hopefully deepsource is pleased this time
This commit is contained in:
Mystikfluu
parent
00e1b5c1e5
commit
3942a6e2df
@ -25,7 +25,7 @@ socket.addEventListener("message", async function (event) {
|
||||
decURIComp(item.post_text),
|
||||
item.post_time,
|
||||
item.post_special_text,
|
||||
highest_id+1,
|
||||
item.post_id || (highest_id+1),
|
||||
item.post_from_bot,
|
||||
item.post_reply_id,
|
||||
true,
|
||||
|
||||
@ -8,7 +8,7 @@ function changed() {
|
||||
}
|
||||
|
||||
async function getJSON(url) {
|
||||
return await(await fetch(url)).json()
|
||||
return (await fetch(url)).json()
|
||||
}
|
||||
|
||||
async function submit() {
|
||||
|
||||
@ -7,7 +7,7 @@ const HASHES_COOKIE = config.cookies.client_hashes;
|
||||
const HASHES_DIFF = HASHES_DB - HASHES_COOKIE;
|
||||
|
||||
export const setup = function (router, con, server) {
|
||||
router.use("/*", async function (req, res, next) {
|
||||
router.use("/*", (req, res, next) => {
|
||||
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
|
||||
let unsigned;
|
||||
if (req.body.user == undefined || req.body.pass == undefined) {
|
||||
@ -103,7 +103,7 @@ export const setup = function (router, con, server) {
|
||||
});
|
||||
});
|
||||
|
||||
router.use("/api/*", function (req, res, next) {
|
||||
router.use("/api/*", (req, res, next) => {
|
||||
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
|
||||
if (config["allow_getotheruser_without_cookie"] && req.originalUrl.split("\?")[0] == "/api/getotheruser") {
|
||||
next();
|
||||
|
||||
@ -33,70 +33,97 @@ export const setup = function (router, con, server) {
|
||||
res.set("Access-Control-Allow-Origin", "*");
|
||||
res.json({ "pid": createPID() });
|
||||
});
|
||||
router.post("/api/post", function (req, res) {
|
||||
if (!req.body.message) {
|
||||
res.status(410)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
|
||||
function validateMessage(message) {
|
||||
if (!message) {
|
||||
throw {
|
||||
statusCode: 410,
|
||||
message: "no message to post"
|
||||
}
|
||||
if ((typeof req.body.message) != "string") {
|
||||
res.status(411)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.pid) != "string") {
|
||||
res.status(412)
|
||||
res.json({ "error": "no pid given" });
|
||||
return;
|
||||
if ((typeof message) !== "string") {
|
||||
throw {
|
||||
statusCode: 411,
|
||||
message: "no message to post"
|
||||
}
|
||||
}
|
||||
if (message.length > 1000) {
|
||||
throw {
|
||||
statusCode: 416,
|
||||
message: "message too long"
|
||||
}
|
||||
}
|
||||
message = encodeURIComponent(message.trim());
|
||||
if (message.length > 3000) {
|
||||
throw {
|
||||
statusCode: 417,
|
||||
message: "message too long"
|
||||
}
|
||||
}
|
||||
if (!message) {
|
||||
throw {
|
||||
statusCode: 418,
|
||||
message: "no message to post"
|
||||
}
|
||||
} //backup check
|
||||
return message
|
||||
}
|
||||
|
||||
function validatePID(pid) {
|
||||
if (!pid || typeof pid !== "string") {
|
||||
throw {
|
||||
statusCode: 412,
|
||||
message: "no pid given"
|
||||
}
|
||||
}
|
||||
if (pid.length !== 10 || PIDS[pid]!==true) {
|
||||
throw {
|
||||
statusCode: 413,
|
||||
message: "invalid pid given"
|
||||
}
|
||||
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
|
||||
res.status(413)
|
||||
res.json({ "error": "invalid pid given" });
|
||||
return;
|
||||
}
|
||||
PIDS[req.body.pid] = "already_used";
|
||||
}
|
||||
|
||||
function validateReplyID(rid) {
|
||||
let reply_id;
|
||||
if (!req.body.reply_id || req.body.reply_id < 0) {
|
||||
reply_id = 0;
|
||||
if (!rid || rid < 0) {
