Update README.md

Signed-off-by: code002lover <code002lover@ipost.rocks>

.gitignore

@@ -7,4 +7,5 @@ ignore/*
 avatars/*
 etc/*
 *newrelic*
-user_uploads/*
+user_uploads/*
+swagger-api.json

README.md

@@ -1,3 +1,3 @@
 # IPost
-IPost, formerly known as "authwebsite" is a chatting platform that mainly has one thing in mind: privacy.  
+IPost, formerly known as "authwebsite" is a chatting platform that also server as a gateway for me to have authentication for my other projects.
 You can visit IPost under https://ipost.rocks

error_codes.txt

@@ -4,7 +4,7 @@
 403: login error (no cookie)
 404: invalid url / not found
 410-419: argument/data error
-420: invalid authetication object
+420: invalid authentication object
 429: ratelimit
 
 500: server error

package-lock.json

@@ -9,24 +9,26 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "body-parser": "^1.20.1",
+        "body-parser": "^1.20.2",
         "clean-css": "^5.3.2",
         "compression": "^1.7.4",
         "cookie-parser": "^1.4.6",
-        "ejs": "^3.1.8",
+        "ejs": "^3.1.9",
         "express": "^4.18.2",
         "express-fileupload": "^1.3.1",
         "express-useragent": "^1.0.15",
         "hcaptcha": "^0.1.1",
-        "html-minifier-terser": "^7.1.0",
-        "lru-cache": "^7.14.1",
-        "mysql2": "^3.1.2",
-        "newrelic": "^9.8.1",
+        "hsts": "^2.2.0",
+        "html-minifier-terser": "^7.2.0",
+        "lru-cache": "^9.1.2",
+        "mysql2": "^3.3.5",
+        "newrelic": "^9.11.0",
         "sharp": "^0.30.7",
         "spdy": "^4.0.2",
+        "swagger-autogen": "^2.23.1",
         "uglify-js": "^3.17.4",
         "unsafe_encrypt": "^1.0.4",
-        "ws": "^8.12.0"
+        "ws": "^8.13.0"
       },
       "devDependencies": {
         "@hcaptcha/types": "^1.0.3"
@@ -55,9 +57,9 @@
       }
     },
     "node_modules/@grpc/grpc-js": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.0.tgz",
-      "integrity": "sha512-ySMTXQuMvvswoobvN+0LsaPf7ITO2JVfJmHxQKI4cGehNrrUms+n81BlHEX7Hl/LExji6XE3fnI9U04GSkRruA==",
+      "version": "1.8.11",
+      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.11.tgz",
+      "integrity": "sha512-f/xC+6Z2QKsRJ+VSSFlt4hA5KSRm+PKvMWV8kMPkMgGlFidR6PeIkXrOasIY2roe+WROM6GFQLlgDKfeEZo2YQ==",
       "dependencies": {
         "@grpc/proto-loader": "^0.7.0",
         "@types/node": ">=12.12.47"
@@ -67,9 +69,9 @@
       }
     },
     "node_modules/@grpc/proto-loader": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.4.tgz",
-      "integrity": "sha512-MnWjkGwqQ3W8fx94/c1CwqLsNmHHv2t0CFn+9++6+cDphC1lolpg9M2OU0iebIjK//pBNX9e94ho+gjx6vz39w==",
+      "version": "0.7.5",
+      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.5.tgz",
+      "integrity": "sha512-mfcTuMbFowq1wh/Rn5KQl6qb95M21Prej3bewD9dUQMurYGVckGO/Pbe2Ocwto6sD05b/mxZLspvqwx60xO2Rg==",
       "dependencies": {
         "@types/long": "^4.0.1",
         "lodash.camelcase": "^4.3.0",
@@ -142,28 +144,6 @@
         "@jridgewell/sourcemap-codec": "1.4.14"
       }
     },
-    "node_modules/@newrelic/aws-sdk": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@newrelic/aws-sdk/-/aws-sdk-5.0.0.tgz",
-      "integrity": "sha512-0aW1/c2m0tcX+lP0fw/cA0hctviLUo18uWsX1pwar7KAAciHBiiS/ytRyZdN78pbZi/9A25CmKB0YFx3Ct+RDg==",
-      "engines": {
-        "node": ">=14.0.0"
-      },
-      "peerDependencies": {
-        "newrelic": ">=8.7.0"
-      }
-    },
-    "node_modules/@newrelic/koa": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@newrelic/koa/-/koa-7.0.0.tgz",
-      "integrity": "sha512-kjH2w2Nutpl+gwTYSybiM3Y8gcoxbaCt8l9WUylPDjOVXtIdG2d8XCMNr/cN8GDDUjXDNqvlQVZteelSRrOLDA==",
-      "engines": {
-        "node": ">=14.0.0"
-      },
-      "peerDependencies": {
-        "newrelic": ">=6.11.0"
-      }
-    },
     "node_modules/@newrelic/native-metrics": {
       "version": "9.0.0",
       "resolved": "https://registry.npmjs.org/@newrelic/native-metrics/-/native-metrics-9.0.0.tgz",
@@ -260,9 +240,9 @@
       "integrity": "sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA=="
     },
     "node_modules/@types/node": {
-      "version": "18.11.18",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz",
-      "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA=="
+      "version": "18.14.6",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.14.6.tgz",
+      "integrity": "sha512-93+VvleD3mXwlLI/xASjw0FzKcwzl3OdTCzm1LaRfqgS21gfFtK3zDXM5Op9TeeMsJVOaJ2VRDpT9q4Y3d0AvA=="
     },
     "node_modules/@tyriar/fibonacci-heap": {
       "version": "2.0.9",
@@ -412,12 +392,12 @@
       }
     },
     "node_modules/body-parser": {
-      "version": "1.20.1",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
-      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+      "version": "1.20.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
+      "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
       "dependencies": {
         "bytes": "3.1.2",
-        "content-type": "~1.0.4",
+        "content-type": "~1.0.5",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "destroy": "1.2.0",
@@ -425,7 +405,7 @@
         "iconv-lite": "0.4.24",
         "on-finished": "2.4.1",
         "qs": "6.11.0",
-        "raw-body": "2.5.1",
+        "raw-body": "2.5.2",
         "type-is": "~1.6.18",
         "unpipe": "1.0.0"
       },
@@ -590,11 +570,11 @@
       }
     },
     "node_modules/commander": {
-      "version": "9.4.1",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz",
-      "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==",
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+      "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
       "engines": {
-        "node": "^12.20.0 || >=14"
+        "node": ">=14"
       }
     },
     "node_modules/compressible": {
@@ -682,9 +662,9 @@
       }
     },
     "node_modules/content-type": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==",
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
       "engines": {
         "node": ">= 0.6"
       }
@@ -757,6 +737,14 @@
         "node": ">=4.0.0"
       }
     },
+    "node_modules/deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/denque": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz",
@@ -810,9 +798,9 @@
       "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
     },
     "node_modules/ejs": {
-      "version": "3.1.8",
-      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz",
-      "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==",
+      "version": "3.1.9",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz",
+      "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==",
       "dependencies": {
         "jake": "^10.8.5"
       },
@@ -944,6 +932,43 @@
         "node": ">=4.5"
       }
     },
+    "node_modules/express/node_modules/body-parser": {
+      "version": "1.20.1",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "content-type": "~1.0.4",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "http-errors": "2.0.0",
+        "iconv-lite": "0.4.24",
+        "on-finished": "2.4.1",
+        "qs": "6.11.0",
+        "raw-body": "2.5.1",
+        "type-is": "~1.6.18",
+        "unpipe": "1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/express/node_modules/raw-body": {
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "dependencies": {
+        "bytes": "3.1.2",
+        "http-errors": "2.0.0",
+        "iconv-lite": "0.4.24",
+        "unpipe": "1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
     "node_modules/express/node_modules/statuses": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
@@ -1030,6 +1055,11 @@
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
       "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
+    },
     "node_modules/function-bind": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
@@ -1069,6 +1099,25 @@
       "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz",
       "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw=="
     },
+    "node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/handle-thing": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz",
@@ -1120,14 +1169,25 @@
         "wbuf": "^1.1.0"
       }
     },
+    "node_modules/hsts": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz",
