Changed request system and post data

Changed from XMLHttpRequest to Axiios and made every POST call to look for params or json and not pass the values as headers. Token is still a header though

controllers/albumsController.js

@@ -6,16 +6,16 @@ let albumsController = {}
 albumsController.list = function(req, res, next){
 	
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	let fields = ['id', 'name']
 
-	if(req.headers.extended !== undefined)
+	if(req.params.sidebar === undefined)
 		fields.push('timestamp')
 	
 	db.table('albums').select(fields).where('enabled', 1).then((albums) => {
 		
-		if(req.headers.extended === undefined)
+		if(req.params.sidebar !== undefined)
 			return res.json({ success: true, albums })
 
 		let ids = []
@@ -42,9 +42,9 @@ albumsController.list = function(req, res, next){
 albumsController.create = function(req, res, next){
 	
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let name = req.headers.name
+	let name = req.body.name
 	if(name === undefined || name === '')
 		return res.json({ success: false, description: 'No album name specified' })	
 

controllers/tokenController.js

@@ -4,8 +4,8 @@ const db = require('knex')(config.database)
 let tokenController = {}
 
 tokenController.verify = function(req, res, next){
-	let type = req.headers.type
-	let token = req.headers.token
+	let type = req.body.type
+	let token = req.body.token
 
 	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
 	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })
@@ -26,7 +26,7 @@ tokenController.verify = function(req, res, next){
 
 tokenController.list = function(req, res, next){
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	return res.json({
 		clientToken: config.clientToken,
@@ -36,10 +36,10 @@ tokenController.list = function(req, res, next){
 
 tokenController.change = function(req, res, next){
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let type = req.headers.type
-	let token = req.headers.token
+	let type = req.body.type
+	let token = req.body.token
 
 	if(type === undefined) return res.json({ success: false, description: 'No type provided.' })
 	if(token === undefined) return res.json({ success: false, description: 'No token provided.' })

controllers/uploadController.js

@@ -24,13 +24,13 @@ uploadsController.upload = function(req, res, next){
 
 	if(config.private === true)
 		if(req.headers.auth !== config.clientToken)
-			return res.status(401).send('not-authorized')
+			return res.status(401).json({ success: false, description: 'not-authorized'})
 
-	let album = req.headers.album
+	let album = req.body.album
 	
 	if(album !== undefined)
 		if(req.headers.adminauth !== config.adminToken)
-			return res.status(401).send('not-authorized')
+			return res.status(401).json({ success: false, description: 'not-authorized'})
 	
 	upload(req, res, function (err) {
 		if (err) {
@@ -81,14 +81,14 @@ uploadsController.upload = function(req, res, next){
 uploadsController.list = function(req, res){
 
 	if(req.headers.auth !== config.adminToken)
-		return res.status(401).send('not-authorized')
+		return res.status(401).json({ success: false, description: 'not-authorized'})
 
 	db.table('files')
 	.where(function(){
-		if(req.headers.albumid === undefined)
+		if(req.params.id === undefined)
 			this.where('id', '<>', '')
 		else
-			this.where('albumid', req.headers.albumid)
+			this.where('albumid', req.params.id)
 	})
 	.then((files) => {
 		db.table('albums').then((albums) => {
@@ -114,7 +114,10 @@ uploadsController.list = function(req, res){
 
 			}
 
-			return res.json(files)
+			return res.json({
+				success: true,
+				files
+			})
 		})
 
 	})

lolisafe.js

@@ -1,6 +1,7 @@
 const config = require('./config.js')
 const api = require('./routes/api.js')
 const express = require('express')
+const bodyParser = require('body-parser')
 const db = require('knex')(config.database)
 const fs = require('fs')
 const safe = express()
@@ -10,6 +11,9 @@ require('./database/db.js')(db, config)
 fs.existsSync('./' + config.uploads.folder) || fs.mkdirSync('./' + config.uploads.folder)
 fs.existsSync('./' + config.logsFolder) || fs.mkdirSync('./' + config.logsFolder)
 
