code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge branch 'master' into snyk-upgrade-1f11965264097799fb3eae603282392b

Browse Source
This commit is contained in:
Code002Lover 2022-05-26 05:06:08 -07:00 committed by GitHub
commit 4f23a1c35b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 100 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
createSchema.sql Normal file
View File

@ -0,0 +1,27 @@
drop schema if exists zerotwohub;
create schema zerotwohub;
use zerotwohub;
CREATE TABLE `users` (
`User_ID` bigint NOT NULL AUTO_INCREMENT,
`User_Name` varchar(250) NOT NULL,
`User_PW` varchar(45) NOT NULL,
`User_CreationStamp` varchar(1000) NOT NULL DEFAULT 'None',
`User_CreationIP` varchar(45) NOT NULL DEFAULT 'None',
`User_LastIP` varchar(45) NOT NULL DEFAULT 'None',
`User_Bio` varchar(100) DEFAULT 'wow such empty',
PRIMARY KEY (`User_ID`,`User_Name`),
UNIQUE KEY `User_Name_UNIQUE` (`User_Name`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
CREATE TABLE `posts` (
`post_id` bigint NOT NULL AUTO_INCREMENT,
`post_user_name` varchar(25) NOT NULL,
`post_text` varchar(4000) NOT NULL,
`post_time` bigint NOT NULL,
`post_special_text` varchar(100) DEFAULT NULL,
`post_ip` varchar(12) DEFAULT NULL,
PRIMARY KEY (`post_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;

14
css/posts.css
View File

@ -65,3 +65,17 @@ a:link, a:visited {
a:hover { a:hover {
color: red; color: red;
} }
.post,.self {
width: 50%;
margin-left: 25%;
margin-right: 25%;
margin-top: 10px;
margin-bottom: 10px;
border-radius: 10px;
}
#post-text, button {
border-radius: 5px;
resize: none;
}

16
js/posts.js
View File

@ -15,8 +15,8 @@ socket.addEventListener("message", function (event) {
} }
}) })
function urlify(text) { function urlify(text) {
let textregex = /(([a-z]+:\/\/)?(([a-z0-9\-]+\.)+([a-z]{2}|aero|arpa|biz|com|coop|edu|gov|info|int|jobs|mil|museum|name|nato|net|org|pro|travel|local|internal|tk|ga))(:[0-9]{1,5})?(\/[a-z0-9_\-\.~]+)*(\/([a-z0-9_\-\.]*)(\?[a-z0-9+_\-\.%=&]*)?)?(#[a-zA-Z0-9!$&'()*+.=-_~:@/?]*)?)(\s+|$)/gi let textregex = /(([a-z]+:\/\/)(([a-z0-9\-]+\.)+([a-z]{2}|aero|arpa|biz|com|coop|edu|gov|info|int|jobs|mil|museum|name|nato|net|org|pro|travel|local|internal|tk|ga|xxx|to))(:[0-9]{1,5})?(\/[a-z0-9_\-\.~]+)*(\/([a-z0-9_\-\.]*)(\?[a-z0-9+_\-\.%=&]*)?)?(#[a-zA-Z0-9!$&'()*+.=-_~:@/?]*)?)(\s+|$)/gi
return text.replace(textregex,'<a href="$1" target="_blank">$1</a> ') return text.replace(textregex,'<a href="$1" target="_blank" class="insertedlink">$1</a> ')
} }
function newlineify(text) { function newlineify(text) {
@ -76,7 +76,7 @@ function spacerTextNode() {
return document.createTextNode(" | ") return document.createTextNode(" | ")
} }
function createPost(username,text,time,specialtext) { function createPost(username,text,time,specialtext,postid) {
if(!specialtext)specialtext="" if(!specialtext)specialtext=""
const newDiv = document.createElement("div"); const newDiv = document.createElement("div");
const newP = document.createElement("p"); const newP = document.createElement("p");
@ -115,7 +115,7 @@ function createPost(username,text,time,specialtext) {
newDiv.appendChild(newP) newDiv.appendChild(newP)
newDiv.innerHTML += filterPost(text) newDiv.innerHTML += filterPost(text)
newDiv.id = postid
document.getElementById("posts").appendChild(newDiv) document.getElementById("posts").appendChild(newDiv)
} }
@ -132,8 +132,14 @@ async function main(){
if(!last_10_posts)return; if(!last_10_posts)return;
document.getElementById("posts").innerHTML = "" document.getElementById("posts").innerHTML = ""
last_10_posts.forEach((item, i) => { last_10_posts.forEach((item, i) => {
createPost(item.post_user_name,item.post_text,item.post_time,item.post_special_text) createPost(decodeURIComponent(atob(item.post_user_name)),decodeURIComponent(atob(item.post_text)),item.post_time,item.post_special_text,item.post_id)
}); });
let links = document.getElementsByClassName("insertedlink")
for (let i = 0; i < links.length; i++) {
links[i].innerText = links[i].innerText.split("\/\/")[1].split("\/")[0]
}
let mentions = document.getElementsByClassName("mention") let mentions = document.getElementsByClassName("mention")
for (let i = 0; i < mentions.length; i++) { for (let i = 0; i < mentions.length; i++) {
if(mentions[i]!=undefined && mentions[i].innerText == "@"+username) { if(mentions[i]!=undefined && mentions[i].innerText == "@"+username) {

