code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

hopefully deepsource is pleased this time

Browse Source
This commit is contained in:
Mystikfluu 2023-02-06 11:03:50 +01:00
parent 00e1b5c1e5
commit 3942a6e2df
4 changed files with 132 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
js/posts.js
View File

@ -25,7 +25,7 @@ socket.addEventListener("message", async function (event) {
decURIComp(item.post_text), decURIComp(item.post_text),
item.post_time, item.post_time,
item.post_special_text, item.post_special_text,
highest_id+1, item.post_id || (highest_id+1),
item.post_from_bot, item.post_from_bot,
item.post_reply_id, item.post_reply_id,
true, true,

2
js/search.js
View File

@ -8,7 +8,7 @@ function changed() {
} }
async function getJSON(url) { async function getJSON(url) {
return await(await fetch(url)).json() return (await fetch(url)).json()
} }
async function submit() { async function submit() {

4
routes/api/all.js
View File

@ -7,7 +7,7 @@ const HASHES_COOKIE = config.cookies.client_hashes;
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE; const HASHES_DIFF = HASHES_DB - HASHES_COOKIE;
export const setup = function (router, con, server) { export const setup = function (router, con, server) {
router.use("/*", async function (req, res, next) { router.use("/*", (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
let unsigned; let unsigned;
if (req.body.user == undefined || req.body.pass == undefined) { if (req.body.user == undefined || req.body.pass == undefined) {
@ -103,7 +103,7 @@ export const setup = function (router, con, server) {
}); });
}); });
router.use("/api/*", function (req, res, next) { router.use("/api/*", (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") { if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") {
next(); next();

