add clearer error status codes
This commit is contained in:
Mystikfluu
parent
cf9a819a55
commit
a763bde1f8
7
error_codes.txt
Normal file
7
error_codes.txt
Normal file
@ -0,0 +1,7 @@
|
||||
400: generic error / unsorted
|
||||
402: login error (bad cookie)
|
||||
403: login error (no cookie)
|
||||
404: invalid url / not found
|
||||
410-419: argument/data error
|
||||
|
||||
500: server error
|
||||
@ -26,14 +26,14 @@ function unsign(text, req, res) {
|
||||
function getunsigned(req, res) {
|
||||
let cookie = req.cookies.AUTH_COOKIE;
|
||||
if (!cookie) {
|
||||
res.status(400);
|
||||
res.status(403);
|
||||
res.json({ "error": "you are not logged in! (no cookie)" });
|
||||
return;
|
||||
}
|
||||
let unsigned = unsign(cookie, req, res);
|
||||
if (!unsigned) {
|
||||
try {
|
||||
res.status(400);
|
||||
res.status(402);
|
||||
res.json({ "error": "Bad auth cookie set" });
|
||||
}
|
||||
catch (ignored) { } //sometimes it errors, gotta debug soon
|
||||
|
||||
@ -61,7 +61,7 @@ export const setup = function (router, con, server) {
|
||||
next();
|
||||
}
|
||||
else {
|
||||
res.status(400);
|
||||
res.status(402);
|
||||
res.json({ "error": "you cannot access the api without being logged in" });
|
||||
}
|
||||
});
|
||||
|
||||
@ -5,7 +5,7 @@ export const setup = function (router, con, server) {
|
||||
res.set("Access-Control-Allow-Origin", "");
|
||||
let otherperson = encodeURIComponent(req.query.otherperson || "");
|
||||
if (typeof otherperson != "string" || otherperson.length > 100 || otherperson == "") {
|
||||
res.status(400).json({ "error": "invalid otherperson given" });
|
||||
res.status(410).json({ "error": "invalid otherperson given" });
|
||||
return;
|
||||
}
|
||||
const columns = [
|
||||
@ -14,7 +14,7 @@ export const setup = function (router, con, server) {
|
||||
//dms_user_name = sender
|
||||
//dms_receiver = receiver
|
||||
//if (sender == current and receiver == other) or (receiver == current and sender == other)
|
||||
let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc;`;
|
||||
let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc limit 50;`;
|
||||
con.query(sql, [otherperson, encodeURIComponent(res.locals.username), encodeURIComponent(res.locals.username), otherperson], function (err, result) {
|
||||
if (err)
|
||||
throw err;
|
||||
|
||||
@ -22,18 +22,22 @@ export const setup = function (router, con, server) {
|
||||
});
|
||||
router.post("/api/dms/post", function (req, res) {
|
||||
if (!req.body.message) {
|
||||
res.status(410)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.message) != "string") {
|
||||
res.status(411)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.pid) != "string") {
|
||||
res.status(412)
|
||||
res.json({ "error": "no pid given" });
|
||||
return;
|
||||
}
|
||||
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
|
||||
res.status(413)
|
||||
res.json({ "error": "invalid pid given" });
|
||||
return;
|
||||
}
|
||||
@ -46,33 +50,41 @@ export const setup = function (router, con, server) {
|
||||
reply_id = req.body.reply_id;
|
||||
}
|
||||
if ((typeof reply_id) != "number") {
|
||||
res.status(414)
|
||||
res.json({ "error": "no valid reply id given" });
|
||||
return;
|
||||
}
|
||||
if (req.body.message.length > 1000) {
|
||||
res.status(415)
|
||||
res.json({ "error": "message too long" });
|
||||
return;
|
||||
}
|
||||
req.body.message = encodeURIComponent(req.body.message.trim());
|
||||
if (req.body.message.length > 3000) {
|
||||
res.status(416)
|
||||
res.json({ "error": "message too long" }); //check again after URI encoding it
|
||||
return;
|
||||
}
|
||||
req.body.receiver = encodeURIComponent(req.body.receiver || "");
|
||||
