62 lines
1.5 KiB
JavaScript
62 lines
1.5 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const handler = require('express-async-handler');
|
|
const content = require('../helpers/content');
|
|
|
|
const crypto = require('crypto');
|
|
|
|
const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
|
|
|
|
var ratelimits = {};
|
|
|
|
async function upload(req, res) {
|
|
|
|
let rate_lim = ratelimits[req.ip];
|
|
|
|
if (rate_lim)
|
|
if (Date.now() - rate_lim < RATE_LIMIT) {
|
|
res.status(503).send('You are being rate limited.');
|
|
return;
|
|
}
|
|
|
|
if (req.body['_csrf'] != req.session.csrf) {
|
|
res.status(405).send('CSRF error');
|
|
return;
|
|
}
|
|
|
|
if (!req.body[req.session.captcha_input]) {
|
|
res.status(405).send('Captcha error; please go back and refresh the page a few times.');
|
|
return;
|
|
}
|
|
|
|
if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
|
|
res.status(405).send('Bad captcha');
|
|
return;
|
|
}
|
|
|
|
req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);
|
|
|
|
if (content.submitted() >= MAXFILES) {
|
|
res.status(405).send('Not allowed');
|
|
return;
|
|
}
|
|
|
|
const data = req.body.text;
|
|
|
|
if (data.length < 8) {
|
|
res.send('Too short');
|
|
return;
|
|
}
|
|
|
|
ratelimits[req.ip] = Date.now();
|
|
const id = await content.create(data);
|
|
res.redirect(
|
|
'/view?id=' + encodeURIComponent(id)
|
|
);
|
|
|
|
req.session.last_text = '';
|
|
}
|
|
|
|
router.post('/upload', handler(upload));
|
|
|
|
module.exports = router; |