diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-22 22:04:26 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-22 22:04:26 -0500 |
| commit | 4b0a9dd484b5fd03ff25b78935a297c0239ce3bf (patch) | |
| tree | 9fddfc2dc9e5a9fbca39e651869a1a313b15ee46 /src/api | |
| parent | remove js from console (diff) | |
| download | xssbook-4b0a9dd484b5fd03ff25b78935a297c0239ce3bf.tar.gz xssbook-4b0a9dd484b5fd03ff25b78935a297c0239ce3bf.tar.bz2 xssbook-4b0a9dd484b5fd03ff25b78935a297c0239ce3bf.zip | |
fix endpoint, html parse, load more posts
Diffstat (limited to '')
| -rw-r--r-- | src/api.js | 21 |
1 files changed, 14 insertions, 7 deletions
@@ -1,11 +1,18 @@ const express = require('express') const router = express.Router() const database = require('./database.js') +const cheerio = require('cheerio'); const check = (test, type) => { return text === undefined || text === null || typeof test !== type } +const parseText = (test) => { + if (typeof test !== 'string') return undefined; + const $ = cheerio.load(test) + return $("body").html() +} + const text = (test, min, max) => { return check(test, 'string') || test.length > max || test.length < min } @@ -15,15 +22,15 @@ router.get('/', (req, res) => { }) router.post('/auth/register', (req, res) => { - const first = req.body.first; + const first = parseText(req.body.first); if (text(first, 1, 20)) { res.status(400).send( {msg: 'Invalid first name'} ); return; } - const last = req.body.last; + const last = parseText(req.body.last); if (text(last, 1, 20)) { res.status(400).send( {msg: 'Invalid last name'} ); return; } - const email = req.body.email; + const email = parseText(req.body.email); if (text(email, 1, 50)) { res.status(400).send( {msg: 'Invalid email'} ); return; } @@ -31,11 +38,11 @@ router.post('/auth/register', (req, res) => { if (text(password, 1, 50)) { res.status(400).send( {msg: 'Invalid password'} ); return; } - const gender = req.body.gender; + const gender = parseText(req.body.gender); if (text(gender, 1, 100)) { res.status(400).send( {msg: 'Invalid gender'} ); return; } - const month = req.body.month; + const month = parseText(req.body.month); if (text(month, 1, 10)) { res.status(400).send( {msg: 'Invalid month'} ); return; } @@ -92,7 +99,7 @@ router.post('/auth/self', (req, res) => { }) router.post('/posts/create', (req, res) => { - const content = req.body.content + const content = parseText(req.body.content) if (text(content, 1, 1000)) { res.status(400).send({msg: 'Invalid content'}); return; } @@ -146,7 +153,7 @@ router.post('/posts/user', (req, res) => { }) router.put('/posts/comment', (req, res) => { - const content = req.body.content + const content = parseText(req.body.content) if (text(content, 1, 200)) { res.status(400).send({msg: 'Invalid comment content'}); return; } |