mirror of
https://github.com/Akif9748/akf-forum.git
synced 2024-11-22 12:00:41 +03:00
Added limits to config.json
This commit is contained in:
parent
b3735ce606
commit
e341e8d2e9
7 changed files with 39 additions and 19 deletions
|
@ -13,7 +13,7 @@ You need this headers for send request to API:
|
||||||
```
|
```
|
||||||
But in front end, the API will works with session.
|
But in front end, the API will works with session.
|
||||||
|
|
||||||
## Limits:
|
## Default Limits:
|
||||||
- 3 - 25 char for username, password and category name
|
- 3 - 25 char for username, password and category name
|
||||||
- 256 char for user about and desp of category
|
- 256 char for user about and desp of category
|
||||||
- 5 - 128 char for thread titles.
|
- 5 - 128 char for thread titles.
|
||||||
|
|
13
config.json
13
config.json
|
@ -1,5 +1,16 @@
|
||||||
{
|
{
|
||||||
"def_theme": "default",
|
"def_theme": "default",
|
||||||
"forum_name": "akf",
|
"forum_name": "akf",
|
||||||
"description": "Akf-forum!"
|
"description": "Akf-forum!",
|
||||||
|
"limits": {
|
||||||
|
"title": 128,
|
||||||
|
"message": 1024,
|
||||||
|
"names": 25,
|
||||||
|
"desp": 256
|
||||||
|
},
|
||||||
|
"global_ratelimit":{
|
||||||
|
"enabled": true,
|
||||||
|
"max": 25,
|
||||||
|
"windowMs": 60000
|
||||||
|
}
|
||||||
}
|
}
|
13
index.js
13
index.js
|
@ -4,7 +4,7 @@ const { urlencoded: BP } = require('body-parser'),
|
||||||
SES = require('express-session');
|
SES = require('express-session');
|
||||||
|
|
||||||
const
|
const
|
||||||
{ def_theme, forum_name, description } = require("./config.json"),
|
{ def_theme, forum_name, description, limits, global_ratelimit: RLS } = require("./config.json"),
|
||||||
{ UserModel, BanModel } = require("./models"),
|
{ UserModel, BanModel } = require("./models"),
|
||||||
port = process.env.PORT || 3000,
|
port = process.env.PORT || 3000,
|
||||||
mongoose = require("mongoose"),
|
mongoose = require("mongoose"),
|
||||||
|
@ -19,8 +19,9 @@ mongoose.connect(process.env.MONGO_DB_URL,
|
||||||
async () => console.log("Database is connected with", (app.ips = await BanModel.find({})).length, "banned IPs"));
|
async () => console.log("Database is connected with", (app.ips = await BanModel.find({})).length, "banned IPs"));
|
||||||
|
|
||||||
app.set("view engine", "ejs");
|
app.set("view engine", "ejs");
|
||||||
|
app.set("limits", limits);
|
||||||
|
|
||||||
app.use(express.static("public"), express.json(), IP(),
|
app.use(express.static("public"), express.json(), IP(),
|
||||||
SES({ secret: 'secret', resave: true, saveUninitialized: true }),
|
SES({ secret: 'secret', resave: true, saveUninitialized: true }),
|
||||||
async (req, res, next) => {
|
async (req, res, next) => {
|
||||||
if (app.ips.includes(req.clientIp)) return res.status(403).send("You are banned from this forum.");
|
if (app.ips.includes(req.clientIp)) return res.status(403).send("You are banned from this forum.");
|
||||||
|
@ -38,12 +39,12 @@ app.use(express.static("public"), express.json(), IP(),
|
||||||
return res.error(403, "Your account has been deleted.");
|
return res.error(403, "Your account has been deleted.");
|
||||||
}
|
}
|
||||||
next();
|
next();
|
||||||
}, RL({
|
}, BP({ extended: true })
|
||||||
windowMs: 60_000, max: 20,
|
|
||||||
handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next()
|
|
||||||
}), BP({ extended: true })
|
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (RLS.enabled)
|
||||||
|
app.use(RL({ ...RLS, handler: (req, res, next, opts) => !req.user?.admin ? res.error(opts.statusCode, "You are begin ratelimited") : next() }));
|
||||||
|
|
||||||
for (const file of fs.readdirSync("./routes"))
|
for (const file of fs.readdirSync("./routes"))
|
||||||
app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
|
app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,9 @@ app.patch("/:id/", async (req, res) => {
|
||||||
if (user.id !== message.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
if (user.id !== message.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
||||||
const { content = null } = req.body;
|
const { content = null } = req.body;
|
||||||
if (!content) return res.error(400, "Missing message content in request body.");
|
if (!content) return res.error(400, "Missing message content in request body.");
|
||||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
|
||||||
|
const limits = req.app.get("limits");
|
||||||
|
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||||
|
|
||||||
message.content = content;
|
message.content = content;
|
||||||
message.edited = true;
|
message.edited = true;
