From 2fff81f5b255db7c1eb2d9b7b27aa2ee82e9b137 Mon Sep 17 00:00:00 2001 From: Mystikfluu Date: Sun, 24 Jul 2022 11:25:13 +0200 Subject: [PATCH] add a short cooldown to posting add a posting_id --- js/posts.js | 43 +++++++++++++++++++++++++++++++++++++------ server.js | 31 +++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 6 deletions(-) diff --git a/js/posts.js b/js/posts.js index 65da2ec..13b95a0 100644 --- a/js/posts.js +++ b/js/posts.js @@ -34,18 +34,47 @@ socket.addEventListener("message", async function (event) { } } }) - +var posting_id = undefined; +var cd = true //inversed "cooldown" async function postMessage() { let len = document.getElementById("post-text").value.length if(len >= 1001) { - alert(`Error, your message cant contain more than 1000 characters! (${len})`) + alert(`Your message cant contain more than 1000 characters! (${len})`) return } - let r = await post("/api/post",{"message":document.getElementById("post-text").value,"reply_id":reply_id,"receiver":currentChannel}) - if(window.location.href.split("?mention=")[1])location.replace('/posts'); - document.getElementById("post-text").value="" - unreply() + if(cd && posting_id!=undefined) { + let r = await post("/api/post",{"message":document.getElementById("post-text").value,"reply_id":reply_id,"receiver":currentChannel,"pid": posting_id}) + update_pid() + if(window.location.href.split("?mention=")[1])location.replace('/posts'); + document.getElementById("post-text").value="" + unreply() + cd = false + setTimeout(function(){ + cd = true + },200) + } else { + alert("Please wait a tiny bit before posting again") + } +} + +async function update_pid() { + let r = (await fetch("/api/pid")).json() + if(r.error) { + //an error occurred + if(r.error == "you cannot access the api without being logged in") { + //account error, go to login page + location.replace("/") + return + } + + //possibly more errors coming soon :tm: ? + + + return + } + posting_id = r.pid + console.log("Updated pid",posting_id) } document.getElementById("post-btn").addEventListener("click",postMessage) @@ -288,6 +317,8 @@ async function loadChannels() { } function init() { + setInterval(update_pid,30000) + update_pid() main() firstAsk() loadChannels() diff --git a/server.js b/server.js index 0564fbd..403119b 100644 --- a/server.js +++ b/server.js @@ -400,6 +400,13 @@ START /API/* */ +router.options("/api/pid",async function(req,res,next) { + res.set("Access-Control-Allow-Origin","*") //we'll allow it for now + res.set("Access-Control-Allow-Methods","GET") + res.set("Access-Control-Allow-Headers","Content-Type") + res.status(200).send("") +}) + router.options("/api/post",async function(req,res,next) { res.set("Access-Control-Allow-Origin","*") //we'll allow it for now res.set("Access-Control-Allow-Methods","POST") @@ -547,6 +554,20 @@ router.get("/api/getotheruser",async function(req,res) { }); }) +const PIDS = {} //[pid]: true/"already_used" + +router.get("/api/pid", async function(req,res) { + res.set("Access-Control-Allow-Origin","*") + let pid = genstring(10) //collision chance is low enough, but we'll check anyways + while (PIDS[pid] != undefined){ + pid = genstring(10) + } + PIDS[pid] = true + setTimeout(function() { + PIDS[pid]=undefined + },40000) +}) + router.post("/api/post", async function(req,res) { if(!req.body.message) { res.json({"error":"no message to post"}) @@ -556,6 +577,16 @@ router.post("/api/post", async function(req,res) { res.json({"error":"no message to post"}) return } + if((typeof req.body.pid) != "string") { + res.json({"error":"no pid given"}) + return + } + if(req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { + res.json({"error":"invalid pid given"}) + return + } + PIDS[req.body.pid] = "already_used" + let reply_id if(!req.body.reply_id || req.body.reply_id < 0) { reply_id = 0