+      "integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==",
+      "dependencies": {
+        "depd": "2.0.0"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
     "node_modules/html-minifier-terser": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.1.0.tgz",
-      "integrity": "sha512-BvPO2S7Ip0Q5qt+Y8j/27Vclj6uHC6av0TMoDn7/bJPhMWHI2UtR2e/zEgJn3/qYAmxumrGp9q4UHurL6mtW9Q==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz",
+      "integrity": "sha512-tXgn3QfqPIpGl9o+K5tpcj3/MN4SfLtsx2GWwBC3SSd0tXQGyF3gsSqad8loJgKZGM3ZxbYDd5yhiBIdWpmvLA==",
       "dependencies": {
         "camel-case": "^4.1.2",
-        "clean-css": "5.2.0",
-        "commander": "^9.4.1",
+        "clean-css": "~5.3.2",
+        "commander": "^10.0.0",
         "entities": "^4.4.0",
         "param-case": "^3.0.4",
         "relateurl": "^0.2.7",
@@ -1140,17 +1200,6 @@
         "node": "^14.13.1 || >=16.0.0"
       }
     },
-    "node_modules/html-minifier-terser/node_modules/clean-css": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.2.0.tgz",
-      "integrity": "sha512-2639sWGa43EMmG7fn8mdVuBSs6HuWaSor+ZPoFWzenBc6oN+td8YhTfghWXZ25G1NiiSvz8bOFBS7PdSbTiqEA==",
-      "dependencies": {
-        "source-map": "~0.6.0"
-      },
-      "engines": {
-        "node": ">= 10.0"
-      }
-    },
     "node_modules/http-deceiver": {
       "version": "1.2.7",
       "resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz",
@@ -1242,6 +1291,15 @@
         }
       ]
     },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
     "node_modules/inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
@@ -1313,6 +1371,17 @@
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
       "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA=="
     },
+    "node_modules/json5": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
+      "bin": {
+        "json5": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/lodash.camelcase": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
@@ -1349,11 +1418,11 @@
       }
     },
     "node_modules/lru-cache": {
-      "version": "7.14.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.14.1.tgz",
-      "integrity": "sha512-ysxwsnTKdAx96aTRdhDOCQfDgbHnt8SK0KY8SEjO0wHinhWOFTESbjVCMPbU1uGXg/ch4lifqx0wfjOawU2+WA==",
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.2.tgz",
+      "integrity": "sha512-ERJq3FOzJTxBbFjZ7iDs+NiK4VI9Wz+RdrrAB8dio1oV+YvdPzUEE4QNiT2VD51DkIbCYRUUzCRkssXCHqSnKQ==",
       "engines": {
-        "node": ">=12"
+        "node": "14 || >=16.14"
       }
     },
     "node_modules/media-typer": {
@@ -1450,15 +1519,15 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
     "node_modules/mysql2": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.1.2.tgz",
-      "integrity": "sha512-NXz6sUvHSEOKz1jv3koSga7eb2dHrwD/mnPmqbbZzMRvjQcSpb0Eh0ectWyYt1U60CLlEbjoA3XYjjbbReRF5Q==",
+      "version": "3.3.5",
+      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.3.5.tgz",
+      "integrity": "sha512-ZTQGAzxGeaX1PyeSiZFCgQ34uiXguaEpn3aTFN9Enm9JDnbwWo+4/CJnDdQZ3n0NaMeysi8vwtW/jNUb9VqVDw==",
       "dependencies": {
         "denque": "^2.1.0",
         "generate-function": "^2.3.1",
         "iconv-lite": "^0.6.3",
         "long": "^5.2.1",
-        "lru-cache": "^7.14.1",
+        "lru-cache": "^8.0.0",
         "named-placeholders": "^1.1.3",
         "seq-queue": "^0.0.5",
         "sqlstring": "^2.3.2"
@@ -1483,6 +1552,14 @@
       "resolved": "https://registry.npmjs.org/long/-/long-5.2.1.tgz",
       "integrity": "sha512-GKSNGeNAtw8IryjjkhZxuKB3JzlcLTwjtiQCHKvqQet81I93kXslhDQruGI/QsddO83mcDToBVy7GqGS/zYf/A=="
     },
+    "node_modules/mysql2/node_modules/lru-cache": {
+      "version": "8.0.5",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-8.0.5.tgz",
+      "integrity": "sha512-MhWWlVnuab1RG5/zMRRcVGXZLCXrZTgfwMikgzCegsPnG62yDQo5JnqKkrK4jO5iKqDAZGItAqN5CtKBCBWRUA==",
+      "engines": {
+        "node": ">=16.14"
+      }
+    },
     "node_modules/mysql2/node_modules/sqlstring": {
       "version": "2.3.3",
       "resolved": "https://registry.npmjs.org/sqlstring/-/sqlstring-2.3.3.tgz",
@@ -1502,6 +1579,14 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/named-placeholders/node_modules/lru-cache": {
+      "version": "7.18.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
+      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/nan": {
       "version": "2.16.0",
       "resolved": "https://registry.npmjs.org/nan/-/nan-2.16.0.tgz",
@@ -1522,21 +1607,21 @@
       }
     },
     "node_modules/newrelic": {
-      "version": "9.8.1",
-      "resolved": "https://registry.npmjs.org/newrelic/-/newrelic-9.8.1.tgz",
-      "integrity": "sha512-fwKnsEUv9ciBwYKAOZiC0AAeR9rqsTxJRiOQgD+0JooEaIE1UPAgG7iSZQujgfvB+Txk1s9gPCZ/oK8nsyBzlA==",
+      "version": "9.15.0",
+      "resolved": "https://registry.npmjs.org/newrelic/-/newrelic-9.15.0.tgz",
+      "integrity": "sha512-5bo4JDR76sk6ml8qykqQyUJIJ6IZfZrMWAbSwUVYErSs8faYOac6QpzRB11EvHQKZ8fnz5cRcksgERwY7Ia3zA==",
       "dependencies": {
-        "@grpc/grpc-js": "^1.7.3",
-        "@grpc/proto-loader": "^0.7.3",
-        "@newrelic/aws-sdk": "^5.0.0",
-        "@newrelic/koa": "^7.0.0",
+        "@grpc/grpc-js": "^1.8.10",
+        "@grpc/proto-loader": "^0.7.5",
+        "@newrelic/aws-sdk": "^5.0.2",
+        "@newrelic/koa": "^7.1.1",
         "@newrelic/superagent": "^6.0.0",
         "@tyriar/fibonacci-heap": "^2.0.7",
         "concat-stream": "^2.0.0",
         "https-proxy-agent": "^5.0.0",
         "json-bigint": "^1.0.0",
         "json-stringify-safe": "^5.0.0",
-        "readable-stream": "^3.6.0",
+        "readable-stream": "^3.6.1",
         "semver": "^5.3.0",
         "winston-transport": "^4.5.0"
       },
@@ -1552,10 +1637,32 @@
         "@newrelic/native-metrics": "^9.0.0"
       }
     },
+    "node_modules/newrelic/node_modules/@newrelic/aws-sdk": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/@newrelic/aws-sdk/-/aws-sdk-5.0.2.tgz",
+      "integrity": "sha512-vn5Aj0ZznjzqqxR69mHIWi7QUjBeab9f0Dfra/UOPZlyLy3Q/HbK4/sYV9/q/Ifmx85B3kJI4ca7mytCx073VQ==",
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "peerDependencies": {
+        "newrelic": ">=8.7.0"
+      }
+    },
+    "node_modules/newrelic/node_modules/@newrelic/koa": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/@newrelic/koa/-/koa-7.1.1.tgz",
+      "integrity": "sha512-QvO6Wmz+wws0vtrpqsZz3KVMbDySY7VbdIu99f9fuWd775yNCTz2n2VfQhdkBxWlSQSlR4gO0Uh8RWa4HUzb3g==",
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "peerDependencies": {
+        "newrelic": ">=6.11.0"
+      }
+    },
     "node_modules/newrelic/node_modules/readable-stream": {
-      "version": "3.6.0",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
-      "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==",
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
       "dependencies": {
         "inherits": "^2.0.3",
         "string_decoder": "^1.1.1",
@@ -1675,6 +1782,14 @@
         "tslib": "^2.0.3"
       }
     },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/path-to-regexp": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
@@ -1711,9 +1826,9 @@
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
     },
     "node_modules/protobufjs": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.1.2.tgz",
-      "integrity": "sha512-4ZPTPkXCdel3+L81yw3dG6+Kq3umdWKh7Dc7GW/CpNk4SX3hK58iPCWeCyhVTDrbkNeKrYNZ7EojM5WDaEWTLQ==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.2.2.tgz",
+      "integrity": "sha512-++PrQIjrom+bFDPpfmqXfAGSQs40116JRrqqyf53dymUMvvb5d/LMRyicRoF1AUKoXVS1/IgJXlEgcpr4gTF3Q==",
       "hasInstallScript": true,
       "dependencies": {
         "@protobufjs/aspromise": "^1.1.2",
@@ -1782,9 +1897,9 @@
       }
     },
     "node_modules/raw-body": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
-      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+      "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
       "dependencies": {
         "bytes": "3.1.2",
         "http-errors": "2.0.0",
@@ -2224,6 +2339,28 @@
         "node": ">=8"
       }
     },
+    "node_modules/swagger-autogen": {
+      "version": "2.23.1",
+      "resolved": "https://registry.npmjs.org/swagger-autogen/-/swagger-autogen-2.23.1.tgz",
