code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add clearer error status codes

Browse Source
This commit is contained in:
Mystikfluu 2022-09-10 17:32:43 +02:00
parent cf9a819a55
commit a763bde1f8
8 changed files with 75 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
error_codes.txt Normal file
View File

@ -0,0 +1,7 @@
400: generic error / unsorted
402: login error (bad cookie)
403: login error (no cookie)
404: invalid url / not found
410-419: argument/data error
500: server error

4
extra_modules/unsign.js
View File

@ -26,14 +26,14 @@ function unsign(text, req, res) {
function getunsigned(req, res) { function getunsigned(req, res) {
let cookie = req.cookies.AUTH_COOKIE; let cookie = req.cookies.AUTH_COOKIE;
if (!cookie) { if (!cookie) {
res.status(400); res.status(403);
res.json({ "error": "you are not logged in! (no cookie)" }); res.json({ "error": "you are not logged in! (no cookie)" });
return; return;
} }
let unsigned = unsign(cookie, req, res); let unsigned = unsign(cookie, req, res);
if (!unsigned) { if (!unsigned) {
try { try {
res.status(400); res.status(402);
res.json({ "error": "Bad auth cookie set" }); res.json({ "error": "Bad auth cookie set" });
} }
catch (ignored) { } //sometimes it errors, gotta debug soon catch (ignored) { } //sometimes it errors, gotta debug soon

2
routes/api/all.js
View File

@ -61,7 +61,7 @@ export const setup = function (router, con, server) {
next(); next();
} }
else { else {
res.status(400); res.status(402);
res.json({ "error": "you cannot access the api without being logged in" }); res.json({ "error": "you cannot access the api without being logged in" });
} }
}); });

4
routes/api/dms/PersonalMessages.js
View File

@ -5,7 +5,7 @@ export const setup = function (router, con, server) {
res.set("Access-Control-Allow-Origin", ""); res.set("Access-Control-Allow-Origin", "");
let otherperson = encodeURIComponent(req.query.otherperson || ""); let otherperson = encodeURIComponent(req.query.otherperson || "");
if (typeof otherperson != "string" || otherperson.length > 100 || otherperson == "") { if (typeof otherperson != "string" || otherperson.length > 100 || otherperson == "") {
res.status(400).json({ "error": "invalid otherperson given" }); res.status(410).json({ "error": "invalid otherperson given" });
return; return;
} }
const columns = [ const columns = [
@ -14,7 +14,7 @@ export const setup = function (router, con, server) {
//dms_user_name = sender //dms_user_name = sender
//dms_receiver = receiver //dms_receiver = receiver
//if (sender == current and receiver == other) or (receiver == current and sender == other) //if (sender == current and receiver == other) or (receiver == current and sender == other)
let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc;`; let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc limit 50;`;
con.query(sql, [otherperson, encodeURIComponent(res.locals.username), encodeURIComponent(res.locals.username), otherperson], function (err, result) { con.query(sql, [otherperson, encodeURIComponent(res.locals.username), encodeURIComponent(res.locals.username), otherperson], function (err, result) {
if (err) if (err)
throw err; throw err;

18
routes/api/dms/post.js
View File

@ -22,18 +22,22 @@ export const setup = function (router, con, server) {
}); });
router.post("/api/dms/post", function (req, res) { router.post("/api/dms/post", function (req, res) {
if (!req.body.message) { if (!req.body.message) {
res.status(410)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
if ((typeof req.body.message) != "string") { if ((typeof req.body.message) != "string") {
res.status(411)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
if ((typeof req.body.pid) != "string") { if ((typeof req.body.pid) != "string") {
res.status(412)
res.json({ "error": "no pid given" }); res.json({ "error": "no pid given" });
return; return;
} }
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
res.status(413)
res.json({ "error": "invalid pid given" }); res.json({ "error": "invalid pid given" });
return; return;
} }
@ -46,33 +50,41 @@ export const setup = function (router, con, server) {
reply_id = req.body.reply_id; reply_id = req.body.reply_id;
} }
if ((typeof reply_id) != "number") { if ((typeof reply_id) != "number") {
res.status(414)
res.json({ "error": "no valid reply id given" }); res.json({ "error": "no valid reply id given" });
return; return;
} }
if (req.body.message.length > 1000) { if (req.body.message.length > 1000) {
res.status(415)
res.json({ "error": "message too long" }); res.json({ "error": "message too long" });
return; return;
} }
req.body.message = encodeURIComponent(req.body.message.trim()); req.body.message = encodeURIComponent(req.body.message.trim());
if (req.body.message.length > 3000) { if (req.body.message.length > 3000) {
res.status(416)
res.json({ "error": "message too long" }); //check again after URI encoding it res.json({ "error": "message too long" }); //check again after URI encoding it
return; return;
} }
req.body.receiver = encodeURIComponent(req.body.receiver || ""); req.body.receiver = encodeURIComponent(req.body.receiver || "");
if (req.body.receiver == "" || req.body.receiver == encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) { if (req.body.receiver == "" || req.body.receiver == encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) {
res.status(400).json({ "error": "invalid receiver given" }); res.status(417).json({ "error": "invalid receiver given" });
return; return;
} }
let otherperson = req.body.receiver; let otherperson = req.body.receiver;
if (!req.body.message) { if (!req.body.message) {
res.status(418)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`; let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`;
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), otherperson, res.locals.isbot, reply_id]; let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), otherperson, res.locals.isbot, reply_id];
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err) {
throw err; res.status(500)
res.json({"error":"there's been an internal error"})
console.error(err)
return;
}
// let post_obj = { // let post_obj = {
// post_user_name: encodeURIComponent(res.locals.username), // post_user_name: encodeURIComponent(res.locals.username),
// post_text: req.body.message, // post_text: req.body.message,

17
routes/api/post.js
View File

@ -20,18 +20,22 @@ export const setup = function (router, con, server) {
}); });
router.post("/api/post", function (req, res) { router.post("/api/post", function (req, res) {
if (!req.body.message) { if (!req.body.message) {
res.status(410)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
if ((typeof req.body.message) != "string") { if ((typeof req.body.message) != "string") {
res.status(411)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
if ((typeof req.body.pid) != "string") { if ((typeof req.body.pid) != "string") {
res.status(412)
res.json({ "error": "no pid given" }); res.json({ "error": "no pid given" });
return; return;
} }
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
res.status(413)
res.json({ "error": "invalid pid given" }); res.json({ "error": "invalid pid given" });
return; return;
} }
@ -46,20 +50,24 @@ export const setup = function (router, con, server) {
if(typeof reply_id == "string") { if(typeof reply_id == "string") {
reply_id = parseInt(reply_id) reply_id = parseInt(reply_id)
if(isNaN(reply_id)) { if(isNaN(reply_id)) {
res.status(414)
res.json({ "error": "no valid reply id given" }); res.json({ "error": "no valid reply id given" });
return; return;
} }
} }
if ((typeof reply_id) != "number") { if ((typeof reply_id) != "number") {
res.status(415)
res.json({ "error": "no valid reply id given" }); res.json({ "error": "no valid reply id given" });
return; return;
} }
if (req.body.message.length > 1000) { if (req.body.message.length > 1000) {
res.status(416)
res.json({ "error": "message too long" }); res.json({ "error": "message too long" });
return; return;
} }
req.body.message = encodeURIComponent(req.body.message.trim()); req.body.message = encodeURIComponent(req.body.message.trim());
if (req.body.message.length > 3000) { if (req.body.message.length > 3000) {
res.status(417)
res.json({ "error": "message too long" }); //check again after URI encoding it res.json({ "error": "message too long" }); //check again after URI encoding it
return; return;
} }
@ -67,14 +75,19 @@ export const setup = function (router, con, server) {
if (req.body.receiver == "") if (req.body.receiver == "")
req.body.receiver = "everyone"; req.body.receiver = "everyone";
if (!req.body.message) { if (!req.body.message) {
res.status(418)
res.json({ "error": "no message to post" }); res.json({ "error": "no message to post" });
return; return;
} }
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id) values (?,?,?,?,?,?);`; let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id) values (?,?,?,?,?,?);`;
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id]; let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id];
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) if (err){
throw err; res.status(500)
res.json({"error":"there's been an interal error"})
console.error(err)
return;
}
let post_obj = { let post_obj = {
post_user_name: encodeURIComponent(res.locals.username), post_user_name: encodeURIComponent(res.locals.username),
post_text: req.body.message, post_text: req.body.message,

4
routes/api/settingshandler.js
View File

@ -7,10 +7,12 @@ export const setup = function (router, con, server) {
}); });
router.post("/api/settings", function (req, res) { router.post("/api/settings", function (req, res) {
if (!req.body.setting) { if (!req.body.setting) {
res.status(410)
res.json({ "error": "no setting to change" }); res.json({ "error": "no setting to change" });
return; return;
} }
if ((typeof req.body.setting) != "string") { if ((typeof req.body.setting) != "string") {
res.status(411)
res.json({ "error": "no setting to change" }); res.json({ "error": "no setting to change" });
return; return;
} }
@ -25,6 +27,7 @@ export const setup = function (router, con, server) {
} }
if (!allowed) { if (!allowed) {
console.log(5, "incorrect type given, received, expected", typeof req.body.value, allowed_settings[req.body.setting]); console.log(5, "incorrect type given, received, expected", typeof req.body.value, allowed_settings[req.body.setting]);
res.status(412)
res.json({ "error": "no new setting value given" }); res.json({ "error": "no new setting value given" });
return; return;
} }
@ -36,6 +39,7 @@ export const setup = function (router, con, server) {
let values = [JSON.stringify(res.locals.settings), res.locals.username]; let values = [JSON.stringify(res.locals.settings), res.locals.username];
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) { if (err) {
res.status(500)
res.json({ "status": "error", "code": err }); res.json({ "status": "error", "code": err });
return; return;
} }

