diff --git a/routes/guestbook.js b/routes/guestbook.js index 4bec7cf..f800509 100644 --- a/routes/guestbook.js +++ b/routes/guestbook.js @@ -2,15 +2,33 @@ const Sequelize = require('../models'); const xml = require('xml'); const handler = require('express-async-handler'); const Helpers = require('../helpers'); +const crypto = require('crypto'); -const send_error = async (res, error) => { - return res.redirect('/guestbook?error=' + encodeURIComponent(error)); +const send_error = async (req, res, error) => { + const code = crypto.randomBytes(2).toString('hex'); + req.session.gb_error = { + text: error, + code + } + return res.redirect('/guestbook?error=' + code); }; async function guestbook(req, res, next) { try { - const errors = req.query.error; + if (!req.query.error) { + delete req.session.gb_error; + } + if (req.query.error && req.session.gb_error === undefined) { + return res.redirect('/guestbook'); + } + + const errors = + req.query.error && req.session.gb_error ? + req.session.gb_error.code == req.query.error ? + req.session.gb_error.text : + null + : false; const data = await Sequelize.Guestbook.findAll({ where: { @@ -70,7 +88,7 @@ async function submit(req, res, next) { } if (errors.length !== 0) { - send_error(res, "
" + errors.join('
') + "
" + errors.join('
') + "