From f8ce86f8cdc5ab4bbaf7d4f5d0d96f5b34778977 Mon Sep 17 00:00:00 2001
From: IrosTheBeggar <paul.sori@pm.me>
Date: Sat, 29 May 2021 11:48:18 -0400
Subject: [PATCH] scanner api is no longer accessible to users

---
 src/api/auth.js         |  1 +
 src/api/scanner.js      |  5 +++++
 src/db/scanner-alpha.js | 27 ++++++++++++++++-----------
 3 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/src/api/auth.js b/src/api/auth.js
index bf31844..cfe11d1 100644
--- a/src/api/auth.js
+++ b/src/api/auth.js
@@ -48,6 +48,7 @@ exports.setup = (mstream) => {
       const decoded = jwt.verify(token, config.program.secret);
 
       if (decoded.scan === true && req.path.startsWith('/api/v1/scanner/')) {
+        req.scanApproved = true;
         return next();
       }
 
diff --git a/src/api/scanner.js b/src/api/scanner.js
index 6c1dd79..8508d6e 100644
--- a/src/api/scanner.js
+++ b/src/api/scanner.js
@@ -3,6 +3,11 @@ const db = require('../db/manager');
 const config = require('../state/config');
 
 exports.setup = (mstream) => {
+  mstream.all('/api/v1/scanner/*', (req, res, next) => {
+    if (req.scanApproved !== true) { return res.status(403).json({ error: 'Access Denied' }); }
+    next();
+  });
+
   mstream.post('/api/v1/scanner/get-file', async (req, res) => {
     try {
       const lol = { '$and': [
diff --git a/src/db/scanner-alpha.js b/src/db/scanner-alpha.js
index 060436e..0a8a544 100644
--- a/src/db/scanner-alpha.js
+++ b/src/db/scanner-alpha.js
@@ -65,18 +65,23 @@ async function insertEntries(song) {
 
 run();
 async function run() {
-  await recursiveScan(loadJson.directory);
+  try {
+    await recursiveScan(loadJson.directory);
 
-  await axios({
-    method: 'POST',
-    url: `http://localhost:${loadJson.port}/api/v1/scanner/finish-scan`,
-    headers: { 'accept': 'application/json', 'x-access-token': loadJson.token },
-    responseType: 'json',
-    data: {
-      vpath: loadJson.vpath,
-      scanId: loadJson.scanId
-    }
-  });
+    await axios({
+      method: 'POST',
+      url: `http://localhost:${loadJson.port}/api/v1/scanner/finish-scan`,
+      headers: { 'accept': 'application/json', 'x-access-token': loadJson.token },
+      responseType: 'json',
+      data: {
+        vpath: loadJson.vpath,
+        scanId: loadJson.scanId
+      }
+    });
+  }catch (err) {
+    console.error('Scan Failed');
+    console.error(err.stack)
+  }
 }
 
 async function recursiveScan(dir) {