i changed a lot of shit

author: Tyler Murphy <tylermurphy534@gmail.com> 2023-01-23 21:40:41 -0500
committer: Tyler Murphy <tylermurphy534@gmail.com> 2023-01-23 21:40:41 -0500
commit: 15f2b32511e9b4c0479ad03c18a69653328f36b1 (patch)
tree: c9b4782bfc0b790ab1e19c7b3e2ac43d22b005e7 /src/api
parent: fix endpoint, html parse, load more posts (diff)
download: xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.tar.gz
xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.tar.bz2
xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.zip
5 files changed, 265 insertions, 238 deletions
diff --git a/src/api.js b/src/api.js
deleted file mode 100644
index 2c99430..0000000
--- a/src/api.js
+++ /dev/null
@@ -1,238 +0,0 @@
-const express = require('express')
-const router = express.Router()
-const database = require('./database.js')
-const cheerio = require('cheerio');
-
-const check = (test, type) => {
-    return text === undefined || text === null || typeof test !== type
-}
-
-const parseText = (test) => {
-    if (typeof test !== 'string') return undefined;
-    const $ = cheerio.load(test)
-    return $("body").html()
-}
-
-const text = (test, min, max) => {
-    return check(test, 'string') || test.length > max || test.length < min
-}
-
-router.get('/', (req, res) => {
-    res.status(200).send( {msg: 'xssbook api'} )
-})
-
-router.post('/auth/register', (req, res) => {
-    const first = parseText(req.body.first);
-    if (text(first, 1, 20)) {
-        res.status(400).send( {msg: 'Invalid first name'} ); return;
-    }
-    const last = parseText(req.body.last);
-    if (text(last, 1, 20)) {
-        res.status(400).send( {msg: 'Invalid last name'} ); return;
-    }
-    const email = parseText(req.body.email);
-    if (text(email, 1, 50)) {
-        res.status(400).send( {msg: 'Invalid email'} ); return;
-    }
-    const password = req.body.password;
-    if (text(password, 1, 50)) {
-        res.status(400).send( {msg: 'Invalid password'} ); return;
-    }
-    const gender = parseText(req.body.gender);
-    if (text(gender, 1, 100)) {
-        res.status(400).send( {msg: 'Invalid gender'} ); return;
-    }
-    const month = parseText(req.body.month);
-    if (text(month, 1, 10)) {
-        res.status(400).send( {msg: 'Invalid month'} ); return;
-    }
-    const day = req.body.day;
-    if (check(day, 'number')) {
-        res.status(400).send( {msg: 'Invalid day'} ); return;
-    }
-    const year = req.body.year;
-    if (check(year, 'number')) {
-        res.status(400).send( {msg: 'Invalid year'} ); return;
-    }
-    let exists = database.getUserByEmail(email);
-    if (exists !== undefined) {
-        res.status(400).send( {msg: 'Email is already in use'} ); return;
-    }
-    exists = database.getUserByPassword(password);
-    if (exists !== undefined) {
-        res.status(400).send( {msg: `Password is already in use by ${exists.email}`} ); return;
-    }
-    const key = database.register(first, last, email, password, gender, month, day, year);
-    if (key === undefined) {
-        res.status(500).send( {msg: 'Failed to register user'} ); return;
-    }
-    res.status(200).cookie('auth', key, { maxAge: 365 * 24 * 60 * 60 * 1000, sameSite: 'strict' }).send({msg: 'Successfully registered new user'})
-})
-
-router.post('/auth/login', (req, res) => {
-    const email = req.body.email
-    if (check(email, 'string')) {
-        res.status(400).send( {msg: 'Invalid email'} ); return;
-    }
-    const password = req.body.password
-    if (check(password, 'string')) {
-        res.status(400).send( {msg: 'Invalid password'} ); return;
-    }
-    const key = database.login(email, password)
-    if (key === undefined) {
-        res.status(400).send( {msg: 'Invalid login combination'} ); return;
-    }
-    res.status(200).cookie('auth', key, { maxAge: 365 * 24 * 60 * 60 * 1000, sameSite: 'strict' }).send({msg: 'Successfully logged in'})
-})
-
-router.post('/auth/self', (req, res) => {
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    delete user.password
-    res.status(200).send(user)
-})
-
-router.post('/posts/create', (req, res) => {
-    const content = parseText(req.body.content)
-    if (text(content, 1, 1000)) {
-        res.status(400).send({msg: 'Invalid content'}); return;
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const success = database.addPost(user.id, content)
-    if (!success) {
-        res.status(500).send({msg: 'Failed to create post'})
-    }
-    res.status(200).send({msg: 'Successfully created post'})
-})
-
-router.post('/posts/load', (req, res) => {
-    const page = req.body.page
-    if (check(page, 'number') || page < 0) {
-        res.status(400).send({msg: 'Invalid page'}); return;
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const data = database.getPosts(page)
-    res.status(200).send(data)