if (req.body.receiver == "" || req.body.receiver == encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) {
|
||||
res.status(400).json({ "error": "invalid receiver given" });
|
||||
res.status(417).json({ "error": "invalid receiver given" });
|
||||
return;
|
||||
}
|
||||
let otherperson = req.body.receiver;
|
||||
if (!req.body.message) {
|
||||
res.status(418)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`;
|
||||
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), otherperson, res.locals.isbot, reply_id];
|
||||
con.query(sql, values, function (err, result) {
|
||||
if (err)
|
||||
throw err;
|
||||
if (err) {
|
||||
res.status(500)
|
||||
res.json({"error":"there's been an internal error"})
|
||||
console.error(err)
|
||||
return;
|
||||
}
|
||||
// let post_obj = {
|
||||
// post_user_name: encodeURIComponent(res.locals.username),
|
||||
// post_text: req.body.message,
|
||||
|
||||
@ -20,18 +20,22 @@ export const setup = function (router, con, server) {
|
||||
});
|
||||
router.post("/api/post", function (req, res) {
|
||||
if (!req.body.message) {
|
||||
res.status(410)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.message) != "string") {
|
||||
res.status(411)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.pid) != "string") {
|
||||
res.status(412)
|
||||
res.json({ "error": "no pid given" });
|
||||
return;
|
||||
}
|
||||
if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) {
|
||||
res.status(413)
|
||||
res.json({ "error": "invalid pid given" });
|
||||
return;
|
||||
}
|
||||
@ -46,20 +50,24 @@ export const setup = function (router, con, server) {
|
||||
if(typeof reply_id == "string") {
|
||||
reply_id = parseInt(reply_id)
|
||||
if(isNaN(reply_id)) {
|
||||
res.status(414)
|
||||
res.json({ "error": "no valid reply id given" });
|
||||
return;
|
||||
}
|
||||
}
|
||||
if ((typeof reply_id) != "number") {
|
||||
res.status(415)
|
||||
res.json({ "error": "no valid reply id given" });
|
||||
return;
|
||||
}
|
||||
if (req.body.message.length > 1000) {
|
||||
res.status(416)
|
||||
res.json({ "error": "message too long" });
|
||||
return;
|
||||
}
|
||||
req.body.message = encodeURIComponent(req.body.message.trim());
|
||||
if (req.body.message.length > 3000) {
|
||||
res.status(417)
|
||||
res.json({ "error": "message too long" }); //check again after URI encoding it
|
||||
return;
|
||||
}
|
||||
@ -67,14 +75,19 @@ export const setup = function (router, con, server) {
|
||||
if (req.body.receiver == "")
|
||||
req.body.receiver = "everyone";
|
||||
if (!req.body.message) {
|
||||
res.status(418)
|
||||
res.json({ "error": "no message to post" });
|
||||
return;
|
||||
}
|
||||
let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id) values (?,?,?,?,?,?);`;
|
||||
let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id];
|
||||
con.query(sql, values, function (err, result) {
|
||||
if (err)
|
||||
throw err;
|
||||
if (err){
|
||||
res.status(500)
|
||||
res.json({"error":"there's been an interal error"})
|
||||
console.error(err)
|
||||
return;
|
||||
}
|
||||
let post_obj = {
|
||||
post_user_name: encodeURIComponent(res.locals.username),
|
||||
post_text: req.body.message,
|
||||
|
||||
@ -7,10 +7,12 @@ export const setup = function (router, con, server) {
|
||||
});
|
||||
router.post("/api/settings", function (req, res) {
|
||||
if (!req.body.setting) {
|
||||
res.status(410)
|
||||
res.json({ "error": "no setting to change" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.setting) != "string") {
|
||||
res.status(411)
|
||||
res.json({ "error": "no setting to change" });
|
||||
return;
|
||||
}
|
||||
@ -25,6 +27,7 @@ export const setup = function (router, con, server) {
|
||||
}
|
||||
if (!allowed) {
|
||||
console.log(5, "incorrect type given, received, expected", typeof req.body.value, allowed_settings[req.body.setting]);
|
||||
res.status(412)
|
||||
res.json({ "error": "no new setting value given" });
|
||||
return;
|
||||
}
|
||||
@ -36,6 +39,7 @@ export const setup = function (router, con, server) {
|
||||
let values = [JSON.stringify(res.locals.settings), res.locals.username];
|
||||
con.query(sql, values, function (err, result) {
|
||||
if (err) {
|
||||
res.status(500)
|
||||
res.json({ "status": "error", "code": err });
|
||||
return;
|
||||
}
|
||||
|
||||
54
server.js
54
server.js
@ -465,7 +465,7 @@ const get_dmpid = dmspostsetup(router, con, commonfunctions);
|
||||
router.get("/api/getFileIcon/*",async function(req,res){
|
||||
let path = req.path.split("/api/getFileIcon/")[1]
|
||||
if(path.length > 4) {
|
||||
res.status(400).json({"error":"file ending is too long"})
|
||||
res.status(410).json({"error":"file ending is too long"})
|
||||
return;
|
||||
}
|
||||
addTextOnImage(path,await sharp("./images/empty_file.png").toBuffer()).then(buf => {
|
||||
@ -511,16 +511,16 @@ router.get("/api/search", function (req, res) {
|
||||
router.post("/api/setavatar", function (req, res) {
|
||||
res.set("Access-Control-Allow-Origin", "");
|
||||
if (!req.files || Object.keys(req.files).length === 0) {
|
||||
return res.status(400).send('No files were uploaded. (req.files)');
|
||||
return res.status(410).send('No files were uploaded. (req.files)');
|
||||
}
|
||||
let avatar = req.files.avatar;
|
||||
if (!avatar) {
|
||||
return res.status(400).send('No files were uploaded. (req.files.)');
|
||||
return res.status(411).send('No files were uploaded. (req.files.)');
|
||||
}
|
||||
let DOSbuf = Buffer.from('ffd8ffc1f151d800ff51d800ffdaffde', 'hex'); //causes DOS
|
||||
if (avatar.data.includes(DOSbuf)) {
|
||||
console.log(3, "DOS image was caught");
|
||||
return res.status(400).send('No files were uploaded. (req.files.)');
|
||||
return res.status(412).send('No files were uploaded. (req.files.)');
|
||||
}
|
||||
//DOS introduced through jimp (uses jpeg-js)
|
||||
const avatars = __dirname + '/avatars/';
|
||||
@ -573,7 +573,7 @@ router.get("/api/getalluserinformation", function (req, res) {
|
||||
res.json(result[0]);
|
||||
}
|
||||
else {
|
||||
res.status(400);
|
||||
res.status(402);
|
||||
res.json({ "error": "you cannot access the api without being logged in" });
|
||||
}
|
||||
});
|
||||
@ -664,13 +664,13 @@ router.post("/api/setBio", function (req, res) {
|
||||
res.set("Access-Control-Allow-Origin", "");
|
||||
let bio = req.body.Bio;
|
||||
if (!bio) {
|
||||
res.status(400);
|
||||
res.status(410);
|
||||
res.json({ "error": "no bio set!" });
|
||||
return;
|
||||
}
|
||||
bio = encodeURIComponent(bio);
|
||||
if (bio.length > 100) {
|
||||
res.status(400);
|
||||
res.status(411);
|
||||
res.json({ "error": "the bio is too long!" });
|
||||
return;
|
||||
}
|
||||
@ -692,7 +692,7 @@ router.post("/api/changePW", function (req, res) {
|
||||
return;
|
||||
}
|
||||
if (req.body.newPW.length < 10) {
|
||||
res.status(400);
|
||||
res.status(410);
|
||||
res.json({ "error": "password is too short" });
|
||||
return;
|
||||
}
|
||||
@ -729,22 +729,22 @@ router.post("/api/changePW", function (req, res) {
|
||||
router.post("/api/changeUsername", function (req, res) {
|
||||
res.set("Access-Control-Allow-Origin", "");
|
||||
if ((typeof req.body.newUsername) != "string") {
|
||||
res.status(400);
|
||||
res.status(410);
|
||||
res.json({ "error": "incorrect username" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.currentPW) != "string") {
|
||||
res.status(400);
|
||||
res.status(411);
|
||||
res.json({ "error": "incorrect password" });
|
||||
return;
|
||||
}
|
||||