+      "integrity": "sha512-tOAb5cOGNPduIHKoOxndCRy2Mrg7xV3O1RerrWExrDxeSTjXhA350pyJd7VUDY6ZO9gbZ34Bjlc5CXkleUgvAQ==",
+      "dependencies": {
+        "acorn": "^7.4.1",
+        "deepmerge": "^4.2.2",
+        "glob": "^7.1.7",
+        "json5": "^2.2.3"
+      }
+    },
+    "node_modules/swagger-autogen/node_modules/acorn": {
+      "version": "7.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
     "node_modules/tar-fs": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.1.tgz",
@@ -2435,9 +2572,9 @@
       "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "node_modules/ws": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
-      "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
+      "version": "8.13.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
+      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
       "engines": {
         "node": ">=10.0.0"
       },
@@ -2510,18 +2647,18 @@
       }
     },
     "@grpc/grpc-js": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.0.tgz",
-      "integrity": "sha512-ySMTXQuMvvswoobvN+0LsaPf7ITO2JVfJmHxQKI4cGehNrrUms+n81BlHEX7Hl/LExji6XE3fnI9U04GSkRruA==",
+      "version": "1.8.11",
+      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.8.11.tgz",
+      "integrity": "sha512-f/xC+6Z2QKsRJ+VSSFlt4hA5KSRm+PKvMWV8kMPkMgGlFidR6PeIkXrOasIY2roe+WROM6GFQLlgDKfeEZo2YQ==",
       "requires": {
         "@grpc/proto-loader": "^0.7.0",
         "@types/node": ">=12.12.47"
       }
     },
     "@grpc/proto-loader": {
-      "version": "0.7.4",
-      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.4.tgz",
-      "integrity": "sha512-MnWjkGwqQ3W8fx94/c1CwqLsNmHHv2t0CFn+9++6+cDphC1lolpg9M2OU0iebIjK//pBNX9e94ho+gjx6vz39w==",
+      "version": "0.7.5",
+      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.5.tgz",
+      "integrity": "sha512-mfcTuMbFowq1wh/Rn5KQl6qb95M21Prej3bewD9dUQMurYGVckGO/Pbe2Ocwto6sD05b/mxZLspvqwx60xO2Rg==",
       "requires": {
         "@types/long": "^4.0.1",
         "lodash.camelcase": "^4.3.0",
@@ -2579,18 +2716,6 @@
         "@jridgewell/sourcemap-codec": "1.4.14"
       }
     },
-    "@newrelic/aws-sdk": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@newrelic/aws-sdk/-/aws-sdk-5.0.0.tgz",
-      "integrity": "sha512-0aW1/c2m0tcX+lP0fw/cA0hctviLUo18uWsX1pwar7KAAciHBiiS/ytRyZdN78pbZi/9A25CmKB0YFx3Ct+RDg==",
-      "requires": {}
-    },
-    "@newrelic/koa": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@newrelic/koa/-/koa-7.0.0.tgz",
-      "integrity": "sha512-kjH2w2Nutpl+gwTYSybiM3Y8gcoxbaCt8l9WUylPDjOVXtIdG2d8XCMNr/cN8GDDUjXDNqvlQVZteelSRrOLDA==",
-      "requires": {}
-    },
     "@newrelic/native-metrics": {
       "version": "9.0.0",
       "resolved": "https://registry.npmjs.org/@newrelic/native-metrics/-/native-metrics-9.0.0.tgz",
@@ -2676,9 +2801,9 @@
       "integrity": "sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA=="
     },
     "@types/node": {
-      "version": "18.11.18",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz",
-      "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA=="
+      "version": "18.14.6",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.14.6.tgz",
+      "integrity": "sha512-93+VvleD3mXwlLI/xASjw0FzKcwzl3OdTCzm1LaRfqgS21gfFtK3zDXM5Op9TeeMsJVOaJ2VRDpT9q4Y3d0AvA=="
     },
     "@tyriar/fibonacci-heap": {
       "version": "2.0.9",
@@ -2783,12 +2908,12 @@
       }
     },
     "body-parser": {
-      "version": "1.20.1",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
-      "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+      "version": "1.20.2",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
+      "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
       "requires": {
         "bytes": "3.1.2",
-        "content-type": "~1.0.4",
+        "content-type": "~1.0.5",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "destroy": "1.2.0",
@@ -2796,7 +2921,7 @@
         "iconv-lite": "0.4.24",
         "on-finished": "2.4.1",
         "qs": "6.11.0",
-        "raw-body": "2.5.1",
+        "raw-body": "2.5.2",
         "type-is": "~1.6.18",
         "unpipe": "1.0.0"
       }
@@ -2919,9 +3044,9 @@
       }
     },
     "commander": {
-      "version": "9.4.1",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.1.tgz",
-      "integrity": "sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw=="
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+      "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug=="
     },
     "compressible": {
       "version": "2.0.18",
@@ -2994,9 +3119,9 @@
       }
     },
     "content-type": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="
     },
     "cookie": {
       "version": "0.5.0",
@@ -3050,6 +3175,11 @@
       "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz",
       "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA=="
     },
+    "deepmerge": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz",
+      "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A=="
+    },
     "denque": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz",
@@ -3090,9 +3220,9 @@
       "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
     },
     "ejs": {
-      "version": "3.1.8",
-      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.8.tgz",
-      "integrity": "sha512-/sXZeMlhS0ArkfX2Aw780gJzXSMPnKjtspYZv+f3NiKLlubezAHDU5+9xz6gd3/NhG3txQCo6xlglmTS+oTGEQ==",
+      "version": "3.1.9",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz",
+      "integrity": "sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==",
       "requires": {
         "jake": "^10.8.5"
       }
@@ -3178,6 +3308,36 @@
         "vary": "~1.1.2"
       },
       "dependencies": {
+        "body-parser": {
+          "version": "1.20.1",
+          "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+          "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+          "requires": {
+            "bytes": "3.1.2",
+            "content-type": "~1.0.4",
+            "debug": "2.6.9",
+            "depd": "2.0.0",
+            "destroy": "1.2.0",
+            "http-errors": "2.0.0",
+            "iconv-lite": "0.4.24",
+            "on-finished": "2.4.1",
+            "qs": "6.11.0",
+            "raw-body": "2.5.1",
+            "type-is": "~1.6.18",
+            "unpipe": "1.0.0"
+          }
+        },
+        "raw-body": {
+          "version": "2.5.1",
+          "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+          "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+          "requires": {
+            "bytes": "3.1.2",
+            "http-errors": "2.0.0",
+            "iconv-lite": "0.4.24",
+            "unpipe": "1.0.0"
+          }
+        },
         "statuses": {
           "version": "2.0.1",
           "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
@@ -3265,6 +3425,11 @@
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
       "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
+    },
     "function-bind": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
@@ -3298,6 +3463,19 @@
       "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz",
       "integrity": "sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw=="
     },
+    "glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
     "handle-thing": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz",
@@ -3337,28 +3515,26 @@
         "wbuf": "^1.1.0"
       }
     },
+    "hsts": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz",
+      "integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==",
+      "requires": {
+        "depd": "2.0.0"
+      }
+    },
     "html-minifier-terser": {
-      "version": "7.1.0",
-      "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.1.0.tgz",
-      "integrity": "sha512-BvPO2S7Ip0Q5qt+Y8j/27Vclj6uHC6av0TMoDn7/bJPhMWHI2UtR2e/zEgJn3/qYAmxumrGp9q4UHurL6mtW9Q==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz",
+      "integrity": "sha512-tXgn3QfqPIpGl9o+K5tpcj3/MN4SfLtsx2GWwBC3SSd0tXQGyF3gsSqad8loJgKZGM3ZxbYDd5yhiBIdWpmvLA==",
       "requires": {
         "camel-case": "^4.1.2",
-        "clean-css": "5.2.0",
-        "commander": "^9.4.1",
+        "clean-css": "~5.3.2",
