fixing database connections and patching possible nosqli

api/index.js

@@ -7,15 +7,16 @@ require("dotenv").config()
  * error: 1 -> parameter error
  * error: 2 -> auth error
  * error: 3 -> not found error
-*/
+ */
 
-const db = new MongoClient(process.env.DATABASE);
+const db = new MongoClient(process.env.DATABASE)
 const app = express()
 app.use(express.json())
-app.use(express.urlencoded({ extended: false }));
-app.use((req,res,next)=>{
-    req.db = db
-    next()
+app.use(express.urlencoded({ extended: false }))
+app.use(async (req, res, next) => {
+  await db.connect()
+  req.db = db
+  next()
 })
 
 const { auth, authware } = require("./routes/auth.js")
@@ -25,19 +26,21 @@ app.use("/*/a*", authware)
 const resources = require("./routes/resources.js")
 const projects = require("./routes/projects.js")
 const blog = require("./routes/blog.js")
-const routes = [
-  resources,
-  projects,
-  blog,
-  auth,
-]
+const routes = [resources, projects, blog, auth]
 
-routes.forEach(route=>{
+routes.forEach((route) => {
   app.use(route.path, route)
 })
 
+async function pexit() {
+  await db.close()
+  process.exit()
+}
+
+process.on("SIGTERM", pexit)
+process.on("SIGINT", pexit)
 
 export default {
   path: "/api",
-  handler: app,
+  handler: app
 }

api/routes/auth.js

@@ -4,34 +4,30 @@ const auth = express.Router()
 auth.path = "/auth"
 
 const PASS = process.env.PASS
-let TOKEN = gimmeToken();
+let TOKEN = gimmeToken()
 
-function authware(req,res,next){
+function authware(req, res, next) {
   const token = req.query.token ? req.query.token : req.body.token
 
-  if(!token)
-    return res.json({ error: 1 })
+  if (typeof token !== "string") return res.json({ error: 1 })
 
-  if(token!==TOKEN)
-    return res.json({ error: 2 })
+  if (token !== TOKEN) return res.json({ error: 2 })
 
   next()
 }
 auth.use("/logout", authware)
 
-auth.get("/login", async (req,res)=>{
+auth.get("/login", async (req, res) => {
   const pass = req.query.pass
 
-  if(!pass)
-    return res.json({ error: 1 })
+  if (typeof pass !== "string") return res.json({ error: 1 })
 
-  if(pass!==PASS)
-    return res.json({ error: 2 })
+  if (pass !== PASS) return res.json({ error: 2 })
 
   res.json({ error: 0, token: TOKEN })
 })
 
-auth.get("/logout", async (req,res)=>{
+auth.get("/logout", async (req, res) => {
   TOKEN = gimmeToken()
   res.json({ error: 0 })
 })

api/routes/blog.js

@@ -3,25 +3,23 @@ const { makeID } = require("../util.js")
 const blog = express.Router()
 blog.path = "/blog"
 
-blog.get("/sum", async (req,res)=>{
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("posts")
-  const results = await col.find({priv: {$eq: false}}).toArray()
-  await req.db.close()
+blog.get("/sum", async (req, res) => {
+  const db = req.db.db("ngn13")
+  const col = db.collection("posts")
+  const results = await col.find({ priv: { $eq: false } }).toArray()
 
   let posts = []
-  for(let i = 0;i<results.length;i++){
+  for (let i = 0; i < results.length; i++) {
     posts.push({
-      "title":results[i]["title"],
-      "desc":results[i]["content"]
-        .substring(0, 140) // a short desc
-        .replaceAll("#", "") // remove all the markdown stuff
-        .replaceAll("*", "")
-        .replaceAll("`", "")
-        .replaceAll("-", "")
-         + "...", // add "..." to make it look like desc
-      "info":`${results[i]["author"]} | ${results[i]["date"]}`
+      title: results[i]["title"],
+      desc:
+        results[i]["content"]
+          .substring(0, 140) // a short desc
+          .replaceAll("#", "") // remove all the markdown stuff
+          .replaceAll("*", "")
+          .replaceAll("`", "")
+          .replaceAll("-", "") + "...", // add "..." to make it look like desc
+      info: `${results[i]["author"]} | ${results[i]["date"]}`
     })
   }
 
@@ -30,63 +28,59 @@ blog.get("/sum", async (req,res)=>{
   res.json({ error: 0, posts: posts.reverse() })
 })
 
-blog.get("/get", async (req,res)=>{
+blog.get("/get", async (req, res) => {
   const id = req.query.id
 
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("posts")
+  const db = req.db.db("ngn13")
+  const col = db.collection("posts")
   const results = await col.find().toArray()
-  await req.db.close()
 
-  for(let i = 0;i<results.length;i++){
+  for (let i = 0; i < results.length; i++) {
     // id is basically the title of the post
     // but ve remove the whitespace
     // and make it lowerspace
     // for example:
     // Online Privacy Guide -> onlineprivacyguide
-    if(makeID(results[i]["title"])===id){
-      return res.json(
-        {
-          error: 0,
-          post:{
-            "title": results[i]["title"],
-            // info is the subtitle, for example:
-            // ngn | 01/06/2023
-            "info": `${results[i]["author"]} | ${results[i]["date"]}`,
-            "content": results[i]["content"],
-          }
+    if (makeID(results[i]["title"]) === id) {
+      return res.json({
+        error: 0,
+        post: {
+          title: results[i]["title"],
+          // info is the subtitle, for example:
+          // ngn | 01/06/2023
+          info: `${results[i]["author"]} | ${results[i]["date"]}`,
+          content: results[i]["content"]
         }
-      )
+      })
     }
   }
 
   res.json({ error: 3 })
-
 })
 