-})
-
-router.post('/posts/user', (req, res) => {
-    const id = req.body.id
-    if (check(id, 'number')) {
-        res.status(400).send({msg: 'Invalid user id'}); return;
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const data = database.getUsersPosts(id)
-    res.status(200).send(data)
-})
-
-router.put('/posts/comment', (req, res) => {
-    const content = parseText(req.body.content)
-    if (text(content, 1, 200)) {
-        res.status(400).send({msg: 'Invalid comment content'}); return;
-    }
-    const id = req.body.id
-    if (check(id, 'number')) {
-        res.status(400).send({msg: 'Invalid post id'}); return;
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const success = database.comment(id, user.id, content)
-    if (!success) {
-        res.status(500).send({msg: 'Failed to add comment to post'}); return;
-    }
-    res.status(200).send({msg: 'Successfully posted comment'})
-})
-
-router.put('/posts/like', (req, res) => {
-    const state = req.body.state
-    if (check(state, 'boolean')) {
-        res.status(400).send({msg: 'Invalid like state'}); return;
-    }
-    const id = req.body.id
-    if (check(id, 'number')) {
-        res.status(400).send({msg: 'Invalid post id'}); return;
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const success = database.like(id, user.id, state)
-    if (!success) {
-        res.status(500).send({msg: 'Failed to change like state on post'}); return;
-    }
-    res.status(200).send({msg: 'Successfully changed like state on post'})
-})
-
-router.post('/users/load', (req, res) => {
-    const ids = req.body.ids
-    if (!Array.isArray(ids)) {
-        res.status(400).send({msg: 'Invalid ids'}); return;
-    }
-    for (const id of ids) {
-        if (typeof id !== 'number') {
-            res.status(400).send({msg: 'Invalid ids'}); return;
-        }
-    }
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const data = database.getUsers(ids)
-    res.status(200).send(data)
-})
-
-router.post('/users/all', (req, res) => {
-    const cookies = req.cookies;
-    if (cookies === undefined || cookies.auth === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const user = database.auth(req.cookies.auth)
-    if (user === undefined) {
-        res.status(401).send({msg: 'Unauthorized'}); return;
-    }
-    const data = database.getAllUsers()
-    res.status(200).send(data)
-})
-
-module.exports = router;
-\ No newline at end of file
diff --git a/src/api/auth.js b/src/api/auth.js
new file mode 100644
index 0000000..8ef61f0
--- /dev/null
+++ b/src/api/auth.js
@@ -0,0 +1,72 @@
+const express = require('express')
+const router = express.Router()
+const cache = require('../cache')
+const check = require('../check')
+
+
+router.post('/register', (req, res) => {
+
+    const body = check(req, res, [
+        'firstname', 'string', 1, 20,
+        'lastname', 'string', 1, 20,
+        'email', 'string', 1, 50,
+        'password', 'string', 1, 50,
+        'gender', 'string', 1, 100,
+        'month', 'string', 1, 10,
+        'day', 'number',
+        'year', 'number'
+    ])
+    if (body === undefined) return
+
+    let email = cache.getUserByEmail(body.email);
+    if (email !== undefined) {
+        res.status(400).send({ msg: 'Email is already in use' })
+        return
+    }
+
+    let password = cache.getUserByPassword(req.body.password);
+    if (password !== undefined) {
+        res.status(400).send({ msg: `Password is already in use by ${password.email}` })
+        return
+    }
+    
+    const key = cache.register(body.firstname, body.lastname, body.email, req.body.password, body.gender, body.month, body.day, body.year)
+    if (key === undefined) {
+        res.status(500).send({ msg: 'Failed to register user' })
+        return
+    }
+    
+    res
+    .status(200)
+    .cookie('auth', key, { 
+        maxAge: 365 * 24 * 60 * 60 * 1000, 
+        sameSite: 'strict' 
+    })
+    .send({ msg: 'Successfully registered new user' })
+})
+
+
+router.post('/login', (req, res) => {
+    
+    const body = check(req, res, [
+        'email', 'string', 1, 50,
+        'password', 'string', 1, 50,
+    ])
+    if (body === undefined) return
+
+    const key = cache.login(body.email, body.password)
+    if (key === undefined) {
+        res.status(400).send( {msg: 'Invalid login combination'} )
+        return
+    }
+
+    res
+    .status(200)
+    .cookie('auth', key, { 
+        maxAge: 365 * 24 * 60 * 60 * 1000, 
+        sameSite: 'strict' 
+    })
+    .send({msg: 'Successfully logged in'})
+})
+
+module.exports = router;
+\ No newline at end of file
diff --git a/src/api/pages.js b/src/api/pages.js
new file mode 100644
index 0000000..7d79c0c
--- /dev/null
+++ b/src/api/pages.js
@@ -0,0 +1,77 @@
+const express = require('express')
+const router = express.Router()