+        "commander": "^10.0.0",
         "entities": "^4.4.0",
         "param-case": "^3.0.4",
         "relateurl": "^0.2.7",
         "terser": "^5.15.1"
-      },
-      "dependencies": {
-        "clean-css": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.2.0.tgz",
-          "integrity": "sha512-2639sWGa43EMmG7fn8mdVuBSs6HuWaSor+ZPoFWzenBc6oN+td8YhTfghWXZ25G1NiiSvz8bOFBS7PdSbTiqEA==",
-          "requires": {
-            "source-map": "~0.6.0"
-          }
-        }
       }
     },
     "http-deceiver": {
@@ -3422,6 +3598,15 @@
       "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
       "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA=="
     },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
     "inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
@@ -3481,6 +3666,11 @@
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
       "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA=="
     },
+    "json5": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg=="
+    },
     "lodash.camelcase": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
@@ -3519,9 +3709,9 @@
       }
     },
     "lru-cache": {
-      "version": "7.14.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.14.1.tgz",
-      "integrity": "sha512-ysxwsnTKdAx96aTRdhDOCQfDgbHnt8SK0KY8SEjO0wHinhWOFTESbjVCMPbU1uGXg/ch4lifqx0wfjOawU2+WA=="
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.2.tgz",
+      "integrity": "sha512-ERJq3FOzJTxBbFjZ7iDs+NiK4VI9Wz+RdrrAB8dio1oV+YvdPzUEE4QNiT2VD51DkIbCYRUUzCRkssXCHqSnKQ=="
     },
     "media-typer": {
       "version": "0.3.0",
@@ -3590,15 +3780,15 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
     "mysql2": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.1.2.tgz",
-      "integrity": "sha512-NXz6sUvHSEOKz1jv3koSga7eb2dHrwD/mnPmqbbZzMRvjQcSpb0Eh0ectWyYt1U60CLlEbjoA3XYjjbbReRF5Q==",
+      "version": "3.3.5",
+      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.3.5.tgz",
+      "integrity": "sha512-ZTQGAzxGeaX1PyeSiZFCgQ34uiXguaEpn3aTFN9Enm9JDnbwWo+4/CJnDdQZ3n0NaMeysi8vwtW/jNUb9VqVDw==",
       "requires": {
         "denque": "^2.1.0",
         "generate-function": "^2.3.1",
         "iconv-lite": "^0.6.3",
         "long": "^5.2.1",
-        "lru-cache": "^7.14.1",
+        "lru-cache": "^8.0.0",
         "named-placeholders": "^1.1.3",
         "seq-queue": "^0.0.5",
         "sqlstring": "^2.3.2"
@@ -3617,6 +3807,11 @@
           "resolved": "https://registry.npmjs.org/long/-/long-5.2.1.tgz",
           "integrity": "sha512-GKSNGeNAtw8IryjjkhZxuKB3JzlcLTwjtiQCHKvqQet81I93kXslhDQruGI/QsddO83mcDToBVy7GqGS/zYf/A=="
         },
+        "lru-cache": {
+          "version": "8.0.5",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-8.0.5.tgz",
+          "integrity": "sha512-MhWWlVnuab1RG5/zMRRcVGXZLCXrZTgfwMikgzCegsPnG62yDQo5JnqKkrK4jO5iKqDAZGItAqN5CtKBCBWRUA=="
+        },
         "sqlstring": {
           "version": "2.3.3",
           "resolved": "https://registry.npmjs.org/sqlstring/-/sqlstring-2.3.3.tgz",
@@ -3630,6 +3825,13 @@
       "integrity": "sha512-eLoBxg6wE/rZkJPhU/xRX1WTpkFEwDJEN96oxFrTsqBdbT5ec295Q+CoHrL9IT0DipqKhmGcaZmwOt8OON5x1w==",
       "requires": {
         "lru-cache": "^7.14.1"
+      },
+      "dependencies": {
+        "lru-cache": {
+          "version": "7.18.3",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
+          "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA=="
+        }
       }
     },
     "nan": {
@@ -3649,15 +3851,15 @@
       "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
     },
     "newrelic": {
-      "version": "9.8.1",
-      "resolved": "https://registry.npmjs.org/newrelic/-/newrelic-9.8.1.tgz",
-      "integrity": "sha512-fwKnsEUv9ciBwYKAOZiC0AAeR9rqsTxJRiOQgD+0JooEaIE1UPAgG7iSZQujgfvB+Txk1s9gPCZ/oK8nsyBzlA==",
+      "version": "9.15.0",
+      "resolved": "https://registry.npmjs.org/newrelic/-/newrelic-9.15.0.tgz",
+      "integrity": "sha512-5bo4JDR76sk6ml8qykqQyUJIJ6IZfZrMWAbSwUVYErSs8faYOac6QpzRB11EvHQKZ8fnz5cRcksgERwY7Ia3zA==",
       "requires": {
         "@contrast/fn-inspect": "^3.3.0",
-        "@grpc/grpc-js": "^1.7.3",
-        "@grpc/proto-loader": "^0.7.3",
-        "@newrelic/aws-sdk": "^5.0.0",
-        "@newrelic/koa": "^7.0.0",
+        "@grpc/grpc-js": "^1.8.10",
+        "@grpc/proto-loader": "^0.7.5",
+        "@newrelic/aws-sdk": "^5.0.2",
+        "@newrelic/koa": "^7.1.1",
         "@newrelic/native-metrics": "^9.0.0",
         "@newrelic/superagent": "^6.0.0",
         "@tyriar/fibonacci-heap": "^2.0.7",
@@ -3665,15 +3867,27 @@
         "https-proxy-agent": "^5.0.0",
         "json-bigint": "^1.0.0",
         "json-stringify-safe": "^5.0.0",
-        "readable-stream": "^3.6.0",
+        "readable-stream": "^3.6.1",
         "semver": "^5.3.0",
         "winston-transport": "^4.5.0"
       },
       "dependencies": {
+        "@newrelic/aws-sdk": {
+          "version": "5.0.2",
+          "resolved": "https://registry.npmjs.org/@newrelic/aws-sdk/-/aws-sdk-5.0.2.tgz",
+          "integrity": "sha512-vn5Aj0ZznjzqqxR69mHIWi7QUjBeab9f0Dfra/UOPZlyLy3Q/HbK4/sYV9/q/Ifmx85B3kJI4ca7mytCx073VQ==",
+          "requires": {}
+        },
+        "@newrelic/koa": {
+          "version": "7.1.1",
+          "resolved": "https://registry.npmjs.org/@newrelic/koa/-/koa-7.1.1.tgz",
+          "integrity": "sha512-QvO6Wmz+wws0vtrpqsZz3KVMbDySY7VbdIu99f9fuWd775yNCTz2n2VfQhdkBxWlSQSlR4gO0Uh8RWa4HUzb3g==",
+          "requires": {}
+        },
         "readable-stream": {
-          "version": "3.6.0",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz",
-          "integrity": "sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA==",
+          "version": "3.6.2",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+          "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
           "requires": {
             "inherits": "^2.0.3",
             "string_decoder": "^1.1.1",
@@ -3769,6 +3983,11 @@
         "tslib": "^2.0.3"
       }
     },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg=="
+    },
     "path-to-regexp": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
@@ -3799,9 +4018,9 @@
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
     },
     "protobufjs": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.1.2.tgz",
-      "integrity": "sha512-4ZPTPkXCdel3+L81yw3dG6+Kq3umdWKh7Dc7GW/CpNk4SX3hK58iPCWeCyhVTDrbkNeKrYNZ7EojM5WDaEWTLQ==",
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.2.2.tgz",
+      "integrity": "sha512-++PrQIjrom+bFDPpfmqXfAGSQs40116JRrqqyf53dymUMvvb5d/LMRyicRoF1AUKoXVS1/IgJXlEgcpr4gTF3Q==",
       "requires": {
         "@protobufjs/aspromise": "^1.1.2",
         "@protobufjs/base64": "^1.1.2",
@@ -3856,9 +4075,9 @@
       "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
     },
     "raw-body": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
-      "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+      "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
       "requires": {
         "bytes": "3.1.2",
         "http-errors": "2.0.0",
@@ -4182,6 +4401,24 @@
         "has-flag": "^4.0.0"
       }
     },
+    "swagger-autogen": {
+      "version": "2.23.1",
+      "resolved": "https://registry.npmjs.org/swagger-autogen/-/swagger-autogen-2.23.1.tgz",
+      "integrity": "sha512-tOAb5cOGNPduIHKoOxndCRy2Mrg7xV3O1RerrWExrDxeSTjXhA350pyJd7VUDY6ZO9gbZ34Bjlc5CXkleUgvAQ==",
+      "requires": {
+        "acorn": "^7.4.1",
+        "deepmerge": "^4.2.2",
+        "glob": "^7.1.7",
+        "json5": "^2.2.3"
+      },
+      "dependencies": {
+        "acorn": {
+          "version": "7.4.1",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
+          "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A=="
+        }
+      }
+    },
     "tar-fs": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.1.tgz",
@@ -4351,9 +4588,9 @@
       "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
     },
     "ws": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
-      "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
+      "version": "8.13.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
+      "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
       "requires": {}
     },
     "y18n": {