30
package-lock.json generated
View File

@ -1,5 +1,5 @@
{ {
"name": "npm-proj-1652743886349-0.8272252042668449rQTGrH", "name": "npm-proj-1653260782527-0.21350200299500766FoScfK",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
@ -8,12 +8,12 @@
"body-parser": "^1.20.0", "body-parser": "^1.20.0",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"csurf": "^1.11.0", "csurf": "^1.11.0",
"express": "^4.18.0", "express": "^4.18.1",
"express-fileupload": "^1.3.1", "express-fileupload": "^1.3.1",
"express-useragent": "^1.0.15", "express-useragent": "^1.0.15",
"helmet": "^5.0.2", "helmet": "^5.0.2",
"mysql": "^2.18.1", "mysql": "^2.18.1",
"ws": "^8.5.0" "ws": "^8.6.0"
} }
}, },
"node_modules/accepts": { "node_modules/accepts": {
@ -286,9 +286,9 @@
} }
}, },
"node_modules/express": { "node_modules/express": {
"version": "4.18.0", "version": "4.18.1",
"resolved": "https://registry.npmjs.org/express/-/express-4.18.0.tgz", "resolved": "https://registry.npmjs.org/express/-/express-4.18.1.tgz",
"integrity": "sha512-EJEXxiTQJS3lIPrU1AE2vRuT7X7E+0KBbpm5GSoK524yl0K8X+er8zS2P14E64eqsVNoWbMCT7MpmQ+ErAhgRg==", "integrity": "sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==",
"dependencies": { "dependencies": {
"accepts": "~1.3.8", "accepts": "~1.3.8",
"array-flatten": "1.1.1", "array-flatten": "1.1.1",
@ -916,9 +916,9 @@
} }
}, },
"node_modules/ws": { "node_modules/ws": {
"version": "8.5.0", "version": "8.6.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.5.0.tgz", "resolved": "https://registry.npmjs.org/ws/-/ws-8.6.0.tgz",
"integrity": "sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==", "integrity": "sha512-AzmM3aH3gk0aX7/rZLYvjdvZooofDu3fFOzGqcSnQ1tOcTWwhM/o+q++E8mAyVVIyUdajrkzWUGftaVSDLn1bw==",
"engines": { "engines": {
"node": ">=10.0.0" "node": ">=10.0.0"
}, },
@ -1145,9 +1145,9 @@
"integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=" "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
}, },
"express": { "express": {
"version": "4.18.0", "version": "4.18.1",
"resolved": "https://registry.npmjs.org/express/-/express-4.18.0.tgz", "resolved": "https://registry.npmjs.org/express/-/express-4.18.1.tgz",
"integrity": "sha512-EJEXxiTQJS3lIPrU1AE2vRuT7X7E+0KBbpm5GSoK524yl0K8X+er8zS2P14E64eqsVNoWbMCT7MpmQ+ErAhgRg==", "integrity": "sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==",
"requires": { "requires": {
"accepts": "~1.3.8", "accepts": "~1.3.8",
"array-flatten": "1.1.1", "array-flatten": "1.1.1",
@ -1622,9 +1622,9 @@
"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
}, },
"ws": { "ws": {
"version": "8.5.0", "version": "8.6.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.5.0.tgz", "resolved": "https://registry.npmjs.org/ws/-/ws-8.6.0.tgz",
"integrity": "sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==", "integrity": "sha512-AzmM3aH3gk0aX7/rZLYvjdvZooofDu3fFOzGqcSnQ1tOcTWwhM/o+q++E8mAyVVIyUdajrkzWUGftaVSDLn1bw==",
"requires": {} "requires": {}
} }
} }

