From 3942a6e2df861b6f4fc69cfa23fccb52aee96837 Mon Sep 17 00:00:00 2001 From: Mystikfluu Date: Mon, 6 Feb 2023 11:03:50 +0100 Subject: [PATCH] hopefully deepsource is pleased this time --- js/posts.js | 2 +- js/search.js | 2 +- routes/api/all.js | 4 +- routes/api/post.js | 227 +++++++++++++++++++++++++-------------------- 4 files changed, 132 insertions(+), 103 deletions(-) diff --git a/js/posts.js b/js/posts.js index 366fe2b..d0c082b 100644 --- a/js/posts.js +++ b/js/posts.js @@ -25,7 +25,7 @@ socket.addEventListener("message", async function (event) { decURIComp(item.post_text), item.post_time, item.post_special_text, - highest_id+1, + item.post_id || (highest_id+1), item.post_from_bot, item.post_reply_id, true, diff --git a/js/search.js b/js/search.js index 145ebc5..8f3d4a4 100644 --- a/js/search.js +++ b/js/search.js @@ -8,7 +8,7 @@ function changed() { } async function getJSON(url) { - return await(await fetch(url)).json() + return (await fetch(url)).json() } async function submit() { diff --git a/routes/api/all.js b/routes/api/all.js index e342548..3fe0ec7 100644 --- a/routes/api/all.js +++ b/routes/api/all.js @@ -7,7 +7,7 @@ const HASHES_COOKIE = config.cookies.client_hashes; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; export const setup = function (router, con, server) { - router.use("/*", async function (req, res, next) { + router.use("/*", (req, res, next) => { res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now let unsigned; if (req.body.user == undefined || req.body.pass == undefined) { @@ -103,7 +103,7 @@ export const setup = function (router, con, server) { }); }); - router.use("/api/*", function (req, res, next) { + router.use("/api/*", (req, res, next) => { res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") { next(); diff --git a/routes/api/post.js b/routes/api/post.js index 7373012..08a0d81 100644 --- a/routes/api/post.js +++ b/routes/api/post.js @@ -33,113 +33,137 @@ export const setup = function (router, con, server) { res.set("Access-Control-Allow-Origin", "*"); res.json({ "pid": createPID() }); }); - router.post("/api/post", function (req, res) { - if (!req.body.message) { - res.status(410) - res.json({ "error": "no message to post" }); - return; - } - if ((typeof req.body.message) != "string") { - res.status(411) - res.json({ "error": "no message to post" }); - return; - } - if ((typeof req.body.pid) != "string") { - res.status(412) - res.json({ "error": "no pid given" }); - return; - } - if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { - res.status(413) - res.json({ "error": "invalid pid given" }); - return; - } - PIDS[req.body.pid] = "already_used"; - let reply_id; - if (!req.body.reply_id || req.body.reply_id < 0) { - reply_id = 0; - } - else { - reply_id = req.body.reply_id; - } - if(typeof reply_id == "string") { - reply_id = parseInt(reply_id,10) - if(isNaN(reply_id)) { - res.status(414) - res.json({ "error": "no valid reply id given" }); - return; + + function validateMessage(message) { + if (!message) { + throw { + statusCode: 410, + message: "no message to post" } } - if ((typeof reply_id) != "number") { - res.status(415) - res.json({ "error": "no valid reply id given" }); - return; + if ((typeof message) !== "string") { + throw { + statusCode: 411, + message: "no message to post" + } } - if (req.body.message.length > 1000) { - res.status(416) - res.json({ "error": "message too long" }); - return; + if (message.length > 1000) { + throw { + statusCode: 416, + message: "message too long" + } } - req.body.message = encodeURIComponent(req.body.message.trim()); - if (req.body.message.length > 3000) { - res.status(417) - res.json({ "error": "message too long" }); //check again after URI encoding it - return; + message = encodeURIComponent(message.trim()); + if (message.length > 3000) { + throw { + statusCode: 417, + message: "message too long" + } } - req.body.receiver = encodeURIComponent(req.body.receiver || ""); - if (req.body.receiver == "") - req.body.receiver = "everyone"; - if (!req.body.message) { - res.status(418) - res.json({ "error": "no message to post" }); - return; - } - //console.log(req.body); - let __dirname = server.dirname + if (!message) { + throw { + statusCode: 418, + message: "no message to post" + } + } //backup check + return message + } - const file_names = ["","","","",""] - if(isNotNull(req.files)) { - for(let file_index=0;file_index<5;file_index++) { - if(isNotNull(req.files[`file_${file_index}`])) { - let file = req.files[`file_${file_index}`] - const file_id = server.genstring(20) - const file_name = `${file_id}/${(file.name.substring(0,25)).replace(/\.[^/.]