From 7191e6ea8ba83306b4a0b7c64b7327cb3c4000e0 Mon Sep 17 00:00:00 2001 From: equippedcoding-master Date: Tue, 30 Sep 2025 10:25:02 -0500 Subject: [PATCH] update 3983453 --- .gitignore | 112 ++++++++++++ README.md | 3 + portal/admin/.htaccess | 2 +- .../core/api/js/appfactory/afsdocuments.js | 30 +++- .../api/js/pages/modules/imp_documents.js | 160 ++---------------- .../admin/core/api/php/includes/functions.php | 15 +- portal/admin/core/api/php/request.php | 2 +- portal/admin/core/db/create-system-tables.sql | 4 + .../scripts/remote/builder/app_install.sh | 52 ++---- portal/api/v1/data/.htaccess | 107 +++++++++++- 10 files changed, 287 insertions(+), 200 deletions(-) create mode 100644 .gitignore create mode 100644 README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..a8f567e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,112 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# TypeScript v1 declaration files +typings/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variables file +#.env +#.env.test + +# parcel-bundler cache (https://parceljs.org/) +.cache + +# Next.js build output +.next + +# Nuxt.js build / generate output +.nuxt +#dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and *not* Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + + +.DS_Store +._.DS_Store + + + + diff --git a/README.md b/README.md new file mode 100644 index 00000000..f59fa10c --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ + +### Portal + diff --git a/portal/admin/.htaccess b/portal/admin/.htaccess index b2b8acc6..2e4539b6 100644 --- a/portal/admin/.htaccess +++ b/portal/admin/.htaccess @@ -7,7 +7,7 @@ # RewriteCond %{REQUEST_FILENAME} !-d # RewriteRule . /portal/admin/index.php [L] - +Options -Indexes diff --git a/portal/admin/core/api/js/appfactory/afsdocuments.js b/portal/admin/core/api/js/appfactory/afsdocuments.js index c737626e..de431fe0 100644 --- a/portal/admin/core/api/js/appfactory/afsdocuments.js +++ b/portal/admin/core/api/js/appfactory/afsdocuments.js @@ -8,7 +8,7 @@ } else { root.AFSDocuments = factory();// browser global. } -})(function() { +})(function() { function AFSDocuments(documents, app, managed_domain){ this.files = documents; @@ -31,8 +31,11 @@ let gen_nam = "d"+self.app.utils.randomGenerator(12) + "." + file.name.split('.').pop(); let content_type = self.getMimiType(file.name); // let urlparams = `/portal/admin/core/api/php/request.php?getdoc=true&ref=${ref_num}&name=${gen_nam}&content_type=${content_type}`; - let urlparams = `/portal/api/data/downloads?getdoc=true&ref=${ref_num}&name=${gen_nam}&content_type=${content_type}`; - let doc_url = self.app.extra.config.managed_domain.Address + urlparams; + let urlparams = `?getdoc=true&ref=${ref_num}&name=${gen_nam}&content_type=${content_type}`; + let doc_url = `https://api.${self.app.extra.config.managed_domain.Domain}/v1/data/downloads${urlparams}`; + let doc_url2 = `${self.app.extra.config.managed_domain.Address2}/portal/admin/core/api/php/request.php${urlparams}`; + // https://www.appfactory.studio/portal/api/data/downloads?getdoc=true&ref=doc888072803282&name=djnUwMIfNWmiK.png&content_type=image/png + // https://api.appfactory.studio/v1/data/downloads?getdoc=true&ref=doc888072803282&name=djnUwMIfNWmiK.png&content_type=image/png let fileobj = self._NewFileObject( file.name, @@ -40,15 +43,16 @@ file.size, file.type, new Date().toLocaleString(), - "/mnt/"+self.app.extra.config.managed_domain.SystemUser+"/modules/documents", + "/mnt/node1/"+self.app.extra.config.managed_domain.SystemUser+"/modules/documents", doc_url, + doc_url2, ref_num, catogery, jsondata); // console.log(fileobj); let formData = new FormData(); - formData.append("fileuploadUrl", file); + formData.append("fileuploadUrl", file); formData.append("datauploadUrl", JSON.stringify(fileobj)); let req = new XMLHttpRequest(); @@ -81,6 +85,8 @@ req.open("POST", requesturl); req.send(formData); + + }); }, @@ -88,7 +94,7 @@ }, - _NewFileObject: function(on,gn,fs,ft,ud,loc,url,ref,cat,jsondata){ + _NewFileObject: function(on,gn,fs,ft,ud,loc,url,url2,ref,cat,jsondata){ return { "original_name": on, "generated_name": gn, @@ -97,6 +103,7 @@ "upload_date": ud, "directory": loc, "url": url, + "url2": url2, "reference_num": ref, "catagory": cat, "json": jsondata @@ -220,6 +227,17 @@ + }, + + getDocumentUrl(document,managed_domain){ + let url = document.url; + if(window.location.href.includes(managed_domain.Domain)){ + url = document.url; + }else{ + url = document.url2; + } + + return url; } diff --git a/portal/admin/core/api/js/pages/modules/imp_documents.js b/portal/admin/core/api/js/pages/modules/imp_documents.js index 657dcefd..c5186c1c 100644 --- a/portal/admin/core/api/js/pages/modules/imp_documents.js +++ b/portal/admin/core/api/js/pages/modules/imp_documents.js @@ -13,6 +13,7 @@ })(function(bootstrap) { + function init(app){ app.extra.current.documents = {}; AFSSpinner.showFullScreen(true); @@ -20,6 +21,7 @@ app.extra.extras.RequestDocuments(100,function(documents){ if(app.extra.documents==undefined){ app.extra.documents = documents; } + app.extra.instances.documents.setDocuments(documents); AFSSpinner.showFullScreen(false); _init(app); },app.extra.documents,true,app); @@ -32,7 +34,8 @@ function append_files(documents,app){ let ids = []; let rowsHtml = ""; - for (let i = 0; i < documents.length; i++) { + // for (let i = 0; i < documents.length; i++) { + for (let i = documents.length - 1; i >= 0; i--) { const index = i; const document = documents[i]; const id = "m"+app.utils.randomGenerator(12); @@ -70,7 +73,7 @@ console.log(params); AFSSpinner.showFullScreen(false); modal.toggle(); - let documents = app.extra.documents; + let documents = app.extra.instances.documents.files; // app.extra.documents; append_files(documents,app); }); }); @@ -122,14 +125,15 @@ }); }); }); - + function displayImageEditor(app){ // Image editor + let url = app.extra.instances.documents.getDocumentUrl(app.extra.current.documents.document.obj, app.extra.config.managed_domain); var imageEditor = new tui.ImageEditor('#tui-image-editor-container2', { includeUI: { loadImage: { - path: app.extra.current.documents.document.obj.url, //'img/sampleImage2.png', + path: url, //'img/sampleImage2.png', name: 'SampleImage', }, // theme: blackTheme, // or whiteTheme @@ -150,7 +154,7 @@ } - + // console.log(app.extra.current.documents); if(app.utils.imageExists(app.extra.current.documents.document.obj.url)){ if(app.utils.isFileType("image",app.extra.current.documents.document.obj.generated_name)){ // console.log(imageExists(app.extra.current.documents.document.obj.url)); @@ -163,12 +167,6 @@ $("#document_status_message").text("File missing!"); } - - - console.log(app.extra.current.documents.document); - // console.log(imageEditor); - // console.log(tui); - } function UpdateDocuments(action,mydocument,app,cb){ @@ -210,7 +208,7 @@ - + ${rows} @@ -264,99 +262,6 @@ - $("#_______add_document_btn12121").on("click",function(e){ - e.preventDefault(); - let modal = new bootstrap.Modal("#modal_upload_document"); - modal.toggle(); - - $("#modal_upload_new_file_btn").off(); - $("#modal_upload_new_file_btn").on("click",function(e){ - e.preventDefault(); - AFSSpinner.showFullScreen(true); - - let file = $('#modal_document_file_upload_input').prop('files')[0]; - - let fileobj = NewFileObject( - file.name, - "d"+app.utils.randomGenerator(12) + "." + file.name.split('.').pop(), - file.size, - file.type, - new Date().toLocaleString(), - "/mnt/"+app.extra.config.managed_domain.SystemUser+"/modules/documents", - "none"); - - console.log(file); - console.log(fileobj); - app.extra.config.configurations.documents[0].json.files.push(fileobj); - - UploadDocument(file, fileobj, app, function(resp){ - console.log(resp); - let senddata2 = { - configurations_update: true, - mysql_id: app.extra.config.configurations.documents[0].json.mysql_id, - data: JSON.stringify(app.extra.config.configurations.documents[0].json) - } - $.post(app.extra.url,senddata2,function(resp2){ - AFSSpinner.showFullScreen(false); - console.log(resp2); - RemoveModal(modal); - - append_files(app); - }); - }); - // - - // var form_data = new FormData(); - // form_data.append('file', file_data); - // console.log(file_data); - - - // let fi = document.getElementById('modal_document_file_upload_input'); - // const fsize = fi.files.item(0).size; - // const file = Math.round((fsize / 1024)); - // // The size of the file. - // if (file >= 4096) { - // console.log("yes"); - // }else{ - // console.log("no"); - // } - - - // $.ajax({ - // url: app.extra.url + "?upload=true", // <-- point to server-side PHP script - // dataType: 'text', // <-- what to expect back from the PHP script, if anything - // cache: false, - // contentType: false, - // processData: false, - // data: form_data, - // type: 'post', - // success: function(php_script_response){ - // alert(php_script_response); // <-- display response from the PHP script, if any - // } - // }); - - // RemoveModal(modal); - // let senddata = { - // configurations_update:true, - // mysql_id: app.extra.config.configurations.documents[0].mysql_id, - // data: JSON.stringify(app.extra.config.configurations.documents[0]) - // } - - // $.post(app.extra.url,senddata,function(resp){ - // console.log(resp); - // }); - }) - - - - - - }); - - - - - } @@ -391,53 +296,10 @@ $('body').css("overflow",""); $('body').css("padding-right",""); } - function NewFileObject(on,gn,fs,ft,ud,loc,url){ - return { - "original_name": on, - "generated_name": gn, - "file_size": fs, - "file_type": ft, - "upload_date": ud, - "location": loc, - "url": url - } - } - // deprecated - used in afsdocuments - function UploadDocument(file,obj,app,cb){ - let formData = new FormData(); - // these values are switched - let datauploadUrl = "datauploadUrl";//sponsorship.json.request.dataupload; - let fileuploadUrl = "fileuploadUrl";//sponsorship.json.request.fileupload; - formData.append(fileuploadUrl, file); - formData.append(datauploadUrl, JSON.stringify(obj)); - - let req = new XMLHttpRequest(); - req.addEventListener('progress', function(e) { - var done = e.position || e.loaded, total = e.totalSize || e.total; - // console.log('---progress: ' + (Math.floor(done/total*1000)/10) + '%'); - }, false); - if ( req.upload ) { - // self.upload_in_progress = true; - req.upload.onprogress = function(e) { - var done = e.position || e.loaded, total = e.totalSize || e.total; - // console.log(' req.upload progress: ' + done + ' / ' + total + ' = ' + (Math.floor(done/total*1000)/10) + '%'); - }; - } - req.onreadystatechange = function(e) { - if ( 4 == this.readyState ) { - // console.log(e.target.responseText) - if(cb!=undefined){ - cb(e.target.responseText,e); - } - } - }; - let requesturl = app.extra.url;// afsconfig.managed_domain.Address + "/" + sponsorship.json.request.url - req.open("POST", requesturl); - req.send(formData); - } + return { init, diff --git a/portal/admin/core/api/php/includes/functions.php b/portal/admin/core/api/php/includes/functions.php index 8c057674..abd51346 100644 --- a/portal/admin/core/api/php/includes/functions.php +++ b/portal/admin/core/api/php/includes/functions.php @@ -679,6 +679,10 @@ function getSubdomain2($dboverride = false) { } $subdomain = str_replace("\n", "", $subdomain); $subdomain = trim($subdomain, " "); + + if($subdomain!="www" || $subdomain!