fix some checks

2025-03-13 23:27:23 +02:00 · 2025-03-13 23:27:23 +02:00 · 2d198c838f
commit 2d198c838f
parent f4fbbbeadd
2 changed files with 38 additions and 32 deletions
--- a/backend/main.mjs
+++ b/backend/main.mjs
@ -98,9 +98,15 @@ app.use(express.json());
 app.post('/url/:site/*', (req, res) => {
    const site = req.params.site;
    const path = req.params[0];
+
+    if (!req.body.token || !req.body.message) {
+        res.status(400).json("הודעה ריקה.");
+        return;
+    }
+
    let object = {
-        user: escapeHtml(req.body.user),
-        user_website: escapeHtml(req.body.user_website),
+        user: escapeHtml(req.body.name) || "Anonymous",
+        user_website: escapeHtml(req.body.website) || null,
        message: escapeHtml(req.body.message),
        reply_to: req.body.reply_to || null,
        site,
@ -113,35 +119,35 @@ app.post('/url/:site/*', (req, res) => {
    console.log(site_info.comment_token, site_info.message_length_limit);

    if (user_token !== site_info.comment_token) {
-        res.status(403).json("Wrong token.");
+        res.status(403).json("תשובת סינון שגויה.");
    } else if (object.user.length > MAX_LENGTHS.username) {
-        res.status(400).json("Username is too long.");
+        res.status(400).json("שם משתמש ארוך מדי.");
    } else if (object.user_website > MAX_LENGTHS.user_website) {
-        res.status(400).json("User website is too long.");
+        res.status(400).json("כתובת אתר ארוכה מדי.");
    } else if (object.message > site_info.message_length_limit) {
-        res.status(400).json("Message body is too long.");
+        res.status(400).json("הודעה ארוכה מדי.");
    } else {
        const stmt = db.prepare(`
-            INSERT INTO comment(id, site, path, user, user_website, message, reply_to)
-            SELECT
-              ( SELECT count(*)
-                FROM (SELECT * FROM comment WHERE path = @path) c
-                JOIN (SELECT id FROM site WHERE url = @site) s
-                ON s.id = c.id
-              ),
-              ( SELECT id FROM site WHERE url = @site ),
-                @path,
-                @user,
-                @user_website,
-                @message,
-                @reply_to
-            RETURNING
-              id as id,
-              user,
-              user_website,
-              message,
-              published,
-              reply_to
+INSERT INTO comment(id, site, path, user, user_website, message, reply_to)
+SELECT
+  ( SELECT count(*)
+    FROM (SELECT * FROM comment WHERE path = @path) c
+    JOIN (SELECT id FROM site WHERE url = @site) s
+    ON s.id = c.site
+  ),
+  ( SELECT id FROM site WHERE url = @site ),
+    @path,
+    @user,
+    @user_website,
+    @message,
+    @reply_to
+RETURNING
+  id as id,
+  user,
+  user_website,
+  message,
+  published,
+  reply_to
            ;
            `);
        const comment = stmt.all(object);
--- a/backend/package.json
+++ b/backend/package.json
@ -3,16 +3,16 @@
  "version": "0.1.0",
  "description": "Backend for the Universal Comment System",
  "main": "main.mjs",
-  "scripts": {
-    "start": "nodemon main.mjs",
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
+  "author": "alloca",
+  "license": "MPL-2.0",
  "repository": {
    "type": "git",
    "url": "https://git.alloca.space/me/ucs.git"
  },
-  "author": "alloca",
-  "license": "MPL-2.0",
+  "scripts": {
+    "start": "nodemon main.mjs",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
  "dependencies": {
    "@blackglory/better-sqlite3-migrations": "^0.1.19",
    "better-sqlite3": "^11.8.1",