|
||||
reply_id = 0
|
||||
}
|
||||
else {
|
||||
reply_id = req.body.reply_id;
|
||||
}
|
||||
if(typeof reply_id == "string") {
|
||||
if(typeof rid === "string") {
|
||||
reply_id = parseInt(reply_id,10)
|
||||
if(isNaN(reply_id)) {
|
||||
res.status(414)
|
||||
res.json({ "error": "no valid reply id given" });
|
||||
return;
|
||||
throw {
|
||||
statusCode: 414,
|
||||
message: "no valid reply id given"
|
||||
}
|
||||
}
|
||||
if ((typeof reply_id) != "number") {
|
||||
res.status(415)
|
||||
res.json({ "error": "no valid reply id given" });
|
||||
return;
|
||||
}
|
||||
if (req.body.message.length > 1000) {
|
||||
res.status(416)
|
||||
res.json({ "error": "message too long" });
|
||||
return;
|
||||
if (typeof reply_id !== "number") {
|
||||
throw {
|
||||
statusCode: 415,
|
||||
message: "no valid reply id given"
|
||||
} //backup case
|
||||
}
|
||||
req.body.message = encodeURIComponent(req.body.message.trim());
|
||||
if (req.body.message.length > 3000) {
|
||||
res.status(417)
|
||||
res.json({ "error": "message too long" }); //check again after URI encoding it
|
||||
return;
|
||||
return reply_id
|
||||
}
|
||||
req.body.receiver = encodeURIComponent(req.body.receiver || "");
|
||||
if (req.body.receiver == "")
|
||||
req.body.receiver = "everyone";
|
||||
if (!req.body.message) {
|
||||
res.status(418)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
//console.log(req.body);
|
||||
let __dirname = server.dirname
|
||||
|
||||
function validateReceiver(rec) {
|
||||
let receiver = encodeURIComponent(rec || "");
|
||||
if (receiver == "")
|
||||
receiver = "everyone";
|
||||
return receiver
|
||||
}
|
||||
|
||||
router.post("/api/post", async (req, res) => {
|
||||
try {
|
||||
let message = validateMessage(req.body.message);
|
||||
validatePID(req.body.pid);
|
||||
let reply_id = validateReplyID(req.body.reply_id);
|
||||
let receiver = validateReceiver(req.body.receiver);
|
||||
validateFiles(req.files);
|
||||
|
||||
let __dirname = server.dirname
|
||||
const file_names = ["","","","",""]
|
||||
if(isNotNull(req.files)) {
|
||||
for(let file_index=0;file_index<5;file_index++) {
|
||||
@ -130,15 +157,12 @@ export const setup = function (router, con, server) {
|
||||
})
|
||||
}
|
||||
})
|
||||
} else {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?);`;
|
||||
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id,...file_names];
|
||||
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) values (?,?,?,?,?,?,?,?,?,?,?); SELECT LAST_INSERT_ID() as ID;`;
|
||||
let values = [encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id,...file_names];
|
||||
con.query(sql, values, function (err, result) {
|
||||
if (err){
|
||||
res.status(500)
|
||||
@ -155,7 +179,8 @@ export const setup = function (router, con, server) {
|
||||
post_from_bot: res.locals.isbot,
|
||||
post_reply_id: reply_id,
|
||||
user_avatar: res.locals.avatar,
|
||||
files: file_names
|
||||
files: file_names,
|
||||
post_id: result[0].ID
|
||||
};
|
||||
let message = {
|
||||
message: "new_post",
|
||||
@ -170,6 +195,10 @@ export const setup = function (router, con, server) {
|
||||
res.json({ "success": "successfully posted message" });
|
||||
console.log(5, `posted new message by ${res.locals.username} : ${req.body.message}`);
|
||||
});
|
||||
} catch (error) {
|
||||
res.status(error.statusCode)
|
||||
res.json({ "error": error.message, "status": error.statusCode });
|
||||
}
|
||||
});
|
||||
return createPID
|
||||
};
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user