homepage.js/routes/guestbook.js

const Helpers = require('../helpers');
const Sequelize = require('../models');
const html_escape = require('html-escaper');

const send_error = async (res, error) => {
    return res.redirect('/guestbook?error=' + encodeURIComponent(error));
};

async function handler(req, res, next) {
    try {

        const errors = req.query.error;

        const data = await Sequelize.Guestbook.findAll({
            where: {
                hidden: false
            },
            order: [
                ['id', 'DESC']
            ]
        });
        if (!data) throw new Error('Failed to get guestbook entries');


        res.send(await Helpers.ViewLoader.load('guestbook.pug', {
            current_route: req.originalUrl,
            ip: req.ip,
            data,
            errors
        }));
        return;
    } catch (err) {
        next(err);
    }
}

async function submit(req, res, next) {
    const { name, email, message } = req.body; 
    const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;

    // check for errors
    let errors = [];
    if (message.length >= 512) {
        errors.push('Maximum length is 512 characters.');
    }
    if (name == '') {
        errors.push('Name must be specified.');
    }
    if (
        !email
        .toLowerCase()
        .match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
        &&
        email !== ''
    ) {
        errors.push('Email is of invalid format.');
    }
    if (message == '') {
        errors.push('Message should not be empty!');
    }
    if (errors.length !== 0) {
        send_error(res, "<p>" + errors.join('<br/>') + "</p>");
        return;
    }

    // actual shit

    let records = await Sequelize.Guestbook.findAll({
        where: {
            ip: req.ip
        }
    });
    let latest = 0;
    for (const record of records) {
        if (record.time > latest) latest = record.time;
    }
    const time = Math.floor(Date.now() / 1000);

    if (time - latest < 60) {
        res.redirect(
            '/guestbook?error=' +
            encodeURIComponent(
                'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.'
            )
        );
        return;
    }


    let data = await Sequelize.Guestbook.create({
        name,
        email,
        text: message,
        hidemail,
        ip: req.ip,
        hidden: false,
        time: Math.floor(Date.now() / 1000)
    });
    if (!data) {
        res.send(await Helpers.ViewLoader.load('guestbook.pug', {
            current_route: req.originalUrl,
            ip: req.ip,
            errors: 'Could not create a new record'
        }));
    }
    
    res.redirect('/guestbook#gb_entry_' + data.id);

    return;
}

async function del(req, res, next) {
    try
    {
        let record = await Sequelize.Guestbook.findAndCountAll({
            where: {id: req.params.id}
        });
        if (record.count == 0) {
            res.redirect('/guestbook');
        }
        const data = record.rows[0];
        if (
            data.ip == req.ip &&
            Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)
        ) {
            await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})
            res.redirect('/guestbook');
        } else {
            res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))
            return
        }
    }
    catch (err) { next(err); }
}

module.exports = (router) => {
    router.get('/guestbook', handler);
    router.post('/guestbook/submit', submit);
    router.get('/guestbook/del/:id', del);
}
add guestbook 2023-02-19 06:30:02 +01:00			`const Helpers = require('../helpers');`
add guestbook 2023-02-19 15:19:46 +01:00			`const Sequelize = require('../models');`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`const html_escape = require('html-escaper');`

update guestbook logic 2023-02-20 07:54:08 +01:00			`const send_error = async (res, error) => {`
			`return res.redirect('/guestbook?error=' + encodeURIComponent(error));`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`};`
add guestbook 2023-02-19 06:30:02 +01:00
add records to guestbook 2023-02-19 08:07:44 +01:00			`async function handler(req, res, next) {`
			`try {`
add guestbook entries 2023-02-19 16:12:09 +01:00
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`const errors = req.query.error;`

small changes 2023-02-20 05:07:48 +01:00			`const data = await Sequelize.Guestbook.findAll({`
add guestbook entries 2023-02-19 16:12:09 +01:00			`where: {`
			`hidden: false`
sort entries, add email mailto link 2023-02-20 03:53:03 +01:00			`},`
			`order: [`
			`['id', 'DESC']`
			`]`
add guestbook entries 2023-02-19 16:12:09 +01:00			`});`
small changes 2023-02-20 05:07:48 +01:00			`if (!data) throw new Error('Failed to get guestbook entries');`
add guestbook entries 2023-02-19 16:12:09 +01:00