package.json

@@ -1,23 +1,26 @@
 {
   "dependencies": {
-    "body-parser": "^1.20.1",
+    "body-parser": "^1.20.2",
     "clean-css": "^5.3.2",
     "compression": "^1.7.4",
     "cookie-parser": "^1.4.6",
-    "ejs": "^3.1.8",
+    "ejs": "^3.1.9",
     "express": "^4.18.2",
     "express-fileupload": "^1.3.1",
     "express-useragent": "^1.0.15",
     "hcaptcha": "^0.1.1",
-    "html-minifier-terser": "^7.1.0",
-    "lru-cache": "^7.14.1",
-    "mysql2": "^3.1.2",
-    "newrelic": "^9.8.1",
+    "hsts": "^2.2.0",
+    "newrelic": "^9.15.0",
+    "html-minifier-terser": "^7.2.0",
+    "lru-cache": "^9.1.2",
+    "mysql2": "^3.3.5",
+    "newrelic": "^9.11.0",
     "sharp": "^0.30.7",
     "spdy": "^4.0.2",
+    "swagger-autogen": "^2.23.1",
     "uglify-js": "^3.17.4",
     "unsafe_encrypt": "^1.0.4",
-    "ws": "^8.12.0"
+    "ws": "^8.13.0"
   },
   "scripts": {
     "start": "node server.js",

routes/api/all.js

@@ -10,76 +10,67 @@ export const setup = function (router, con, server) {
     router.use("/*", (req, res, next) => {
         res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
         let unsigned;
-        if (req.body.user === undefined || req.body.pass === undefined) {
-            if(typeof req.get("ipost-auth-token") === "string") {
-                try{
-                    req.body.auth = JSON.parse(req.get("ipost-auth-token"))
-                } catch(err) {
-                    console.log("error parsing header",err)
-                }
+        if(typeof req.get("ipost-auth-token") === "string") {
+            try{
+                req.body.auth = JSON.parse(req.get("ipost-auth-token"))
+            } catch(err) {
+                console.log("error parsing header",err)
             }
-            if(req.body.auth !== undefined && req.originalUrl !== "/redeemauthcode") {
-                if(typeof req.body.auth === "string") {
-                    try{
-                        req.body.auth = JSON.parse(req.body.auth)
-                    } catch(err) {
-                        console.log("error parsing",err)
-                    }
-                } else 
-                if(
-                    typeof req.body.auth            !== "object" || 
-                    typeof req.body.auth.secret     !== "string" || 
-                    typeof req.body.auth.appid      !== "number" || 
-                    typeof req.body.auth.auth_token !== "string" || 
-                    req.body.auth.secret.length     !== 200      || 
-                    req.body.auth.auth_token.length !== 200      ||
-                    Buffer.from(req.body.auth.secret,"base64").length !== 150
-                ) {
-                    res.status(420).send("invalid authentication object")
-                    return;
-                } else {
-                    //secret    : string(200 chars)
-                    //appid     : number
-                    //auth_token: string(200 chars)
-                    let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
-                    con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
-                        if(err) throw err;
-
-                        if(result.length !== 1) {
-                            res.status(420).send("invalid authentication object (or server error?)")
-                            return;
-                        }
-
-                        res.locals.userid = result[0].User_ID;
-                        res.locals.username = result[0].User_Name;
-                        res.locals.bio = result[0].User_Bio || "";
-                        res.locals.avatar = result[0].User_Avatar || "";
-                        res.locals.settings = result[0].User_Settings || {};
-
-                        res.locals.isbot = true; //only apps/bots use auth tokens
-
-                        next()
-                    })
-                    return;
-                }
-            } else {
-                if(!req.cookies.AUTH_COOKIE) {
-                    next()
-                    return
-                }
-                unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
-                if (!unsigned){
-                    next()
-                    return
-                }
-            }
-            
         }
-        else {
-            unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
-            res.set("message","user+pass authentication is deprecated as of february 2023, consider switching to auth tokens")
-            //basically we generate the unsigned cookie
-            res.locals.isbot = true; //only bots use user+pass
+        if(req.body.auth !== undefined && req.originalUrl !== "/redeemauthcode") {
+            if(typeof req.body.auth === "string") {
+                try{
+                    req.body.auth = JSON.parse(req.body.auth)
+                } catch(err) {
+                    console.log("error parsing",err)
+                }
+            } else 
+            if(
+                typeof req.body.auth            !== "object" || 
+                typeof req.body.auth.secret     !== "string" || 
+                typeof req.body.auth.appid      !== "number" || 
+                typeof req.body.auth.auth_token !== "string" || 
+                req.body.auth.secret.length     !== 200      || 
+                req.body.auth.auth_token.length !== 200      ||
+                Buffer.from(req.body.auth.secret,"base64").length !== 150
+            ) {
+                res.status(420).send("invalid authentication object")
+                return;
+            } else {
+                //secret    : string(200 chars)
+                //appid     : number
+                //auth_token: string(200 chars)
+                let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
+                con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
+                    if(err) throw err;
+
+                    if(result.length !== 1) {
+                        res.status(420).send("invalid authentication object (or server error?)")
+                        return;
+                    }
+
+                    res.locals.userid = result[0].User_ID;
+                    res.locals.username = result[0].User_Name;
+                    res.locals.bio = result[0].User_Bio || "";
+                    res.locals.avatar = result[0].User_Avatar || "";
+                    res.locals.settings = result[0].User_Settings || {};
+
+                    res.locals.isbot = true; //only apps/bots use auth tokens
+
+                    next()
+                })
+                return;
+            }
+        } else {
+            if(!req.cookies.AUTH_COOKIE) {
+                next()
+                return
+            }
+            unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
+            if (!unsigned){
+                next()
+                return
+            }
         }
         let sql = `select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
         let values = unsigned.split(" ");
@@ -118,6 +109,9 @@ export const setup = function (router, con, server) {
             res.status(402);
             res.json({ "error": "you cannot access the api without being logged in" });
         }
+        /* #swagger.security = [{
+               "appTokenAuthHeader": []
+        }] */
     });
 };
 export default {

