maotube/index.js

269 lines
8.2 KiB
JavaScript

import express from "express";
import cors from "cors";
import bcrypt from "bcrypt";
import fileUpload from "express-fileupload";
import path from "path";
import childProcess from "child_process";
import levenshtein from "js-levenshtein";
import cookieParser from "cookie-parser";
import { fileURLToPath } from "url";
import sqlite3 from "sqlite3";
let sessions = [];
let videoQueue = [];
const db = new sqlite3.Database("database.sqlite3");
function dbGet(query, ...parameters) {
return new Promise((resolve, reject) => db.get(query, parameters, (err, data) => err ? reject(err) : resolve(data)));
}
function dbAll(query, ...parameters) {
return new Promise((resolve, reject) => db.all(query, parameters, (err, data) => err ? reject(err) : resolve(data)));
}
function dbRun(query, ...parameters) {
return new Promise((resolve, reject) => db.run(query, parameters, (err, data) => err ? reject(err) : resolve(data)));
}
function runCommand(cmd, args) {
return new Promise(resolve => {
const process = childProcess.spawn(cmd, args);
let data = "";
let error = false;
process.stdout.on("data", chunk => data += chunk);
process.stderr.on("data", chunk => {
error = true;
data += chunk;
});
process.on("close", () => resolve({ error, data }));
});
}
function videoPath(id) {
return `videos/${id}.webm`;
}
function randomString(length) {
const chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789";
let result = "";
for (let i = 0; i < length; ++i) {
result += chars[Math.floor(chars.length * Math.random())];
}
return result;
}
function dirname() {
return path.dirname(fileURLToPath(import.meta.url));
}
const app = express();
app.use(cors());
app.use(express.json());
app.use(cookieParser());
app.use(express.urlencoded({ extended: true }));
app.use("/", express.static("public/"));
app.use("/videos", express.static("videos/"));
app.post("/api/register", async (req, res) => {
const { username, password } = req.body;
if (typeof username !== "string" || typeof password !== "string") {
return res.status(400).json({ ok: false, error: "bad request" });
}
const existingUser = await dbGet("SELECT * FROM users WHERE username = ?", username);
if (existingUser !== undefined) {
return res.status(400).json({ ok: false, error: "username taken" });
}
const passwordHash = await bcrypt.hash(password, 10);
await dbGet("INSERT INTO users (username, password) VALUES (?, ?)", username, passwordHash);
return res.status(200).json({ ok: true });
});
app.post("/api/login", async (req, res) => {
const { username, password } = req.body;
if (typeof username !== "string" || typeof password !== "string") {
return res.status(400).json({ ok: false, error: "bad request" });
}
const user = await dbGet("SELECT * FROM users WHERE username = ?", username);
if (user === undefined) {
return res.status(400).json({ ok: false, error: "wrong username/password" });
}
if (!await bcrypt.compare(password, user.password)) {
return res.status(400).json({ ok: false, error: "wrong username/password" });
}
sessions = sessions.filter(session => session.userId !== user.id);
const token = randomString(64);
const session = { userId: user.id, token };
sessions.push(session);
res.clearCookie("token");
res.cookie("token", token);
return res.status(200).json({ ok: true, session });
});
app.get("/api/search", async (req, res) => {
const page = +req.query.page || 0;
const search = req.query.query;
if (!search) {
return res.status(400).json({ ok: false, error: "bad request" });
}
const [start, end] = [20 * page, 20];
const videos = await dbAll(`
SELECT videos.*, users.username AS author
FROM videos
JOIN users ON users.id = videos.user_id
WHERE title LIKE CONCAT('%', ?, '%')
LIMIT ?
OFFSET ?
`, search, end, start);
const { total } = await dbGet("SELECT COUNT(*) AS total FROM videos");
return res.status(200).json({ ok: true, videos, total });
});
function authorized() {
return async (req, res, next) => {
const token = (() => {
if (req.cookies && "token" in req.cookies) {
return req.cookies["token"];
} else if ("token" in req.query) {
return req.query["token"];
} else if (req.method === "post" && "token" in req.body) {
return req.body["token"];
} else {
return null;
}
})();
if (token === null) {
return res.status(400).json({ ok: false, error: "unauthorized" });
}
const session = sessions.find(session => session.token === token);
if (session === undefined) {
return res.status(400).json({ ok: false, error: "unauthorized" });
}
const user = await dbGet("SELECT * FROM users WHERE id = ?", session.userId);
if (user === undefined) {
throw new Error("error: session with invalid userId");
}
req.user = user;
next();
}
}
app.get("/api/logout", authorized(), (req, res) => {
sessions = sessions.filter(session => session.userId !== req.user.id);
return res.status(200).json({ ok: true });
});
app.post("/api/upload-video", authorized(), fileUpload({ limits: { fileSize: 2 ** 26 }, useTempFiles: true }), async (req, res) => {
const { title } = req.body;
if (!req.files || !req.files.video) {
return res.status(400).json({ ok: false, error: "bad request" });
}
if (req.files.video.mimetype !== "video/mp4") {
return res.status(415).json({ ok: false, error: "bad mimetype" });
}
const userId = req.user.id;
const id = randomString(4);
const tempPath = req.files.video.tempFilePath;
const newPath = path.join(dirname(), videoPath(id));
const thumbnailPath = path.join(dirname(), "videos", `${id}.png`);
const durationResult = await runCommand("ffprobe", ["-i", tempPath, "-show_format", "-loglevel", "error"]);
if (durationResult.error) {
return res.status(400).json({ ok: false, error: "invalid video file" });
}
const duration = parseFloat(durationResult.data.match(/duration=([.\d]+)/)[1]);
const queueItem = {
videoId: id,
userId,
errors: [],
progress: 0,
duration,
};
videoQueue.push(queueItem);
const uploadProcess = childProcess.spawn("ffmpeg", ["-i", tempPath, "-b:v", "1M", "-b:a", "192k", "-loglevel", "error", newPath]);
const thumbnailProcess = childProcess.spawn("ffmpeg", ["-i", tempPath, "-ss", "00:00:01.000", "-vframes", "1", "-loglevel", "error", thumbnailPath]);
uploadProcess.stderr.on("data", data => queueItem.errors.push(data.toString()));
thumbnailProcess.stderr.on("data", data => queueItem.errors.push(data.toString()));
uploadProcess.on("close", () => {
if (queueItem.errors.length) {
return;
}
dbRun("INSERT INTO videos (id, user_id, title) VALUES (?, ?, ?)", id, userId, title);
const index = videoQueue.indexOf(item => item.videoId === queueItem.videoId)
videoQueue.splice(index, 1);
});
return res.status(200).json({ ok: true });
});
app.get("/api/video-queue", authorized(), (req, res) => {
const userId = req.user.id;
const videos = videoQueue.filter(item => item.userId === userId);
return res.status(200).json({ ok: true, videos });
});
app.get("/api/video-info", async (req, res) => {
const id = req.query["id"];
const video = await dbGet(`
SELECT videos.id, videos.title, users.username AS author
FROM videos
JOIN users ON users.id = videos.user_id
WHERE videos.id = ?
LIMIT 1
`, id);
if (!video) {
return res.status(404).json({ ok: false, error: "video not found" });
}
video.path = path.join("/", videoPath(id));
return res.status(200).json({ ok: true, video });
});
app.use((err, req, res, next) => {
console.error(err);
res.status(500).json({ ok: false, error: "server error" })
});
app.listen(8000, () => {
console.log("app at http://localhost:8000/");
})