+safe.use(bodyParser.urlencoded({ extended: true }))
+safe.use(bodyParser.json())
+
 safe.enable('trust proxy')
 
 safe.use('/', express.static('./uploads'))

package.json

@@ -15,6 +15,7 @@
   },
   "license": "MIT",
   "dependencies": {
+    "body-parser": "^1.16.0",
     "express": "^4.14.0",
     "knex": "^0.12.6",
     "multer": "^1.2.1",

pages/home.html

@@ -7,6 +7,7 @@
         <link rel="stylesheet" type="text/css" href="/css/style.css">
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/dropzone/4.3.0/min/dropzone.min.js"></script>
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/axios/0.15.3/axios.min.js"></script>
         <script type="text/javascript" src="/js/upload.js"></script>
     </head>
 

pages/panel.html

@@ -6,6 +6,7 @@
         <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.css">
         <link rel="stylesheet" type="text/css" href="/css/style.css">
         <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/1.1.3/sweetalert.min.js"></script>
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/axios/0.15.3/axios.min.js"></script>
         <script type="text/javascript" src="/js/panel.js"></script>
     </head>
     <body>

public/js/panel.js

@@ -15,38 +15,38 @@ panel.preparePage = function(){
 }
 
 panel.verifyToken = function(token, reloadOnError = false){
-	var xhr = new XMLHttpRequest();
+	
+	axios.post('/api/tokens/verify', {
+		type: 'admin',
+		token: token
+	})
+  	.then(function (response) {
+
+    	if(response.data.success === false){
+    		swal({
+				title: "An error ocurred", 
+				text: response.data.description, 
+				type: "error"
+			}, function(){
+				if(reloadOnError){
+					localStorage.removeItem("admintoken");
+					location.reload();
+				}
+			})
+			return;
+    	}
 
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false){
-
-				swal({
-					title: "An error ocurred", 
-					text: json.description, 
-					type: "error"
-				}, function(){
-					if(reloadOnError){
-						localStorage.removeItem("admintoken");
-						location.reload();
-					}
-				})
-				
-				return;
-			}
+    	axios.defaults.headers.common['auth'] = token;
+    	localStorage.admintoken = token;
+		panel.token = token;
+		return panel.prepareDashboard();
 
-			localStorage.admintoken = token;
-			panel.token = token;
-			return panel.prepareDashboard();
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-		}
-	}
-	xhr.open('GET', '/api/tokens/verify', true);
-	xhr.setRequestHeader('type', 'admin');
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
 }
 
 panel.prepareDashboard = function(){
@@ -70,195 +70,183 @@ panel.prepareDashboard = function(){
 }
 
 panel.getUploads = function(album = undefined){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
 
-	xhr.onreadystatechange = function() {
-		if(xhr.readyState == XMLHttpRequest.DONE){
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
+	let url = '/api/uploads'
+	if(album !== undefined)
+		url = '/api/album/' + album
+
+	axios.get(url)
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+    	
+    	panel.page.innerHTML = '';
+    	var container = document.createElement('div');
+		container.innerHTML = `
+			<table class="table is-striped is-narrow">
+		  		<thead>
+		    		<tr>
+					      <th>File</th>
+					      <th>Album</th>
+					      <th>Date</th>
+		    		</tr>
+		  		</thead>
+		  		<tbody id="table">
+		  		</tbody>
+		  	</table>`;
+		panel.page.appendChild(container);
+
+		var table = document.getElementById('table');
+
+		for(var item of response.data.files){
+
+			var tr = document.createElement('tr');
+			tr.innerHTML = `
+				<tr>
+			    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
+			      	<th>${item.album}</th>
+			      	<td>${item.date}</td>
+			    </tr>
+			    `;
+
+			table.appendChild(tr);
+		}
 
-			var json = JSON.parse(xhr.responseText);
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
-			
-			var container = document.createElement('div');
-			container.innerHTML = `
-				<table class="table is-striped is-narrow">
-			  		<thead>
-			    		<tr>
-						      <th>File</th>
-						      <th>Album</th>
-						      <th>Date</th>
-			    		</tr>
-			  		</thead>
-			  		<tbody id="table">
-			  		</tbody>
-			  	</table>`;
-			panel.page.appendChild(container);
-
-			var table = document.getElementById('table');
-
-			for(var item of json){
-
-				var tr = document.createElement('tr');
-				tr.innerHTML = `
-					<tr>
-				    	<th><a href="${item.file}" target="_blank">${item.file}</a></th>
-				      	<th>${item.album}</th>
-				      	<td>${item.date}</td>
-				    </tr>
-				    `;
-
-				table.appendChild(tr);
-			}
-			
-		}
-	}
-	xhr.open('GET', '/api/uploads', true);
-	if(album !== undefined)
-		xhr.setRequestHeader('albumid', album);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
 }
 
 panel.getAlbums = function(){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
-
-	var container = document.createElement('div');
-	container.className = "container";
-	container.innerHTML = `
-		<h2 class="subtitle">Create new album</h2>
-
-		<p class="control has-addons has-addons-centered">
-		  	<input id="albumName" class="input" type="text" placeholder="Name">
-		  	<a id="submitAlbum" class="button is-primary">Submit</a>
-		</p>
-
-		<h2 class="subtitle">List of albums</h2>
-
-		<table class="table is-striped is-narrow">
-	  		<thead>
-	    		<tr>
-				      <th>Name</th>
-				      <th>Files</th>
-				      <th>Created At</th>
-	    		</tr>
-	  		</thead>
-	  		<tbody id="table">
-	  		</tbody>
-	  	</table>`;
-
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
-
-			var json = JSON.parse(xhr.responseText);
-
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
 
-			panel.page.appendChild(container);
-			var table = document.getElementById('table');
+	axios.get('/api/albums')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+
+  		panel.page.innerHTML = '';
+  		var container = document.createElement('div');
+		container.className = "container";
+		container.innerHTML = `
+			<h2 class="subtitle">Create new album</h2>
+
+			<p class="control has-addons has-addons-centered">
+			  	<input id="albumName" class="input" type="text" placeholder="Name">
+			  	<a id="submitAlbum" class="button is-primary">Submit</a>
+			</p>
+
+			<h2 class="subtitle">List of albums</h2>
+
+			<table class="table is-striped is-narrow">
+		  		<thead>
+		    		<tr>
+					      <th>Name</th>
+					      <th>Files</th>
+					      <th>Created At</th>
+		    		</tr>
+		  		</thead>
+		  		<tbody id="table">
+		  		</tbody>
+		  	</table>`;
+
+		panel.page.appendChild(container);
+		var table = document.getElementById('table');
+
+		for(var item of response.data.albums){
+
+			var tr = document.createElement('tr');
+			tr.innerHTML = `
+				<tr>
+			    	<th>${item.name}</th>
+			      	<th>${item.files}</th>
+			      	<td>${item.date}</td>
+			    </tr>
+			    `;
+
+			table.appendChild(tr);
+		}
 
-			for(var item of json.albums){
+		document.getElementById('submitAlbum').addEventListener('click', function(){
+			panel.submitAlbum();
+		});
 
-				var tr = document.createElement('tr');
-				tr.innerHTML = `
-					<tr>
-				    	<th>${item.name}</th>
-				      	<th>${item.files}</th>
-				      	<td>${item.date}</td>
-				    </tr>
-				    `;
 
-				table.appendChild(tr);
-			}
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-			document.getElementById('submitAlbum').addEventListener('click', function(){
-				panel.submitAlbum();
-			});
-			
-		}
-	}
-
-	xhr.open('GET', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('extended', '');
-	xhr.send(null);
 }
 
 panel.submitAlbum = function(){
 	
-	var xhr = new XMLHttpRequest();
-
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
-
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
-
-			swal("Woohoo!", "Album was added successfully", "success");
-			panel.getAlbumsSidebar();
-			panel.getAlbums();
-			return;
-		}
-	}
+	axios.post('/api/albums', {
+		name: document.getElementById('albumName').value
+	})
+  	.then(function (response) {
+
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+
+    	swal("Woohoo!", "Album was added successfully", "success");
+		panel.getAlbumsSidebar();
+		panel.getAlbums();
+		return;
 
-	xhr.open('POST', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('name', document.getElementById('albumName').value);
-	xhr.send(null);
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
 }
 
 panel.getAlbumsSidebar = function(){
-	var xhr = new XMLHttpRequest();
-
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
 
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
+	axios.get('/api/albums/sidebar')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
 
-			var albumsContainer = document.getElementById('albumsContainer');
-			albumsContainer.innerHTML = '';
+  		var albumsContainer = document.getElementById('albumsContainer');
+		albumsContainer.innerHTML = '';
 
-			if(json.albums === undefined) return;
+		if(response.data.albums === undefined) return;
 
