code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

added non-utf8 character compatability

Browse Source
This commit is contained in:
Mystikfluu 2022-05-25 13:38:54 +02:00
parent ce7409684d
commit a6743bcb07
2 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
js/posts.js
View File

@ -54,7 +54,7 @@ document.getElementById("post-btn").addEventListener("click",async function() {
alert(`Error, your message cant contain more than 1000 characters! (${len})`)
return
}
let r = await post("/api/post",{"message":document.getElementById("post-text").value})
let r = await post("/api/post",{"message":encodeURIComponent(document.getElementById("post-text").value)})
if(window.location.href.split("?mention=")[1])location.replace('/posts');
document.getElementById("post-text").value=""
})
@ -76,7 +76,7 @@ function spacerTextNode() {
return document.createTextNode(" | ")
}
function createPost(username,text,time,specialtext) {
function createPost(username,text,time,specialtext,postid) {
if(!specialtext)specialtext=""
const newDiv = document.createElement("div");
const newP = document.createElement("p");
@ -115,7 +115,7 @@ function createPost(username,text,time,specialtext) {
newDiv.appendChild(newP)
newDiv.innerHTML += filterPost(text)
newDiv.id = postid
document.getElementById("posts").appendChild(newDiv)
}
@ -132,7 +132,7 @@ async function main(){
if(!last_10_posts)return;
document.getElementById("posts").innerHTML = ""
last_10_posts.forEach((item, i) => {
createPost(item.post_user_name,item.post_text,item.post_time,item.post_special_text)
createPost(item.post_user_name,decodeURIComponent(atob(item.post_text)),item.post_time,item.post_special_text,item.post_id)
});
let links = document.getElementsByClassName("insertedlink")

39
server.js
View File

@ -49,6 +49,11 @@ function SHA256(str,salt,num) {
return ret;
}
function b64(data) {
let buff = Buffer.from(data);
return buff.toString('base64');
}
function RNG(seed) {
if(!seed)seed = Date.now();
this.seed = seed
@ -214,34 +219,37 @@ router.use("/api/*",async function(req,res,next) {
}
let unsigned = unsign(cookie,req,res)
if(!unsigned)return
unsigned = decodeURIComponent(unsigned)
let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" ")
values[1] = SHA256(values[1],values[0],HASHES_DIFF)
values[0] = b64(values[0])
con.query(sql, values, function (err, result) {
if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == values[0]) {
res.locals.username = values[0];
res.locals.username = atob(values[0]);
res.locals.bio = result[0].User_Bio
next()
} else {
console.log(result[0],values[0],values[1]);
res.json({"error":"you cannot access the api without being logged in"})
}
});
})
router.get("/api/getuser",async function(req,res) {
res.json({"username":res.locals.username,"bio":res.locals.bio})
res.json({"username":res.locals.username,"bio":atob(res.locals.bio)})
})
router.get("/api/getotheruser",async function(req,res) {
//already counted due to the /api/* handler
let username = req.query.user
let username = b64(req.query.user)
let sql = `select * from zerotwohub.users where User_Name=?;`
con.query(sql, [username], function (err, result) {
if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == username) {
res.json({"username":username,"bio":result[0].User_Bio})
res.json({"username":atob(username),"bio":atob(result[0].User_Bio)})
} else {
res.json({"error":"there is no such user!"})
}
@ -253,8 +261,9 @@ router.post("/api/post", async function(req,res) {
res.json({"error":"no message to post"})
return
}
let sql = `insert into zerotwohub.posts (post_user_name,post_text,post_time) values (?,?,?);`
let values = [res.locals.username,req.body.message,Date.now()]
let values = [res.locals.username,b64(req.body.message),Date.now()]
con.query(sql, values, function (err, result) {
if (err) throw err;
console.log(result);
@ -278,7 +287,7 @@ router.post("/api/post", async function(req,res) {
// })
router.get("/api/getPosts/*", async function(req,res) {
let sql = `select post_user_name,post_text,post_time,post_special_text from zerotwohub.posts order by post_id desc;`
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from zerotwohub.posts order by post_id desc;`
con.query(sql, [], function (err, result) {
if (err) throw err;
res.json(result)
@ -293,7 +302,7 @@ router.post("/api/setBio", async function(req,res) {
return
}
let sql = `update zerotwohub.users set User_Bio=? where User_Name=?`
con.query(sql, [bio,res.locals.username], function (err, result) {
con.query(sql, [b64(bio),b64(res.locals.username)], function (err, result) {
if (err) throw err;
res.json({"success":"updated bio"})
});
@ -310,12 +319,12 @@ router.post("/api/changePW", async function(req,res) {
let hashed_new_pw = SHA256(req.body.newPW,res.locals.username,HASHES_DB)
let sql = `select * from zerotwohub.users where User_Name=? and User_PW=?;`
let values = [res.locals.username,hashed_pw]
let values = [b64(res.locals.username),hashed_pw]
con.query(sql, values, function (err, result) {
if (err) throw err;
if(result[0] && result[0].User_Name && result[0].User_Name == res.locals.username) {
let sql = `update zerotwohub.users set User_PW=? where User_Name=? and User_PW=?;`
let values = [hashed_new_pw,res.locals.username,hashed_pw]
let values = [hashed_new_pw,b64(res.locals.username),hashed_pw]
con.query(sql, values, function (err, result) {
if (err) throw err;
let ip = req.socket.remoteAddress
@ -424,7 +433,7 @@ router.post("/register",async function(req,res) {
return
}
let userexistssql = `SELECT User_Name from zerotwohub.users where User_Name = ?`
con.query(userexistssql,[username],function(error,result) {
con.query(userexistssql,[b64(username)],function(error,result) {
if(result && result[0] && result[0].User_Name) {
res.status(400)
res.redirect("/register?success=false&reason=already_exists")
@ -432,7 +441,7 @@ router.post("/register",async function(req,res) {
}
let hashed_pw = SHA256(password,username,HASHES_DB)
let ip = req.socket.remoteAddress
let values = [username,hashed_pw, Date.now(), ip, ip]
let values = [b64(username),hashed_pw, Date.now(), ip, ip]
let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);`
con.query(sql, values, function (err, result) {
if (err) throw err;
@ -475,8 +484,8 @@ router.post("/login",async function(req,res) {
let hashed_pw = SHA256(password,username,HASHES_DB)
let userexistssql = `SELECT User_Name,User_PW,User_LastIP from zerotwohub.users where User_Name = ? and User_PW = ?;`
con.query(userexistssql,[username,hashed_pw],function(error,result) {
if(result && result[0] && result[0].User_Name && result[0].User_Name==username && result[0].User_PW && result[0].User_PW == hashed_pw) {
con.query(userexistssql,[b64(username),hashed_pw],function(error,result) {
if(result && result[0] && result[0].User_Name && result[0].User_Name==b64(username) && result[0].User_PW && result[0].User_PW == hashed_pw) {
let ip = req.socket.remoteAddress
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
let cookiesigned = signature.sign(setTo, cookiesecret+ip);
@ -484,12 +493,12 @@ router.post("/login",async function(req,res) {
res.redirect("/user?success=true")
if(result[0].User_LastIP != ip) {
let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;`
con.query(sql,[ip,username],function(error,result) {
con.query(sql,[ip,b64(username)],function(error,result) {
if(error)throw error
})
}
} else {
res.redirect("/login?success=false")
res.redirect("/login?success=false?reason=noUser")
}
});
})