show info about app when authorizing

2023-02-10 17:24:27 +01:00 · 2023-02-10 17:24:27 +01:00 · 59b9ecb01c
commit 59b9ecb01c
parent 1f061af9a0
3 changed files with 63 additions and 6 deletions
--- a/js/htmlescape.js
+++ b/js/htmlescape.js
@ -1,3 +1,26 @@
+/**
+   * Copyright (C) 2017-present by Andrea Giammarchi - @WebReflection
+   *
+   * Permission is hereby granted, free of charge, to any person obtaining a copy
+   * of this software and associated documentation files (the "Software"), to deal
+   * in the Software without restriction, including without limitation the rights
+   * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   * copies of the Software, and to permit persons to whom the Software is
+   * furnished to do so, subject to the following conditions:
+   *
+   * The above copyright notice and this permission notice shall be included in
+   * all copies or substantial portions of the Software.
+   *
+   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   * THE SOFTWARE.
+   */
+//https://github.com/WebReflection/html-escaper
+
 const {replace} = '';

 const es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/gi;
--- a/routes/userfiles.js
+++ b/routes/userfiles.js
@ -66,6 +66,26 @@ export const setup = function (router, con, server) {
        })
    }

+    const appId_Cache = new LRU({max:20,ttl: 1000 * 60 * 15}) //cache for 15 minutes
+    function getAppWithId(appid) {
+        appid = Number(appid)
+        return new Promise((res,rej) => {
+            if(appId_Cache.has(appid)) {
+                res(appId_Cache.get(appid) || {})
+                return
+            }
+            con.query("SELECT * FROM ipost.application WHERE application_id=?",[appid],(err,result) => {
+                if(err) {
+                    console.error(err)
+                    rej({})
+                    return
+                }
+                appId_Cache.set(appid,result[0])
+                res(result[0] || {})
+            })
+        })
+    }
+
    let global_page_variables = {
        globalcss: load_var("./css/global.css"),
        httppostjs: load_var("./js/httppost.js"),
@ -81,12 +101,13 @@ export const setup = function (router, con, server) {
        getPID: server.global_page_variables.getPID,
        getDMPID: server.global_page_variables.getDMPID,
        unauthorized_description: "Chat now by creating an account on IPost",
-        hcaptcha_sitekey: server.hcaptcha.sitekey
+        hcaptcha_sitekey: server.hcaptcha.sitekey,
+        getAppWithId: getAppWithId
    }

    

-    function handleUserFiles(request, response, overrideurl) {
+    async function handleUserFiles(request, response, overrideurl) {
        if (!increaseUSERCall(request, response))return;
        if(typeof overrideurl != "string")overrideurl = undefined;
    
@ -115,9 +136,12 @@ export const setup = function (router, con, server) {
            path = dir + "views" + originalUrl + ".html"
        }
    
-        if(path != "" && originalUrl != "/favicon.ico" && originalUrl != "/api/documentation/") {
+        if(path !== "" && originalUrl !== "/favicon.ico" && originalUrl !== "/api/documentation/") {
            global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
            global_page_variables.query = request.query
+            if(originalUrl === "/authorize") {
+                global_page_variables.application = await getAppWithId(request.query.id)
+            }
            ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
                str = await str
                err = await err
--- a/views/authorize.html
+++ b/views/authorize.html
@ -13,19 +13,29 @@
    </style>
    <% if(user.username === undefined) { %>
      <script> document.location.href = '/no_login?r='+encodeURIComponent(document.location.pathname) </script>
+    <% } else { %>
+        <% if(query.id === undefined) { %>
+            <script> document.location.href="/" </script>
        <% } else { %>
            <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
        <% } %>
+    <% } %>
  </head>
  <body>
    <div class="center">
        <h1>Authorize App</h1>
-        <p>Please authorize the app to access your information:</p>
+        <p>Please authorize the app "<%= application.application_name %>" to access your information:</p>
        <form action="/authorize" method="post">
-            <input type="number" value=<%- query.id %> class="hidden" name="application_id" id="application_id">
+            <input type="number" value=<%= query.id %> class="hidden" name="application_id" id="application_id">
            <div class="h-captcha" data-sitekey="<%- hcaptcha_sitekey %>"></div>
            <input type="submit" value="Authorize">
        </form>
+        <br>
+        <br>
+        <div>
+            <h2>more about <b><%= application.application_name %></b></h2>
+            <%= application.application_description %>
+        </div>
    </div>
  </body>
 </html>