import sharp from 'sharp' import { writeFile } from 'fs' const image_types = { png: true, jpg: true, jpeg: true, webp: true, jfif: true, } export const setup = function (router, con, server) { const PIDS = {} //[pid]: true/"already_used" function isNotNull(a) { return typeof a !== 'undefined' && a !== null } function createPID() { let pid = server.genstring(10) //collision chance is low enough, but we'll check anyways while (PIDS[pid] !== undefined) { pid = server.genstring(10) console.log(5, 'pid collision') } PIDS[pid] = true setTimeout(function () { PIDS[pid] = undefined }, 40000) return pid } router.get('/api/pid', function (req, res) { res.set('Access-Control-Allow-Origin', '*') res.json({ pid: createPID() }) /* #swagger.security = [{ "appTokenAuthHeader": [] }] */ }) function validateMessage(message) { if (!message) { throw { statusCode: 410, message: 'no message to post', } } if (typeof message !== 'string') { throw { statusCode: 411, message: 'no message to post', } } if (message.length > 1000) { throw { statusCode: 416, message: 'message too long', } } message = encodeURIComponent(message.trim()) if (message.length > 3000) { throw { statusCode: 417, message: 'message too long', } } if (!message) { throw { statusCode: 418, message: 'no message to post', } } //backup check return message } function validatePID(pid) { if (!pid || typeof pid !== 'string') { throw { statusCode: 412, message: 'no pid given', } } if (pid.length !== 10 || PIDS[pid] !== true) { throw { statusCode: 413, message: 'invalid pid given', } } PIDS[pid] = 'already_used' } function validateReplyID(rid) { let reply_id if (!rid || rid < 0) { reply_id = 0 } if (typeof rid === 'string' && rid !== '') { reply_id = parseInt(rid, 10) if (isNaN(reply_id)) { throw { statusCode: 414, message: 'no valid reply id given', } } } if (typeof reply_id !== 'number') { throw { statusCode: 415, message: 'no valid reply id given', } //backup case } return reply_id } function validateReceiver(rec) { let receiver = encodeURIComponent(rec || '') if (receiver === '') receiver = 'everyone' return receiver } router.post('/api/post', async (req, res) => { try { let message = validateMessage(req.body.message) validatePID(req.body.pid) let reply_id = validateReplyID(req.body.reply_id) let receiver = validateReceiver(req.body.receiver) let __dirname = server.dirname const file_names = ['', '', '', '', ''] if (isNotNull(req.files)) { for (let file_index = 0; file_index < 5; file_index++) { if (isNotNull(req.files[`file_${file_index}`])) { let file = req.files[`file_${file_index}`] const file_id = server.genstring(20) const file_name = `${file_id}/${file.name.substring(0, 25).replace(/\.[^/.]+$/, '')}` let extension = file.name.substring( file.name.lastIndexOf('\.') + 1 ) file_names[file_index] = `${file_name}${(extension in image_types && '.webp') || extension}` server.ensureExists( `${__dirname}/user_uploads/${file_id}`, undefined, async (err) => { if (err) { console.error(err) return } if (extension in image_types) { writeFile( `${__dirname}/user_uploads/${file_name}.webp`, await sharp(file.data) .webp({ mixed: true, effort: 6 }) .toBuffer(), (err2) => { if (err2) console.error(err2) } ) server.ensureExists( `${__dirname}/user_uploads/previews/${file_id}`, undefined, async (error) => { if (error) { console.error(error) return } writeFile( `${__dirname}/user_uploads/previews/${file_name}.webp`, await sharp(file.data) .resize(100, 100, { fit: 'inside', }) .webp({ mixed: true, effort: 6, }) .toBuffer(), (error2) => { if (error2) console.error(error2) } ) } ) } else { file.mv( `${__dirname}/user_uploads/${file_name}.${extension}`, (err2) => { if (err2) console.error(err2) } ) } } ) } } } let sql = `START TRANSACTION;INSERT INTO ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id,file_0,file_1,file_2,file_3,file_4) VALUES (?,?,?,?,?,?,?,?,?,?,?);SELECT LAST_INSERT_ID() as ID;COMMIT;` let values = [ encodeURIComponent(res.locals.username), message, Date.now(), receiver, res.locals.isbot, reply_id, ...file_names, ] con.query(sql, values, function (err, result) { if (err) { res.status(500) res.json({ error: "there's been an interal error" }) console.error(err) return } let post_obj = { post_user_name: encodeURIComponent(res.locals.username), post_text: req.body.message, post_time: Date.now(), post_special_text: '', post_receiver_name: req.body.receiver, post_from_bot: res.locals.isbot, post_reply_id: reply_id, user_avatar: res.locals.avatar, files: file_names, post_id: result[0].ID, } let message = { message: 'new_post', data: post_obj, } let messagestr = JSON.stringify(message) //console.log(5,server.wss.clients); /* DEBUG: Log websocket clients */ server.wss.clients.forEach(function (ws) { //console.log(5,ws); /* DEBUG: Log websocket clients */ ws.send(messagestr) }) res.json({ success: 'successfully posted message' }) console.log( 5, `posted new message by ${res.locals.username} : ${req.body.message}` ) }) } catch (error) { if (error.statusCode) { res.status(error.statusCode) res.json({ error: error.message, status: error.statusCode }) } else { console.error('some error: ', error) res.status(500) res.json({ error: 'internal server error', status: 500 }) } } /* #swagger.security = [{ "appTokenAuthHeader": [] }] */ }) return createPID } export default { setup, }