add records to guestbook 2023-02-19 08:07:44 +01:00			`res.send(await Helpers.ViewLoader.load('guestbook.pug', {`
			`current_route: req.originalUrl,`
			`ip: req.ip,`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`data,`
			`errors`
add records to guestbook 2023-02-19 08:07:44 +01:00			`}));`
			`return;`
			`} catch (err) {`
			`next(err);`
			`}`
add guestbook 2023-02-19 06:30:02 +01:00			`}`

add guestbook entries 2023-02-19 16:12:09 +01:00			`async function submit(req, res, next) {`
add records to guestbook 2023-02-19 08:07:44 +01:00			`const { name, email, message } = req.body;`
			`const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;`

add guestbook rate limits 2023-02-22 07:42:43 +01:00			`// check for errors`
update guestbook logic 2023-02-20 07:54:08 +01:00			`let errors = [];`
add max length server side check 2023-02-20 06:34:26 +01:00			`if (message.length >= 512) {`
update guestbook logic 2023-02-20 07:54:08 +01:00			`errors.push('Maximum length is 512 characters.');`
			`}`
			`if (name == '') {`
			`errors.push('Name must be specified.');`
			`}`
			`if (`
			`!email`
			`.toLowerCase()`
			`.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)\|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)`
			`&&`
			`email !== ''`
			`) {`
			`errors.push('Email is of invalid format.');`
			`}`
			`if (message == '') {`
			`errors.push('Message should not be empty!');`
			`}`
			`if (errors.length !== 0) {`
			`send_error(res, "<p>" + errors.join('<br/>') + "</p>");`
add max length server side check 2023-02-20 06:34:26 +01:00			`return;`
			`}`

add guestbook rate limits 2023-02-22 07:42:43 +01:00			`// actual shit`

			`let records = await Sequelize.Guestbook.findAll({`
			`where: {`
			`ip: req.ip`
			`}`
			`});`
			`let latest = 0;`
			`for (const record of records) {`
			`if (record.time > latest) latest = record.time;`
			`}`
			`const time = Math.floor(Date.now() / 1000);`

			`if (time - latest < 60) {`
			`res.redirect(`
			`'/guestbook?error=' +`
			`encodeURIComponent(`
			`'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.'`
			`)`
			`);`
			`return;`
			`}`


add guestbook entries 2023-02-19 16:12:09 +01:00			`let data = await Sequelize.Guestbook.create({`
			`name,`
			`email,`
			`text: message,`
			`hidemail,`
			`ip: req.ip,`
			`hidden: false,`
			`time: Math.floor(Date.now() / 1000)`
			`});`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`if (!data) {`
			`res.send(await Helpers.ViewLoader.load('guestbook.pug', {`
			`current_route: req.originalUrl,`
			`ip: req.ip,`
			`errors: 'Could not create a new record'`
			`}));`
			`}`
add guestbook entries 2023-02-19 16:12:09 +01:00
			`res.redirect('/guestbook#gb_entry_' + data.id);`
add guestbook 2023-02-19 15:19:46 +01:00
add submit button to guestbook 2023-02-19 07:05:36 +01:00			`return;`
			`}`

add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`async function del(req, res, next) {`
			`try`
			`{`
			`let record = await Sequelize.Guestbook.findAndCountAll({`
			`where: {id: req.params.id}`
			`});`
			`if (record.count == 0) {`
			`res.redirect('/guestbook');`
			`}`
			`const data = record.rows[0];`
			`if (`
			`data.ip == req.ip &&`
			`Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)`
			`) {`
			`await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})`
			`res.redirect('/guestbook');`
			`} else {`
			`res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))`
			`return`
			`}`
			`}`
			`catch (err) { next(err); }`
			`}`

add guestbook 2023-02-19 06:30:02 +01:00			`module.exports = (router) => {`
			`router.get('/guestbook', handler);`
add submit button to guestbook 2023-02-19 07:05:36 +01:00			`router.post('/guestbook/submit', submit);`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`router.get('/guestbook/del/:id', del);`
add guestbook 2023-02-19 06:30:02 +01:00			`}`