remove express-validator
we can install it again if we find more use to it
This commit is contained in:
parent
34a8ff0606
commit
4eb99d3787
|
@ -52,8 +52,7 @@ router.use('/',
|
||||||
total: 240,
|
total: 240,
|
||||||
expire: 5 * MINUTE,
|
expire: 5 * MINUTE,
|
||||||
skipHeaders: true,
|
skipHeaders: true,
|
||||||
}),
|
}));
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -70,7 +69,9 @@ router.use(async (req, res, next) => {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!req.user.isAdmin()) {
|
if (!req.user.isAdmin()) {
|
||||||
logger.info(`${ip} / ${req.user.id} tried to access admintools but isn't Admin`);
|
logger.info(
|
||||||
|
`${ip} / ${req.user.id} tried to access admintools but isn't Admin`,
|
||||||
|
);
|
||||||
res.status(403).send('You are not allowed to access this page');
|
res.status(403).send('You are not allowed to access this page');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -123,29 +124,28 @@ async function executeAction(action: string, ip: string): boolean {
|
||||||
/*
|
/*
|
||||||
* Check for POST parameters,
|
* Check for POST parameters,
|
||||||
*/
|
*/
|
||||||
router.post('/', upload.single('image'), async (req: Request, res: Response, next) => {
|
router.post('/', upload.single('image'), async (req, res, next) => {
|
||||||
try {
|
try {
|
||||||
if (req.file) {
|
if (req.file) {
|
||||||
req.checkBody('x', 'x out of limits')
|
const { imageaction, canvasident } = req.body;
|
||||||
.notEmpty()
|
|
||||||
.isInt();
|
|
||||||
req.checkBody('y', 'y out of limits')
|
|
||||||
.notEmpty()
|
|
||||||
.isInt();
|
|
||||||
req.checkBody('canvasident', 'canvas name not valid')
|
|
||||||
.notEmpty();
|
|
||||||
req.checkBody('imageaction', 'no imageaction given')
|
|
||||||
.notEmpty();
|
|
||||||
|
|
||||||
const validationResult = await req.getValidationResult();
|
let error = null;
|
||||||
if (!validationResult.isEmpty()) {
|
if (Number.isNaN(req.body.x)) {
|
||||||
res.status(403).send(validationResult.array().toString());
|
error = 'x is not a valid number';
|
||||||
|
} else if (Number.isNaN(req.body.y)) {
|
||||||
|
error = 'y is not a valid number';
|
||||||
|
} else if (!imageaction) {
|
||||||
|
error = 'No imageaction given';
|
||||||
|
} else if (!canvasident) {
|
||||||
|
error = 'No imageaction given';
|
||||||
|
}
|
||||||
|
if (error !== null) {
|
||||||
|
res.status(403).json(error);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
req.sanitizeBody('x').toInt();
|
const x = parseInt(req.body.x, 10);
|
||||||
req.sanitizeBody('y').toInt();
|
const y = parseInt(req.body.y, 10);
|
||||||
|
|
||||||
const { x, y, imageaction, canvasident } = req.body;
|
|
||||||
const canvasId = getIdFromObject(canvases, canvasident);
|
const canvasId = getIdFromObject(canvases, canvasident);
|
||||||
if (canvasId === null) {
|
if (canvasId === null) {
|
||||||
res.status(403).send('This canvas does not exist');
|
res.status(403).send('This canvas does not exist');
|
||||||
|
@ -156,8 +156,8 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex
|
||||||
|
|
||||||
const canvasMaxXY = canvas.size / 2;
|
const canvasMaxXY = canvas.size / 2;
|
||||||
const canvasMinXY = -canvasMaxXY;
|
const canvasMinXY = -canvasMaxXY;
|
||||||
if (x < canvasMinXY || y < canvasMinXY ||
|
if (x < canvasMinXY || y < canvasMinXY
|
||||||
x >= canvasMaxXY || y >= canvasMaxXY) {
|
|| x >= canvasMaxXY || y >= canvasMaxXY) {
|
||||||
res.status(403).send('Coordinates are outside of canvas');
|
res.status(403).send('Coordinates are outside of canvas');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -189,7 +189,9 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex
|
||||||
if (!ret) {
|
if (!ret) {
|
||||||
res.status(403).send('Failed');