+const cache = require('../cache')
+
+
+router.get('/', (req, res) => {
+
+    if (res.locals.user === undefined) {
+        res.redirect('/login')
+    } else {
+        res.redirect('/home')
+    }
+
+})
+
+
+router.get('/login', (req, res) => {
+
+    if (res.locals.user !== undefined) {
+        res.redirect('/home')
+        return
+    }
+
+    res.sendFile('login.html', { root: './public' })
+})
+
+
+router.get('/logout', (req, res) => {
+
+    if (res.locals.user === undefined) {
+        res.redirect('/login')
+    }
+
+    if (!cache.logout(req.cookies.auth)) {
+        res.status(500).send({msg: 'Failed to logout'})
+        return
+    }
+
+    res.clearCookie('auth').redirect('/login')
+
+})
+
+
+router.get('/home', (req, res) => {
+
+    if (res.locals.user === undefined) {
+        res.redirect('/login')
+        return
+    }
+
+    res.sendFile('home.html', { root: './public' })
+})
+  
+
+router.get('/people', (req, res) => {
+
+    if (res.locals.user === undefined) {
+        res.redirect('/login')
+        return
+    }
+
+    res.sendFile('people.html', { root: './public' })
+})
+
+  
+router.get('/profile', (req, res) => {
+
+    if (res.locals.user === undefined) {
+        res.redirect('/login')
+        return
+    }
+
+    res.sendFile('profile.html', { root: './public' })
+})
+
+
+module.exports = router
+\ No newline at end of file
diff --git a/src/api/posts.js b/src/api/posts.js
new file mode 100644
index 0000000..974e4c4
--- /dev/null
+++ b/src/api/posts.js
@@ -0,0 +1,81 @@
+const express = require('express')
+const router = express.Router()
+const cache = require('../cache')
+const check = require('../check')
+
+
+router.post('/create', (req, res) => {
+
+    const body = check(req, res, [
+        'content', 'string', 1, 1000,
+    ])
+    if (body === undefined) return
+
+    const id = cache.addPost(res.locals.user.id, content)
+    if (id === -1) {
+        res.status(500).send({msg: 'Failed to create post'})
+        return
+    }
+
+    res.status(200).send({msg: id})
+})
+
+
+router.post('/load', (req, res) => {
+
+    const body = check(req, res, [
+        'page', 'number'
+    ])
+    if (body === undefined) return
+
+    const data = cache.getPostsPage(body.page)
+    res.status(200).send(data)
+})
+
+
+router.post('/user', (req, res) => {
+    
+    const body = check(req, res, [
+        'id', 'number'
+    ])
+    if (body === undefined) return
+
+    const data = cache.getUsersPosts(body.id)
+    res.status(200).send(data)
+})
+
+
+router.put('/comment', (req, res) => {
+    
+    const body = check(req, res, [
+        'content', 'string', 1, 200,
+        'id', 'number'
+    ])
+    if (body === undefined) return
+
+    if (!cache.comment(body.id, res.locals.user.id, body.content)) {
+        res.status(500).send({msg: 'Failed to add comment to post'})
+        return
+    }
+
+    res.status(200).send({msg: 'Successfully posted comment'})
+})
+
+
+router.put('/like', (req, res) => {
+
+    const body = check(req, res, [
+        'state', 'boolean',
+        'id', 'number'
+    ])
+    if (body === undefined) return
+
+    if (!cache.like(body.id, res.locals.user.id, body.state)) {
+        res.status(500).send({msg: 'Failed to change like state on post'})
+        return
+    }
+
+    res.status(200).send({msg: 'Successfully changed like state on post'})
+})
+
+module.exports = router;
+\ No newline at end of file
diff --git a/src/api/users.js b/src/api/users.js
new file mode 100644
index 0000000..689904c
--- /dev/null
+++ b/src/api/users.js
@@ -0,0 +1,35 @@
+const express = require('express')
+const router = express.Router()
+const cache = require('../cache')
+const check = require('../check')
+
+
+router.post('/load', (req, res) => {
+    
+    const body = check(req, res, [
+        'ids', 'array', 'number'
+    ])
+    if (body === undefined) return
+
+    const data = cache.getUsers(body.ids)
+    res.status(200).send(data)
+})
+
+
+router.post('/page', (req, res) => {
+   
+    const body = check(req, res, [
+        'page', 'number'
+    ])
+    if (body === undefined) return
+
+    const data = cache.getUsersPage(body.page)
+    res.status(200).send(data)
+})
+
+
+router.post('/self', (req, res) => {
+    res.status(200).send(res.locals.user)
+})
+
+module.exports = router;
+\ No newline at end of file
author	Tyler Murphy <tylermurphy534@gmail.com>	2023-01-23 21:40:41 -0500
committer	Tyler Murphy <tylermurphy534@gmail.com>	2023-01-23 21:40:41 -0500
commit	15f2b32511e9b4c0479ad03c18a69653328f36b1 (patch)
tree	c9b4782bfc0b790ab1e19c7b3e2ac43d22b005e7 /src/api
parent	fix endpoint, html parse, load more posts (diff)
download	xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.tar.gz xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.tar.bz2 xssbook-15f2b32511e9b4c0479ad03c18a69653328f36b1.zip