="www15"){ + $subdomain = "www"; + } return $subdomain; } function get_subdomain_managed_domain_new_way($subdomain,$dboverride = false){ @@ -8341,6 +8345,8 @@ function admin_documents_delete_document(){ } + +// rrrrr function api_data_downloads(){ // if (Input::get('getdoc')) { $subdomain = getSubdomain2(); @@ -8357,6 +8363,8 @@ function api_data_downloads(){ $content_type = Input::get("content_type"); $content_type = ($content_type) ? $content_type : "image/$ext"; $filename = $fileDir . $file; + +// https://api.appfactory.studio/v1/data/downloads?getdoc=true&ref=doc888072803282&name=djnUwMIfNWmiK.png&content_type=image/png if (file_exists($filename)) { header('Content-Description: File Transfer'); @@ -8374,7 +8382,9 @@ function api_data_downloads(){ die(); }else{ // echo $filename; - echo ""; + // echo "no file $subdomain $filename "; + + // EchoJsonObject($managed_domain); } // } @@ -8448,7 +8458,8 @@ function handleUploadFile(){ "file_type" => $data2["file_type"], "upload_date" => $data2["upload_date"], "directory" => $data2["directory"], - "url" => $data2["url"] + "url" => $data2["url"], + "url2" => $data2["url2"] )); // { // "success" : 1, diff --git a/portal/admin/core/api/php/request.php b/portal/admin/core/api/php/request.php index 2ecf5e9d..128b9319 100644 --- a/portal/admin/core/api/php/request.php +++ b/portal/admin/core/api/php/request.php @@ -626,7 +626,7 @@ if(Input::get("admin_documents_get_documents")){ if(Input::get("admin_documents_delete_document")){ admin_documents_delete_document(); } -if (Input::get('datauploadUrl')) { +if (Input::get('datauploadUrl')) { $handle = handleUploadFile(); echo json_encode($handle["message"]); } diff --git a/portal/admin/core/db/create-system-tables.sql b/portal/admin/core/db/create-system-tables.sql index 4f04598d..99730af3 100644 --- a/portal/admin/core/db/create-system-tables.sql +++ b/portal/admin/core/db/create-system-tables.sql @@ -128,10 +128,14 @@ CREATE TABLE IF NOT EXISTS documents ( upload_date VARCHAR(255) NULL, directory VARCHAR(255) NULL, url VARCHAR(255) NULL, + url2 VARCHAR(255) NULL, jsontext MEDIUMTEXT, date TIMESTAMP DEFAULT CURRENT_TIMESTAMP() ); +-- ALTER TABLE documents CREATE COLUMN url2 VARCHAR(255) NULL; + + -- Forms CREATE TABLE IF NOT EXISTS forms ( id INT AUTO_INCREMENT PRIMARY KEY, diff --git a/portal/admin/core/scripts/remote/builder/app_install.sh b/portal/admin/core/scripts/remote/builder/app_install.sh index 52fe8669..e454a84e 100644 --- a/portal/admin/core/scripts/remote/builder/app_install.sh +++ b/portal/admin/core/scripts/remote/builder/app_install.sh @@ -272,18 +272,18 @@ function run_install() chmod 775 -R /home/$systemuser/ mkdir -p /home/$systemuser/gitfolder/ - if [ -d "${basedirectory}/www/.vscode" ]; then - mv ${basedirectory}/www/.vscode /home/$systemuser/gitfolder/ - fi - if [ -f "${basedirectory}/www/.gitignore" ]; then - mv ${basedirectory}/www/.gitignore /home/$systemuser/gitfolder/ - fi - if [ -d "${basedirectory}/www/.git" ]; then - mv ${basedirectory}/www/.git /home/$systemuser/gitfolder/ - fi - if [ -f "${basedirectory}/www/README.md" ]; then - mv ${basedirectory}/www/README.md /home/$systemuser/gitfolder/ - fi + # if [ -d "${basedirectory}/www/.vscode" ]; then + # mv ${basedirectory}/www/.vscode /home/$systemuser/gitfolder/ + # fi + # if [ -f "${basedirectory}/www/.gitignore" ]; then + # mv ${basedirectory}/www/.gitignore /home/$systemuser/gitfolder/ + # fi + # if [ -d "${basedirectory}/www/.git" ]; then + # mv ${basedirectory}/www/.git /home/$systemuser/gitfolder/ + # fi + # if [ -f "${basedirectory}/www/README.md" ]; then + # mv ${basedirectory}/www/README.md /home/$systemuser/gitfolder/ + # fi # TODO_1: Should I be using type.txt echo $subdomain > ${basedirectory}/www/portal/type.txt @@ -353,34 +353,6 @@ function run_mysql_database() basedirectory="/home/$systemuser/websites" log2="/mnt/node1/appfactorystudio/logs/remote_logger2.log" - # sleep 5 - # echo "" &>> $log2 - # echo "===== mysql_password" &>> $log2 - # echo "$mysql_password" &>> $log2 - - # echo "" &>> $log2 - # echo "===== CONFIG_JSON" &>> $log2 - # echo "$CONFIG_JSON" &>> $log2 - - # echo "" 2>&1 >> $log2 - # echo "===== MAIN_DIR" &>> $log2 - # echo "$MAIN_DIR" &>> $log2 - - # echo "" 2>&1 >> $log2 - # echo "===== db_username" &>> $log2 - # echo "$db_username" &>> $log2 - - # echo "" 2>&1 >> $log2 - # echo "===== db_name" &>> $log2 - # echo "$db_name" &>> $log2 - - # if [ -d "/home/${systemuser}/websites/www/portal/" ]; then - # echo "DOES EXIST NOW 1 - $systemuser" &>> $log2 - # else - # echo "DOES NOT EXIST NOW 2 - $systemuser" &>> $log2 - # fi - - mysql -p"${mysql_password}" -u root -e "CREATE DATABASE IF NOT EXISTS ${db_name}"; 2>&1 >> $log2 mysql -p"${mysql_password}" -u root -e "CREATE USER '${db_username}'@'localhost' IDENTIFIED BY '${db_password}'"; 2>&1 >> $log2 mysql -p"${mysql_password}" -u root -e "GRANT ALL ON ${db_name}.* TO '${db_username}'@'localhost'"; 2>&1 >> $log2 diff --git a/portal/api/v1/data/.htaccess b/portal/api/v1/data/.htaccess index 1042bff2..a1d636d0 100644 --- a/portal/api/v1/data/.htaccess +++ b/portal/api/v1/data/.htaccess @@ -1,3 +1,79 @@ + +########## BEGIN RECOMMENDED RULES (COMMENT OUT OR UNCOMMENT AS NEEDED) ########## + +### htaccess (https://github.com/delight-im/htaccess) +### Copyright (c) delight.im (https://www.delight.im/) +### Licensed under the MIT License (https://opensource.org/licenses/MIT) + +Header set Access-Control-Allow-Origin "*" +Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" +Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" + + + + # Turn off directory listings for folders without default documents + Options -Indexes + + + + + + # Disable 'MultiViews' implicit filename pattern matches + Options -MultiViews + + + +# Serve "text/plain" and "text/html" documents as UTF-8 by default +AddDefaultCharset utf-8 + +# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers +FileETag None + + + + # Enable HTTP Strict Transport Security (HSTS) with a duration of six months (Uncomment 1 line below) + # Header set Strict-Transport-Security max-age=15778800 + + + + + + # Force 'www' (i.e. prefix the "bare" domain and all subdomains with 'www' through permanent redirects) (Uncomment 6 lines below) + # RewriteCond %{HTTP_HOST} !^$ + # RewriteCond %{HTTP_HOST} !^www\. [NC] + # RewriteCond %{HTTPS}s ^on(s)| + # # RewriteCond %{REQUEST_SCHEME} ^http(s)| + # # RewriteCond %{SERVER_PORT}s ^443(s)| + # RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + + # Force HTTPS (Uncomment 4 lines below) + # RewriteCond %{HTTPS} off + # # RewriteCond %{REQUEST_SCHEME} http + # # RewriteCond %{SERVER_PORT} !443 + # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + + + +# Prevent access to non-minified CSS and JS (Uncomment 3 lines below) +# +# Require all denied +# + +# Show a custom error document for "404 Not Found" errors (Uncomment 1 line below) +# ErrorDocument 404 /notFound.html + +# Announce contact information for security issues (Uncomment 2 lines below) +# Header set X-Vulnerability-Disclosure "https://www.example.com/security" +# Header set X-Security-Contact "security@example.com" + +########## END RECOMMENDED RULES ########## + +########## BEGIN CUSTOM RULES (YOUR OWN RULES GO HERE) ########## + +# Add your rules here ... + +########## END CUSTOM RULES ########## + RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] @@ -6,4 +82,33 @@ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /v1/data/index.php [L] - \ No newline at end of file + + + Header set Access-Control-Allow-Origin "*" + + + # Prevent clickjacking (forbids framing by third-party sites) + Header set X-Frame-Options sameorigin + + # Prevent content sniffing (MIME sniffing) + Header set X-Content-Type-Options nosniff + + # Attempt to enable XSS filters in browsers, if available, and block reflected XSS + Header set X-XSS-Protection "1; mode=block" + + # Cache media files for a month + + Header set Cache-Control max-age=2629800 + + + # Remove response headers that provide no value but leak information + Header always unset X-Powered-By + + Header unset Server + + # Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers + Header unset ETag + + + +