|
res.status(403).send('Failed');
|
||||||
} else {
|
} else {
|
||||||
res.status(200).send(`Succseefully did ${req.body.action} ${req.body.ip}`);
|
res.status(200).send(
|
||||||
|
`Succseefully did ${req.body.action} ${req.body.ip}`,
|
||||||
|
);
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,14 +4,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import type { Request, Response } from 'express';
|
import type { Request, Response } from 'express';
|
||||||
import url from 'url';
|
|
||||||
import nodeIp from 'ip';
|
import nodeIp from 'ip';
|
||||||
|
|
||||||
import draw from '../../core/draw';
|
import draw from '../../core/draw';
|
||||||
import { blacklistDetector, cheapDetector, strongDetector } from '../../core/isProxy';
|
import { blacklistDetector, cheapDetector, strongDetector } from '../../core/isProxy';
|
||||||
import verifyCaptcha from '../../utils/recaptcha';
|
import verifyCaptcha from '../../utils/recaptcha';
|
||||||
import logger from '../../core/logger';
|
import logger from '../../core/logger';
|
||||||
import { clamp } from '../../core/utils';
|
|
||||||
import redis from '../../data/redis';
|
import redis from '../../data/redis';
|
||||||
import { USE_PROXYCHECK, RECAPTCHA_SECRET, RECAPTCHA_TIME } from '../../core/config';
|
import { USE_PROXYCHECK, RECAPTCHA_SECRET, RECAPTCHA_TIME } from '../../core/config';
|
||||||
import {
|
import {
|
||||||
|
@ -20,36 +18,42 @@ import {
|
||||||
|
|
||||||
|
|
||||||
async function validate(req: Request, res: Response, next) {
|
async function validate(req: Request, res: Response, next) {
|
||||||
// c canvas id
|
let error = null;
|
||||||
req.checkBody('cn', 'No canvas selected')
|
const cn = parseInt(req.body.cn, 10);
|
||||||
.notEmpty()
|
const x = parseInt(req.body.x, 10);
|
||||||
.isInt();
|
const y = parseInt(req.body.y, 10);
|
||||||
// x x coordinage
|
const clr = parseInt(req.body.clr, 10);
|
||||||
req.checkBody('x', 'x not a valid integer')
|
|
||||||
.notEmpty()
|
|
||||||
.isInt();
|
|
||||||
// y y coordinage
|
|
||||||
req.checkBody('y', 'y not a valid integer')
|
|
||||||
.notEmpty()
|
|
||||||
.isInt();
|
|
||||||
// clr color
|
|
||||||
req.checkBody('clr', 'color not valid')
|
|
||||||
.notEmpty()
|
|
||||||
.isInt({ min: 2, max: 31 });
|
|
||||||
|
|
||||||
req.sanitizeBody('cn').toInt();
|
if (Number.isNaN(cn)) {
|
||||||
req.sanitizeBody('x').toInt();
|
error = 'No valid canvas selected';
|
||||||
req.sanitizeBody('y').toInt();
|
} else if (Number.isNaN(x)) {
|
||||||
req.sanitizeBody('clr').toInt();
|
error = 'x is not a valid number';
|
||||||
|
} else if (Number.isNaN(y)) {
|
||||||
const validationResult = await req.getValidationResult();
|
error = 'y is not a valid number';
|
||||||
if (!validationResult.isEmpty()) {
|
} else if (Number.isNaN(clr)) {
|
||||||
res.status(400).json({ errors: validationResult.array() });
|
error = 'No color selected';
|
||||||
|
} else if (clr < 2 || clr > 31) {
|
||||||
|
error = 'Invalid color selected';
|
||||||
|
}
|
||||||
|
if (error !== null) {
|
||||||
|
res.status(400).json({ errors: [error] });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const { noauthUser } = req;
|
req.body.cn = cn;
|
||||||
let user = req.user;
|
req.body.x = x;
|
||||||
|
req.body.y = y;
|
||||||
|
req.body.clr = clr;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* make sure that a user is chosen
|
||||||
|
* req.noauthUser: user with just ip and id set
|
||||||
|
* req.user: fully passport authenticated user
|
||||||
|
* api/pixel just requires ip and id, so noauthUser is enough
|
||||||
|
* a fully authenticated user would cause more SQL requests
|
||||||
|
*/
|
||||||
|
let { user } = req;
|
||||||
if (!req.user) {
|
if (!req.user) {
|