routes/api/dms/PersonalMessages.js

@@ -20,6 +20,9 @@ export const setup = function (router, con, server) {
                 throw err;
             res.json(result);
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/dms/conversations",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
@@ -30,10 +33,16 @@ export const setup = function (router, con, server) {
                 throw err;
             res.json(result);
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/dms/encrypt.js",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
         res.send(web_version());
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     //
     router.get("/api/dms/getDM",  function (req, res) {
@@ -52,6 +61,9 @@ export const setup = function (router, con, server) {
                 res.json({ "error": "there is no such dm!" });
             }
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 };
 export default {

routes/api/dms/post.js

@@ -19,6 +19,9 @@ export const setup = function (router, con, server) {
     router.get("/api/dms/pid",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
         res.json({ "pid": createPID() });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.post("/api/dms/post",  function (req, res) {
         if (!req.body.message) {
@@ -89,6 +92,10 @@ export const setup = function (router, con, server) {
             console.log(5, `posted new dm by ${res.locals.username} to ${otherperson} : ${xor(encodeURIComponent(res.locals.username), otherperson)}`);
         });
         //TODO: bring dms up-to-date with normal posts
+
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     return createPID
 };

routes/api/getFileIcon.js

@@ -31,8 +31,8 @@ async function addTextOnImage(text,buf) {
 }
 
 export const setup = function (router, con, server) {
-    router.get("/api/getFileIcon/*",async function(req,res){
-        let path = req.path.split("/api/getFileIcon/")[1]
+    router.get("/api/getFileIcon/:icon",async function(req,res){
+        let path = req.params.icon
         if(path.length > 4) {
             res.status(410).json({"error":"file ending is too long"})
             return;
@@ -41,5 +41,8 @@ export const setup = function (router, con, server) {
             res.set("content-type","image/png")
             res.send(buf)
         })
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     })
 }

routes/api/getPosts.js

@@ -1,8 +1,4 @@
 export const setup = function (router, con, server) {
-    router.get("/api/getPosts/*",  function (_req, res) {
-        res.set("Access-Control-Allow-Origin", "");
-        res.redirect("/api/getPosts");
-    });
     router.get("/api/getPosts",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
         if (req.query.channel !== undefined) {
@@ -21,6 +17,9 @@ export const setup = function (router, con, server) {
                 res.json(result);
             });
         }
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/getPostsLowerThan",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
@@ -40,6 +39,9 @@ export const setup = function (router, con, server) {
                 res.json(result);
             });
         }
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/getPost",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
@@ -56,5 +58,8 @@ export const setup = function (router, con, server) {
                 res.json({ "error": "there is no such post!" });
             }
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 }

routes/api/post.js

@@ -32,6 +32,9 @@ export const setup = function (router, con, server) {
     router.get("/api/pid",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
         res.json({ "pid": createPID() });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 
     function validateMessage(message) {
@@ -204,6 +207,9 @@ export const setup = function (router, con, server) {
                 res.json({"error":"internal server error", "status": 500})
             }
         }
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     return createPID
 };

routes/api/search.js

@@ -34,5 +34,9 @@ export const setup = function (router, con, server) {
         else {
             res.json({ "error": "invalid type passed along, expected `user` or `post`", "message": "search has been deprecated as of 11/30/2022"});
         }
+
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 }

routes/api/settingshandler.js

@@ -4,6 +4,10 @@ const allowed_settings = {
 export const setup = function (router, con, server) {
     router.get("/api/settings", function (req, res) {
         res.json(res.locals.settings);
+
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.post("/api/settings", function (req, res) {
         if (!req.body.setting) {
@@ -45,6 +49,10 @@ export const setup = function (router, con, server) {
             }
             res.json({ "status": "success" });
         });
+
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 };
 export default {

routes/api/userRoutes.js

@@ -47,10 +47,16 @@ export const setup = function (router, con, server) {
                     res.json({ "success": "updated avatar" });
                 });
             })
-        });         
+        });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/getuser",  function (_req, res) {
         res.json({ "username": res.locals.username, "bio": res.locals.bio, "avatar": res.locals.avatar, "userid": res.locals.userid });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/getalluserinformation",  function (req, res) {
         res.set("Access-Control-Allow-Origin", ""); //we don't want that here
@@ -73,6 +79,9 @@ export const setup = function (router, con, server) {
                 res.json({ "error": "you cannot access the api without being logged in" });
             }
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.get("/api/getotheruser",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "*");
@@ -109,6 +118,9 @@ export const setup = function (router, con, server) {
                 throw err;
             res.json({ "success": "updated bio" });
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.post("/api/changePW", (req, res) => {
         res.set("Access-Control-Allow-Origin", "");
@@ -149,6 +161,9 @@ export const setup = function (router, con, server) {
                 res.json({ "error": "invalid password" });
             }
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
     router.post("/api/changeUsername",  function (req, res) {
         res.set("Access-Control-Allow-Origin", "");
@@ -212,5 +227,8 @@ export const setup = function (router, con, server) {
                 res.json({ "error": "invalid password" });
             }
         });
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     });
 }

routes/authorize.js

@@ -20,10 +20,10 @@ export const setup = function (router, con, server) {
             if(typeof appid === "number") {
 
                 const token = randomBytes(150).toString("base64")
-                
+
                 let tokencode;
                 while(tokencode===undefined || temp_code_to_token[tokencode]!==undefined) {
-                    tokencode = randomBytes(15).toString("base64")
+                    tokencode = randomBytes(15).toString("base64").replaceAll("/","f").replaceAll("+","A") //"/" and "+" may break some apps
                 }
                 temp_code_to_token[tokencode]={
                     "userid":res.locals.userid,
@@ -35,7 +35,7 @@ export const setup = function (router, con, server) {
                     if(data !== undefined && data.token===token && data.appid === appid && data.userid === res.locals.userid) {
                         temp_code_to_token[tokencode]=undefined
                     }
-                }, 300000); //wait for 5 minutes
+                }, 1000*60*5);
 
                 const sql = "SELECT application_auth_url FROM ipost.application where application_id=?"
 