4
package.json
View File

@ -3,11 +3,11 @@
"body-parser": "^1.20.0", "body-parser": "^1.20.0",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"csurf": "^1.11.0", "csurf": "^1.11.0",
"express": "^4.18.0", "express": "^4.18.1",
"express-fileupload": "^1.3.1", "express-fileupload": "^1.3.1",
"express-useragent": "^1.0.15", "express-useragent": "^1.0.15",
"helmet": "^5.0.2", "helmet": "^5.0.2",
"mysql": "^2.18.1", "mysql": "^2.18.1",
"ws": "^8.5.0" "ws": "^8.6.0"
} }
} }

48
server.js
View File

@ -49,6 +49,11 @@ function SHA256(str,salt,num) {
return ret; return ret;
} }
function b64(data) {
let buff = Buffer.from(data);
return buff.toString('base64');
}
function RNG(seed) { function RNG(seed) {
if(!seed)seed = Date.now(); if(!seed)seed = Date.now();
this.seed = seed this.seed = seed
@ -214,34 +219,37 @@ router.use("/api/*",async function(req,res,next) {
} }
let unsigned = unsign(cookie,req,res) let unsigned = unsign(cookie,req,res)
if(!unsigned)return if(!unsigned)return
unsigned = decodeURIComponent(unsigned)
let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;` let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" ") let values = unsigned.split(" ")
values[1] = SHA256(values[1],values[0],HASHES_DIFF) values[1] = SHA256(values[1],values[0],HASHES_DIFF)
values[0] = b64(values[0])
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) { if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) {
res.locals.username = values[0]; res.locals.username = atob(values[0]);
res.locals.bio = result[0].User_Bio res.locals.bio = result[0].User_Bio
next() next()
} else { } else {
console.log(result[0],values[0],values[1]);
res.json({"error":"you cannot access the api without being logged in"}) res.json({"error":"you cannot access the api without being logged in"})
} }
}); });
}) })
router.get("/api/getuser",async function(req,res) { router.get("/api/getuser",async function(req,res) {
res.json({"username":res.locals.username,"bio":res.locals.bio}) res.json({"username":res.locals.username,"bio":atob(res.locals.bio)})
}) })
router.get("/api/getotheruser",async function(req,res) { router.get("/api/getotheruser",async function(req,res) {
//already counted due to the /api/* handler //already counted due to the /api/* handler
let username = req.query.user let username = b64(req.query.user)
let sql = `select * from zerotwohub.users where User_Name=?;` let sql = `select * from zerotwohub.users where User_Name=?;`
con.query(sql, [username], function (err, result) { con.query(sql, [username], function (err, result) {
if (err) throw err; if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == username) { if(result[0] && result[0].User_Name && result[0].User_Name == username) {
res.json({"username":username,"bio":result[0].User_Bio}) res.json({"username":atob(username),"bio":atob(result[0].User_Bio)})
} else { } else {
res.json({"error":"there is no such user!"}) res.json({"error":"there is no such user!"})
} }
@ -249,12 +257,14 @@ router.get("/api/getotheruser",async function(req,res) {
}) })
router.post("/api/post", async function(req,res) { router.post("/api/post", async function(req,res) {
req.body.message = encodeURIComponent(req.body.message.trim())
if(!req.body.message) { if(!req.body.message) {
res.json({"error":"no message to post"}) res.json({"error":"no message to post"})
return return
} }
let sql = `insert into zerotwohub.posts (post_user_name,post_text,post_time) values (?,?,?);` let sql = `insert into zerotwohub.posts (post_user_name,post_text,post_time) values (?,?,?);`
let values = [res.locals.username,req.body.message,Date.now()] let values = [b64(encodeURIComponent(res.locals.username)),b64(req.body.message),Date.now()]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
console.log(result); console.log(result);
@ -278,7 +288,7 @@ router.post("/api/post", async function(req,res) {
// }) // })
router.get("/api/getPosts/*", async function(req,res) { router.get("/api/getPosts/*", async function(req,res) {
let sql = `select post_user_name,post_text,post_time,post_special_text from zerotwohub.posts order by post_id desc;` let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from zerotwohub.posts order by post_id desc;`
con.query(sql, [], function (err, result) { con.query(sql, [], function (err, result) {
if (err) throw err; if (err) throw err;
res.json(result) res.json(result)