-			for(var album of json.albums){
+		for(var album of response.data.albums){
 
-				li = document.createElement('li');
-				a = document.createElement('a');
-				a.id = album.id;
-				a.innerHTML = album.name;
+			li = document.createElement('li');
+			a = document.createElement('a');
+			a.id = album.id;
+			a.innerHTML = album.name;
 
-				a.addEventListener('click', function(){
-					panel.getAlbum(this);
-				});
+			a.addEventListener('click', function(){
+				panel.getAlbum(this);
+			});
 
-				li.appendChild(a);
-				albumsContainer.appendChild(li);
-			}
+			li.appendChild(a);
+			albumsContainer.appendChild(li);
 		}
-	}
 
-	xhr.open('GET', '/api/albums', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
+
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 panel.getAlbum = function(item){
@@ -266,99 +254,89 @@ panel.getAlbum = function(item){
 }
 
 panel.changeTokens = function(){
-	panel.page.innerHTML = '';
-	var xhr = new XMLHttpRequest();
-
-	var container = document.createElement('div');
-	container.className = "container";
-	container.innerHTML = `
-		<h2 class="subtitle">Manage your tokens</h2>
-
-		<label class="label">Client token:</label>
-		<p class="control has-addons">
-		  	<input id="clientToken" class="input is-expanded" type="text" placeholder="Your client token">
-		  	<a id="submitClientToken" class="button is-primary">Save</a>
-		</p>
-
-		<label class="label">Admin token:</label>
-		<p class="control has-addons">
-		  	<input id="adminToken" class="input is-expanded" type="text" placeholder="Your admin token">
-		  	<a id="submitAdminToken" class="button is-primary">Save</a>
-		</p>
-	`;
-
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
-
-			var json = JSON.parse(xhr.responseText);
-
-			console.log(json);
-
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
 
-			panel.page.appendChild(container);
+	axios.get('/api/tokens')
+  	.then(function (response) {
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+
+  		panel.page.innerHTML = '';
+  		var container = document.createElement('div');
+		container.className = "container";
+		container.innerHTML = `
+			<h2 class="subtitle">Manage your tokens</h2>
+
+			<label class="label">Client token:</label>
+			<p class="control has-addons">
+			  	<input id="clientToken" class="input is-expanded" type="text" placeholder="Your client token">
+			  	<a id="submitClientToken" class="button is-primary">Save</a>
+			</p>
+
+			<label class="label">Admin token:</label>
+			<p class="control has-addons">
+			  	<input id="adminToken" class="input is-expanded" type="text" placeholder="Your admin token">
+			  	<a id="submitAdminToken" class="button is-primary">Save</a>
+			</p>
+		`;
+
+		panel.page.appendChild(container);
+
+		document.getElementById('clientToken').value = response.data.clientToken;
+		document.getElementById('adminToken').value = response.data.adminToken;
+
+		document.getElementById('submitClientToken').addEventListener('click', function(){
+			panel.submitToken('client', document.getElementById('clientToken').value);
+		});
 
-			document.getElementById('clientToken').value = json.clientToken;
-			document.getElementById('adminToken').value = json.adminToken;
+		document.getElementById('submitAdminToken').addEventListener('click', function(){
+			panel.submitToken('admin', document.getElementById('adminToken').value);
+		});
 
-			document.getElementById('submitClientToken').addEventListener('click', function(){
-				panel.submitToken('client', document.getElementById('clientToken').value);
-			});
 
-			document.getElementById('submitAdminToken').addEventListener('click', function(){
-				panel.submitToken('admin', document.getElementById('adminToken').value);
-			});
-		}
-	}
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-	xhr.open('GET', '/api/tokens', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.send(null);
 }
 
 panel.submitToken = function(type, token){
 
-	var xhr = new XMLHttpRequest();
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
+	axios.post('/api/tokens/change', {
+		type: type,
+		token: token
+	})
+  	.then(function (response) {
+
+  		if(response.data.success === false){
+  			if(response.data.description === 'not-authorized') return panel.verifyToken(panel.token);
+  			else return swal("An error ocurred", response.data.description, "error");		
+  		}
+
+    	swal({
+			title: "Woohoo!", 
+			text: 'Your token was changed successfully.', 
+			type: "success"
+		}, function(){
 			
-			if(xhr.responseText === 'not-authorized')
-				return panel.verifyToken(panel.token);
-
-			var json = JSON.parse(xhr.responseText);
+			if(type === 'client')
+				localStorage.token = token;
+			else if(type === 'admin')
+				localStorage.admintoken = token
 
