Added limits to config.json
This commit is contained in:
parent
b3735ce606
commit
e341e8d2e9
|
|
@ -13,7 +13,7 @@ You need this headers for send request to API:
|
|||
```
|
||||
But in front end, the API will works with session.
|
||||
|
||||
## Limits:
|
||||
## Default Limits:
|
||||
- 3 - 25 char for username, password and category name
|
||||
- 256 char for user about and desp of category
|
||||
- 5 - 128 char for thread titles.
|
||||
|
|
|
|||
13
config.json
13
config.json
|
|
@ -1,5 +1,16 @@
|
|||
{
|
||||
"def_theme": "default",
|
||||
"forum_name": "akf",
|
||||
"description": "Akf-forum!"
|
||||
"description": "Akf-forum!",
|
||||
"limits": {
|
||||
"title": 128,
|
||||
"message": 1024,
|
||||
"names": 25,
|
||||
"desp": 256
|
||||
},
|
||||
"global_ratelimit":{
|
||||
"enabled": true,
|
||||
"max": 25,
|
||||
"windowMs": 60000
|
||||
}
|
||||
}
|
||||
13
index.js
13
index.js
|
|
@ -4,7 +4,7 @@ const { urlencoded: BP } = require('body-parser'),
|
|||
SES = require('express-session');
|
||||
|
||||
const
|
||||
{ def_theme, forum_name, description } = require("./config.json"),
|
||||
{ def_theme, forum_name, description, limits, global_ratelimit: RLS } = require("./config.json"),
|
||||
{ UserModel, BanModel } = require("./models"),
|
||||
port = process.env.PORT || 3000,
|
||||
mongoose = require("mongoose"),
|
||||
|
|
@ -19,8 +19,9 @@ mongoose.connect(process.env.MONGO_DB_URL,
|
|||
async () => console.log("Database is connected with", (app.ips = await BanModel.find({})).length, "banned IPs"));
|
||||
|
||||
app.set("view engine", "ejs");
|
||||
app.set("limits", limits);
|
||||
|
||||
app.use(express.static("public"), express.json(), IP(),
|
||||
app.use(express.static("public"), express.json(), IP(),
|
||||
SES({ secret: 'secret', resave: true, saveUninitialized: true }),
|
||||
async (req, res, next) => {
|
||||
if (app.ips.includes(req.clientIp)) return res.status(403).send("You are banned from this forum.");
|
||||
|
|
@ -38,12 +39,12 @@ app.use(express.static("public"), express.json(), IP(),
|
|||
return res.error(403, "Your account has been deleted.");
|
||||
}
|
||||
next();
|
||||
}, RL({
|
||||
windowMs: 60_000, max: 20,
|
||||
handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next()
|
||||
}), BP({ extended: true })
|
||||
}, BP({ extended: true })
|
||||
);
|
||||
|
||||
if (RLS.enabled)
|
||||
app.use(RL({ ...RLS, handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next() }));
|
||||
|
||||
for (const file of fs.readdirSync("./routes"))
|
||||
app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,9 @@ app.patch("/:id/", async (req, res) => {
|
|||
if (user.id !== message.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
||||
const { content = null } = req.body;
|
||||
if (!content) return res.error(400, "Missing message content in request body.");
|
||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
|
||||
const limits = req.app.get("limits");
|
||||
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
|
||||
message.content = content;
|
||||
message.edited = true;
|
||||
|
|
@ -45,7 +47,9 @@ app.post("/", rateLimit({
|
|||
|
||||
const { threadID, content } = req.body;
|
||||
if (!content) return res.error(400, "Missing message content in request body.");
|
||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
const limits = req.app.get("limits");
|
||||
|
||||
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
|
||||
const thread = await ThreadModel.get(threadID);
|
||||
|
||||
|
|
|
|||
|
|
@ -41,8 +41,10 @@ app.post("/", async (req, res) => {
|
|||
const { title, content, category } = req.body;
|
||||
|
||||
if (!content || !title) return res.error(400, "Missing content/title in request body.");
|
||||
if (title.length < 5 || title.length > 128) return res.error(400, "title must be between 5 - 128 characters");
|
||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
const limits = req.app.get("limits");
|
||||
|
||||
if (title.length < 5 || title.length > limits.title) return res.error(400, "title must be between 5 - 128 characters");
|
||||
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||
const { user } = req;
|
||||
const thread = await new ThreadModel({ title, author: user }).takeId()
|
||||
if (category)
|
||||
|
|
@ -61,7 +63,9 @@ app.patch("/:id/", async (req, res) => {
|
|||
if (user.id !== thread.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
||||
const { title } = req.body;
|
||||
if (!title) return res.error(400, "Missing thread title in request body.");
|
||||
if (title.length < 5 || title.length > 128) return res.error(400, "title must be between 5 - 128 characters");
|
||||
const limits = req.app.get("limits");
|
||||
|
||||
if (title.length < 5 || title.length > limits.title) return res.error(400, "title must be between 5 - 128 characters");
|
||||
|
||||
thread.title = title;
|
||||
await thread.save();
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ app.post("/:id/undelete/", async (req, res) => {
|
|||
if (!member.deleted) return res.error(404, "This user is not deleted, first, delete it.");
|
||||
|
||||
member.deleted = false;
|
||||
;
|
||||
|
||||
res.complate(await member.save());
|
||||
|
||||
|
|
@ -57,17 +56,17 @@ app.patch("/:id/", async (req, res) => {
|
|||
const { name, about, theme, admin, deleted } = req.body;
|
||||
|
||||
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
|
||||
|
||||
const { names, desp } = req.app.get("limits");
|
||||
|
||||
if (name) {
|
||||
|
||||
if (name.length < 3 || name.length > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||
if (name.length < 3 || names > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||
await SecretModel.updateOne({ id: member.id }, { username: name });
|
||||
member.name = name;
|
||||
}
|
||||
|
||||
if (about) {
|
||||
if (about.length > 256) return res.error(400, "About must be under 256 characters");
|
||||
if (about.length > desp) return res.error(400, "About must be under 256 characters");
|
||||
member.about = about;
|
||||
}
|
||||
if (theme || ["default", "black"].includes(theme)) member.theme = theme;
|
||||
|
|
|
|||
|
|
@ -16,8 +16,9 @@ app.post("/", rateLimit({
|
|||
let { username, password: body_pass, about } = req.body;
|
||||
|
||||
if (!username || !body_pass) return res.error(400, "You forgot entering some values");
|
||||
if (username.length < 3 || username.length > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||
if (body_pass.length < 3 || body_pass.length > 25) return res.error(400, "Password must be between 3 - 25 characters");
|
||||
const {names} = req.app.get("limits");
|
||||
if (username.length < 3 || names > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||
if (body_pass.length < 3 || names > 25) return res.error(400, "Password must be between 3 - 25 characters");
|
||||
|
||||
const user = await SecretModel.findOne({ username });
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue