Added old titles, and content for API.

2024-11-25 21:10:40 +03:00 · 2022-09-21 23:06:14 +03:00 · 2022-09-21 23:06:14 +03:00 · 4d39433fe1
commit 4d39433fe1
parent 984ac0e621
8 changed files with 33 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -41,7 +41,7 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
 ## TO-DO list
 | To do | Is done? | 
 | ----- | -------- | 
-| Profile Message | ⚪ | 
+| Profile Message or DM | ⚪ | 
 | Better Auth for API way | 🟢 | 
 | mod role, permissions | ⚪ | 
 | upload other photos, model for it | ⚪ | 
@ -50,6 +50,9 @@ Akf-forum has got an API for AJAX (fetch), other clients etc. And, you can learn
 | DC auth will store code for taking tokens, and create secret model setting | ⚪ |
 - IF a person liked a message, view.
 - Disable last seen button.
 - email auth.
 - thread.state =="approval" for threads.
 - old contents / titles add to forum interface
 ## Major Version History
 - V4: Caching
--- a/index.js
+++ b/index.js
@ -9,7 +9,7 @@ const
    app = express(),
    { urlencoded: BP } = require('body-parser'),
    { mw: IP } = require('request-ip'),
-    RL = require('express-rate-limit'),
+    { RL } = require('./lib'),
    SES = require('express-session'),
    MS = require("connect-mongo"),
    DB = mongoose.connect(process.env.MONGO_DB_URL)
@ -47,8 +47,7 @@ app.use(express.static("public"), express.json(), IP(), BP({ extended: true }),
 if (discord_auth)
    app.set("discord_auth", `https://discord.com/api/oauth2/authorize?client_id=${process.env.DISCORD_CLIENT}&redirect_uri=${host}%2Fdiscord_auth%2Fhash&response_type=token&scope=identify`);
-if (RLS.enabled)
+if (RLS.enabled) app.use(RL(RSL.windowMs, RLS.max));
    app.use(RL({ ...RLS, handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next() }));
 for (const file of fs.readdirSync("./routes"))
    app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
--- a/lib.js
+++ b/lib.js
@ -0,0 +1,7 @@
 const RL = require('express-rate-limit');
 module.exports.RL = (windowMs = 60_000, max = 1) =>
    RL({
        windowMs, max, standardHeaders: true, legacyHeaders: false,
        handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next()
    })
--- a/models/Message.js
+++ b/models/Message.js
@ -8,7 +8,7 @@ const schema = new mongoose.Schema({
    threadID: String,
    authorID: String,
    content: { type: String, maxlength: limits.message },
-    oldContents: [{ type: String, maxlength: limits.message }],
+    oldContents: [String],
    time: { type: Date, default: Date.now },
    deleted: { type: Boolean, default: false },
    edited: { type: Boolean, default: false },
--- a/models/Thread.js
+++ b/models/Thread.js
@ -11,6 +11,8 @@ const schema = new mongoose.Schema({
    author: Object,
    title: { type: String, maxlength: limits.title },
    oldTitles: [String],
    time: { type: Date, default: Date.now },
    deleted: { type: Boolean, default: false },
    edited: { type: Boolean, default: false },
--- a/routes/api/routes/messages.js
+++ b/routes/api/routes/messages.js
@ -1,6 +1,5 @@
 const { MessageModel, ThreadModel } = require("../../../models");
-const rateLimit = require('express-rate-limit')
+const { RL } = require('../../../lib');
 const { Router } = require("express")
 const app = Router();
@ -32,6 +31,10 @@ app.patch("/:id/", async (req, res) => {
    if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
    message.content = content;
    if (!message.oldContents.includes(content))
        message.oldContents.push(content);
    message.edited = true;
    await message.save();
@ -39,11 +42,7 @@ app.patch("/:id/", async (req, res) => {
 })
-app.post("/", rateLimit({
+app.post("/", RL(), async (req, res) => {
    windowMs: 60_000, max: 1, standardHeaders: true, legacyHeaders: false,
    handler: (request, response, next, options) =>
        !request.user.admin ? response.error(options.statusCode, "You are begin ratelimited") : next()
 }), async (req, res) => {
    const { threadID, content } = req.body;
    if (!content) return res.error(400, "Missing message content in request body.");
--- a/routes/api/routes/threads.js
+++ b/routes/api/routes/threads.js
@ -1,5 +1,6 @@
 const { MessageModel, ThreadModel } = require("../../../models");
 const { Router } = require("express")
 const { RL } = require('../../../lib');
 const app = Router();
 app.param("id", async (req, res, next, id) => {
@ -36,7 +37,7 @@ app.get("/:id/messages/", async (req, res) => {
 })
-app.post("/", async (req, res) => {
+app.post("/", RL(5 * 60_000, 1), async (req, res) => {
    const { title, content, category } = req.body;
@ -68,6 +69,10 @@ app.patch("/:id/", async (req, res) => {
    if (title.length < 5 || title.length > limits.title) return res.error(400, "title must be between 5 - 128 characters");
    thread.title = title;
    if (!thread.oldTitles.includes(title))
        thread.oldTitles.push(title);
    await thread.save();
    res.complate(thread);
--- a/routes/register.js
+++ b/routes/register.js
@ -1,15 +1,12 @@
 const { UserModel, SecretModel } = require("../models");
 const { Router } = require("express")
 const bcrypt = require("bcrypt");
-const rateLimit = require('express-rate-limit');
+const { RL } = require('../lib');
 const app = Router();
 app.get("/", (req, res) => res.reply("register", { user: null, discord: req.app.get("discord_auth") }));
-app.post("/", rateLimit({
+app.post("/", RL(24 * 60 * 60_000, 5), async (req, res) => {
    windowMs: 24 * 60 * 60_000, max: 5, standardHeaders: true, legacyHeaders: false,
    handler: (_r, response, _n, options) => response.error(options.statusCode, "You are begin ratelimited")
 }), async (req, res) => {
    req.session.userID = null;