@@ -45,16 +45,24 @@ export const setup = function (router, con, server) {
                         res.redirect(`/authorize?id=${req.body.application_id}`)
                         return
                     }
-                    res.redirect(`${result[0].application_auth_url}?code=${tokencode}`)
+                    let extra = ""
+                    if(req.body.application_extra !== "") {
+                        extra = "&extra="+String(req.body.application_extra)
+                    }
+                    res.redirect(`${result[0].application_auth_url}?code=${tokencode}${extra}`)
                 })
 
-                
-                
+
+
                 return
             }
         }
 
         res.redirect(`/authorize?id=${req.body.application_id}`)
+
+        /* #swagger.security = [{
+            "appTokenAuthHeader": []
+        }] */
     })
 
     router.post("/redeemauthcode", (req,res) => {
@@ -71,12 +79,12 @@ export const setup = function (router, con, server) {
             } catch(err) {
                 console.log("error parsing",err)
             }
-        } 
+        }
         if(
-            typeof req.body.auth            !== "object" || 
-            typeof req.body.auth.secret     !== "string" || 
-            typeof req.body.auth.appid      !== "number" || 
-            req.body.auth.secret.length     !== 200      || 
+            typeof req.body.auth            !== "object" ||
+            typeof req.body.auth.secret     !== "string" ||
+            typeof req.body.auth.appid      !== "number" ||
+            req.body.auth.secret.length     !== 200      ||
             Buffer.from(req.body.auth.secret,"base64").length !== 150 ||
             req.body.auth.appid !== temp_code_to_token[req.body.authcode].appid
         ) {
@@ -102,10 +110,10 @@ export const setup = function (router, con, server) {
 
             let data = temp_code_to_token[req.body.authcode]
             temp_code_to_token[req.body.authcode] = undefined
-            
-            
+
+
             const sql = "INSERT INTO `ipost`.`auth_tokens`(`auth_token`,`auth_token_u_id`,`auth_token_isfrom_application_id`) VALUES(?,?,?);"
-            
+
             const values = [SHA256(data.token,appid,10000),data.userid,data.appid] //token,id,appid
             con.query(sql,values,(err,result) => {
                 if(err) {
@@ -117,7 +125,11 @@ export const setup = function (router, con, server) {
             })
         })
 
-        
-    
+
+
     })
+
+    /* #swagger.security = [{
+        "appTokenAuthHeader": []
+    }] */
 }

routes/serve_static_files.js

@@ -5,43 +5,43 @@ export const setup = function (router, con, server) {
     const __dirname = server.dirname
     const dir = __dirname + "/"
     
-    router.get("/users/*",  function (req, res) {
+    router.get("/users/:user",  function (req, res) {
         if (!increaseUSERCall(req, res))
             return;
         res.sendFile(dir + "views/otheruser.html");
     });
-    router.get("/css/*", (request, response) => {
+    router.get("/css/:file", (request, response) => {
         if (!increaseUSERCall(request, response))
             return;
-        if (existsSync(__dirname + request.originalUrl)) {
-            response.sendFile(__dirname + request.originalUrl);
+        if (existsSync(`${__dirname}/css/${request.params.file}`)) {
+            response.sendFile(`${__dirname}/css/${request.params.file}`);
         }
         else {
             response.status(404).send("no file with that name found");
         }
         return;
     });
-    router.get("/js/*", (request, response) => {
+    router.get("/js/:file", (request, response) => {
         if (!increaseUSERCall(request, response))
             return;
-        if (existsSync(__dirname + request.originalUrl)) {
-            response.sendFile(__dirname + request.originalUrl);
+        if (existsSync(`${__dirname}/js/${request.params.file}`)) {
+            response.sendFile(`${__dirname}/js/${request.params.file}`);
         }
         else {
             response.status(404).send("no file with that name found");
         }
         return;
     });
-    router.get("/images/*", (request, response) => {
+    router.get("/images/:file", (request, response) => {
         if (!increaseUSERCall(request, response))
             return;
-        if (existsSync(__dirname + request.originalUrl)) {
+        if (existsSync(`${__dirname}/images/${request.params.file}`)) {
             response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
-            response.sendFile(__dirname + request.originalUrl);
+            response.sendFile(`${__dirname}/images/${request.params.file}`);
         }
-        else if(existsSync(__dirname + request.originalUrl.toLowerCase())){
+        else if(existsSync(`${__dirname}/images/${request.params.file.toLowerCase()}`)){
             response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
-            response.sendFile(__dirname + request.originalUrl.toLowerCase());
+            response.sendFile(`${__dirname}/images/${request.params.file.toLowerCase()}`);
         }
         else {
             response.status(404).send("no file with that name found");
@@ -49,12 +49,12 @@ export const setup = function (router, con, server) {
         return;
     });
     
-    router.get("/user_uploads/*", (request, response) => {
+    router.get("/user_uploads/:file", (request, response) => {
         if (!increaseUSERCall(request, response))
             return;
-        if (existsSync(__dirname + request.originalUrl)) {
+        if (existsSync(`${__dirname}/user_uploads/${request.params.file}`)) {
             response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
-            response.sendFile(__dirname + request.originalUrl);
+            response.sendFile(`${__dirname}/user_uploads/${request.params.file}`);
         }
         else {
             response.status(404).send("no file with that name found");
@@ -62,13 +62,12 @@ export const setup = function (router, con, server) {
         return;
     });
     
-    router.get("/avatars/*", (request, response) => {
+    router.get("/avatars/:avatar", (request, response) => {
         if (!increaseUSERCall(request, response))
             return;
         response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
-        let originalUrl = request.originalUrl.split("?").shift();
-        if (existsSync(dir + originalUrl)) {
-            return response.sendFile(dir + originalUrl);
+        if (existsSync(`${__dirname}/avatars/${request.params.avatar}`)) {
+            return response.sendFile(`${__dirname}/avatars/${request.params.avatar}`);
         }
         response.status(404).send("No avatar with that name found");
     });

routes/userfiles.js

@@ -1,5 +1,5 @@
 import ejs from "ejs"
-import LRU from "lru-cache"
+import { LRUCache as LRU} from "lru-cache"
 import {minify as min_js} from "uglify-js"
 import Clean from 'clean-css';
 import Minifier from 'html-minifier-terser';
@@ -25,27 +25,27 @@ export const setup = function (router, con, server) {
         updateAgeOnHas: true
     })
 
-    function load_var(fina) {
-        if(load_var_cache.get(fina))return load_var_cache.get(fina)
-        if(!existsSync(fina)) {
-            console.log(1,"tried loading non-existent file",fina)
-            load_var_cache.set(fina,"")
-            return "";
-        }
-        let out = readFileSync(fina)
-        if(fina.endsWith(".js")) {
-            out = min_js(out.toString()).code
-        }
-        else if(fina.endsWith(".css")) {
-            const {
-                styles,
-            } = new Clean({}).minify(out.toString());
-            out = styles
+    function load_var(filePath) {
+        if (load_var_cache.has(filePath)) {
+          return load_var_cache.get(filePath);
         }
 
-        load_var_cache.set(fina,out)
-        
-        return out
+        if (!existsSync(filePath)) {
+          console.log(1,'Tried loading non-existent file', filePath);
+          load_var_cache.set(filePath, '');
+          return '';
+        }
+
+        let output = readFileSync(filePath);
+
+        if (filePath.endsWith('.js')) {
+          output = min_js(output.toString()).code;
+        } else if (filePath.endsWith('.css')) {
+          const { styles } = new Clean({}).minify(output.toString());
+          output = styles;
+        }
+        load_var_cache.set(filePath, output);
+        return output;
     }
 
     function get_channels(){
@@ -70,6 +70,10 @@ export const setup = function (router, con, server) {
     function getAppWithId(appid) {
         appid = Number(appid)
         return new Promise((res,rej) => {
+            if(isNaN(appid)) {
+                res({})
+                return
+            }
             if(appId_Cache.has(appid)) {
                 res(appId_Cache.get(appid) || {})
                 return
@@ -111,11 +115,13 @@ export const setup = function (router, con, server) {
         if (!increaseUSERCall(request, response))return;
         if(typeof overrideurl !== "string")overrideurl = undefined;
     
-        let originalUrl = overrideurl || request.originalUrl.split("?").shift();
+        let originalUrl = overrideurl
+            || request.params.file
+            || request.originalUrl.split("?").shift(); //backup in case anything goes wrong
     
         let path = ""
-        if (existsSync(dir + "views" + originalUrl)) {
-            path = dir + "views" + originalUrl
+        if (existsSync(dir + "views/" + originalUrl)) {
+            path = dir + "views/" + originalUrl
             //send .txt files as plaintext to help browsers interpret it correctly
             if(originalUrl.endsWith(".txt")) {
                 response.set('Content-Type', 'text/plain');
@@ -136,10 +142,11 @@ export const setup = function (router, con, server) {
             path = dir + "views" + originalUrl + ".html"
         }
     
-        if(path !== "" && originalUrl !== "/favicon.ico" && originalUrl !== "/api/documentation/") {
+        if(path !== "" && originalUrl !== "favicon.ico" && originalUrl !== "api_documentation" && originalUrl !== "api_documentation.html") {
+            console.log(originalUrl)
             global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
             global_page_variables.query = request.query
-            if(originalUrl === "/authorize") {
+            if(originalUrl === "authorize") {
                 global_page_variables.application = await getAppWithId(request.query.id)
             }
             ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
@@ -176,20 +183,20 @@ export const setup = function (router, con, server) {
             })
             return;
         }
-    
-        if(originalUrl === "/favicon.ico") {
+
+        if(originalUrl === "api_documentation" || originalUrl === "api_documentation.html") {
+            response.set('Cache-Control', 'public, max-age=2592000');
+            response.set('Content-Type', 'text/html')
+            response.send(load_var("./views/api_documentation.html"))
+            return
+        }
+
+        if(originalUrl === "favicon.ico") {
             response.set('Cache-Control', 'public, max-age=2592000');
             response.sendFile(dir + "/views/favicon.ico")
             return
         }
-    
-        if(originalUrl === "/api/documentation/") {
-            readFile(path,function(_err,res){
-                response.send(res.toString())
-            })
-            return
-        }
-    
+
         console.log(5,"no file found",originalUrl);
         try {
             response.status(404).send("No file with that name found");
@@ -197,13 +204,18 @@ export const setup = function (router, con, server) {
             console.error(err)
         }
     }
-    
-    /** 
+
+    /**
     * Handle default URI as /index (interpreted redirect: "localhost" -> "localhost/index" )
     */
-    router.get("/", function (req, res) {
+    router.get("/", (req, res) => {
+        req.params.file = "index"
         handleUserFiles(req,res,"/index")
     });
-    
-    router.get("/*", handleUserFiles);
+
+    router.get("/:file", handleUserFiles);
+    router.get("/:folder/:file", (req, res) => {
+        req.params.file = req.params.folder+"/"+req.params.file
+        handleUserFiles(req,res)
+    });
 }

server.js

@@ -14,6 +14,7 @@ import { readFileSync, appendFile } from "fs";
 import { format } from "util";
 import { setup as SETUP_ROUTES} from "./routes/setup_all_routes.js"
 import { verify as verifyHCaptcha_int } from "hcaptcha"
+import hsts from "hsts"
 
 import { ensureExists } from "./extra_modules/ensureExists.js"
 
@@ -262,6 +263,26 @@ app.use(fileUpload({
     }
 }));
 
+const hstsMiddleware = hsts({
+    maxAge: 31536000,
+    includeSubDomains: true,
+    preload: true
+})
+
+app.use((req, res, next) => {
+    res.set("x-powered-by", "ipost");
+    res.set("X-Frame-Options","DENY");
+    res.set("X-XSS-Protection","1; mode=block");
+    res.set("X-Content-Type-Options","nosniff");
+    res.set("Referrer-Policy","no-referrer");
+
+    if (req.secure) {
+      hstsMiddleware(req, res, next)
+    } else {
+      next()
+    }
+})
+
 app.use(bodyParser.default.json({ limit: "100mb" }));
 app.use(bodyParser.default.urlencoded({ limit: "100mb", extended: true }));
 app.use(cookieParser(cookiesecret));
@@ -304,7 +325,6 @@ app.use((req, res, next) => {
 });
 
 app.use("/*", function (req, res, next) {
-    res.set("x-powered-by", "ipost");
     for (let i = 0; i < blocked_headers.length; i++) {
         if (req.header(blocked_headers[i]) !== undefined) {
             res.json({ "error": "we don't allow proxies on our website." });
@@ -358,6 +378,9 @@ router.get("/api/getChannels",  function (_req, res) {
             throw err;
         res.json(result);
     });
+    /* #swagger.security = [{
+        "appTokenAuthHeader": []
+    }] */
 });
 /*
 

server_config.json

@@ -155,8 +155,8 @@
     "level": 5
   },
   "ssl": {
-    "privateKey": "./etc/letsencrypt/live/ipost.rocks/privkey.pem",
-    "certificate" : "./etc/letsencrypt/live/ipost.rocks/fullchain.pem"
+    "privateKey": "/etc/letsencrypt/live/ipost.rocks-0002/privkey.pem",
+    "certificate" : "/etc/letsencrypt/live/ipost.rocks-0002/fullchain.pem"
   },
   "ports": {
     "http": 9999,

swagger.cjs

@@ -0,0 +1,78 @@
+const fs = require('fs');
+const swaggerAutogen = require('swagger-autogen')();
+
+const doc = {
+  info: {
+    title: 'IPost API',
+    description: 'the official IPost.rocks API documentation',
+  },
+  host: 'ipost.rocks',
+  schemes: ['https'],
+  securityDefinitions: {
+    appTokenAuthHeader: {
+      type: 'apiKey',
+      in: 'header', // can be 'header', 'query' or 'cookie'
+      name: 'ipost-auth-token', // name of the header, query parameter or cookie
+      description: 'authenticate using the authentication object in the header'
+    }
+  }
+};
+
+const outputFile = './swagger-api.json';
+const tempFile = './swagger-output.json';
+const endpointsFiles = ['./server.js'];
+
+function pushdirectory(currentpath) {
+  fs.readdirSync(currentpath, {
+    withFileTypes: true
+  }).forEach(dirent => {
+    if (dirent.isFile()) {
+      endpointsFiles.push(currentpath + dirent.name);
+    } else {
+      pushdirectory(currentpath + dirent.name + "/");
+    }
+  });
+}
+
+pushdirectory("./routes/");
+
+swaggerAutogen(tempFile, endpointsFiles, doc);
+
+/*
+  Replace some error codes with own error codes, as described in error_codes.txt
+*/
+const to_replace = {
+  "401": "login error (invalid cookie)",
+  "402": "login error (bad cookie)",
+  "403": "login error (no cookie)",
+  
+  "410": "argument/data error",
+  "411": "argument/data error",
+  "412": "argument/data error",
+  "413": "argument/data error",
+  "414": "argument/data error",
+  "415": "argument/data error",
+  "416": "argument/data error",
+  "417": "argument/data error",
+  "418": "argument/data error",
+  "419": "argument/data error",
+  "420": "invalid authetication object",
+  
+}
+
+let file = JSON.parse(fs.readFileSync(tempFile, 'utf8'));
+
+for (let path in file.paths) {
+  for (let method in file.paths[path]) {
+    for (let response in file.paths[path][method].responses) {
+      if (to_replace[response]) {
+        file.paths[path][method].responses[response].description = to_replace[response];
+      }
+    }
+  }
+}
+
+file = JSON.stringify(file);
+console.log(file)
+fs.writeFileSync(outputFile, file);
+fs.rmSync(tempFile);

views/authorize.html

@@ -27,6 +27,7 @@
         <p>Please authorize the app "<%= application.application_name %>" to access your information:</p>
         <form action="/authorize" method="post">
             <input type="number" value=<%= query.id %> class="hidden" name="application_id" id="application_id">
+            <input type="number" value=<%= query.extra || "" %> class="hidden" name="application_extra" id="application_extra">
             <div class="h-captcha" data-sitekey="<%- hcaptcha_sitekey %>"></div>
             <input type="submit" value="Authorize">
         </form>