-blog.post("/add", async (req,res)=>{
-  console.log("heyy")
+blog.post("/add", async (req, res) => {
   const title = req.body.title
   const author = req.body.author
   const content = req.body.content
   const priv = req.body.priv
-  console.log(title, author, content, priv)
 
-  if ( !title || !author || !content || !priv )
+  if (
+    typeof title !== "string" ||
+    typeof author !== "string" ||
+    typeof content !== "string" ||
+    typeof priv !== "string"
+  )
     return res.json({ error: 1 })
 
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("posts")
+  const db = req.db.db("ngn13")
+  const col = db.collection("posts")
   await col.insertOne({
-    "title":title,
-    "author":author,
-    "date": new Date().toLocaleDateString(),
-    "content":content,
-    "priv": priv
+    title: title,
+    author: author,
+    date: new Date().toLocaleDateString(),
+    content: content,
+    priv: priv
   })
-  await req.db.close()
   res.json({ error: 0 })
 })
 

api/routes/projects.js

@@ -2,33 +2,33 @@ const express = require("express")
 const projects = express.Router()
 projects.path = "/projects"
 
-projects.get("/get", async (req,res)=>{
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("projects")
+projects.get("/get", async (req, res) => {
+  const db = req.db.db("ngn13")
+  const col = db.collection("projects")
   const results = await col.find().toArray()
-  await req.db.close()
   res.json({ error: 0, projects: results })
 })
 
-projects.get("/add", async (req,res)=>{
-  let name = req.query.name;
-  let desc = req.query.desc;
-  let url = req.query.url;
+projects.get("/add", async (req, res) => {
+  let name = req.query.name
+  let desc = req.query.desc
+  let url = req.query.url
 
-  if (!name || !desc || !url )
+  if (
+    typeof name !== "string" ||
+    typeof desc !== "string" ||
+    typeof url !== "string"
+  )
     return res.json({ error: 1 })
 
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("projects")
+  const db = req.db.db("ngn13")
+  const col = db.collection("projects")
   await col.insertOne({
-    "name":name,
-    "desc":desc,
-    "url":url,
-    "click":0
+    name: name,
+    desc: desc,
+    url: url,
+    click: 0
   })
-  await req.db.close()
   res.json({ error: 0 })
 })
 

api/routes/resources.js

@@ -2,33 +2,31 @@ const express = require("express")
 const resources = express.Router()
 resources.path = "/resources"
 
-resources.get("/get", async (req,res)=>{
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("resources")
+resources.get("/get", async (req, res) => {
+  const db = req.db.db("ngn13")
+  const col = db.collection("resources")
   let results = []
-  if(req.query.sum)
-    results = await col.find().limit(10).toArray()
-  else
-    results = await col.find().toArray()
-  await req.db.close()
-  res.json({ error: 0, resources: results })
+  if (req.query.sum) results = await col.find().limit(10).toArray()
+  else results = await col.find().toArray()
+  res.json({ error: 0, resources: results.reverse() })
 })
 
-resources.get("/add", async (req,res)=>{
-  let name = req.query.name;
-  let tags = req.query.tags;
-  let url = req.query.url;
+resources.get("/add", async (req, res) => {
+  let name = req.query.name
+  let tags = req.query.tags
+  let url = req.query.url
 
-  if(!name || !tags || !url)
-    return res.json({"error":1})
+  if (
+    typeof name !== "string" ||
+    typeof tags !== "string" ||
+    typeof url !== "string"
+  )
+    return res.json({ error: 1 })
 
-  await req.db.connect()
-  const db = await req.db.db("ngn13")
-  const col = await db.collection("resources")
-  await col.insertOne({"name":name, "tags":tags.split(","), "url":url})
-  await req.db.close()
-  res.json({error: 0})
+  const db = req.db.db("ngn13")
+  const col = db.collection("resources")
+  await col.insertOne({ name: name, tags: tags.split(","), url: url })
+  res.json({ error: 0 })
 })
 
 module.exports = resources

api/util.js

@@ -1,14 +1,15 @@
 function gimmeToken() {
-    var result           = ""
-    var characters       = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
-    var charactersLength = characters.length
-    for ( var i = 0; i < 32; i++ ) {
-       result += characters.charAt(Math.floor(Math.random() * charactersLength));
-    }
-    return result;
+  var result = ""
+  var characters =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+  var charactersLength = characters.length
+  for (var i = 0; i < 32; i++) {
+    result += characters.charAt(Math.floor(Math.random() * charactersLength))
+  }
+  return result
 }
 
-function makeID(title){
+function makeID(title) {
   // this is used in blog.js
   // id is basically the title of the post
   // but ve remove the whitespace
@@ -19,4 +20,3 @@ function makeID(title){
 }
 
 module.exports = { gimmeToken, makeID }
-