+$/, "")}` - let extension = file.name.substring(file.name.lastIndexOf("\.")+1) - file_names[file_index]=`${file_name}${(extension in image_types && ".webp") || extension}` - server.ensureExists(`${__dirname}/user_uploads/${file_id}`,undefined,async (err)=>{ - if(err) { - console.error(err) - return; - } - if(extension in image_types) { - writeFile(`${__dirname}/user_uploads/${file_name}.webp`,await sharp(file.data).webp({mixed:true,effort:6}).toBuffer(),(err2)=>{ - if(err2)console.error(err2) - }) - server.ensureExists(`${__dirname}/user_uploads/previews/${file_id}`,undefined,async (error) => { - if(error) { - console.error(error) - return; - } - writeFile(`${__dirname}/user_uploads/previews/${file_name}.webp`,await sharp(file.data).resize(100,100,{fit: "inside"}).webp({mixed:true,effort:6}).toBuffer(),(error2)=>{ - if(error2)console.error(error2) - }) - }) - } else { - file.mv(`${__dirname}/user_uploads/${file_name}.${extension}`,(err2)=>{ - if(err2)console.error(err2) - }) - } - }) - } else { - break + function validatePID(pid) { + if (!pid || typeof pid !== "string") { + throw { + statusCode: 412, + message: "no pid given" + } + } + if (pid.length !== 10 || PIDS[pid]!==true) { + throw { + statusCode: 413, + message: "invalid pid given" + } + } + PIDS[req.body.pid] = "already_used"; + } + + function validateReplyID(rid) { + let reply_id; + if (!rid || rid < 0) { + reply_id = 0 + } + if(typeof rid === "string") { + reply_id = parseInt(reply_id,10) + if(isNaN(reply_id)) { + throw { + statusCode: 414, + message: "no valid reply id given" } } } - + if (typeof reply_id !== "number") { + throw { + statusCode: 415, + message: "no valid reply id given" + } //backup case + } + return reply_id + } - let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?);`; - let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id,...file_names]; - con.query(sql, values, function (err, result) { + function validateReceiver(rec) { + let receiver = encodeURIComponent(rec || ""); + if (receiver == "") + receiver = "everyone"; + return receiver + } + + router.post("/api/post", async (req, res) => { + try { + let message = validateMessage(req.body.message); + validatePID(req.body.pid); + let reply_id = validateReplyID(req.body.reply_id); + let receiver = validateReceiver(req.body.receiver); + validateFiles(req.files); + + let __dirname = server.dirname + const file_names = ["","","","",""] + if(isNotNull(req.files)) { + for(let file_index=0;file_index<5;file_index++) { + if(isNotNull(req.files[`file_${file_index}`])) { + let file = req.files[`file_${file_index}`] + const file_id = server.genstring(20) + const file_name = `${file_id}/${(file.name.substring(0,25)).replace(/\.[^/.]+$/, "")}` + let extension = file.name.substring(file.name.lastIndexOf("\.")+1) + file_names[file_index]=`${file_name}${(extension in image_types && ".webp") || extension}` + server.ensureExists(`${__dirname}/user_uploads/${file_id}`,undefined,async (err)=>{ + if(err) { + console.error(err) + return; + } + if(extension in image_types) { + writeFile(`${__dirname}/user_uploads/${file_name}.webp`,await sharp(file.data).webp({mixed:true,effort:6}).toBuffer(),(err2)=>{ + if(err2)console.error(err2) + }) + server.ensureExists(`${__dirname}/user_uploads/previews/${file_id}`,undefined,async (error) => { + if(error) { + console.error(error) + return; + } + writeFile(`${__dirname}/user_uploads/previews/${file_name}.webp`,await sharp(file.data).resize(100,100,{fit: "inside"}).webp({mixed:true,effort:6}).toBuffer(),(error2)=>{ + if(error2)console.error(error2) + }) + }) + } else { + file.mv(`${__dirname}/user_uploads/${file_name}.${extension}`,(err2)=>{ + if(err2)console.error(err2) + }) + } + }) + } + } + } + + let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?); SELECT LAST_INSERT_ID() as ID;`; + let values = [encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id,...file_names]; + con.query(sql, values, function (err, result) { if (err){ res.status(500) res.json({"error":"there's been an interal error"}) @@ -155,7 +179,8 @@ export const setup = function (router, con, server) { post_from_bot: res.locals.isbot, post_reply_id: reply_id, user_avatar: res.locals.avatar, - files: file_names + files: file_names, + post_id: result[0].ID }; let message = { message: "new_post", @@ -169,7 +194,11 @@ export const setup = function (router, con, server) { }); res.json({ "success": "successfully posted message" }); console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`); - }); + }); + } catch (error) { + res.status(error.statusCode) + res.json({ "error": error.message, "status": error.statusCode }); + } }); return createPID };