ppfun/pixelplanet
13
Fork 18
Code Issues 24 Pull Requests Releases 2 Activity

remove express-validator

Browse Source 
we can install it again if we find more use to it
This commit is contained in:
HF 2020-01-04 05:30:00 +01:00
parent 34a8ff0606
commit 98c87eed20
4 changed files with 70 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -38,7 +38,6 @@
"express": "^4.15.3",
"express-limiter": "^1.6.0",
"express-session": "^1.15.2",
"express-validator": "^3.2.0",
"global": "^4.3.2",
"hammerjs": "^2.0.8",
"http-proxy-agent": "^2.1.0",
@ -83,7 +82,6 @@
"three": "^0.112.1",
"three-trackballcontrols-ts": "^0.1.2",
"url-search-params-polyfill": "^7.0.0",
"validator": "^7.0.0",
"visibilityjs": "^1.2.4",
"winston": "^2.3.1",
"ws": "^7.1.2"

48
src/routes/admintools.js
View File

@ -52,8 +52,7 @@ router.use('/',
total: 240,
expire: 5 * MINUTE,
skipHeaders: true,
}),
);
}));
/*
@ -70,7 +69,9 @@ router.use(async (req, res, next) => {
return;
}
if (!req.user.isAdmin()) {
logger.info(`${ip} / ${req.user.id} tried to access admintools but isn't Admin`);
logger.info(
`${ip} / ${req.user.id} tried to access admintools but isn't Admin`,
);
res.status(403).send('You are not allowed to access this page');
return;
}
@ -123,29 +124,28 @@ async function executeAction(action: string, ip: string): boolean {
/*
* Check for POST parameters,
*/
router.post('/', upload.single('image'), async (req: Request, res: Response, next) => {
router.post('/', upload.single('image'), async (req, res, next) => {
try {
if (req.file) {
req.checkBody('x', 'x out of limits')
.notEmpty()
.isInt();
req.checkBody('y', 'y out of limits')
.notEmpty()
.isInt();
req.checkBody('canvasident', 'canvas name not valid')
.notEmpty();
req.checkBody('imageaction', 'no imageaction given')
.notEmpty();
const { imageaction, canvasident } = req.body;
const validationResult = await req.getValidationResult();
if (!validationResult.isEmpty()) {
res.status(403).send(validationResult.array().toString());
let error = null;
if (Number.isNaN(req.body.x)) {
error = 'x is not a valid number';
} else if (Number.isNaN(req.body.y)) {
error = 'y is not a valid number';
} else if (!imageaction) {
error = 'No imageaction given';
} else if (!canvasident) {
error = 'No canvas specified';
}
if (error !== null) {
res.status(403).send(error);
return;
}
req.sanitizeBody('x').toInt();
req.sanitizeBody('y').toInt();
const x = parseInt(req.body.x, 10);
const y = parseInt(req.body.y, 10);
const { x, y, imageaction, canvasident } = req.body;
const canvasId = getIdFromObject(canvases, canvasident);
if (canvasId === null) {
res.status(403).send('This canvas does not exist');
@ -156,8 +156,8 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex
const canvasMaxXY = canvas.size / 2;
const canvasMinXY = -canvasMaxXY;
if (x < canvasMinXY || y < canvasMinXY ||
x >= canvasMaxXY || y >= canvasMaxXY) {
if (x < canvasMinXY || y < canvasMinXY
|| x >= canvasMaxXY || y >= canvasMaxXY) {
res.status(403).send('Coordinates are outside of canvas');
return;
}
@ -189,7 +189,9 @@ router.post('/', upload.single('image'), async (req: Request, res: Response, nex
if (!ret) {
res.status(403).send('Failed');
} else {
res.status(200).send(`Succseefully did ${req.body.action} ${req.body.ip}`);
res.status(200).send(
`Succseefully did ${req.body.action} ${req.body.ip}`,
);
}
return;
}

