diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-22 14:41:39 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2023-01-22 14:41:39 -0500 |
| commit | 7f1a57d1a6a42485b5baeb4af8630baa2de8623c (patch) | |
| tree | e2fd3e49e88a081a3bd9686683b57c87f24b2160 /src/api | |
| parent | remove db from commit (diff) | |
| download | xssbook-7f1a57d1a6a42485b5baeb4af8630baa2de8623c.tar.gz xssbook-7f1a57d1a6a42485b5baeb4af8630baa2de8623c.tar.bz2 xssbook-7f1a57d1a6a42485b5baeb4af8630baa2de8623c.zip | |
finish
Diffstat (limited to '')
| -rw-r--r-- | src/api.js | 221 |
1 files changed, 219 insertions, 2 deletions
@@ -2,13 +2,230 @@ const express = require('express') const router = express.Router() const database = require('./database.js') +const check = (test, type) => { + return text === undefined || text === null || typeof test !== type +} + +const text = (test, min, max) => { + return check(test, 'string') || test.length > max || test.length < min +} + router.get('/', (req, res) => { res.status(200).send( {msg: 'xssbook api'} ) }) -router.post('/', (req, res) => { - res.status(200).send( {msg: 'xssbook api'} ) +router.post('/auth/register', (req, res) => { + const first = req.body.first; + if (text(first, 1, 20)) { + res.status(400).send( {msg: 'Invalid first name'} ); return; + } + const last = req.body.last; + if (text(last, 1, 20)) { + res.status(400).send( {msg: 'Invalid last name'} ); return; + } + const email = req.body.email; + if (text(email, 1, 50)) { + res.status(400).send( {msg: 'Invalid email'} ); return; + } + const password = req.body.password; + if (text(password, 1, 50)) { + res.status(400).send( {msg: 'Invalid password'} ); return; + } + const gender = req.body.gender; + if (text(gender, 1, 100)) { + res.status(400).send( {msg: 'Invalid gender'} ); return; + } + const month = req.body.month; + if (text(month, 1, 10)) { + res.status(400).send( {msg: 'Invalid month'} ); return; + } + const day = req.body.day; + if (check(day, 'number')) { + res.status(400).send( {msg: 'Invalid day'} ); return; + } + const year = req.body.year; + if (check(year, 'number')) { + res.status(400).send( {msg: 'Invalid year'} ); return; + } + let exists = database.getUserByEmail(email); + if (exists !== undefined) { + res.status(400).send( {msg: 'Email is already in use'} ); return; + } + exists = database.getUserByPassword(password); + if (exists !== undefined) { + res.status(400).send( {msg: `Password is already in use by ${exists.email}`} ); return; + } + const key = database.register(first, last, email, password, gender, month, day, year); + if (key === undefined) { + res.status(500).send( {msg: 'Failed to register user'} ); return; + } + res.status(200).cookie('auth', key).send({msg: 'Successfully registered new user'}) +}) + +router.post('/auth/login', (req, res) => { + const email = req.body.email + if (check(email, 'string')) { + res.status(400).send( {msg: 'Invalid email'} ); return; + } + const password = req.body.password + if (check(password, 'string')) { + res.status(400).send( {msg: 'Invalid password'} ); return; + } + const key = database.login(email, password) + if (key === undefined) { + res.status(400).send( {msg: 'Invalid login combination'} ); return; + } + res.status(200).cookie('auth', key).send({msg: 'Successfully logged in'}) +}) + +router.post('/auth/self', (req, res) => { + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + delete user.password + res.status(200).send(user) +}) + +router.post('/posts/create', (req, res) => { + const content = req.body.content + if (text(content, 1, 420)) { + res.status(400).send({msg: 'Invalid content'}); return; + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const success = database.addPost(user.id, content) + if (!success) { + res.status(500).send({msg: 'Failed to create post'}) + } + res.status(200).send({msg: 'Successfully created post'}) +}) + +router.post('/posts/load', (req, res) => { + const page = req.body.page + if (check(page, 'number') || page < 0) { + res.status(400).send({msg: 'Invalid page'}); return; + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const data = database.getPosts(page) + res.status(200).send(data) +}) + +router.post('/posts/user', (req, res) => { + const id = req.body.id + if (check(id, 'number')) { + res.status(400).send({msg: 'Invalid user id'}); return; + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const data = database.getUsersPosts(id) + res.status(200).send(data) +}) + +router.put('/posts/comment', (req, res) => { + const content = req.body.content + if (text(content, 1, 200)) { + res.status(400).send({msg: 'Invalid comment content'}); return; + } + const id = req.body.id + if (check(id, 'number')) { + res.status(400).send({msg: 'Invalid post id'}); return; + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const success = database.comment(id, user.id, content) + if (!success) { + res.status(500).send({msg: 'Failed to add comment to post'}); return; + } + res.status(200).send({msg: 'Successfully posted comment'}) }) +router.put('/posts/like', (req, res) => { + const state = req.body.state + if (check(state, 'boolean')) { + res.status(400).send({msg: 'Invalid like state'}); return; + } + const id = req.body.id + if (check(id, 'number')) { + res.status(400).send({msg: 'Invalid post id'}); return; + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const success = database.like(id, user.id, state) + if (!success) { + res.status(500).send({msg: 'Failed to change like state on post'}); return; + } + res.status(200).send({msg: 'Successfully changed like state on post'}) +}) + +router.post('/users/load', (req, res) => { + const ids = req.body.ids + if (!Array.isArray(ids)) { + res.status(400).send({msg: 'Invalid ids'}); return; + } + for (const id of ids) { + if (typeof id !== 'number') { + res.status(400).send({msg: 'Invalid ids'}); return; + } + } + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const data = database.getUsers(ids) + res.status(200).send(data) +}) + +router.post('/users/all', (req, res) => { + const cookies = req.cookies; + if (cookies === undefined || cookies.auth === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const user = database.auth(req.cookies.auth) + if (user === undefined) { + res.status(401).send({msg: 'Unauthorized'}); return; + } + const data = database.getAllUsers() + res.status(200).send(data) +}) module.exports = router;
\ No newline at end of file |