rate limit shit

This commit is contained in:
Tyler Murphy 2023-01-21 15:45:14 -05:00
parent a50ccedcaa
commit f41ca04fbe
7 changed files with 647 additions and 1877 deletions

2
.gitignore vendored
View file

@ -1 +1,3 @@
node_modules node_modules
.env
xssbook.db

View file

@ -1,7 +1,23 @@
require('dotenv').config()
const express = require('express') const express = require('express')
const app = express() const app = express()
const port = 8080 const port = 8080
const rateLimiter = require('express-rate-limit')
const limiter = (min, count) => {
return rateLimiter({
windowMs: min * 60 * 1000,
max: count,
message: 'Too many requests, please try again later.',
standardHeaders: true,
legacyHeaders: false,
})
}
const cookieParser = require('cookie-parser')
app.use(cookieParser())
app.use(express.json()); app.use(express.json());
app.use(express.static('public')) app.use(express.static('public'))
@ -21,6 +37,10 @@ app.get('/profile', (req, res) => {
res.sendFile('profile.html', { root: './public' }) res.sendFile('profile.html', { root: './public' })
}) })
app.use('/api', limiter(1,60))
app.use('/api/register', limiter(60, 5))
app.use('/api/login', limiter(10, 5))
const api = require('./src/api.js') const api = require('./src/api.js')
app.use('/api', api); app.use('/api', api);

2364
package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -9,7 +9,10 @@
"author": "Tyler Murphy", "author": "Tyler Murphy",
"license": "WTFPL", "license": "WTFPL",
"dependencies": { "dependencies": {
"better-sqlite3": "^8.0.1",
"cookie-parser": "^1.4.6",
"dotenv": "^16.0.3",
"express": "^4.18.2", "express": "^4.18.2",
"sqlite3": "^5.1.4" "express-rate-limit": "^6.7.0"
} }
} }

View file

@ -6,4 +6,9 @@ router.get('/', (req, res) => {
res.status(200).send( {msg: 'xssbook api'} ) res.status(200).send( {msg: 'xssbook api'} )
}) })
router.post('/', (req, res) => {
res.status(200).send( {msg: 'xssbook api'} )
})
module.exports = router; module.exports = router;

View file

@ -1,26 +1,18 @@
const sqlite3 = require('sqlite3') const Database = require('better-sqlite3')
const path = require('path').resolve(__dirname, '../xssbook.db') const db = createDatabase()
let db = new sqlite3.Database(path, sqlite3.OPEN_READWRITE, (err) => {
if (err && err.code == "SQLITE_CANTOPEN") {
createDatabase();
return;
} else if (err) {
console.log(err);
}
addUser('John','Doe','johndoe@gmail.com','password','lettuce',0,'jan',0,69)
})
function createDatabase() { function createDatabase() {
db = new sqlite3.Database(path, (err) => { try {
if (err) { var db = new Database('xssbook.db', { fileMustExist: true });
console.log(err); return db
} catch (err) {
var db = new Database('xssbook.db', {});
createTables(db);
return db
} }
createTables();
});
} }
function createTables() { function createTables(db) {
db.exec(` db.exec(`
CREATE TABLE users ( CREATE TABLE users (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
@ -30,7 +22,7 @@ function createTables() {
password VARCHAR(50) NOT NULL, password VARCHAR(50) NOT NULL,
gender VARCHAR(20) NOT NULL, gender VARCHAR(20) NOT NULL,
date INTEGER NOT NULL, date INTEGER NOT NULL,
month VARCHAR(3) NOT NULL, month VARCHAR(10) NOT NULL,
day INTEGER NOT NULL, day INTEGER NOT NULL,
year INTEGER NOT NULL year INTEGER NOT NULL
); );
@ -51,24 +43,82 @@ function createTables() {
banner BLOB, banner BLOB,
FOREIGN KEY(id) REFERENCES users(id) FOREIGN KEY(id) REFERENCES users(id)
); );
`, (err) => {
if(err) { CREATE TABLE sessions (
console.log(err) user INTEGER PRIMARY KEY NOT NULL,
} token TEXT NOT NULL,
}) FOREIGN KEY(user) REFERENCES users(id)
);
`);
} }
function addUser(first, last, email, password, gender, date, month, day, year) { function addUser(first, last, email, password, gender, date, month, day, year) {
db.exec(` try {
INSERT INTO users (first, last, email, password, gender, date, month, day, year) VALUES (?,?,?,?,?,?,?,?,?); const stmt = db.prepare('INSERT OR REPLACE INTO users (first, last, email, password, gender, date, month, day, year) VALUES (@first, @last, @email, @password, @gender, @date, @month, @day, @year);')
`, [first, last, email, password, gender, date, month, day, year] , (err) => { stmt.run({first, last, email, password, gender, date, month, day, year})
if(err) { return true
} catch (err) {
console.log(err) console.log(err)
return false return false
} else { }
}
function getUser(id) {
try {
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
const info = stmt.get({id})
if (info === undefined) return undefined
return info
} catch (err) {
console.log(err)
return undefined
}
}
function getUsers(ids) {
try {
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
const people = {}
db.transaction((ids) => {
for (const id of ids) {
const info = stmt.get({id})
if (info === undefined) continue;
delete info.password
people[id] = info
}
})(ids)
return people
} catch (err) {
console.log(err)
return undefined
}
}
function addPost(user, content, likes, comments, date) {
try {
const stmt = db.prepare('INSERT OR REPLACE INTO posts (user, content, likes, comments, date) VALUES (@user, @content, @likes, @comments, @date);')
const info = stmt.run({user, content, likes, comments, date})
return info.changes === 1
} catch (err) {
console.log(err)
return false
}
}
function getPosts(page) {
const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;')
const count = 20
const info = stmt.all({limit: count, offset: page * count});
console.log(info)
}
function setSession(user, token) {
try {
const stmt = db.prepare('INSERT OR REPLACE INTO sessions (user, token) VALUES (@user, @token);')
stmt.run({user, token})
return true return true
} catch (err) {
console.log(err)
return false
} }
})
} }

Binary file not shown.