added CORS headers to post endpoint
added messages to websockets
This commit is contained in:
Mystikfluu
parent
f93487b7fa
commit
ae538b33af
32
server.js
32
server.js
@ -322,7 +322,15 @@ START /API/*
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
router.options("/api/post",async function(req,res,next) {
|
||||||
|
res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
|
||||||
|
res.set("Access-Control-Allow-Methods","POST")
|
||||||
|
res.set("Access-Control-Allow-Headers","Content-Type")
|
||||||
|
res.status(200).send("")
|
||||||
|
})
|
||||||
|
|
||||||
router.use("/api/*",async function(req,res,next) {
|
router.use("/api/*",async function(req,res,next) {
|
||||||
|
res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
|
||||||
if(!increaseAPICall(req,res))return;
|
if(!increaseAPICall(req,res))return;
|
||||||
let unsigned;
|
let unsigned;
|
||||||
if(req.body.user == undefined || req.body.pass == undefined) {
|
if(req.body.user == undefined || req.body.pass == undefined) {
|
||||||
@ -331,8 +339,6 @@ router.use("/api/*",async function(req,res,next) {
|
|||||||
} else {
|
} else {
|
||||||
unsigned = `${req.body.user} ${SHA256(req.body.pass,req.body.user,HASHES_COOKIE)}`
|
unsigned = `${req.body.user} ${SHA256(req.body.pass,req.body.user,HASHES_COOKIE)}`
|
||||||
//basically we generate the unsigned cookie
|
//basically we generate the unsigned cookie
|
||||||
|
|
||||||
res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
|
|
||||||
}
|
}
|
||||||
let sql = `select User_Name,User_Bio,User_Avatar from zerotwohub.users where User_Name=? and User_PW=?;`
|
let sql = `select User_Name,User_Bio,User_Avatar from zerotwohub.users where User_Name=? and User_PW=?;`
|
||||||
let values = unsigned.split(" ")
|
let values = unsigned.split(" ")
|
||||||
@ -358,6 +364,7 @@ router.use("/api/*",async function(req,res,next) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.get("/api/search", async function(req,res) {
|
router.get("/api/search", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
let type = req.query.type
|
let type = req.query.type
|
||||||
let arg = encodeURIComponent(req.query.selector)
|
let arg = encodeURIComponent(req.query.selector)
|
||||||
if(type=="user") {
|
if(type=="user") {
|
||||||
@ -386,6 +393,7 @@ router.get("/api/search", async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.post("/api/setavatar",function(req,res) {
|
router.post("/api/setavatar",function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
if (!req.files || Object.keys(req.files).length === 0) {
|
if (!req.files || Object.keys(req.files).length === 0) {
|
||||||
return res.status(400).send('No files were uploaded. (req.files)');
|
return res.status(400).send('No files were uploaded. (req.files)');
|
||||||
}
|
}
|
||||||
@ -430,6 +438,7 @@ router.get("/api/getuser",async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.get("/api/getalluserinformation",async function(req,res) {
|
router.get("/api/getalluserinformation",async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","") //we don't want that here
|
||||||
let unsigned = getunsigned(req,res)
|
let unsigned = getunsigned(req,res)
|
||||||
if(!unsigned)return
|
if(!unsigned)return
|
||||||
unsigned = decodeURIComponent(unsigned)
|
unsigned = decodeURIComponent(unsigned)
|
||||||
@ -449,6 +458,7 @@ router.get("/api/getalluserinformation",async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.get("/api/getotheruser",async function(req,res) {
|
router.get("/api/getotheruser",async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
let username = req.query.user
|
let username = req.query.user
|
||||||
|
|
||||||
let sql = `select User_Name,User_Bio,User_Avatar from zerotwohub.users where User_Name=?;`
|
let sql = `select User_Name,User_Bio,User_Avatar from zerotwohub.users where User_Name=?;`
|
||||||
@ -486,7 +496,7 @@ router.post("/api/post", async function(req,res) {
|
|||||||
if (err) throw err;
|
if (err) throw err;
|
||||||
|
|
||||||
wss.clients.forEach(function(ws) {
|
wss.clients.forEach(function(ws) {
|
||||||
ws.send("new_post " + res.locals.username)
|
ws.send(`new_post ${res.locals.username} ${req.body.message}`)
|
||||||
});
|
});
|
||||||
res.json({"success":"successfully posted message"})
|
res.json({"success":"successfully posted message"})
|
||||||
console.log(5,`posted new message by ${res.locals.username} : ${req.body.message}`);
|
console.log(5,`posted new message by ${res.locals.username} : ${req.body.message}`);
|
||||||
@ -494,18 +504,30 @@ router.post("/api/post", async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.get("/api/getPosts/*", async function(req,res) {
|
router.get("/api/getPosts/*", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
res.redirect("/api/getPosts")
|
res.redirect("/api/getPosts")
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get("/api/getPosts", async function(req,res) {
|
router.get("/api/getPosts", async function(req,res) {
|
||||||
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from zerotwohub.posts order by post_id desc;`
|
res.set("Access-Control-Allow-Origin","")
|
||||||
|
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from zerotwohub.posts where (post_receiver_name is null or post_receiver_name = 'everyone') order by post_id desc;`
|
||||||
con.query(sql, [], function (err, result) {
|
con.query(sql, [], function (err, result) {
|
||||||
if (err) throw err;
|
if (err) throw err;
|
||||||
res.json(result)
|
res.json(result)
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
|
|
||||||
|
router.get("/api/getPersonalPosts", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
|
let sql = `select post_user_name,post_text,post_time,post_special_text,post_id from zerotwohub.posts where (post_receiver_name = ?) order by post_id desc;`
|
||||||
|
con.query(sql, [encodeURIComponent(res.locals.username)], function (err, result) {
|
||||||
|
if (err) throw err;
|
||||||
|
res.json(result)
|
||||||
|
});
|
||||||
|
})
|
||||||
|
|
||||||
router.post("/api/setBio", async function(req,res) {
|
router.post("/api/setBio", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
let bio = req.body.Bio
|
let bio = req.body.Bio
|
||||||
if(!bio){
|
if(!bio){
|
||||||
res.status(400)
|
res.status(400)
|
||||||
@ -526,6 +548,7 @@ router.post("/api/setBio", async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.post("/api/changePW", async function(req,res) {
|
router.post("/api/changePW", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
if((typeof req.body.newPW) != "string") {
|
if((typeof req.body.newPW) != "string") {
|
||||||
res.json({"error":"incorrect password"})
|
res.json({"error":"incorrect password"})
|
||||||
return
|
return
|
||||||
@ -567,6 +590,7 @@ router.post("/api/changePW", async function(req,res) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.post("/api/changeUsername", async function(req,res) {
|
router.post("/api/changeUsername", async function(req,res) {
|
||||||
|
res.set("Access-Control-Allow-Origin","")
|
||||||
if((typeof req.body.newUsername) != "string") {
|
if((typeof req.body.newUsername) != "string") {
|
||||||
res.json({"error":"incorrect username"})
|
res.json({"error":"incorrect username"})
|
||||||
return
|
return
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user