homepage.js/routes/guestbook.js

const Helpers = require('../helpers');
const Sequelize = require('../models');
const html_escape = require('html-escaper');
const xml = require('xml');

const send_error = async (res, error) => {
    return res.redirect('/guestbook?error=' + encodeURIComponent(error));
};

async function handler(req, res, next) {
    try {

        const errors = req.query.error;

        const data = await Sequelize.Guestbook.findAll({
            where: {
                hidden: false
            },
            order: [
                ['id', 'DESC']
            ]
        });
        if (!data) throw new Error('Failed to get guestbook entries');


        res.template('guestbook.pug', {
            current_route: req.originalUrl,
            ip: req.ip,
            data,
            errors,
            name: req.session.gb_name,
            email: req.session.gb_email,
            hidemail: req.session.gb_hidemail
        });
        return;
    } catch (err) {
        next(err);
    }
}

async function submit(req, res, next) {
    const { name, email, message } = req.body; 
    const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;

    // check for errors
    let errors = [];
    if (message.length >= 512) {
        errors.push('Maximum length is 512 characters.');
    }
    if (name == '') {
        errors.push('Name must be specified.');
    }
    if (
        !email
        .toLowerCase()
        .match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
        &&
        email !== ''
    ) {
        errors.push('Email is of invalid format.');
    }
    if (message == '') {
        errors.push('Message should not be empty!');
    }
    if (errors.length !== 0) {
        send_error(res, "<p>" + errors.join('<br/>') + "</p>");
        return;
    }

    req.session.gb_name = name;
    req.session.gb_email = email;
    req.session.gb_hidemail = req.body.hidemail;

    // actual shit
    let records = await Sequelize.Guestbook.findAll({
        where: {
            ip: req.ip
        }
    });
    let latest = 0;
    for (const record of records) {
        if (record.time > latest) latest = record.time;
    }
    const time = Math.floor(Date.now() / 1000);

    if (time - latest < 60) {
        res.redirect(
            '/guestbook?error=' +
            encodeURIComponent(
                'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.'
            )
        );
        return;
    }


    let data = await Sequelize.Guestbook.create({
        name,
        email,
        text: message,
        hidemail,
        ip: req.ip,
        hidden: false,
        time: Math.floor(Date.now() / 1000)
    });
    if (!data) {
        res.template('guestbook.pug', {
            current_route: req.originalUrl,
            ip: req.ip,
            errors: 'Could not create a new record'
        });
    }
    
    res.redirect('/guestbook#gb_entry_' + data.id);

    return;
}

async function del(req, res, next) {
    try
    {
        let record = await Sequelize.Guestbook.findAndCountAll({
            where: {id: req.params.id}
        });
        if (record.count == 0) {
            res.redirect('/guestbook');
        }
        const data = record.rows[0];
        if (
            data.ip == req.ip &&
            Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)
        ) {
            await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})
            res.redirect('/guestbook');
        } else {
            res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))
            return
        }
    }
    catch (err) { next(err); }
}

async function rss(req, res) {
    const data = (await Sequelize.Guestbook.findAndCountAll({where: {hidden: false}})).rows;

    let rss = [{
        rss: [{
            _attr: {version: '2.0'}
        },
        {
            channel: [
                {title: 'Guestbook'},
                {link: req.protocol + '://' + req.get('host') + '/guestbook'},
                {description: 'Alice\'s guestbook'},
            ]
        }]
    }]

    for (const record of data) {
        console.log(record);
        if (record.hidemail)
            record.email = ('?'.repeat(record.email.split('@')[0].length)) + '@?.?';

        rss[0].rss[1].channel.push({
            item: [
                {description: record.text},
                {author: `"${record.name}"${record.email ? (' at ' + record.email) : ''}`},
                {link: req.protocol + '://' + req.get('host') + '/guestbook#gb_entry_' + record.id}
            ]
        });
    }

    let ident = 0;
    if (req.query.ident) ident = req.query.ident;

    res.header('Content-Type', 'application/rss+xml');
    res.send(xml(rss, {indent: ' '.repeat(ident)}));
    return;
}

