rate limit shit

This commit is contained in:
Tyler Murphy 2023-01-21 15:45:14 -05:00
parent a50ccedcaa
commit f41ca04fbe
7 changed files with 647 additions and 1877 deletions

4
.gitignore vendored
View file

@ -1 +1,3 @@
node_modules
node_modules
.env
xssbook.db

View file

@ -1,7 +1,23 @@
require('dotenv').config()
const express = require('express')
const app = express()
const port = 8080
const rateLimiter = require('express-rate-limit')
const limiter = (min, count) => {
return rateLimiter({
windowMs: min * 60 * 1000,
max: count,
message: 'Too many requests, please try again later.',
standardHeaders: true,
legacyHeaders: false,
})
}
const cookieParser = require('cookie-parser')
app.use(cookieParser())
app.use(express.json());
app.use(express.static('public'))
@ -21,6 +37,10 @@ app.get('/profile', (req, res) => {
res.sendFile('profile.html', { root: './public' })
})
app.use('/api', limiter(1,60))
app.use('/api/register', limiter(60, 5))
app.use('/api/login', limiter(10, 5))
const api = require('./src/api.js')
app.use('/api', api);

2370
package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -9,7 +9,10 @@
"author": "Tyler Murphy",
"license": "WTFPL",
"dependencies": {
"better-sqlite3": "^8.0.1",
"cookie-parser": "^1.4.6",
"dotenv": "^16.0.3",
"express": "^4.18.2",
"sqlite3": "^5.1.4"
"express-rate-limit": "^6.7.0"
}
}

View file

@ -6,4 +6,9 @@ router.get('/', (req, res) => {
res.status(200).send( {msg: 'xssbook api'} )
})
router.post('/', (req, res) => {
res.status(200).send( {msg: 'xssbook api'} )
})
module.exports = router;

View file

@ -1,26 +1,18 @@
const sqlite3 = require('sqlite3')
const path = require('path').resolve(__dirname, '../xssbook.db')
let db = new sqlite3.Database(path, sqlite3.OPEN_READWRITE, (err) => {
if (err && err.code == "SQLITE_CANTOPEN") {
createDatabase();
return;
} else if (err) {
console.log(err);
}
addUser('John','Doe','johndoe@gmail.com','password','lettuce',0,'jan',0,69)
})
const Database = require('better-sqlite3')
const db = createDatabase()
function createDatabase() {
db = new sqlite3.Database(path, (err) => {
if (err) {
console.log(err);
}
createTables();
});
try {
var db = new Database('xssbook.db', { fileMustExist: true });
return db
} catch (err) {
var db = new Database('xssbook.db', {});
createTables(db);
return db
}
}
function createTables() {
function createTables(db) {
db.exec(`
CREATE TABLE users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
@ -30,7 +22,7 @@ function createTables() {
password VARCHAR(50) NOT NULL,
gender VARCHAR(20) NOT NULL,
date INTEGER NOT NULL,
month VARCHAR(3) NOT NULL,
month VARCHAR(10) NOT NULL,
day INTEGER NOT NULL,
year INTEGER NOT NULL
);
@ -51,24 +43,82 @@ function createTables() {
banner BLOB,
FOREIGN KEY(id) REFERENCES users(id)
);
`, (err) => {
if(err) {
console.log(err)
}
})
CREATE TABLE sessions (
user INTEGER PRIMARY KEY NOT NULL,
token TEXT NOT NULL,
FOREIGN KEY(user) REFERENCES users(id)
);
`);
}
function addUser(first, last, email, password, gender, date, month, day, year) {
db.exec(`
INSERT INTO users (first, last, email, password, gender, date, month, day, year) VALUES (?,?,?,?,?,?,?,?,?);
`, [first, last, email, password, gender, date, month, day, year] , (err) => {
if(err) {
console.log(err)
return false
} else {
return true
}
})
try {
const stmt = db.prepare('INSERT OR REPLACE INTO users (first, last, email, password, gender, date, month, day, year) VALUES (@first, @last, @email, @password, @gender, @date, @month, @day, @year);')
stmt.run({first, last, email, password, gender, date, month, day, year})
return true
} catch (err) {
console.log(err)
return false
}
}
function getUser(id) {
try {
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
const info = stmt.get({id})
if (info === undefined) return undefined
return info
} catch (err) {
console.log(err)
return undefined
}
}
function getUsers(ids) {
try {
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
const people = {}
db.transaction((ids) => {
for (const id of ids) {
const info = stmt.get({id})
if (info === undefined) continue;
delete info.password
people[id] = info
}
})(ids)
return people
} catch (err) {
console.log(err)
return undefined
}
}
function addPost(user, content, likes, comments, date) {
try {
const stmt = db.prepare('INSERT OR REPLACE INTO posts (user, content, likes, comments, date) VALUES (@user, @content, @likes, @comments, @date);')
const info = stmt.run({user, content, likes, comments, date})
return info.changes === 1
} catch (err) {
console.log(err)
return false
}
}
function getPosts(page) {
const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;')
const count = 20
const info = stmt.all({limit: count, offset: page * count});
console.log(info)
}
function setSession(user, token) {
try {
const stmt = db.prepare('INSERT OR REPLACE INTO sessions (user, token) VALUES (@user, @token);')
stmt.run({user, token})
return true
} catch (err) {
console.log(err)
return false
}
}

Binary file not shown.