bin/routes/upload.js

const express = require('express');
const router = express.Router();
const handler = require('express-async-handler');
const content = require('../helpers/content');

const crypto = require('crypto');

const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;

var ratelimits = {};

async function upload(req, res) {

    let rate_lim = ratelimits[req.ip];

    if (rate_lim)
        if (Date.now() - rate_lim < RATE_LIMIT) {
            res.status(503).send('You are being rate limited.');
            return;
        }

    if (req.body['_csrf'] != req.session.csrf) {
        res.status(405).send('CSRF error');
        return;
    }

    if (!req.body[req.session.captcha_input]) {
        res.status(405).send('Captcha error; please go back and refresh the page a few times.');
        return;
    }

    if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
        res.status(405).send('Bad captcha');
        return;
    }

    req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);

    if (content.submitted() >= MAXFILES) {
        res.status(405).send('Not allowed');
        return;
    }

    const data = req.body.text;

    if (data.length < 8) {
        res.send('Too short');
        return;
    }

    ratelimits[req.ip] = Date.now();
    const id = await content.create(data);
    res.redirect(
        '/view?id=' + encodeURIComponent(id)
    );

    req.session.last_text = '';
}

router.post('/upload', handler(upload));

module.exports = router;
add upload functionality 2023-03-04 02:31:07 +01:00			`const express = require('express');`
			`const router = express.Router();`
			`const handler = require('express-async-handler');`
			`const content = require('../helpers/content');`
fix FOUC 2023-04-17 07:20:12 +02:00
add captcha, csrf and sessions 2023-04-17 02:37:07 +02:00			`const crypto = require('crypto');`
add upload functionality 2023-03-04 02:31:07 +01:00
fix FOUC 2023-04-17 07:20:12 +02:00			`const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;`

add rate limits 2023-04-18 02:42:16 +02:00			`var ratelimits = {};`
add limit 2023-03-04 06:00:53 +01:00
add upload functionality 2023-03-04 02:31:07 +01:00			`async function upload(req, res) {`
add limit 2023-03-04 06:00:53 +01:00
add rate limits 2023-04-18 02:42:16 +02:00			`let rate_lim = ratelimits[req.ip];`
fix FOUC 2023-04-17 07:20:12 +02:00
add rate limits 2023-04-18 02:42:16 +02:00			`if (rate_lim)`
			`if (Date.now() - rate_lim < RATE_LIMIT) {`
			`res.status(503).send('You are being rate limited.');`
			`return;`
			`}`
fix FOUC 2023-04-17 07:20:12 +02:00
add captcha, csrf and sessions 2023-04-17 02:37:07 +02:00			`if (req.body['_csrf'] != req.session.csrf) {`
			`res.status(405).send('CSRF error');`
			`return;`
			`}`

			`if (!req.body[req.session.captcha_input]) {`
			`res.status(405).send('Captcha error; please go back and refresh the page a few times.');`
			`return;`
			`}`

fix FOUC 2023-04-17 07:20:12 +02:00			`if ((req.body[req.session.captcha_input] != req.session.captcha) \| APP_DEBUG) {`
add captcha, csrf and sessions 2023-04-17 02:37:07 +02:00			`res.status(405).send('Bad captcha');`
			`return;`
			`}`

			`req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);`

add limit 2023-03-04 06:00:53 +01:00			`if (content.submitted() >= MAXFILES) {`
			`res.status(405).send('Not allowed');`
			`return;`
			`}`

add upload functionality 2023-03-04 02:31:07 +01:00			`const data = req.body.text;`
add minimum length for content 2023-03-04 08:08:54 +01:00
			`if (data.length < 8) {`
			`res.send('Too short');`
			`return;`
			`}`

add rate limits 2023-04-18 02:42:16 +02:00			`ratelimits[req.ip] = Date.now();`
add upload functionality 2023-03-04 02:31:07 +01:00			`const id = await content.create(data);`
			`res.redirect(`
			`'/view?id=' + encodeURIComponent(id)`
			`);`
fix FOUC 2023-04-17 07:20:12 +02:00
			`req.session.last_text = '';`
add upload functionality 2023-03-04 02:31:07 +01:00			`}`

			`router.post('/upload', handler(upload));`

			`module.exports = router;`