From 98c87eed204aaea6e614ba065c7628d983158cae Mon Sep 17 00:00:00 2001 From: HF Date: Sat, 4 Jan 2020 05:30:00 +0100 Subject: [PATCH] remove express-validator we can install it again if we find more use to it --- package.json | 2 -- src/routes/admintools.js | 48 +++++++++++++------------ src/routes/api/pixel.js | 78 +++++++++++++++++++++++----------------- src/web.js | 7 ---- 4 files changed, 70 insertions(+), 65 deletions(-) diff --git a/package.json b/package.json index 937c3748..7065e549 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,6 @@ "express": "^4.15.3", "express-limiter": "^1.6.0", "express-session": "^1.15.2", - "express-validator": "^3.2.0", "global": "^4.3.2", "hammerjs": "^2.0.8", "http-proxy-agent": "^2.1.0", @@ -83,7 +82,6 @@ "three": "^0.112.1", "three-trackballcontrols-ts": "^0.1.2", "url-search-params-polyfill": "^7.0.0", - "validator": "^7.0.0", "visibilityjs": "^1.2.4", "winston": "^2.3.1", "ws": "^7.1.2" diff --git a/src/routes/admintools.js b/src/routes/admintools.js index 976d7dff..a47a7649 100644 --- a/src/routes/admintools.js +++ b/src/routes/admintools.js @@ -52,8 +52,7 @@ router.use('/', total: 240, expire: 5 * MINUTE, skipHeaders: true, - }), -); + })); /* @@ -70,7 +69,9 @@ router.use(async (req, res, next) => { return; } if (!req.user.isAdmin()) { - logger.info(`${ip} / ${req.user.id} tried to access admintools but isn't Admin`); + logger.info( + `${ip} / ${req.user.id} tried to access admintools but isn't Admin`, + ); res.status(403).send('You are not allowed to access this page'); return; } @@ -123,29 +124,28 @@ async function executeAction(action: string, ip: string): boolean { /* * Check for POST parameters, */ -router.post('/', upload.single('image'), async (req: Request, res: Response, next) => { +router.post('/', upload.single('image'), async (req, res, next) => { try { if (req.file) { - req.checkBody('x', 'x out of limits') - .notEmpty() - .isInt(); - req.checkBody('y', 'y out of limits') - .notEmpty() - .isInt(); - req.checkBody('canvasident', 'canvas name not valid') - .notEmpty(); - req.checkBody('imageaction', 'no imageaction given') - .notEmpty(); + const { imageaction, canvasident } = req.body; - const validationResult = await req.getValidationResult(); - if (!validationResult.isEmpty()) { - res.status(403).send(validationResult.array().toString()); + let error = null; + if (Number.isNaN(req.body.x)) { + error = 'x is not a valid number'; + } else if (Number.isNaN(req.body.y)) { + error = 'y is not a valid number'; + } else if (!imageaction) { + error = 'No imageaction given'; + } else if (!canvasident) { + error = 'No canvas specified'; + } + if (error !== null) { + res.status(403).send(error); return; } - req.sanitizeBody('x').toInt(); - req.sanitizeBody('y').toInt(); + const x = parseInt(req.body.x, 10); + const y = parseInt(req.body.y, 10); - const { x, y, imageaction, canvasident } = req.body; const canvasId = getIdFromObject(canvases, canvasident); if (canvasId === null) { res.status(403).send('This canvas does not exist'); @@ -156,8 +156,8 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex const canvasMaxXY = canvas.size / 2; const canvasMinXY = -canvasMaxXY; - if (x < canvasMinXY || y < canvasMinXY || - x >= canvasMaxXY || y >= canvasMaxXY) { + if (x < canvasMinXY || y < canvasMinXY + || x >= canvasMaxXY || y >= canvasMaxXY) { res.status(403).send('Coordinates are outside of canvas'); return; } @@ -189,7 +189,9 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex if (!ret) { res.status(403).send('Failed'); } else { - res.status(200).send(`Succseefully did ${req.body.action} ${req.body.ip}`); + res.status(200).send( + `Succseefully did ${req.body.action} ${req.body.ip}`, + ); } return; } diff --git a/src/routes/api/pixel.js b/src/routes/api/pixel.js index 27ae4392..63c7b453 100644 --- a/src/routes/api/pixel.js +++ b/src/routes/api/pixel.js @@ -4,14 +4,12 @@ */ import type { Request, Response } from 'express'; -import url from 'url'; import nodeIp from 'ip'; import draw from '../../core/draw'; import { blacklistDetector, cheapDetector, strongDetector } from '../../core/isProxy'; import verifyCaptcha from '../../utils/recaptcha'; import logger from '../../core/logger'; -import { clamp } from '../../core/utils'; import redis from '../../data/redis'; import { USE_PROXYCHECK, RECAPTCHA_SECRET, RECAPTCHA_TIME } from '../../core/config'; import { @@ -20,36 +18,42 @@ import { async function validate(req: Request, res: Response, next) { - // c canvas id - req.checkBody('cn', 'No canvas selected') - .notEmpty() - .isInt(); - // x x coordinage - req.checkBody('x', 'x not a valid integer') - .notEmpty() - .isInt(); - // y y coordinage - req.checkBody('y', 'y not a valid integer') - .notEmpty() - .isInt(); - // clr color - req.checkBody('clr', 'color not valid') - .notEmpty() - .isInt({ min: 2, max: 31 }); + let error = null; + const cn = parseInt(req.body.cn, 10); + const x = parseInt(req.body.x, 10); + const y = parseInt(req.body.y, 10); + const clr = parseInt(req.body.clr, 10); - req.sanitizeBody('cn').toInt(); - req.sanitizeBody('x').toInt(); - req.sanitizeBody('y').toInt(); - req.sanitizeBody('clr').toInt(); - - const validationResult = await req.getValidationResult(); - if (!validationResult.isEmpty()) { - res.status(400).json({ errors: validationResult.array() }); + if (Number.isNaN(cn)) { + error = 'No valid canvas selected'; + } else if (Number.isNaN(x)) { + error = 'x is not a valid number'; + } else if (Number.isNaN(y)) { + error = 'y is not a valid number'; + } else if (Number.isNaN(clr)) { + error = 'No color selected'; + } else if (clr < 2 || clr > 31) { + error = 'Invalid color selected'; + } + if (error !== null) { + res.status(400).json({ errors: [error] }); return; } - const { noauthUser } = req; - let user = req.user; + req.body.cn = cn; + req.body.x = x; + req.body.y = y; + req.body.clr = clr; + + + /** + * make sure that a user is chosen + * req.noauthUser: user with just ip and id set + * req.user: fully passport authenticated user + * api/pixel just requires ip and id, so noauthUser is enough + * a fully authenticated user would cause more SQL requests + */ + let { user } = req; if (!req.user) { req.user = req.noauthUser; user = req.user; @@ -110,9 +114,9 @@ async function checkHuman(req: Request, res: Response, next) { async function checkProxy(req: Request, res: Response, next) { const { trueIp: ip } = req; if (USE_PROXYCHECK && ip != '0.0.0.1') { - const { x, y } = req.body; /* //one area uses stronger detector + const { x, y } = req.body; if ((x > 970 && x < 2380 && y > -11407 && y < -10597) || //nc (x > 4220 && x < 6050 && y > -12955 && y < -11230) || //belarius (x > 14840 && x < 15490 && y > -17380 && y < -16331) || //russian bot @@ -174,7 +178,9 @@ async function place(req: Request, res: Response) { Expires: '0', }); - const { cn, x, y, clr } = req.body; + const { + cn, x, y, clr, + } = req.body; const { user, headers, trueIp } = req; const { ip } = user; @@ -182,7 +188,9 @@ async function place(req: Request, res: Response) { logger.info(`${trueIp} / ${user.id} wants to place ${clr} in (${x}, ${y})`); - const { errorTitle, error, success, waitSeconds, coolDownSeconds } = await draw(user, cn, x, y, clr); + const { + errorTitle, error, success, waitSeconds, coolDownSeconds, + } = await draw(user, cn, x, y, clr); logger.log('debug', success); if (success) { @@ -194,9 +202,13 @@ async function place(req: Request, res: Response) { errors.push({ msg: error }); } if (errorTitle) { - res.json({ success, waitSeconds, coolDownSeconds, errorTitle, errors }); + res.json({ + success, waitSeconds, coolDownSeconds, errorTitle, errors, + }); } else { - res.json({ success, waitSeconds, coolDownSeconds, errors }); + res.json({ + success, waitSeconds, coolDownSeconds, errors, + }); } } } diff --git a/src/web.js b/src/web.js index 8d4d1219..48264173 100644 --- a/src/web.js +++ b/src/web.js @@ -5,7 +5,6 @@ import compression from 'compression'; import express from 'express'; import http from 'http'; import etag from 'etag'; -import expressValidator from 'express-validator'; // import baseCss from './components/base.tcss'; @@ -46,12 +45,6 @@ const server = http.createServer(app); server.on('upgrade', wsupgrade); -/* - * using validator to check user input - */ -app.use(expressValidator()); - - // // API // -----------------------------------------------------------------------------