
      return res.status(404).send({
        statusCode: 404,
        message: 'User not exists',
      });
    }

    const upload = multer({
      storage: multer.diskStorage({
        destination: (request_, file, callback) => {
          const userDir = path.join(config.ui.dbPath, 'db', 'users');
          callback(null, userDir);
        },
        filename: (request_, file, callback) => {
          const fileName = `photo_${user.id}_${file.originalname}`;
          callback(null, fileName);
        },
      }),
    }).single('photo');

    upload(req, res, async (error) => {
      if (error) {
        res.status(500).send({
          statusCode: 500,
          message: error.message,
        });
      }

      if (req.file) {
        req.body.photo = req.file.filename;
      }

      if (Object.keys(req.body).length === 0) {
        return res.status(400).send({
          statusCode: 400,
          message: 'Bad request',
        });
      }

      if (req.body.username && req.params.name !== req.body.username) {
        user = await UserModel.findByName(req.body.username);

        if (user) {
          return res.status(422).send({
            statusCode: 422,
            message: 'User already exists',
          });
        }
      }

      if (req.body.password) {
        let salt = crypto.randomBytes(16).toString('base64');
        let hash = crypto.createHmac('sha512', salt).update(req.body.password).digest('base64');
        req.body.password = salt + '$' + hash;
      }

      await UserModel.patchUser(req.params.name, req.body);

      res.status(204).send({});
    });
  } catch (error) {
    res.status(500).send({
      statusCode: 500,
      message: error.message,
    });
  }
};

exports.removeByName = async (req, res) => {
  try {
    const user = await UserModel.findByName(req.params.name);

    if (!user) {
      return res.status(404).send({
        statusCode: 404,
        message: 'User not exists',
      });
    }

    if (user.permissionLevel.includes('admin')) {
      return res.status(409).send({
        statusCode: 409,
        message: 'User with ADMIN permission level can not be removed',
      });
    }

    await UserModel.removeByName(req.params.name);

    res.status(204).send({});
  } catch (error) {
    res.status(500).send({
      statusCode: 500,
      message: error.message,
    });
  }
};

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0058 ]--