||||||
req.user = req.noauthUser;
|
req.user = req.noauthUser;
|
||||||
user = req.user;
|
user = req.user;
|
||||||
|
@ -110,9 +114,9 @@ async function checkHuman(req: Request, res: Response, next) {
|
||||||
async function checkProxy(req: Request, res: Response, next) {
|
async function checkProxy(req: Request, res: Response, next) {
|
||||||
const { trueIp: ip } = req;
|
const { trueIp: ip } = req;
|
||||||
if (USE_PROXYCHECK && ip != '0.0.0.1') {
|
if (USE_PROXYCHECK && ip != '0.0.0.1') {
|
||||||
const { x, y } = req.body;
|
|
||||||
/*
|
/*
|
||||||
//one area uses stronger detector
|
//one area uses stronger detector
|
||||||
|
const { x, y } = req.body;
|
||||||
if ((x > 970 && x < 2380 && y > -11407 && y < -10597) || //nc
|
if ((x > 970 && x < 2380 && y > -11407 && y < -10597) || //nc
|
||||||
(x > 4220 && x < 6050 && y > -12955 && y < -11230) || //belarius
|
(x > 4220 && x < 6050 && y > -12955 && y < -11230) || //belarius
|
||||||
(x > 14840 && x < 15490 && y > -17380 && y < -16331) || //russian bot
|
(x > 14840 && x < 15490 && y > -17380 && y < -16331) || //russian bot
|
||||||
|
@ -174,7 +178,9 @@ async function place(req: Request, res: Response) {
|
||||||
Expires: '0',
|
Expires: '0',
|
||||||
});
|
});
|
||||||
|
|
||||||
const { cn, x, y, clr } = req.body;
|
const {
|
||||||
|
cn, x, y, clr,
|
||||||
|
} = req.body;
|
||||||
const { user, headers, trueIp } = req;
|
const { user, headers, trueIp } = req;
|
||||||
const { ip } = user;
|
const { ip } = user;
|
||||||
|
|
||||||
|
@ -182,7 +188,9 @@ async function place(req: Request, res: Response) {
|
||||||
|
|
||||||
logger.info(`${trueIp} / ${user.id} wants to place ${clr} in (${x}, ${y})`);
|
logger.info(`${trueIp} / ${user.id} wants to place ${clr} in (${x}, ${y})`);
|
||||||
|
|
||||||
const { errorTitle, error, success, waitSeconds, coolDownSeconds } = await draw(user, cn, x, y, clr);
|
const {
|
||||||
|
errorTitle, error, success, waitSeconds, coolDownSeconds,
|
||||||
|
} = await draw(user, cn, x, y, clr);
|
||||||
logger.log('debug', success);
|
logger.log('debug', success);
|
||||||
|
|
||||||
if (success) {
|
if (success) {
|
||||||
|
@ -194,9 +202,13 @@ async function place(req: Request, res: Response) {
|
||||||
errors.push({ msg: error });
|
errors.push({ msg: error });
|
||||||
}
|
}
|
||||||
if (errorTitle) {
|
if (errorTitle) {
|
||||||
res.json({ success, waitSeconds, coolDownSeconds, errorTitle, errors });
|
res.json({
|
||||||
|
success, waitSeconds, coolDownSeconds, errorTitle, errors,
|
||||||
|
});
|
||||||
} else {
|
} else {
|
||||||
res.json({ success, waitSeconds, coolDownSeconds, errors });
|
res.json({
|
||||||
|
success, waitSeconds, coolDownSeconds, errors,
|
||||||
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,6 @@ import compression from 'compression';
|
||||||
import express from 'express';
|
import express from 'express';
|
||||||
import http from 'http';
|
import http from 'http';
|
||||||
import etag from 'etag';
|
import etag from 'etag';
|
||||||
import expressValidator from 'express-validator';
|
|
||||||
|
|
||||||
|
|
||||||
// import baseCss from './components/base.tcss';
|
// import baseCss from './components/base.tcss';
|
||||||
|
@ -46,12 +45,6 @@ const server = http.createServer(app);
|
||||||
server.on('upgrade', wsupgrade);
|
server.on('upgrade', wsupgrade);
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* using validator to check user input
|
|
||||||
*/
|
|
||||||
app.use(expressValidator());
|
|
||||||
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// API
|
// API
|
||||||
// -----------------------------------------------------------------------------
|
// -----------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue
Block a user