module.exports = (router) => {
    router.get('/guestbook', handler);
    router.post('/guestbook/submit', submit);
    router.get('/guestbook/del/:id', del);
    router.get('/guestbook.rss', rss);
}
add guestbook 2023-02-19 06:30:02 +01:00			`const Helpers = require('../helpers');`
add guestbook 2023-02-19 15:19:46 +01:00			`const Sequelize = require('../models');`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`const html_escape = require('html-escaper');`
guestbook rss feed 2023-02-27 02:04:47 +01:00			`const xml = require('xml');`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00
update guestbook logic 2023-02-20 07:54:08 +01:00			`const send_error = async (res, error) => {`
			`return res.redirect('/guestbook?error=' + encodeURIComponent(error));`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`};`
add guestbook 2023-02-19 06:30:02 +01:00
add records to guestbook 2023-02-19 08:07:44 +01:00			`async function handler(req, res, next) {`
			`try {`
add guestbook entries 2023-02-19 16:12:09 +01:00
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`const errors = req.query.error;`

small changes 2023-02-20 05:07:48 +01:00			`const data = await Sequelize.Guestbook.findAll({`
add guestbook entries 2023-02-19 16:12:09 +01:00			`where: {`
			`hidden: false`
sort entries, add email mailto link 2023-02-20 03:53:03 +01:00			`},`
			`order: [`
			`['id', 'DESC']`
			`]`
add guestbook entries 2023-02-19 16:12:09 +01:00			`});`
small changes 2023-02-20 05:07:48 +01:00			`if (!data) throw new Error('Failed to get guestbook entries');`
add guestbook entries 2023-02-19 16:12:09 +01:00

refactor template loading mechanism 2023-03-11 16:54:53 +01:00			`res.template('guestbook.pug', {`
add records to guestbook 2023-02-19 08:07:44 +01:00			`current_route: req.originalUrl,`
			`ip: req.ip,`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`data,`
save user name and email automatically 2023-02-27 02:08:44 +01:00			`errors,`
			`name: req.session.gb_name,`
also save hidemail 2023-02-27 02:17:40 +01:00			`email: req.session.gb_email,`
			`hidemail: req.session.gb_hidemail`
refactor template loading mechanism 2023-03-11 16:54:53 +01:00			`});`
add records to guestbook 2023-02-19 08:07:44 +01:00			`return;`
			`} catch (err) {`
			`next(err);`
			`}`
add guestbook 2023-02-19 06:30:02 +01:00			`}`

add guestbook entries 2023-02-19 16:12:09 +01:00			`async function submit(req, res, next) {`
add records to guestbook 2023-02-19 08:07:44 +01:00			`const { name, email, message } = req.body;`
			`const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;`

add guestbook rate limits 2023-02-22 07:42:43 +01:00			`// check for errors`
update guestbook logic 2023-02-20 07:54:08 +01:00			`let errors = [];`
add max length server side check 2023-02-20 06:34:26 +01:00			`if (message.length >= 512) {`
update guestbook logic 2023-02-20 07:54:08 +01:00			`errors.push('Maximum length is 512 characters.');`
			`}`
			`if (name == '') {`
			`errors.push('Name must be specified.');`
			`}`
			`if (`
			`!email`
			`.toLowerCase()`
			`.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)\|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)`
			`&&`
			`email !== ''`
			`) {`
			`errors.push('Email is of invalid format.');`
			`}`
			`if (message == '') {`
			`errors.push('Message should not be empty!');`
			`}`
			`if (errors.length !== 0) {`
			`send_error(res, "<p>" + errors.join('<br/>') + "</p>");`
add max length server side check 2023-02-20 06:34:26 +01:00			`return;`
			`}`

save user name and email automatically 2023-02-27 02:08:44 +01:00			`req.session.gb_name = name;`
			`req.session.gb_email = email;`
also save hidemail 2023-02-27 02:17:40 +01:00			`req.session.gb_hidemail = req.body.hidemail;`
add guestbook rate limits 2023-02-22 07:42:43 +01:00
save user name and email automatically 2023-02-27 02:08:44 +01:00			`// actual shit`
add guestbook rate limits 2023-02-22 07:42:43 +01:00			`let records = await Sequelize.Guestbook.findAll({`
			`where: {`
			`ip: req.ip`
			`}`
			`});`
			`let latest = 0;`
			`for (const record of records) {`
			`if (record.time > latest) latest = record.time;`
			`}`
			`const time = Math.floor(Date.now() / 1000);`