227
routes/api/post.js
View File

@ -33,113 +33,137 @@ export const setup = function (router, con, server) {
res.set("Access-Control-Allow-Origin", "*"); res.set("Access-Control-Allow-Origin", "*");
res.json({ "pid": createPID() }); res.json({ "pid": createPID() });
}); });
router.post("/api/post", function (req, res) {
if (!req.body.message) { function validateMessage(message) {
res.status(410) if (!message) {
res.json({ "error": "no message to post" }); throw {
return; statusCode: 410,
} message: "no message to post"
if ((typeof req.body.message) != "string") {
res.status(411)
res.json({ "error": "no message to post" });
return;
}
if ((typeof req.body.pid) != "string") {
res.status(412)
res.json({ "error": "no pid given" });
return;
}
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
res.status(413)
res.json({ "error": "invalid pid given" });
return;
}
PIDS[req.body.pid] = "already_used";
let reply_id;
if (!req.body.reply_id || req.body.reply_id < 0) {
reply_id = 0;
}
else {
reply_id = req.body.reply_id;
}
if(typeof reply_id == "string") {
reply_id = parseInt(reply_id,10)
if(isNaN(reply_id)) {
res.status(414)
res.json({ "error": "no valid reply id given" });
return;
} }
} }
if ((typeof reply_id) != "number") { if ((typeof message) !== "string") {
res.status(415) throw {
res.json({ "error": "no valid reply id given" }); statusCode: 411,
return; message: "no message to post"
}
} }
if (req.body.message.length > 1000) { if (message.length > 1000) {
res.status(416) throw {
res.json({ "error": "message too long" }); statusCode: 416,
return; message: "message too long"
}
} }
req.body.message = encodeURIComponent(req.body.message.trim()); message = encodeURIComponent(message.trim());
if (req.body.message.length > 3000) { if (message.length > 3000) {
res.status(417) throw {
res.json({ "error": "message too long" }); //check again after URI encoding it statusCode: 417,
return; message: "message too long"
}
} }
req.body.receiver = encodeURIComponent(req.body.receiver || ""); if (!message) {
if (req.body.receiver == "") throw {
req.body.receiver = "everyone"; statusCode: 418,
if (!req.body.message) { message: "no message to post"
res.status(418) }
res.json({ "error": "no message to post" }); } //backup check
return; return message
} }
//console.log(req.body);
let __dirname = server.dirname
const file_names = ["","","","",""] function validatePID(pid) {
if(isNotNull(req.files)) { if (!pid || typeof pid !== "string") {
for(let file_index=0;file_index<5;file_index++) { throw {
if(isNotNull(req.files[`file_${file_index}`])) { statusCode: 412,
let file = req.files[`file_${file_index}`] message: "no pid given"
const file_id = server.genstring(20) }
const file_name = `${file_id}/${(file.name.substring(0,25)).replace(/\.[^/.]+$/, "")}` }
let extension = file.name.substring(file.name.lastIndexOf("\.")+1) if (pid.length !== 10 || PIDS[pid]!==true) {
file_names[file_index]=`${file_name}${(extension in image_types && ".webp") || extension}` throw {
server.ensureExists(`${__dirname}/user_uploads/${file_id}`,undefined,async (err)=>{ statusCode: 413,
if(err) { message: "invalid pid given"
console.error(err) }
return; }
} PIDS[req.body.pid] = "already_used";
if(extension in image_types) { }
writeFile(`${__dirname}/user_uploads/${file_name}.webp`,await sharp(file.data).webp({mixed:true,effort:6}).toBuffer(),(err2)=>{
if(err2)console.error(err2) function validateReplyID(rid) {
}) let reply_id;
server.ensureExists(`${__dirname}/user_uploads/previews/${file_id}`,undefined,async (error) => { if (!rid || rid < 0) {
if(error) { reply_id = 0
console.error(error) }
return; if(typeof rid === "string") {
} reply_id = parseInt(reply_id,10)
writeFile(`${__dirname}/user_uploads/previews/${file_name}.webp`,await sharp(file.data).resize(100,100,{fit: "inside"}).webp({mixed:true,effort:6}).toBuffer(),(error2)=>{ if(isNaN(reply_id)) {
if(error2)console.error(error2) throw {
}) statusCode: 414,
}) message: "no valid reply id given"
} else {
file.mv(`${__dirname}/user_uploads/${file_name}.${extension}`,(err2)=>{
if(err2)console.error(err2)
})
}
})
} else {
break
} }
} }
} }
if (typeof reply_id !== "number") {
throw {
statusCode: 415,
message: "no valid reply id given"
} //backup case
}
return reply_id
}
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?);`; function validateReceiver(rec) {
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id,...file_names]; let receiver = encodeURIComponent(rec || "");
con.query(sql, values, function (err, result) { if (receiver == "")
receiver = "everyone";
return receiver
}
router.post("/api/post", async (req, res) => {
try {
let message = validateMessage(req.body.message);
validatePID(req.body.pid);
let reply_id = validateReplyID(req.body.reply_id);
let receiver = validateReceiver(req.body.receiver);
validateFiles(req.files);
let __dirname = server.dirname
const file_names = ["","","","",""]
if(isNotNull(req.files)) {
for(let file_index=0;file_index<5;file_index++) {
if(isNotNull(req.files[`file_${file_index}`])) {
let file = req.files[`file_${file_index}`]
const file_id = server.genstring(20)
const file_name = `${file_id}/${(file.name.substring(0,25)).replace(/\.[^/.]+$/, "")}`
let extension = file.name.substring(file.name.lastIndexOf("\.")+1)
file_names[file_index]=`${file_name}${(extension in image_types && ".webp") || extension}`
server.ensureExists(`${__dirname}/user_uploads/${file_id}`,undefined,async (err)=>{
if(err) {
console.error(err)
return;
}
if(extension in image_types) {
writeFile(`${__dirname}/user_uploads/${file_name}.webp`,await sharp(file.data).webp({mixed:true,effort:6}).toBuffer(),(err2)=>{
if(err2)console.error(err2)
})
server.ensureExists(`${__dirname}/user_uploads/previews/${file_id}`,undefined,async (error) => {
if(error) {
console.error(error)
return;
}
writeFile(`${__dirname}/user_uploads/previews/${file_name}.webp`,await sharp(file.data).resize(100,100,{fit: "inside"}).webp({mixed:true,effort:6}).toBuffer(),(error2)=>{
if(error2)console.error(error2)
})
})
} else {
file.mv(`${__dirname}/user_uploads/${file_name}.${extension}`,(err2)=>{
if(err2)console.error(err2)
})
}
})
}
}
}
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?); SELECT LAST_INSERT_ID() as ID;`;
let values = [encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id,...file_names];
con.query(sql, values, function (err, result) {
if (err){ if (err){
res.status(500) res.status(500)
res.json({"error":"there's been an interal error"}) res.json({"error":"there's been an interal error"})
@ -155,7 +179,8 @@ export const setup = function (router, con, server) {
post_from_bot: res.locals.isbot, post_from_bot: res.locals.isbot,
post_reply_id: reply_id, post_reply_id: reply_id,
user_avatar: res.locals.avatar, user_avatar: res.locals.avatar,
files: file_names files: file_names,
post_id: result[0].ID
}; };
let message = { let message = {
message: "new_post", message: "new_post",
@ -169,7 +194,11 @@ export const setup = function (router, con, server) {
}); });
res.json({ "success": "successfully posted message" }); res.json({ "success": "successfully posted message" });
console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`); console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`);
}); });
} catch (error) {
res.status(error.statusCode)
res.json({ "error": error.message, "status": error.statusCode });
}
}); });
return createPID return createPID
}; };