54
server.js
View File

@ -465,7 +465,7 @@ const get_dmpid = dmspostsetup(router, con, commonfunctions);
router.get("/api/getFileIcon/*",async function(req,res){ router.get("/api/getFileIcon/*",async function(req,res){
let path = req.path.split("/api/getFileIcon/")[1] let path = req.path.split("/api/getFileIcon/")[1]
if(path.length > 4) { if(path.length > 4) {
res.status(400).json({"error":"file ending is too long"}) res.status(410).json({"error":"file ending is too long"})
return; return;
} }
addTextOnImage(path,await sharp("./images/empty_file.png").toBuffer()).then(buf => { addTextOnImage(path,await sharp("./images/empty_file.png").toBuffer()).then(buf => {
@ -511,16 +511,16 @@ router.get("/api/search", function (req, res) {
router.post("/api/setavatar", function (req, res) { router.post("/api/setavatar", function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set("Access-Control-Allow-Origin", "");
if (!req.files || Object.keys(req.files).length === 0) { if (!req.files || Object.keys(req.files).length === 0) {
return res.status(400).send('No files were uploaded. (req.files)'); return res.status(410).send('No files were uploaded. (req.files)');
} }
let avatar = req.files.avatar; let avatar = req.files.avatar;
if (!avatar) { if (!avatar) {
return res.status(400).send('No files were uploaded. (req.files.)'); return res.status(411).send('No files were uploaded. (req.files.)');
} }
let DOSbuf = Buffer.from('ffd8ffc1f151d800ff51d800ffdaffde', 'hex'); //causes DOS let DOSbuf = Buffer.from('ffd8ffc1f151d800ff51d800ffdaffde', 'hex'); //causes DOS
if (avatar.data.includes(DOSbuf)) { if (avatar.data.includes(DOSbuf)) {
console.log(3, "DOS image was caught"); console.log(3, "DOS image was caught");
return res.status(400).send('No files were uploaded. (req.files.)'); return res.status(412).send('No files were uploaded. (req.files.)');
} }
//DOS introduced through jimp (uses jpeg-js) //DOS introduced through jimp (uses jpeg-js)
const avatars = __dirname + '/avatars/'; const avatars = __dirname + '/avatars/';
@ -573,7 +573,7 @@ router.get("/api/getalluserinformation", function (req, res) {
res.json(result[0]); res.json(result[0]);
} }
else { else {
res.status(400); res.status(402);
res.json({ "error": "you cannot access the api without being logged in" }); res.json({ "error": "you cannot access the api without being logged in" });
} }
}); });
@ -664,13 +664,13 @@ router.post("/api/setBio", function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set("Access-Control-Allow-Origin", "");
let bio = req.body.Bio; let bio = req.body.Bio;
if (!bio) { if (!bio) {
res.status(400); res.status(410);
res.json({ "error": "no bio set!" }); res.json({ "error": "no bio set!" });
return; return;
} }
bio = encodeURIComponent(bio); bio = encodeURIComponent(bio);
if (bio.length > 100) { if (bio.length > 100) {
res.status(400); res.status(411);
res.json({ "error": "the bio is too long!" }); res.json({ "error": "the bio is too long!" });
return; return;
} }
@ -692,7 +692,7 @@ router.post("/api/changePW", function (req, res) {
return; return;
} }
if (req.body.newPW.length < 10) { if (req.body.newPW.length < 10) {
res.status(400); res.status(410);
res.json({ "error": "password is too short" }); res.json({ "error": "password is too short" });
return; return;
} }
@ -729,22 +729,22 @@ router.post("/api/changePW", function (req, res) {
router.post("/api/changeUsername", function (req, res) { router.post("/api/changeUsername", function (req, res) {
res.set("Access-Control-Allow-Origin", ""); res.set("Access-Control-Allow-Origin", "");
if ((typeof req.body.newUsername) != "string") { if ((typeof req.body.newUsername) != "string") {
res.status(400); res.status(410);
res.json({ "error": "incorrect username" }); res.json({ "error": "incorrect username" });
return; return;
} }
if ((typeof req.body.currentPW) != "string") { if ((typeof req.body.currentPW) != "string") {
res.status(400); res.status(411);
res.json({ "error": "incorrect password" }); res.json({ "error": "incorrect password" });
return; return;
} }
if (req.body.newUsername.length > 100) { if (req.body.newUsername.length > 100) {
res.status(400); res.status(412);
res.json({ "error": "username is too long" }); res.json({ "error": "username is too long" });
return; return;
} }
if (req.body.newUsername == res.locals.username) { if (req.body.newUsername == res.locals.username) {
res.status(400); res.status(413);
