rate limit shit
This commit is contained in:
parent
a50ccedcaa
commit
f41ca04fbe
7 changed files with 647 additions and 1877 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1 +1,3 @@
|
||||||
node_modules
|
node_modules
|
||||||
|
.env
|
||||||
|
xssbook.db
|
20
index.js
20
index.js
|
@ -1,7 +1,23 @@
|
||||||
|
require('dotenv').config()
|
||||||
|
|
||||||
const express = require('express')
|
const express = require('express')
|
||||||
const app = express()
|
const app = express()
|
||||||
const port = 8080
|
const port = 8080
|
||||||
|
|
||||||
|
const rateLimiter = require('express-rate-limit')
|
||||||
|
const limiter = (min, count) => {
|
||||||
|
return rateLimiter({
|
||||||
|
windowMs: min * 60 * 1000,
|
||||||
|
max: count,
|
||||||
|
message: 'Too many requests, please try again later.',
|
||||||
|
standardHeaders: true,
|
||||||
|
legacyHeaders: false,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
const cookieParser = require('cookie-parser')
|
||||||
|
app.use(cookieParser())
|
||||||
|
|
||||||
app.use(express.json());
|
app.use(express.json());
|
||||||
app.use(express.static('public'))
|
app.use(express.static('public'))
|
||||||
|
|
||||||
|
@ -21,6 +37,10 @@ app.get('/profile', (req, res) => {
|
||||||
res.sendFile('profile.html', { root: './public' })
|
res.sendFile('profile.html', { root: './public' })
|
||||||
})
|
})
|
||||||
|
|
||||||
|
app.use('/api', limiter(1,60))
|
||||||
|
app.use('/api/register', limiter(60, 5))
|
||||||
|
app.use('/api/login', limiter(10, 5))
|
||||||
|
|
||||||
const api = require('./src/api.js')
|
const api = require('./src/api.js')
|
||||||
app.use('/api', api);
|
app.use('/api', api);
|
||||||
|
|
||||||
|
|
2370
package-lock.json
generated
2370
package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -9,7 +9,10 @@
|
||||||
"author": "Tyler Murphy",
|
"author": "Tyler Murphy",
|
||||||
"license": "WTFPL",
|
"license": "WTFPL",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
|
"better-sqlite3": "^8.0.1",
|
||||||
|
"cookie-parser": "^1.4.6",
|
||||||
|
"dotenv": "^16.0.3",
|
||||||
"express": "^4.18.2",
|
"express": "^4.18.2",
|
||||||
"sqlite3": "^5.1.4"
|
"express-rate-limit": "^6.7.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,4 +6,9 @@ router.get('/', (req, res) => {
|
||||||
res.status(200).send( {msg: 'xssbook api'} )
|
res.status(200).send( {msg: 'xssbook api'} )
|
||||||
})
|
})
|
||||||
|
|
||||||
|
router.post('/', (req, res) => {
|
||||||
|
res.status(200).send( {msg: 'xssbook api'} )
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
120
src/database.js
120
src/database.js
|
@ -1,26 +1,18 @@
|
||||||
const sqlite3 = require('sqlite3')
|
const Database = require('better-sqlite3')
|
||||||
const path = require('path').resolve(__dirname, '../xssbook.db')
|
const db = createDatabase()
|
||||||
|
|
||||||
let db = new sqlite3.Database(path, sqlite3.OPEN_READWRITE, (err) => {
|
|
||||||
if (err && err.code == "SQLITE_CANTOPEN") {
|
|
||||||
createDatabase();
|
|
||||||
return;
|
|
||||||
} else if (err) {
|
|
||||||
console.log(err);
|
|
||||||
}
|
|
||||||
addUser('John','Doe','johndoe@gmail.com','password','lettuce',0,'jan',0,69)
|
|
||||||
})
|
|
||||||
|
|
||||||
function createDatabase() {
|
function createDatabase() {
|
||||||
db = new sqlite3.Database(path, (err) => {
|
try {
|
||||||
if (err) {
|
var db = new Database('xssbook.db', { fileMustExist: true });
|
||||||
console.log(err);
|
return db
|
||||||
}
|
} catch (err) {
|
||||||
createTables();
|
var db = new Database('xssbook.db', {});
|
||||||
});
|
createTables(db);
|
||||||
|
return db
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function createTables() {
|
function createTables(db) {
|
||||||
db.exec(`
|
db.exec(`
|
||||||
CREATE TABLE users (
|
CREATE TABLE users (
|
||||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||||
