From 2d198c838f113401a1e691d7f99b406ce84f42ca Mon Sep 17 00:00:00 2001 From: me Date: Thu, 13 Mar 2025 23:27:23 +0200 Subject: [PATCH] fix some checks --- backend/main.mjs | 58 ++++++++++++++++++++++++-------------------- backend/package.json | 12 ++++----- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/backend/main.mjs b/backend/main.mjs index f88d91e..8e05b8c 100644 --- a/backend/main.mjs +++ b/backend/main.mjs @@ -98,9 +98,15 @@ app.use(express.json()); app.post('/url/:site/*', (req, res) => { const site = req.params.site; const path = req.params[0]; + + if (!req.body.token || !req.body.message) { + res.status(400).json("הודעה ריקה."); + return; + } + let object = { - user: escapeHtml(req.body.user), - user_website: escapeHtml(req.body.user_website), + user: escapeHtml(req.body.name) || "Anonymous", + user_website: escapeHtml(req.body.website) || null, message: escapeHtml(req.body.message), reply_to: req.body.reply_to || null, site, @@ -113,35 +119,35 @@ app.post('/url/:site/*', (req, res) => { console.log(site_info.comment_token, site_info.message_length_limit); if (user_token !== site_info.comment_token) { - res.status(403).json("Wrong token."); + res.status(403).json("תשובת סינון שגויה."); } else if (object.user.length > MAX_LENGTHS.username) { - res.status(400).json("Username is too long."); + res.status(400).json("שם משתמש ארוך מדי."); } else if (object.user_website > MAX_LENGTHS.user_website) { - res.status(400).json("User website is too long."); + res.status(400).json("כתובת אתר ארוכה מדי."); } else if (object.message > site_info.message_length_limit) { - res.status(400).json("Message body is too long."); + res.status(400).json("הודעה ארוכה מדי."); } else { const stmt = db.prepare(` - INSERT INTO comment(id, site, path, user, user_website, message, reply_to) - SELECT - ( SELECT count(*) - FROM (SELECT * FROM comment WHERE path = @path) c - JOIN (SELECT id FROM site WHERE url = @site) s - ON s.id = c.id - ), - ( SELECT id FROM site WHERE url = @site ), - @path, - @user, - @user_website, - @message, - @reply_to - RETURNING - id as id, - user, - user_website, - message, - published, - reply_to +INSERT INTO comment(id, site, path, user, user_website, message, reply_to) +SELECT + ( SELECT count(*) + FROM (SELECT * FROM comment WHERE path = @path) c + JOIN (SELECT id FROM site WHERE url = @site) s + ON s.id = c.site + ), + ( SELECT id FROM site WHERE url = @site ), + @path, + @user, + @user_website, + @message, + @reply_to +RETURNING + id as id, + user, + user_website, + message, + published, + reply_to ; `); const comment = stmt.all(object); diff --git a/backend/package.json b/backend/package.json index 50379b2..bf02edb 100644 --- a/backend/package.json +++ b/backend/package.json @@ -3,16 +3,16 @@ "version": "0.1.0", "description": "Backend for the Universal Comment System", "main": "main.mjs", - "scripts": { - "start": "nodemon main.mjs", - "test": "echo \"Error: no test specified\" && exit 1" - }, + "author": "alloca", + "license": "MPL-2.0", "repository": { "type": "git", "url": "https://git.alloca.space/me/ucs.git" }, - "author": "alloca", - "license": "MPL-2.0", + "scripts": { + "start": "nodemon main.mjs", + "test": "echo \"Error: no test specified\" && exit 1" + }, "dependencies": { "@blackglory/better-sqlite3-migrations": "^0.1.19", "better-sqlite3": "^11.8.1",