res.json({ "error": "username can't be the current one" }); res.json({ "error": "username can't be the current one" });
return; return;
} }
@ -1012,10 +1012,12 @@ router.post("/register", function (req, res) {
} }
res.status(200); res.status(200);
if ((typeof req.body.user) != "string") { if ((typeof req.body.user) != "string") {
res.status(416);
res.json({ "error": "incorrect username" }); res.json({ "error": "incorrect username" });
return; return;
} }
if ((typeof req.body.pass) != "string") { if ((typeof req.body.pass) != "string") {
res.status(417);
res.json({ "error": "incorrect password" }); res.json({ "error": "incorrect password" });
return; return;
} }
@ -1023,39 +1025,39 @@ router.post("/register", function (req, res) {
username = username.replace(/\s/gi, ""); username = username.replace(/\s/gi, "");
let password = req.body.pass.toString(); let password = req.body.pass.toString();
if (!username) { if (!username) {
res.status(400); res.status(410);
res.redirect("/register?success=false&reason=username"); res.redirect("/register?success=false&reason=username");
return; return;
} }
if (username == "") { if (username == "") {
res.status(400); res.status(411);
res.redirect("/register?success=false&reason=username"); res.redirect("/register?success=false&reason=username");
return; return;
} }
if (password.length < 10) { if (password.length < 10) {
res.status(400); res.status(412);
res.send("password is too short"); res.send("password is too short");
return; return;
} }
if (username.length > 25) { if (username.length > 25) {
res.status(400); res.status(413);
res.send("username is too long"); res.send("username is too long");
return; return;
} }
if (username.search("@") != -1) { if (username.search("@") != -1) {
res.status(400); res.status(414);
res.send("username can't contain @-characters"); res.send("username can't contain @-characters");
return; return;
} }
if (!password) { if (!password) {
res.status(400); res.status(415);
res.redirect("/register?success=false&reason=password"); res.redirect("/register?success=false&reason=password");
return; return;
} }
let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`; let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`;
con.query(userexistssql, [encodeURIComponent(username)], function (error, result) { con.query(userexistssql, [encodeURIComponent(username)], function (error, result) {
if (result && result[0] && result[0].User_Name) { if (result && result[0] && result[0].User_Name) {
res.status(400); res.status(418);
res.redirect("/register?success=false&reason=already_exists"); res.redirect("/register?success=false&reason=already_exists");
return; return;
} }
@ -1083,20 +1085,22 @@ router.post("/login", function (req, res) {
return; return;
//login is counted twice (think of bruteforces man) //login is counted twice (think of bruteforces man)
if ((typeof req.body.user) != "string") { if ((typeof req.body.user) != "string") {
res.status(416);
res.json({ "error": "incorrect username" }); res.json({ "error": "incorrect username" });
return; return;
} }
if ((typeof req.body.pass) != "string") { if ((typeof req.body.pass) != "string") {
res.status(417);
res.json({ "error": "incorrect password" }); res.json({ "error": "incorrect password" });
return; return;
} }
if (!req.body.user) { if (!req.body.user) {
res.status(400); res.status(410);
res.send("no username given"); res.send("no username given");
return; return;
} }
if (!req.body.pass) { if (!req.body.pass) {
res.status(400); res.status(411);
res.send("no password given"); res.send("no password given");
return; return;
} }
@ -1104,22 +1108,22 @@ router.post("/login", function (req, res) {
username = username.replace(" ", ""); username = username.replace(" ", "");
let password = req.body.pass.toString(); let password = req.body.pass.toString();
if (!username) { if (!username) {
res.status(400); res.status(412);
res.send("no username given"); res.send("no username given");
return; return;
} }
if (username.length > 25) { if (username.length > 25) {
res.status(400); res.status(413);
res.send("username is too long"); res.send("username is too long");
return; return;
} }
if (password.length < 10) { if (password.length < 10) {
res.status(400); res.status(414);
res.send("password is too short"); res.send("password is too short");
return; return;
} }
if (!password) { if (!password) {
res.status(400); res.status(415);
res.send("no password given"); res.send("no password given");
return; return;
} }