AnthonyDuan/taiko-web-bang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial import

Browse Source
This commit is contained in:
taiko-web
2026-01-01 21:31:54 +08:00
parent 92c1261f6f
commit 6d7be5c45c
3 changed files with 11 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.trae/documents/Remove Delete Option and Redirect Upload.md Normal file
View File

@@ -0,0 +1,9 @@
I will implement the requested changes to remove the delete functionality and redirect the upload interface while keeping the upload API intact.
### 1. Frontend: Song Selection Menu (`public/src/js/songselect.js`)
* **Remove Delete Button**: I will remove the "Delete" (削除) button configuration from the `difficultyMenu` buttons array (around lines 313-319). This removes the option from the UI.
* **Redirect Upload Action**: I will modify the handler for the "upload" action (around lines 954-958). Instead of redirecting to the local `/upload/` page, it will redirect to `https://zizhipu.taiko.asia`.
### 2. Backend: API Security (`app.py`)
* **Disable Delete API**: I will modify the `/api/delete` route to return a 403 Forbidden error (or simply pass), ensuring that songs cannot be deleted even if someone calls the API directly.
* **Keep Upload API**: The `/api/upload` route will remain unchanged, preserving the ability to upload songs via API as requested.

13
app.py
View File

@@ -911,19 +911,8 @@ def upload_file():
return flask.jsonify({'success': True}) return flask.jsonify({'success': True})
@app.route("/api/delete", methods=["POST"]) @app.route("/api/delete", methods=["POST"])
@limiter.limit("1 per day")
def delete(): def delete():
id = flask.request.get_json().get('id') return flask.jsonify({ "success": False, "reason": "Deletion is disabled" }), 403
client["taiko"]["songs"].delete_one({ "id": id })
parent_dir = pathlib.Path(os.getenv("TAIKO_WEB_SONGS_DIR", "public/songs"))
target_dir = parent_dir / id
if not (target_dir.resolve().parents and parent_dir.resolve() in target_dir.resolve().parents):
return flask.jsonify({ "success": False, "reason": "PARENT IS NOT ALLOWED" })
shutil.rmtree(target_dir)
return "成功しました。"
if __name__ == '__main__': if __name__ == '__main__':
import argparse import argparse

8
public/src/js/songselect.js
View File

@@ -310,12 +310,6 @@ class SongSelect{
iconName: "download", iconName: "download",
iconFill: "#e7cbe1", iconFill: "#e7cbe1",
letterSpacing: 4 letterSpacing: 4
}, {
text: "削除",
fill: "silver",
iconName: "trash",
iconFill: "#111111",
letterSpacing: 4
}] }]
this.optionsList = [strings.none, strings.auto, strings.netplay] this.optionsList = [strings.none, strings.auto, strings.netplay]
@@ -954,7 +948,7 @@ class SongSelect{
} else if (currentSong.action === "upload") { } else if (currentSong.action === "upload") {
this.playSound("se_don"); this.playSound("se_don");
setTimeout(() => { setTimeout(() => {
window.location.href = "/upload/"; window.location.href = "https://zizhipu.taiko.asia";
}, 100); }, 100);
} else if (currentSong.action === "keijiban") { } else if (currentSong.action === "keijiban") {
this.playSound("se_don"); this.playSound("se_don");