rate limit shit

.gitignore

@@ -1 +1,3 @@
-node_modules
+node_modules
+.env
+xssbook.db

index.js

@@ -1,7 +1,23 @@
+require('dotenv').config()
+
 const express = require('express')
 const app = express()
 const port = 8080
 
+const rateLimiter = require('express-rate-limit')
+const limiter = (min, count) => {
+  return rateLimiter({
+    windowMs: min * 60 * 1000,
+    max: count,
+    message: 'Too many requests, please try again later.',
+    standardHeaders: true,
+    legacyHeaders: false,
+  })
+}
+
+const cookieParser = require('cookie-parser')
+app.use(cookieParser())
+
 app.use(express.json());
 app.use(express.static('public'))
 
@@ -21,6 +37,10 @@ app.get('/profile', (req, res) => {
   res.sendFile('profile.html', { root: './public' })
 })
 
+app.use('/api', limiter(1,60))
+app.use('/api/register', limiter(60, 5))
+app.use('/api/login', limiter(10, 5))
+
 const api = require('./src/api.js')
 app.use('/api', api);
 

package.json

@@ -9,7 +9,10 @@
   "author": "Tyler Murphy",
   "license": "WTFPL",
   "dependencies": {
+    "better-sqlite3": "^8.0.1",
+    "cookie-parser": "^1.4.6",
+    "dotenv": "^16.0.3",
     "express": "^4.18.2",
-    "sqlite3": "^5.1.4"
+    "express-rate-limit": "^6.7.0"
   }
 }

src/api.js

@@ -6,4 +6,9 @@ router.get('/', (req, res) => {
     res.status(200).send( {msg: 'xssbook api'} )
 })
 
+router.post('/', (req, res) => {
+    res.status(200).send( {msg: 'xssbook api'} )
+})
+
+
 module.exports = router;

src/database.js

@@ -1,26 +1,18 @@
-const sqlite3 = require('sqlite3')
-const path = require('path').resolve(__dirname, '../xssbook.db')
-
-let db = new sqlite3.Database(path, sqlite3.OPEN_READWRITE, (err) => {
-    if (err && err.code == "SQLITE_CANTOPEN") {
-        createDatabase();
-        return;
-    } else if (err) {
-        console.log(err);
-    }
-    addUser('John','Doe','johndoe@gmail.com','password','lettuce',0,'jan',0,69)
-})
+const Database = require('better-sqlite3')
+const db = createDatabase()
 
 function createDatabase() {
-    db = new sqlite3.Database(path, (err) => {
-        if (err) {
-            console.log(err);
-        }
-        createTables();
-    });
+    try {
+        var db = new Database('xssbook.db', { fileMustExist: true });
+        return db
+    } catch (err) {
+        var db = new Database('xssbook.db', {});
+        createTables(db);
+        return db
+    }
 }
 
-function createTables() {
+function createTables(db) {
     db.exec(`
         CREATE TABLE users (
             id          INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -30,7 +22,7 @@ function createTables() {
             password    VARCHAR(50) NOT NULL,
             gender      VARCHAR(20) NOT NULL,
             date        INTEGER NOT NULL,
-            month       VARCHAR(3) NOT NULL,
+            month       VARCHAR(10) NOT NULL,
             day         INTEGER NOT NULL,
             year        INTEGER NOT NULL
         );
@@ -51,24 +43,82 @@ function createTables() {
             banner      BLOB,
             FOREIGN KEY(id) REFERENCES users(id)
         );
-    `, (err) => {
-        if(err) {
-            console.log(err)
-        }
-    })
+
+        CREATE TABLE sessions (
+            user        INTEGER PRIMARY KEY NOT NULL,
+            token       TEXT NOT NULL,  
+            FOREIGN KEY(user) REFERENCES users(id)
+        );
+    `);
 }
 
 function addUser(first, last, email, password, gender, date, month, day, year) {
-    db.exec(`
-        INSERT INTO users (first, last, email, password, gender, date, month, day, year) VALUES (?,?,?,?,?,?,?,?,?);
-    `, [first, last, email, password, gender, date, month, day, year] , (err) => {
-        if(err) {
-            console.log(err)
-            return false
-        } else {
-            return true
-        }
-    })
+    try {
+        const stmt = db.prepare('INSERT OR REPLACE INTO users (first, last, email, password, gender, date, month, day, year) VALUES (@first, @last, @email, @password, @gender, @date, @month, @day, @year);')
+        stmt.run({first, last, email, password, gender, date, month, day, year})
+        return true
+    } catch (err) {
+        console.log(err)
+        return false
+    }
 }
 
+function getUser(id) {
+    try {
+        const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
+        const info = stmt.get({id})
+        if (info === undefined) return undefined
+        return info
+    } catch (err) {
+        console.log(err)
+        return undefined
+    }
+}
 
+function getUsers(ids) {
+    try {
+        const stmt = db.prepare('SELECT * FROM users WHERE id = @id;')
+        const people = {}
+        db.transaction((ids) => {
+            for (const id of ids) {
+                const info = stmt.get({id})
+                if (info === undefined) continue;
+                delete info.password
+                people[id] = info
+            }
+        })(ids)
+        return people
+    } catch (err) {
+        console.log(err)
+        return undefined
+    }
+}
+
+function addPost(user, content, likes, comments, date) {
+    try {
+        const stmt = db.prepare('INSERT OR REPLACE INTO posts (user, content, likes, comments, date) VALUES (@user, @content, @likes, @comments, @date);')
+        const info = stmt.run({user, content, likes, comments, date})
+        return info.changes === 1
+    } catch (err) {
+        console.log(err)
+        return false
+    }
+}
+
+function getPosts(page) {
+    const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;')
+    const count = 20
+    const info = stmt.all({limit: count, offset: page * count});
+    console.log(info)
+}
+
+function setSession(user, token) {
+    try {
+        const stmt = db.prepare('INSERT OR REPLACE INTO sessions (user, token) VALUES (@user, @token);')
+        stmt.run({user, token})
+        return true
+    } catch (err) {
+        console.log(err)
+        return false
+    }
+}