@ -293,7 +303,7 @@ router.post("/api/setBio", async function(req,res) {
return return
} }
let sql = `update zerotwohub.users set User_Bio=? where User_Name=?` let sql = `update zerotwohub.users set User_Bio=? where User_Name=?`
con.query(sql, [bio,res.locals.username], function (err, result) { con.query(sql, [b64(encodeURIComponent(bio)),b64(encodeURIComponent(res.locals.username))], function (err, result) {
if (err) throw err; if (err) throw err;
res.json({"success":"updated bio"}) res.json({"success":"updated bio"})
}); });
@ -310,12 +320,12 @@ router.post("/api/changePW", async function(req,res) {
let hashed_new_pw = SHA256(req.body.newPW,res.locals.username,HASHES_DB) let hashed_new_pw = SHA256(req.body.newPW,res.locals.username,HASHES_DB)
let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;` let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;`
let values = [res.locals.username,hashed_pw] let values = [b64(res.locals.username),hashed_pw]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == res.locals.username) { if(result[0] && result[0].User_Name && result[0].User_Name == res.locals.username) {
let sql = `update zerotwohub.users set User_PW=? where User_Name=? and User_PW=?;` let sql = `update zerotwohub.users set User_PW=? where User_Name=? and User_PW=?;`
let values = [hashed_new_pw,res.locals.username,hashed_pw] let values = [hashed_new_pw,b64(res.locals.username),hashed_pw]
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
let ip = req.socket.remoteAddress let ip = req.socket.remoteAddress
@ -424,7 +434,7 @@ router.post("/register",async function(req,res) {
return return
} }
let userexistssql = `SELECT User_Name from zerotwohub.users where User_Name = ?` let userexistssql = `SELECT User_Name from zerotwohub.users where User_Name = ?`
con.query(userexistssql,[username],function(error,result) { con.query(userexistssql,[b64(encodeURIComponent(username))],function(error,result) {
if(result && result[0] && result[0].User_Name) { if(result && result[0] && result[0].User_Name) {
res.status(400) res.status(400)
res.redirect("/register?success=false&reason=already_exists") res.redirect("/register?success=false&reason=already_exists")
@ -432,12 +442,13 @@ router.post("/register",async function(req,res) {
} }
let hashed_pw = SHA256(password,username,HASHES_DB) let hashed_pw = SHA256(password,username,HASHES_DB)
let ip = req.socket.remoteAddress let ip = req.socket.remoteAddress
let values = [username,hashed_pw, Date.now(), ip, ip] let cookiesigned = signature.sign(setTo, cookiesecret+ip);
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
ip = SHA256(ip,setTo,HASHES_DB)
let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip]
let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);` let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);`
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
}); });
@ -475,21 +486,24 @@ router.post("/login",async function(req,res) {
let hashed_pw = SHA256(password,username,HASHES_DB) let hashed_pw = SHA256(password,username,HASHES_DB)
let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;` let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;`
con.query(userexistssql,[username,hashed_pw],function(error,result) { con.query(userexistssql,[b64(encodeURIComponent(username)),hashed_pw],function(error,result) {
if(result && result[0] && result[0].User_Name && result[0].User_Name==username && result[0].User_PW && result[0].User_PW == hashed_pw) { if(result && result[0] && result[0].User_Name && result[0].User_Name==b64(encodeURIComponent(username)) && result[0].User_PW && result[0].User_PW == hashed_pw) {
let ip = req.socket.remoteAddress let ip = req.socket.remoteAddress
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE) let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
let cookiesigned = signature.sign(setTo, cookiesecret+ip); let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
ip = SHA256(ip,setTo,HASHES_DB)
if(result[0].User_LastIP != ip) { if(result[0].User_LastIP != ip) {
let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;` let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;`
con.query(sql,[ip,username],function(error,result) { con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) {
if(error)throw error if(error)throw error
}) })
} }
} else { } else {
res.redirect("/login?success=false") res.redirect("/login?success=false?reason=noUser")
} }
}); });
}) })