78
src/routes/api/pixel.js
View File

@ -4,14 +4,12 @@
*/
import type { Request, Response } from 'express';
import url from 'url';
import nodeIp from 'ip';
import draw from '../../core/draw';
import { blacklistDetector, cheapDetector, strongDetector } from '../../core/isProxy';
import verifyCaptcha from '../../utils/recaptcha';
import logger from '../../core/logger';
import { clamp } from '../../core/utils';
import redis from '../../data/redis';
import { USE_PROXYCHECK, RECAPTCHA_SECRET, RECAPTCHA_TIME } from '../../core/config';
import {
@ -20,36 +18,42 @@ import {
async function validate(req: Request, res: Response, next) {
// c canvas id
req.checkBody('cn', 'No canvas selected')
.notEmpty()
.isInt();
// x x coordinage
req.checkBody('x', 'x not a valid integer')
.notEmpty()
.isInt();
// y y coordinage
req.checkBody('y', 'y not a valid integer')
.notEmpty()
.isInt();
// clr color
req.checkBody('clr', 'color not valid')
.notEmpty()
.isInt({ min: 2, max: 31 });
let error = null;
const cn = parseInt(req.body.cn, 10);
const x = parseInt(req.body.x, 10);
const y = parseInt(req.body.y, 10);
const clr = parseInt(req.body.clr, 10);
req.sanitizeBody('cn').toInt();
req.sanitizeBody('x').toInt();
req.sanitizeBody('y').toInt();
req.sanitizeBody('clr').toInt();
const validationResult = await req.getValidationResult();
if (!validationResult.isEmpty()) {
res.status(400).json({ errors: validationResult.array() });
if (Number.isNaN(cn)) {
error = 'No valid canvas selected';
} else if (Number.isNaN(x)) {
error = 'x is not a valid number';
} else if (Number.isNaN(y)) {
error = 'y is not a valid number';
} else if (Number.isNaN(clr)) {
error = 'No color selected';
} else if (clr < 2 || clr > 31) {
error = 'Invalid color selected';
}
if (error !== null) {
res.status(400).json({ errors: [error] });
return;
}
const { noauthUser } = req;
let user = req.user;
req.body.cn = cn;
req.body.x = x;
req.body.y = y;
req.body.clr = clr;
/**
* make sure that a user is chosen
* req.noauthUser: user with just ip and id set
* req.user: fully passport authenticated user
* api/pixel just requires ip and id, so noauthUser is enough
* a fully authenticated user would cause more SQL requests
*/
let { user } = req;
if (!req.user) {
req.user = req.noauthUser;
user = req.user;
@ -110,9 +114,9 @@ async function checkHuman(req: Request, res: Response, next) {
async function checkProxy(req: Request, res: Response, next) {
const { trueIp: ip } = req;
if (USE_PROXYCHECK && ip != '0.0.0.1') {
const { x, y } = req.body;
/*
//one area uses stronger detector
const { x, y } = req.body;
if ((x > 970 && x < 2380 && y > -11407 && y < -10597) || //nc
(x > 4220 && x < 6050 && y > -12955 && y < -11230) || //belarius
(x > 14840 && x < 15490 && y > -17380 && y < -16331) || //russian bot
@ -174,7 +178,9 @@ async function place(req: Request, res: Response) {
Expires: '0',
});
const { cn, x, y, clr } = req.body;
const {
cn, x, y, clr,
} = req.body;
const { user, headers, trueIp } = req;
const { ip } = user;
@ -182,7 +188,9 @@ async function place(req: Request, res: Response) {
logger.info(`${trueIp} / ${user.id} wants to place ${clr} in (${x}, ${y})`);
const { errorTitle, error, success, waitSeconds, coolDownSeconds } = await draw(user, cn, x, y, clr);
const {
errorTitle, error, success, waitSeconds, coolDownSeconds,
} = await draw(user, cn, x, y, clr);
logger.log('debug', success);
if (success) {
@ -194,9 +202,13 @@ async function place(req: Request, res: Response) {
errors.push({ msg: error });
}
if (errorTitle) {
res.json({ success, waitSeconds, coolDownSeconds, errorTitle, errors });
res.json({
success, waitSeconds, coolDownSeconds, errorTitle, errors,
});
} else {
res.json({ success, waitSeconds, coolDownSeconds, errors });
res.json({
success, waitSeconds, coolDownSeconds, errors,
});
}
}
}

7
src/web.js
View File

@ -5,7 +5,6 @@ import compression from 'compression';
import express from 'express';
import http from 'http';
import etag from 'etag';
import expressValidator from 'express-validator';
// import baseCss from './components/base.tcss';
@ -46,12 +45,6 @@ const server = http.createServer(app);
server.on('upgrade', wsupgrade);
/*
* using validator to check user input
*/
app.use(expressValidator());
//
// API
// -----------------------------------------------------------------------------