			`if (time - latest < 60) {`
			`res.redirect(`
			`'/guestbook?error=' +`
			`encodeURIComponent(`
			`'You are allowed to send 1 message per minute. You will be able to send next message in ' + ((latest + 60) - time) + ' seconds.'`
			`)`
			`);`
			`return;`
			`}`


add guestbook entries 2023-02-19 16:12:09 +01:00			`let data = await Sequelize.Guestbook.create({`
			`name,`
			`email,`
			`text: message,`
			`hidemail,`
			`ip: req.ip,`
			`hidden: false,`
			`time: Math.floor(Date.now() / 1000)`
			`});`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`if (!data) {`
refactor template loading mechanism 2023-03-11 16:54:53 +01:00			`res.template('guestbook.pug', {`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`current_route: req.originalUrl,`
			`ip: req.ip,`
			`errors: 'Could not create a new record'`
refactor template loading mechanism 2023-03-11 16:54:53 +01:00			`});`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`}`
add guestbook entries 2023-02-19 16:12:09 +01:00
			`res.redirect('/guestbook#gb_entry_' + data.id);`
add guestbook 2023-02-19 15:19:46 +01:00
add submit button to guestbook 2023-02-19 07:05:36 +01:00			`return;`
			`}`

add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`async function del(req, res, next) {`
			`try`
			`{`
			`let record = await Sequelize.Guestbook.findAndCountAll({`
			`where: {id: req.params.id}`
			`});`
			`if (record.count == 0) {`
			`res.redirect('/guestbook');`
			`}`
			`const data = record.rows[0];`
			`if (`
			`data.ip == req.ip &&`
			`Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)`
			`) {`
			`await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})`
			`res.redirect('/guestbook');`
			`} else {`
			`res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))`
			`return`
			`}`
			`}`
			`catch (err) { next(err); }`
			`}`

guestbook rss feed 2023-02-27 02:04:47 +01:00			`async function rss(req, res) {`
			`const data = (await Sequelize.Guestbook.findAndCountAll({where: {hidden: false}})).rows;`

			`let rss = [{`
			`rss: [{`
			`_attr: {version: '2.0'}`
			`},`
			`{`
			`channel: [`
			`{title: 'Guestbook'},`
also save hidemail 2023-02-27 02:17:40 +01:00			`{link: req.protocol + '://' + req.get('host') + '/guestbook'},`
guestbook rss feed 2023-02-27 02:04:47 +01:00			`{description: 'Alice\'s guestbook'},`
			`]`
			`}]`
			`}]`

			`for (const record of data) {`
			`console.log(record);`
			`if (record.hidemail)`
			`record.email = ('?'.repeat(record.email.split('@')[0].length)) + '@?.?';`

			`rss[0].rss[1].channel.push({`
			`item: [`
			`{description: record.text},`
			{author: `"${record.name}"${record.email ? (' at ' + record.email) : ''}`},
			`{link: req.protocol + '://' + req.get('host') + '/guestbook#gb_entry_' + record.id}`
			`]`
			`});`
			`}`

change default ident 2023-02-27 08:19:29 +01:00			`let ident = 0;`
guestbook rss feed 2023-02-27 02:04:47 +01:00			`if (req.query.ident) ident = req.query.ident;`

change /guestbook.rss mime type 2023-02-27 07:34:44 +01:00			`res.header('Content-Type', 'application/rss+xml');`
guestbook rss feed 2023-02-27 02:04:47 +01:00			`res.send(xml(rss, {indent: ' '.repeat(ident)}));`
			`return;`
			`}`

add guestbook 2023-02-19 06:30:02 +01:00			`module.exports = (router) => {`
			`router.get('/guestbook', handler);`
add submit button to guestbook 2023-02-19 07:05:36 +01:00			`router.post('/guestbook/submit', submit);`
add adminer and guestbook delete 2023-02-20 03:43:53 +01:00			`router.get('/guestbook/del/:id', del);`
guestbook rss feed 2023-02-27 02:04:47 +01:00			`router.get('/guestbook.rss', rss);`
add guestbook 2023-02-19 06:30:02 +01:00			`}`