code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

hopefully deepsource is pleased this time

Browse Source
This commit is contained in:
Mystikfluu 2023-02-06 11:03:50 +01:00
parent 00e1b5c1e5
commit 3942a6e2df
4 changed files with 132 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
js/posts.js
View File

@ -25,7 +25,7 @@ socket.addEventListener("message", async function (event) {
decURIComp(item.post_text), decURIComp(item.post_text),
item.post_time, item.post_time,
item.post_special_text, item.post_special_text,
highest_id+1, item.post_id || (highest_id+1),
item.post_from_bot, item.post_from_bot,
item.post_reply_id, item.post_reply_id,
true, true,

2
js/search.js
View File

@ -8,7 +8,7 @@ function changed() {
} }
async function getJSON(url) { async function getJSON(url) {
return await(await fetch(url)).json() return (await fetch(url)).json()
} }
async function submit() { async function submit() {

4
routes/api/all.js
View File

@ -7,7 +7,7 @@ const HASHES_COOKIE = config.cookies.client_hashes;
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE;
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.use("/*", async function (req, res, next) { router.use("/*", (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
let unsigned; let unsigned;
if (req.body.user == undefined || req.body.pass == undefined) { if (req.body.user == undefined || req.body.pass == undefined) {
@ -103,7 +103,7 @@ export const setup = function (router, con, server) {
}); });
}); });
router.use("/api/*", function (req, res, next) { router.use("/api/*", (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") { if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") {
next(); next();

139
routes/api/post.js
View File

@ -33,70 +33,97 @@ export const setup = function (router, con, server) {
res.set("Access-Control-Allow-Origin", "*"); res.set("Access-Control-Allow-Origin", "*");
res.json({ "pid": createPID() }); res.json({ "pid": createPID() });
}); });
router.post("/api/post", function (req, res) {
if (!req.body.message) { function validateMessage(message) {
res.status(410) if (!message) {
res.json({ "error": "no message to post" }); throw {
return; statusCode: 410,
message: "no message to post"
} }
if ((typeof req.body.message) != "string") {
res.status(411)
res.json({ "error": "no message to post" });
return;
} }
if ((typeof req.body.pid) != "string") { if ((typeof message) !== "string") {
res.status(412) throw {
res.json({ "error": "no pid given" }); statusCode: 411,
return; message: "no message to post"
}
}
if (message.length > 1000) {
throw {
statusCode: 416,
message: "message too long"
}
}
message = encodeURIComponent(message.trim());
if (message.length > 3000) {
throw {
statusCode: 417,
message: "message too long"
}
}
if (!message) {
throw {
statusCode: 418,
message: "no message to post"
}
} //backup check
return message
}
function validatePID(pid) {
if (!pid || typeof pid !== "string") {
throw {
statusCode: 412,
message: "no pid given"
}
}
if (pid.length !== 10 || PIDS[pid]!==true) {
throw {
statusCode: 413,
message: "invalid pid given"
} }
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
res.status(413)
res.json({ "error": "invalid pid given" });
return;
} }
PIDS[req.body.pid] = "already_used"; PIDS[req.body.pid] = "already_used";
}
function validateReplyID(rid) {
let reply_id; let reply_id;
if (!req.body.reply_id || req.body.reply_id < 0) { if (!rid || rid < 0) {
reply_id = 0; reply_id = 0
} }
else { if(typeof rid === "string") {
reply_id = req.body.reply_id;
}
if(typeof reply_id == "string") {
reply_id = parseInt(reply_id,10) reply_id = parseInt(reply_id,10)
if(isNaN(reply_id)) { if(isNaN(reply_id)) {
res.status(414) throw {
res.json({ "error": "no valid reply id given" }); statusCode: 414,
return; message: "no valid reply id given"
} }
} }
if ((typeof reply_id) != "number") {
res.status(415)
res.json({ "error": "no valid reply id given" });
return;
} }
if (req.body.message.length > 1000) { if (typeof reply_id !== "number") {
res.status(416) throw {
res.json({ "error": "message too long" }); statusCode: 415,
return; message: "no valid reply id given"
} //backup case
} }
req.body.message = encodeURIComponent(req.body.message.trim()); return reply_id
if (req.body.message.length > 3000) {
res.status(417)
res.json({ "error": "message too long" }); //check again after URI encoding it
return;
} }
req.body.receiver = encodeURIComponent(req.body.receiver || "");
if (req.body.receiver == "")
req.body.receiver = "everyone";
if (!req.body.message) {
res.status(418)
res.json({ "error": "no message to post" });
return;
}
//console.log(req.body);
let __dirname = server.dirname
function validateReceiver(rec) {
let receiver = encodeURIComponent(rec || "");
if (receiver == "")
receiver = "everyone";
return receiver
}
router.post("/api/post", async (req, res) => {
try {
let message = validateMessage(req.body.message);
validatePID(req.body.pid);
let reply_id = validateReplyID(req.body.reply_id);
let receiver = validateReceiver(req.body.receiver);
validateFiles(req.files);
let __dirname = server.dirname
const file_names = ["","","","",""] const file_names = ["","","","",""]
if(isNotNull(req.files)) { if(isNotNull(req.files)) {
for(let file_index=0;file_index<5;file_index++) { for(let file_index=0;file_index<5;file_index++) {
@ -130,15 +157,12 @@ export const setup = function (router, con, server) {
}) })
} }
}) })
} else {
break
} }
} }
} }
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?); SELECT LAST_INSERT_ID() as ID;`;
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?);`; let values = [encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id,...file_names];
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id,...file_names];
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err){ if (err){
res.status(500) res.status(500)
@ -155,7 +179,8 @@ export const setup = function (router, con, server) {
post_from_bot: res.locals.isbot, post_from_bot: res.locals.isbot,
post_reply_id: reply_id, post_reply_id: reply_id,
user_avatar: res.locals.avatar, user_avatar: res.locals.avatar,
files: file_names files: file_names,
post_id: result[0].ID
}; };
let message = { let message = {
message: "new_post", message: "new_post",
@ -170,6 +195,10 @@ export const setup = function (router, con, server) {
res.json({ "success": "successfully posted message" }); res.json({ "success": "successfully posted message" });
console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`); console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`);
}); });
} catch (error) {
res.status(error.statusCode)
res.json({ "error": error.message, "status": error.statusCode });
}
}); });
return createPID return createPID
}; };