backend init

backend/.gitignore

@@ -0,0 +1,5 @@
+comment.json
+node_modules
+ucs.db
+ucs.db-shm
+ucs.db-wal

backend/main.mjs

@@ -0,0 +1,155 @@
+import express from 'express';
+import Database from 'better-sqlite3';
+import { migrate } from '@blackglory/better-sqlite3-migrations';
+
+// Constants
+
+const MAX_LENGTHS = {
+    username: 100,
+    user_website: 200,
+    message_body: 1000
+};
+
+// functions
+
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}
+
+// db
+
+const db = new Database('ucs.db'); // , { verbose: console.log });
+db.pragma('journal_mode = WAL');
+
+const migrations = [
+    { version: 1,
+      up: `
+CREATE TABLE site (
+  id integer primary key autoincrement,
+  url text not null,
+  comment_token text not null,
+  length_limit integer
+) STRICT;
+
+CREATE TABLE comment (
+  id integer not null,
+  site integer not null,
+  path text not null,
+  user text not null,
+  user_website text,
+  message text not null,
+  published text default (datetime('now')),
+  reply_to integer,
+  FOREIGN KEY(site) REFERENCES site(id),
+  PRIMARY KEY (site, path, id)
+) STRICT;
+      `,
+      down: `
+DROP TABLE comment;
+DROP TABLE site;
+      `
+    }
+];
+
+migrate(db, migrations, 1);
+
+// server
+
+const app = express();
+const port = 8080;
+
+app.use(express.static("public"));
+app.use(express.urlencoded({ extended: true }));
+
+app.get('/', (req, res) => {
+    res.send(`<p>Hello, <span style="color: blue;">${req.get('User-Agent')}</span>!</p>`);
+});
+
+// GET
+app.get('/url/:site/*', (req, res) => {
+    const site = req.params.site;
+    const path = req.params[0];
+    const stmt = db.prepare(`
+SELECT
+  c.id as id,
+  user,
+  user_website,
+  message,
+  published,
+  reply_to
+FROM
+  (SELECT id from site where url = @site) s
+JOIN (SELECT * FROM comment WHERE path = @path) c
+ON c.site = s.id
+ORDER BY c.id
+;`);
+    const comments = stmt.all({ site, path });
+    res.json(comments);
+});
+
+app.use(express.json());
+
+// POST
+app.post('/url/:site/*', (req, res) => {
+    const site = req.params.site;
+    const path = req.params[0];
+    let object = {
+        user: escapeHtml(req.body.user),
+        user_website: escapeHtml(req.body.user_website),
+        message: escapeHtml(req.body.message),
+        reply_to: req.body.reply_to || null,
+        site,
+        path,
+    };
+
+    // validation
+    const user_token = req.body.token;
+    const site_info = db.prepare(`SELECT comment_token, length_limit as message_length_limit FROM site WHERE url = ?`).get(site);
+    console.log(site_info.comment_token, site_info.message_length_limit);
+
+    if (user_token !== site_info.comment_token) {
+        res.status(403).json("Wrong token.");
+    } else if (object.user.length > MAX_LENGTHS.username) {
+        res.status(400).json("Username is too long.");
+    } else if (object.user_website > MAX_LENGTHS.user_website) {
+        res.status(400).json("User website is too long.");
+    } else if (object.message > site_info.message_length_limit) {
+        res.status(400).json("Message body is too long.");
+    } else {
+        const stmt = db.prepare(`
+            INSERT INTO comment(id, site, path, user, user_website, message, reply_to)
+            SELECT
+              ( SELECT count(*)
+                FROM (SELECT * FROM comment WHERE path = @path) c
+                JOIN (SELECT id FROM site WHERE url = @site) s
+                ON s.id = c.id
+              ),
+              ( SELECT id FROM site WHERE url = @site ),
+                @path,
+                @user,
+                @user_website,
+                @message,
+                @reply_to
+            RETURNING
+              id as id,
+              user,
+              user_website,
+              message,
+              published,
+              reply_to
+            ;
+            `);
+        const comment = stmt.all(object);
+
+        res.json(comment);
+    }
+});
+
+app.listen(port, () => {
+    console.log(`Listening on port ${port}`);
+});

backend/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "ucs-backend",
+  "version": "0.1.0",
+  "description": "Backend for the Universal Comment System",
+  "main": "main.mjs",
+  "scripts": {
+    "start": "nodemon main.mjs",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.alloca.space/me/ucs.git"
+  },
+  "author": "alloca",
+  "license": "MPL-2.0",
+  "dependencies": {
+    "@blackglory/better-sqlite3-migrations": "^0.1.19",
+    "better-sqlite3": "^11.8.1",
+    "express": "^4.21.2"
+  },
+  "devDependencies": {
+    "nodemon": "^3.1.9"
+  }
+}