-			console.log(json);
-
-			if(json.success === false)
-				return swal("An error ocurred", json.description, "error");
-
-			swal({
-				title: "Woohoo!", 
-				text: 'Your token was changed successfully.', 
-				type: "success"
-			}, function(){
+			location.reload();
 				
-				if(type === 'client')
-					localStorage.token = token;
-				else if(type === 'admin')
-					localStorage.admintoken = token
+		})
 
-				location.reload();
-					
-			})
-
-		}
-	}
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
 
-	xhr.open('POST', '/api/tokens/change', true);
-	xhr.setRequestHeader('auth', panel.token);
-	xhr.setRequestHeader('type', type);
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
 }
 
 window.onload = function () {

public/js/upload.js

@@ -5,16 +5,18 @@ upload.token = localStorage.token;
 upload.maxFileSize;
 
 upload.checkIfPublic = function(){
-	var xhr = new XMLHttpRequest();
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			upload.isPublic = JSON.parse(xhr.responseText).private;
-			upload.maxFileSize = JSON.parse(xhr.responseText).maxFileSize;
-			upload.preparePage();
-		}
-	}
-	xhr.open('GET', '/api/check', true);
-	xhr.send(null);
+
+	axios.get('/api/check')
+  	.then(function (response) {
+    	upload.isPublic = response.data.private;
+		upload.maxFileSize = response.data.maxFileSize;
+		upload.preparePage();
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 upload.preparePage = function(){
@@ -30,38 +32,37 @@ upload.preparePage = function(){
 }
 
 upload.verifyToken = function(token, reloadOnError = false){
-	var xhr = new XMLHttpRequest();
-
-	xhr.onreadystatechange = function() {
-		if (xhr.readyState == XMLHttpRequest.DONE) {
-			
-			var json = JSON.parse(xhr.responseText);
-			if(json.success === false){
-
-				swal({
-					title: "An error ocurred", 
-					text: json.description, 
-					type: "error"
-				}, function(){
-					if(reloadOnError){
-						localStorage.removeItem("token");
-						location.reload();
-					}
-				})
-
-				return;
-			}
-
-			localStorage.token = token;
-			upload.token = token;
-			return upload.prepareUpload();
 
-		}
-	}
-	xhr.open('GET', '/api/tokens/verify', true);
-	xhr.setRequestHeader('type', 'client');
-	xhr.setRequestHeader('token', token);
-	xhr.send(null);
+	axios.post('/api/tokens/verify', {
+		type: 'client',
+		token: token
+	})
+  	.then(function (response) {
+
+    	if(response.data.success === false){
+    		swal({
+				title: "An error ocurred", 
+				text: response.data.description, 
+				type: "error"
+			}, function(){
+				if(reloadOnError){
+					localStorage.removeItem("token");
+					location.reload();
+				}
+			})
+			return;
+    	}
+
+    	localStorage.token = token;
+		upload.token = token;
+		return upload.prepareUpload();
+
+  	})
+  	.catch(function (error) {
+  		return swal("An error ocurred", 'There was an error with the request, please check the console for more information.', "error");
+    	console.log(error);
+  	});
+
 }
 
 upload.prepareUpload = function(){

routes/api.js

@@ -13,11 +13,15 @@ routes.get ('/check', (req, res, next) => {
 
 routes.get  ('/uploads', (req, res, next) => uploadController.list(req, res))
 routes.post ('/upload', (req, res, next) => uploadController.upload(req, res, next))
+
+routes.get  ('/album/:id', (req, res, next) => uploadController.list(req, res, next))
 routes.get  ('/albums', (req, res, next) => albumsController.list(req, res, next))
+routes.get  ('/albums/:sidebar', (req, res, next) => albumsController.list(req, res, next))
 routes.post ('/albums', (req, res, next) => albumsController.create(req, res, next))
 routes.get  ('/albums/test', (req, res, next) => albumsController.test(req, res, next))
-routes.get  ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
+
 routes.get  ('/tokens', (req, res, next) => tokenController.list(req, res))
+routes.post ('/tokens/verify', (req, res, next) => tokenController.verify(req, res))
 routes.post ('/tokens/change', (req, res, next) => tokenController.change(req, res))
 
 module.exports = routes