if (req.body.newUsername.length > 100) {
|
||||
res.status(400);
|
||||
res.status(412);
|
||||
res.json({ "error": "username is too long" });
|
||||
return;
|
||||
}
|
||||
if (req.body.newUsername == res.locals.username) {
|
||||
res.status(400);
|
||||
res.status(413);
|
||||
res.json({ "error": "username can't be the current one" });
|
||||
return;
|
||||
}
|
||||
@ -1012,10 +1012,12 @@ router.post("/register", function (req, res) {
|
||||
}
|
||||
res.status(200);
|
||||
if ((typeof req.body.user) != "string") {
|
||||
res.status(416);
|
||||
res.json({ "error": "incorrect username" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.pass) != "string") {
|
||||
res.status(417);
|
||||
res.json({ "error": "incorrect password" });
|
||||
return;
|
||||
}
|
||||
@ -1023,39 +1025,39 @@ router.post("/register", function (req, res) {
|
||||
username = username.replace(/\s/gi, "");
|
||||
let password = req.body.pass.toString();
|
||||
if (!username) {
|
||||
res.status(400);
|
||||
res.status(410);
|
||||
res.redirect("/register?success=false&reason=username");
|
||||
return;
|
||||
}
|
||||
if (username == "") {
|
||||
res.status(400);
|
||||
res.status(411);
|
||||
res.redirect("/register?success=false&reason=username");
|
||||
return;
|
||||
}
|
||||
if (password.length < 10) {
|
||||
res.status(400);
|
||||
res.status(412);
|
||||
res.send("password is too short");
|
||||
return;
|
||||
}
|
||||
if (username.length > 25) {
|
||||
res.status(400);
|
||||
res.status(413);
|
||||
res.send("username is too long");
|
||||
return;
|
||||
}
|
||||
if (username.search("@") != -1) {
|
||||
res.status(400);
|
||||
res.status(414);
|
||||
res.send("username can't contain @-characters");
|
||||
return;
|
||||
}
|
||||
if (!password) {
|
||||
res.status(400);
|
||||
res.status(415);
|
||||
res.redirect("/register?success=false&reason=password");
|
||||
return;
|
||||
}
|
||||
let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`;
|
||||
con.query(userexistssql, [encodeURIComponent(username)], function (error, result) {
|
||||
if (result && result[0] && result[0].User_Name) {
|
||||
res.status(400);
|
||||
res.status(418);
|
||||
res.redirect("/register?success=false&reason=already_exists");
|
||||
return;
|
||||
}
|
||||
@ -1083,20 +1085,22 @@ router.post("/login", function (req, res) {
|
||||
return;
|
||||
//login is counted twice (think of bruteforces man)
|
||||
if ((typeof req.body.user) != "string") {
|
||||
res.status(416);
|
||||
res.json({ "error": "incorrect username" });
|
||||
return;
|
||||
}
|
||||
if ((typeof req.body.pass) != "string") {
|
||||
res.status(417);
|
||||
res.json({ "error": "incorrect password" });
|
||||
return;
|
||||
}
|
||||
if (!req.body.user) {
|
||||
res.status(400);
|
||||
res.status(410);
|
||||
res.send("no username given");
|
||||
return;
|
||||
}
|
||||
if (!req.body.pass) {
|
||||
res.status(400);
|
||||
res.status(411);
|
||||
res.send("no password given");
|
||||
return;
|
||||
}
|
||||
@ -1104,22 +1108,22 @@ router.post("/login", function (req, res) {
|
||||
username = username.replace(" ", "");
|
||||
let password = req.body.pass.toString();
|
||||
if (!username) {
|
||||
res.status(400);
|
||||
res.status(412);
|
||||
res.send("no username given");
|
||||
return;
|
||||
}
|
||||
if (username.length > 25) {
|
||||
res.status(400);
|
||||
res.status(413);
|
||||
res.send("username is too long");
|
||||
return;
|
||||
}
|
||||
if (password.length < 10) {
|
||||
res.status(400);
|
||||
res.status(414);
|
||||
res.send("password is too short");
|
||||
return;
|
||||
}
|
||||
if (!password) {
|
||||
res.status(400);
|
||||
res.status(415);
|
||||
res.send("no password given");
|
||||
return;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user