ngn/website
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Activity

fixing database connections and patching possible nosqli

Browse Source
This commit is contained in:
ngn
2023-06-24 18:48:18 +03:00
parent ad6b29be01
commit d42990db29
36 changed files with 1125 additions and 1030 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api/routes/auth.js
View File

@ -4,34 +4,30 @@ const auth = express.Router()
auth.path = "/auth"
const PASS = process.env.PASS
let TOKEN = gimmeToken();
let TOKEN = gimmeToken()
function authware(req,res,next){
function authware(req, res, next) {
const token = req.query.token ? req.query.token : req.body.token
if(!token)
return res.json({ error: 1 })
if (typeof token !== "string") return res.json({ error: 1 })
if(token!==TOKEN)
return res.json({ error: 2 })
if (token !== TOKEN) return res.json({ error: 2 })
next()
}
auth.use("/logout", authware)
auth.get("/login", async (req,res)=>{
auth.get("/login", async (req, res) => {
const pass = req.query.pass
if(!pass)
return res.json({ error: 1 })
if (typeof pass !== "string") return res.json({ error: 1 })
if(pass!==PASS)
return res.json({ error: 2 })
if (pass !== PASS) return res.json({ error: 2 })
res.json({ error: 0, token: TOKEN })
})
auth.get("/logout", async (req,res)=>{
auth.get("/logout", async (req, res) => {
TOKEN = gimmeToken()
res.json({ error: 0 })
})

90
api/routes/blog.js
View File

@ -3,25 +3,23 @@ const { makeID } = require("../util.js")
const blog = express.Router()
blog.path = "/blog"
blog.get("/sum", async (req,res)=>{
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("posts")
const results = await col.find({priv: {$eq: false}}).toArray()
await req.db.close()
blog.get("/sum", async (req, res) => {
const db = req.db.db("ngn13")
const col = db.collection("posts")
const results = await col.find({ priv: { $eq: false } }).toArray()
let posts = []
for(let i = 0;i<results.length;i++){
for (let i = 0; i < results.length; i++) {
posts.push({
"title":results[i]["title"],
"desc":results[i]["content"]
.substring(0, 140) // a short desc
.replaceAll("#", "") // remove all the markdown stuff
.replaceAll("*", "")
.replaceAll("`", "")
.replaceAll("-", "")
+ "...", // add "..." to make it look like desc
"info":`${results[i]["author"]} | ${results[i]["date"]}`
title: results[i]["title"],
desc:
results[i]["content"]
.substring(0, 140) // a short desc
.replaceAll("#", "") // remove all the markdown stuff
.replaceAll("*", "")
.replaceAll("`", "")
.replaceAll("-", "") + "...", // add "..." to make it look like desc
info: `${results[i]["author"]} | ${results[i]["date"]}`
})
}
@ -30,63 +28,59 @@ blog.get("/sum", async (req,res)=>{
res.json({ error: 0, posts: posts.reverse() })
})
blog.get("/get", async (req,res)=>{
blog.get("/get", async (req, res) => {
const id = req.query.id
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("posts")
const db = req.db.db("ngn13")
const col = db.collection("posts")
const results = await col.find().toArray()
await req.db.close()
for(let i = 0;i<results.length;i++){
for (let i = 0; i < results.length; i++) {
// id is basically the title of the post
// but ve remove the whitespace
// and make it lowerspace
// for example:
// Online Privacy Guide -> onlineprivacyguide
if(makeID(results[i]["title"])===id){
return res.json(
{
error: 0,
post:{
"title": results[i]["title"],
// info is the subtitle, for example:
// ngn | 01/06/2023
"info": `${results[i]["author"]} | ${results[i]["date"]}`,
"content": results[i]["content"],
}
if (makeID(results[i]["title"]) === id) {
return res.json({
error: 0,
post: {
title: results[i]["title"],
// info is the subtitle, for example:
// ngn | 01/06/2023
info: `${results[i]["author"]} | ${results[i]["date"]}`,
content: results[i]["content"]
}
)
})
}
}
res.json({ error: 3 })
})
blog.post("/add", async (req,res)=>{
console.log("heyy")
blog.post("/add", async (req, res) => {
const title = req.body.title
const author = req.body.author
const content = req.body.content
const priv = req.body.priv
console.log(title, author, content, priv)
if ( !title || !author || !content || !priv )
if (
typeof title !== "string" ||
typeof author !== "string" ||
typeof content !== "string" ||
typeof priv !== "string"
)
return res.json({ error: 1 })
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("posts")
const db = req.db.db("ngn13")
const col = db.collection("posts")
await col.insertOne({
"title":title,
"author":author,
"date": new Date().toLocaleDateString(),
"content":content,
"priv": priv
title: title,
author: author,
date: new Date().toLocaleDateString(),
content: content,
priv: priv
})
await req.db.close()
res.json({ error: 0 })
})

36
api/routes/projects.js
View File

@ -2,33 +2,33 @@ const express = require("express")
const projects = express.Router()
projects.path = "/projects"
projects.get("/get", async (req,res)=>{
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("projects")
projects.get("/get", async (req, res) => {
const db = req.db.db("ngn13")
const col = db.collection("projects")
const results = await col.find().toArray()
await req.db.close()
res.json({ error: 0, projects: results })
})
projects.get("/add", async (req,res)=>{
let name = req.query.name;
let desc = req.query.desc;
let url = req.query.url;
projects.get("/add", async (req, res) => {
let name = req.query.name
let desc = req.query.desc
let url = req.query.url
if (!name || !desc || !url )
if (
typeof name !== "string" ||
typeof desc !== "string" ||
typeof url !== "string"
)
return res.json({ error: 1 })
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("projects")
const db = req.db.db("ngn13")
const col = db.collection("projects")
await col.insertOne({
"name":name,
"desc":desc,
"url":url,
"click":0
name: name,
desc: desc,
url: url,
click: 0
})
await req.db.close()
res.json({ error: 0 })
})

42
api/routes/resources.js
View File

@ -2,33 +2,31 @@ const express = require("express")
const resources = express.Router()
resources.path = "/resources"
resources.get("/get", async (req,res)=>{
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("resources")
resources.get("/get", async (req, res) => {
const db = req.db.db("ngn13")
const col = db.collection("resources")
let results = []
if(req.query.sum)
results = await col.find().limit(10).toArray()
else
results = await col.find().toArray()
await req.db.close()
res.json({ error: 0, resources: results })
if (req.query.sum) results = await col.find().limit(10).toArray()
else results = await col.find().toArray()
res.json({ error: 0, resources: results.reverse() })
})
resources.get("/add", async (req,res)=>{
let name = req.query.name;
let tags = req.query.tags;
let url = req.query.url;
resources.get("/add", async (req, res) => {
let name = req.query.name
let tags = req.query.tags
let url = req.query.url
if(!name || !tags || !url)
return res.json({"error":1})
if (
typeof name !== "string" ||
typeof tags !== "string" ||
typeof url !== "string"
)
return res.json({ error: 1 })
await req.db.connect()
const db = await req.db.db("ngn13")
const col = await db.collection("resources")
await col.insertOne({"name":name, "tags":tags.split(","), "url":url})
await req.db.close()
res.json({error: 0})
const db = req.db.db("ngn13")
const col = db.collection("resources")
await col.insertOne({ name: name, tags: tags.split(","), url: url })
res.json({ error: 0 })
})
module.exports = resources