|
@ -30,7 +22,7 @@ function createTables() {
|
||||||
password VARCHAR(50) NOT NULL,
|
password VARCHAR(50) NOT NULL,
|
||||||
gender VARCHAR(20) NOT NULL,
|
gender VARCHAR(20) NOT NULL,
|
||||||
date INTEGER NOT NULL,
|
date INTEGER NOT NULL,
|
||||||
month VARCHAR(3) NOT NULL,
|
month VARCHAR(10) NOT NULL,
|
||||||
day INTEGER NOT NULL,
|
day INTEGER NOT NULL,
|
||||||
year INTEGER NOT NULL
|
year INTEGER NOT NULL
|
||||||
);
|
);
|
||||||
|
@ -51,24 +43,82 @@ function createTables() {
|
||||||
banner BLOB,
|
banner BLOB,
|
||||||
FOREIGN KEY(id) REFERENCES users(id)
|
FOREIGN KEY(id) REFERENCES users(id)
|
||||||
);
|
);
|
||||||
`, (err) => {
|
|
||||||
if(err) {
|
CREATE TABLE sessions (
|
||||||
console.log(err)
|
user INTEGER PRIMARY KEY NOT NULL,
|
||||||
}
|
token TEXT NOT NULL,
|
||||||
})
|
FOREIGN KEY(user) REFERENCES users(id)
|
||||||
|
);
|
||||||
|
`);
|
||||||
}
|
}
|
||||||
|
|
||||||
function addUser(first, last, email, password, gender, date, month, day, year) {
|
function addUser(first, last, email, password, gender, date, month, day, year) {
|
||||||
db.exec(`
|
try {
|
||||||
INSERT INTO users (first, last, email, password, gender, date, month, day, year) VALUES (?,?,?,?,?,?,?,?,?);
|
const stmt = db.prepare('INSERT OR REPLACE INTO users (first, last, email, password, gender, date, month, day, year) VALUES (@first, @last, @email, @password, @gender, @date, @month, @day, @year);')
|
||||||
`, [first, last, email, password, gender, date, month, day, year] , (err) => {
|
stmt.run({first, last, email, password, gender, date, month, day, year})
|
||||||
if(err) {
|
return true
|
||||||
console.log(err)
|
} catch (err) {
|
||||||
return false
|
console.log(err)
|
||||||
} else {
|
return false
|
||||||
return true
|
}
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getUser(id) {
|
||||||
|
try {
|
||||||
|
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
|
||||||
|
const info = stmt.get({id})
|
||||||
|
if (info === undefined) return undefined
|
||||||
|
return info
|
||||||
|
} catch (err) {
|
||||||
|
console.log(err)
|
||||||
|
return undefined
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function getUsers(ids) {
|
||||||
|
try {
|
||||||
|
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
|
||||||
|
const people = {}
|
||||||
|
db.transaction((ids) => {
|
||||||
|
for (const id of ids) {
|
||||||
|
const info = stmt.get({id})
|
||||||
|
if (info === undefined) continue;
|
||||||
|
delete info.password
|
||||||
|
people[id] = info
|
||||||
|
}
|
||||||
|
})(ids)
|
||||||
|
return people
|
||||||
|
} catch (err) {
|
||||||
|
console.log(err)
|
||||||
|
return undefined
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function addPost(user, content, likes, comments, date) {
|
||||||
|
try {
|
||||||
|
const stmt = db.prepare('INSERT OR REPLACE INTO posts (user, content, likes, comments, date) VALUES (@user, @content, @likes, @comments, @date);')
|
||||||
|
const info = stmt.run({user, content, likes, comments, date})
|
||||||
|
return info.changes === 1
|
||||||
|
} catch (err) {
|
||||||
|
console.log(err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function getPosts(page) {
|
||||||
|
const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;')
|
||||||
|
const count = 20
|
||||||
|
const info = stmt.all({limit: count, offset: page * count});
|
||||||
|
console.log(info)
|
||||||
|
}
|
||||||
|
|
||||||
|
function setSession(user, token) {
|
||||||
|
try {
|
||||||
|
const stmt = db.prepare('INSERT OR REPLACE INTO sessions (user, token) VALUES (@user, @token);')
|
||||||
|
stmt.run({user, token})
|
||||||
|
return true
|
||||||
|
} catch (err) {
|
||||||
|
console.log(err)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
BIN
xssbook.db
BIN
xssbook.db
Binary file not shown.
Loading…
Reference in a new issue