63 lines
1.6 KiB
JavaScript
63 lines
1.6 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const handler = require('express-async-handler');
|
|
const content = require('../helpers/content');
|
|
|
|
const memcache = require('memcached');
|
|
const cache = new memcache(process.env.SESSION_MEMCACHE_HOST);
|
|
const crypto = require('crypto');
|
|
|
|
const { MAXFILES, APP_DEBUG, RATE_LIMIT } = process.env;
|
|
|
|
let ratelimits = {};
|
|
|
|
async function upload(req, res) {
|
|
|
|
if (!ratelimits[req.ip])
|
|
ratelimits[req.ip] = Date.now();
|
|
|
|
if (Date.now() - ratelimits[req.ip] < RATE_LIMIT) {
|
|
res.status(503).send('You are being rate limited.');
|
|
return;
|
|
}
|
|
|
|
if (req.body['_csrf'] != req.session.csrf) {
|
|
res.status(405).send('CSRF error');
|
|
return;
|
|
}
|
|
|
|
if (!req.body[req.session.captcha_input]) {
|
|
res.status(405).send('Captcha error; please go back and refresh the page a few times.');
|
|
return;
|
|
}
|
|
|
|
if ((req.body[req.session.captcha_input] != req.session.captcha) | APP_DEBUG) {
|
|
res.status(405).send('Bad captcha');
|
|
return;
|
|
}
|
|
|
|
req.session.captcha = crypto.randomBytes(8).toString('base64').substring(0,6);
|
|
|
|
if (content.submitted() >= MAXFILES) {
|
|
res.status(405).send('Not allowed');
|
|
return;
|
|
}
|
|
|
|
const data = req.body.text;
|
|
|
|
if (data.length < 8) {
|
|
res.send('Too short');
|
|
return;
|
|
}
|
|
|
|
const id = await content.create(data);
|
|
res.redirect(
|
|
'/view?id=' + encodeURIComponent(id)
|
|
);
|
|
|
|
req.session.last_text = '';
|
|
}
|
|
|
|
router.post('/upload', handler(upload));
|
|
|
|
module.exports = router; |