diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/api.js | 21 | ||||
| -rw-r--r-- | src/console.js | 2 | ||||
| -rw-r--r-- | src/database.js | 2 |
3 files changed, 16 insertions, 9 deletions
@@ -1,11 +1,18 @@ const express = require('express') const router = express.Router() const database = require('./database.js') +const cheerio = require('cheerio'); const check = (test, type) => { return text === undefined || text === null || typeof test !== type } +const parseText = (test) => { + if (typeof test !== 'string') return undefined; + const $ = cheerio.load(test) + return $("body").html() +} + const text = (test, min, max) => { return check(test, 'string') || test.length > max || test.length < min } @@ -15,15 +22,15 @@ router.get('/', (req, res) => { }) router.post('/auth/register', (req, res) => { - const first = req.body.first; + const first = parseText(req.body.first); if (text(first, 1, 20)) { res.status(400).send( {msg: 'Invalid first name'} ); return; } - const last = req.body.last; + const last = parseText(req.body.last); if (text(last, 1, 20)) { res.status(400).send( {msg: 'Invalid last name'} ); return; } - const email = req.body.email; + const email = parseText(req.body.email); if (text(email, 1, 50)) { res.status(400).send( {msg: 'Invalid email'} ); return; } @@ -31,11 +38,11 @@ router.post('/auth/register', (req, res) => { if (text(password, 1, 50)) { res.status(400).send( {msg: 'Invalid password'} ); return; } - const gender = req.body.gender; + const gender = parseText(req.body.gender); if (text(gender, 1, 100)) { res.status(400).send( {msg: 'Invalid gender'} ); return; } - const month = req.body.month; + const month = parseText(req.body.month); if (text(month, 1, 10)) { res.status(400).send( {msg: 'Invalid month'} ); return; } @@ -92,7 +99,7 @@ router.post('/auth/self', (req, res) => { }) router.post('/posts/create', (req, res) => { - const content = req.body.content + const content = parseText(req.body.content) if (text(content, 1, 1000)) { res.status(400).send({msg: 'Invalid content'}); return; } @@ -146,7 +153,7 @@ router.post('/posts/user', (req, res) => { }) router.put('/posts/comment', (req, res) => { - const content = req.body.content + const content = parseText(req.body.content) if (text(content, 1, 200)) { res.status(400).send({msg: 'Invalid comment content'}); return; } diff --git a/src/console.js b/src/console.js index b2d6b22..8c078df 100644 --- a/src/console.js +++ b/src/console.js @@ -5,7 +5,7 @@ var requests = [] router.get('/', async (req, res) => { res.send(render()) - if(requests.length > 100) { + if(requests.length > 200) { requests.splice(0, 50) } }) diff --git a/src/database.js b/src/database.js index 12964b7..046e670 100644 --- a/src/database.js +++ b/src/database.js @@ -212,7 +212,7 @@ function addPost(user, content) { function getPosts(page) { try { const stmt = db.prepare('SELECT * FROM posts ORDER BY id DESC LIMIT @limit OFFSET @offset;') - const count = 20 + const count = 10 const info = stmt.all({limit: count, offset: page * count}); if (info === undefined || info === {}) { return [] |