rate limit shit
This commit is contained in:
parent
a50ccedcaa
commit
f41ca04fbe
7 changed files with 647 additions and 1877 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1,3 @@
|
|||
node_modules
|
||||
.env
|
||||
xssbook.db
|
20
index.js
20
index.js
|
@ -1,7 +1,23 @@
|
|||
require('dotenv').config()
|
||||
|
||||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 8080
|
||||
|
||||
const rateLimiter = require('express-rate-limit')
|
||||
const limiter = (min, count) => {
|
||||
return rateLimiter({
|
||||
windowMs: min * 60 * 1000,
|
||||
max: count,
|
||||
message: 'Too many requests, please try again later.',
|
||||
standardHeaders: true,
|
||||
legacyHeaders: false,
|
||||
})
|
||||
}
|
||||
|
||||
const cookieParser = require('cookie-parser')
|
||||
app.use(cookieParser())
|
||||
|
||||
app.use(express.json());
|
||||
app.use(express.static('public'))
|
||||
|
||||
|
@ -21,6 +37,10 @@ app.get('/profile', (req, res) => {
|
|||
res.sendFile('profile.html', { root: './public' })
|
||||
})
|
||||
|
||||
app.use('/api', limiter(1,60))
|
||||
app.use('/api/register', limiter(60, 5))
|
||||
app.use('/api/login', limiter(10, 5))
|
||||
|
||||
const api = require('./src/api.js')
|
||||
app.use('/api', api);
|
||||
|
||||
|
|
2370
package-lock.json
generated
2370
package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -9,7 +9,10 @@
|
|||
"author": "Tyler Murphy",
|
||||
"license": "WTFPL",
|
||||
"dependencies": {
|
||||
"better-sqlite3": "^8.0.1",
|
||||
"cookie-parser": "^1.4.6",
|
||||
"dotenv": "^16.0.3",
|
||||
"express": "^4.18.2",
|
||||
"sqlite3": "^5.1.4"
|
||||
"express-rate-limit": "^6.7.0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,4 +6,9 @@ router.get('/', (req, res) => {
|
|||
res.status(200).send( {msg: 'xssbook api'} )
|
||||
})
|
||||
|
||||
router.post('/', (req, res) => {
|
||||
res.status(200).send( {msg: 'xssbook api'} )
|
||||
})
|
||||
|
||||
|
||||
module.exports = router;
|
120
src/database.js
120
src/database.js
|
@ -1,26 +1,18 @@
|
|||
const sqlite3 = require('sqlite3')
|
||||
const path = require('path').resolve(__dirname, '../xssbook.db')
|
||||
|
||||
let db = new sqlite3.Database(path, sqlite3.OPEN_READWRITE, (err) => {
|
||||
if (err && err.code == "SQLITE_CANTOPEN") {
|
||||
createDatabase();
|
||||
return;
|
||||
} else if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
addUser('John','Doe','johndoe@gmail.com','password','lettuce',0,'jan',0,69)
|
||||
})
|
||||
const Database = require('better-sqlite3')
|
||||
const db = createDatabase()
|
||||
|
||||
function createDatabase() {
|
||||
db = new sqlite3.Database(path, (err) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
createTables();
|
||||
});
|
||||
try {
|
||||
var db = new Database('xssbook.db', { fileMustExist: true });
|
||||
return db
|
||||
} catch (err) {
|
||||
var db = new Database('xssbook.db', {});
|
||||
createTables(db);
|
||||
return db
|
||||
}
|
||||
}
|
||||
|
||||
function createTables() {
|
||||
function createTables(db) {
|
||||
db.exec(`
|
||||
CREATE TABLE users (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
|
@ -30,7 +22,7 @@ function createTables() {
|
|||
password VARCHAR(50) NOT NULL,
|
||||
gender VARCHAR(20) NOT NULL,
|
||||
date INTEGER NOT NULL,
|
||||
month VARCHAR(3) NOT NULL,
|
||||
month VARCHAR(10) NOT NULL,
|
||||
day INTEGER NOT NULL,
|
||||
year INTEGER NOT NULL
|
||||
);
|
||||
|
@ -51,24 +43,82 @@ function createTables() {
|
|||
banner BLOB,
|
||||
FOREIGN KEY(id) REFERENCES users(id)
|
||||
);
|
||||
`, (err) => {
|
||||
if(err) {
|
||||
console.log(err)
|
||||
}
|
||||
})
|
||||
|
||||
CREATE TABLE sessions (
|
||||
user INTEGER PRIMARY KEY NOT NULL,
|
||||
token TEXT NOT NULL,
|
||||
FOREIGN KEY(user) REFERENCES users(id)
|
||||
);
|
||||
`);
|
||||
}
|
||||
|
||||
function addUser(first, last, email, password, gender, date, month, day, year) {
|
||||
db.exec(`
|
||||
INSERT INTO users (first, last, email, password, gender, date, month, day, year) VALUES (?,?,?,?,?,?,?,?,?);
|
||||
`, [first, last, email, password, gender, date, month, day, year] , (err) => {
|
||||
if(err) {
|
||||
console.log(err)
|
||||
return false
|
||||
} else {
|
||||
return true
|
||||
}
|
||||
})
|
||||
try {
|
||||
const stmt = db.prepare('INSERT OR REPLACE INTO users (first, last, email, password, gender, date, month, day, year) VALUES (@first, @last, @email, @password, @gender, @date, @month, @day, @year);')
|
||||
stmt.run({first, last, email, password, gender, date, month, day, year})
|
||||
return true
|
||||
} catch (err) {
|
||||
console.log(err)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
function getUser(id) {
|
||||
try {
|
||||
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
|
||||
const info = stmt.get({id})
|
||||
if (info === undefined) return undefined
|
||||
return info
|
||||
} catch (err) {
|
||||
console.log(err)
|
||||
return undefined
|
||||
}
|
||||
}
|
||||
|
||||
function getUsers(ids) {
|
||||
try {
|
||||
const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
|
||||
const people = {}
|
||||
db.transaction((ids) => {
|
||||
for (const id of ids) {
|
||||
const info = stmt.get({id})
|
||||
if (info === undefined) continue;
|
||||
delete info.password
|
||||
people[id] = info
|
||||
}
|
||||
})(ids)
|
||||
return people
|
||||
} catch (err) {
|
||||
console.log(err)
|
||||
return undefined
|
||||
}
|
||||
}
|
||||
|
||||
function addPost(user, content, likes, comments, date) {
|
||||
try {
|
||||
const stmt = db.prepare('INSERT OR REPLACE INTO posts (user, content, likes, comments, date) VALUES (@user, @content, @likes, @comments, @date);')
|
||||
const info = stmt.run({user, content, likes, comments, date})
|
||||
return info.changes === 1
|
||||
} catch (err) {
|
||||
console.log(err)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
function getPosts(page) {
|
||||
const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;')
|
||||
const count = 20
|
||||
const info = stmt.all({limit: count, offset: page * count});
|
||||
console.log(info)
|
||||
}
|
||||
|
||||
function setSession(user, token) {
|
||||
try {
|
||||
const stmt = db.prepare('INSERT OR REPLACE INTO sessions (user, token) VALUES (@user, @token);')
|
||||
stmt.run({user, token})
|
||||
return true
|
||||
} catch (err) {
|
||||
console.log(err)
|
||||
return false
|
||||
}
|
||||
}
|
BIN
xssbook.db
BIN
xssbook.db
Binary file not shown.
Loading…
Reference in a new issue