From 59b9ecb01c44f529568b56c6345096e0c757c85c Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Fri, 10 Feb 2023 17:24:27 +0100
Subject: [PATCH] show info about app when authorizing

---
 js/htmlescape.js     | 23 +++++++++++++++++++++++
 routes/userfiles.js  | 30 +++++++++++++++++++++++++++---
 views/authorize.html | 16 +++++++++++++---
 3 files changed, 63 insertions(+), 6 deletions(-)

diff --git a/js/htmlescape.js b/js/htmlescape.js
index 2e2227c..a5062f4 100644
--- a/js/htmlescape.js
+++ b/js/htmlescape.js
@@ -1,3 +1,26 @@
+/**
+   * Copyright (C) 2017-present by Andrea Giammarchi - @WebReflection
+   *
+   * Permission is hereby granted, free of charge, to any person obtaining a copy
+   * of this software and associated documentation files (the "Software"), to deal
+   * in the Software without restriction, including without limitation the rights
+   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   * copies of the Software, and to permit persons to whom the Software is
+   * furnished to do so, subject to the following conditions:
+   *
+   * The above copyright notice and this permission notice shall be included in
+   * all copies or substantial portions of the Software.
+   *
+   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   * THE SOFTWARE.
+   */
+//https://github.com/WebReflection/html-escaper
+
 const {replace} = '';
 
 const es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/gi;
diff --git a/routes/userfiles.js b/routes/userfiles.js
index 59a5887..fdbff68 100644
--- a/routes/userfiles.js
+++ b/routes/userfiles.js
@@ -66,6 +66,26 @@ export const setup = function (router, con, server) {
         })
     }
 
+    const appId_Cache = new LRU({max:20,ttl: 1000 * 60 * 15}) //cache for 15 minutes
+    function getAppWithId(appid) {
+        appid = Number(appid)
+        return new Promise((res,rej) => {
+            if(appId_Cache.has(appid)) {
+                res(appId_Cache.get(appid) || {})
+                return
+            }
+            con.query("SELECT * FROM ipost.application WHERE application_id=?",[appid],(err,result) => {
+                if(err) {
+                    console.error(err)
+                    rej({})
+                    return
+                }
+                appId_Cache.set(appid,result[0])
+                res(result[0] || {})
+            })
+        })
+    }
+
     let global_page_variables = {
         globalcss: load_var("./css/global.css"),
         httppostjs: load_var("./js/httppost.js"),
@@ -81,12 +101,13 @@ export const setup = function (router, con, server) {
         getPID: server.global_page_variables.getPID,
         getDMPID: server.global_page_variables.getDMPID,
         unauthorized_description: "Chat now by creating an account on IPost",
-        hcaptcha_sitekey: server.hcaptcha.sitekey
+        hcaptcha_sitekey: server.hcaptcha.sitekey,
+        getAppWithId: getAppWithId
     }
 
     
 
-    function handleUserFiles(request, response, overrideurl) {
+    async function handleUserFiles(request, response, overrideurl) {
         if (!increaseUSERCall(request, response))return;
         if(typeof overrideurl != "string")overrideurl = undefined;
     
@@ -115,9 +136,12 @@ export const setup = function (router, con, server) {
             path = dir + "views" + originalUrl + ".html"
         }
     
-        if(path != "" && originalUrl != "/favicon.ico" && originalUrl != "/api/documentation/") {
+        if(path !== "" && originalUrl !== "/favicon.ico" && originalUrl !== "/api/documentation/") {
             global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
             global_page_variables.query = request.query
+            if(originalUrl === "/authorize") {
+                global_page_variables.application = await getAppWithId(request.query.id)
+            }
             ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
                 str = await str
                 err = await err
diff --git a/views/authorize.html b/views/authorize.html
index e21ed52..7ab24a4 100644
--- a/views/authorize.html
+++ b/views/authorize.html
@@ -14,18 +14,28 @@
     <% if(user.username === undefined) { %>
       <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
     <% } else { %>
-        <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
+        <% if(query.id === undefined) { %>
+            <script> document.location.href="/" </script>
+        <% } else { %>
+            <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
+        <% } %>
     <% } %>
   </head>
   <body>
     <div class="center">
         <h1>Authorize App</h1>
-        <p>Please authorize the app to access your information:</p>
+        <p>Please authorize the app "<%= application.application_name %>" to access your information:</p>
         <form action="/authorize" method="post">
-            <input type="number" value=<%- query.id %> class="hidden" name="application_id" id="application_id">
+            <input type="number" value=<%= query.id %> class="hidden" name="application_id" id="application_id">
             <div class="h-captcha" data-sitekey="<%- hcaptcha_sitekey %>"></div>
             <input type="submit" value="Authorize">
         </form>
+        <br>
+        <br>
+        <div>
+            <h2>more about <b><%= application.application_name %></b></h2>
+            <%= application.application_description %>
+        </div>
     </div>
   </body>
 </html>