me/ucs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix some checks

Browse Source
This commit is contained in:
me 2025-03-13 23:27:23 +02:00
parent f4fbbbeadd
commit 2d198c838f
2 changed files with 38 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
backend/main.mjs
View File

@ -98,9 +98,15 @@ app.use(express.json());
app.post('/url/:site/*', (req, res) => { app.post('/url/:site/*', (req, res) => {
const site = req.params.site; const site = req.params.site;
const path = req.params[0]; const path = req.params[0];
if (!req.body.token || !req.body.message) {
res.status(400).json("הודעה ריקה.");
return;
}
let object = { let object = {
user: escapeHtml(req.body.user), user: escapeHtml(req.body.name) || "Anonymous",
user_website: escapeHtml(req.body.user_website), user_website: escapeHtml(req.body.website) || null,
message: escapeHtml(req.body.message), message: escapeHtml(req.body.message),
reply_to: req.body.reply_to || null, reply_to: req.body.reply_to || null,
site, site,
@ -113,35 +119,35 @@ app.post('/url/:site/*', (req, res) => {
console.log(site_info.comment_token, site_info.message_length_limit); console.log(site_info.comment_token, site_info.message_length_limit);
if (user_token !== site_info.comment_token) { if (user_token !== site_info.comment_token) {
res.status(403).json("Wrong token."); res.status(403).json("תשובת סינון שגויה.");
} else if (object.user.length > MAX_LENGTHS.username) { } else if (object.user.length > MAX_LENGTHS.username) {
res.status(400).json("Username is too long."); res.status(400).json("שם משתמש ארוך מדי.");
} else if (object.user_website > MAX_LENGTHS.user_website) { } else if (object.user_website > MAX_LENGTHS.user_website) {
res.status(400).json("User website is too long."); res.status(400).json("כתובת אתר ארוכה מדי.");
} else if (object.message > site_info.message_length_limit) { } else if (object.message > site_info.message_length_limit) {
res.status(400).json("Message body is too long."); res.status(400).json("הודעה ארוכה מדי.");
} else { } else {
const stmt = db.prepare(` const stmt = db.prepare(`
INSERT INTO comment(id, site, path, user, user_website, message, reply_to) INSERT INTO comment(id, site, path, user, user_website, message, reply_to)
SELECT SELECT
( SELECT count(*) ( SELECT count(*)
FROM (SELECT * FROM comment WHERE path = @path) c FROM (SELECT * FROM comment WHERE path = @path) c
JOIN (SELECT id FROM site WHERE url = @site) s JOIN (SELECT id FROM site WHERE url = @site) s
ON s.id = c.id ON s.id = c.site
), ),
( SELECT id FROM site WHERE url = @site ), ( SELECT id FROM site WHERE url = @site ),
@path, @path,
@user, @user,
@user_website, @user_website,
@message, @message,
@reply_to @reply_to
RETURNING RETURNING
id as id, id as id,
user, user,
user_website, user_website,
message, message,
published, published,
reply_to reply_to
; ;
`); `);
const comment = stmt.all(object); const comment = stmt.all(object);

12
backend/package.json
View File

@ -3,16 +3,16 @@
"version": "0.1.0", "version": "0.1.0",
"description": "Backend for the Universal Comment System", "description": "Backend for the Universal Comment System",
"main": "main.mjs", "main": "main.mjs",
"scripts": { "author": "alloca",
"start": "nodemon main.mjs", "license": "MPL-2.0",
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": { "repository": {
"type": "git", "type": "git",
"url": "https://git.alloca.space/me/ucs.git" "url": "https://git.alloca.space/me/ucs.git"
}, },
"author": "alloca", "scripts": {
"license": "MPL-2.0", "start": "nodemon main.mjs",
"test": "echo \"Error: no test specified\" && exit 1"
},
"dependencies": { "dependencies": {
"@blackglory/better-sqlite3-migrations": "^0.1.19", "@blackglory/better-sqlite3-migrations": "^0.1.19",
"better-sqlite3": "^11.8.1", "better-sqlite3": "^11.8.1",