|
||||||
|
@ -45,7 +47,9 @@ app.post("/", rateLimit({
|
||||||
|
|
||||||
const { threadID, content } = req.body;
|
const { threadID, content } = req.body;
|
||||||
if (!content) return res.error(400, "Missing message content in request body.");
|
if (!content) return res.error(400, "Missing message content in request body.");
|
||||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
const limits = req.app.get("limits");
|
||||||
|
|
||||||
|
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||||
|
|
||||||
const thread = await ThreadModel.get(threadID);
|
const thread = await ThreadModel.get(threadID);
|
||||||
|
|
||||||
|
|
|
@ -41,8 +41,10 @@ app.post("/", async (req, res) => {
|
||||||
const { title, content, category } = req.body;
|
const { title, content, category } = req.body;
|
||||||
|
|
||||||
if (!content || !title) return res.error(400, "Missing content/title in request body.");
|
if (!content || !title) return res.error(400, "Missing content/title in request body.");
|
||||||
if (title.length < 5 || title.length > 128) return res.error(400, "title must be between 5 - 128 characters");
|
const limits = req.app.get("limits");
|
||||||
if (content.length < 5 || content.length > 1024) return res.error(400, "content must be between 5 - 1024 characters");
|
|
||||||
|
if (title.length < 5 || title.length > limits.title) return res.error(400, "title must be between 5 - 128 characters");
|
||||||
|
if (content.length < 5 || content.length > limits.message) return res.error(400, "content must be between 5 - 1024 characters");
|
||||||
const { user } = req;
|
const { user } = req;
|
||||||
const thread = await new ThreadModel({ title, author: user }).takeId()
|
const thread = await new ThreadModel({ title, author: user }).takeId()
|
||||||
if (category)
|
if (category)
|
||||||
|
@ -61,7 +63,9 @@ app.patch("/:id/", async (req, res) => {
|
||||||
if (user.id !== thread.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
if (user.id !== thread.authorID && !user.admin) return res.error(403, "You have not got permission for this.");
|
||||||
const { title } = req.body;
|
const { title } = req.body;
|
||||||
if (!title) return res.error(400, "Missing thread title in request body.");
|
if (!title) return res.error(400, "Missing thread title in request body.");
|
||||||
if (title.length < 5 || title.length > 128) return res.error(400, "title must be between 5 - 128 characters");
|
const limits = req.app.get("limits");
|
||||||
|
|
||||||
|
if (title.length < 5 || title.length > limits.title) return res.error(400, "title must be between 5 - 128 characters");
|
||||||
|
|
||||||
thread.title = title;
|
thread.title = title;
|
||||||
await thread.save();
|
await thread.save();
|
||||||
|
|
|
@ -42,7 +42,6 @@ app.post("/:id/undelete/", async (req, res) => {
|
||||||
if (!member.deleted) return res.error(404, "This user is not deleted, first, delete it.");
|
if (!member.deleted) return res.error(404, "This user is not deleted, first, delete it.");
|
||||||
|
|
||||||
member.deleted = false;
|
member.deleted = false;
|
||||||
;
|
|
||||||
|
|
||||||
res.complate(await member.save());
|
res.complate(await member.save());
|
||||||
|
|
||||||
|
@ -57,17 +56,17 @@ app.patch("/:id/", async (req, res) => {
|
||||||
const { name, about, theme, admin, deleted } = req.body;
|
const { name, about, theme, admin, deleted } = req.body;
|
||||||
|
|
||||||
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
|
if ((admin?.length || "deleted" in req.body) && !req.user.admin) return res.error(403, "You have not got permission for edit 'admin' and 'deleted' information, or bad request.");
|
||||||
|
const { names, desp } = req.app.get("limits");
|
||||||
|
|
||||||
if (name) {
|
if (name) {
|
||||||
|
|
||||||
if (name.length < 3 || name.length > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
if (name.length < 3 || names > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||||
await SecretModel.updateOne({ id: member.id }, { username: name });
|
await SecretModel.updateOne({ id: member.id }, { username: name });
|
||||||
member.name = name;
|
member.name = name;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (about) {
|
if (about) {
|
||||||
if (about.length > 256) return res.error(400, "About must be under 256 characters");
|
if (about.length > desp) return res.error(400, "About must be under 256 characters");
|
||||||
member.about = about;
|
member.about = about;
|
||||||
}
|
}
|
||||||
if (theme || ["default", "black"].includes(theme)) member.theme = theme;
|
if (theme || ["default", "black"].includes(theme)) member.theme = theme;
|
||||||
|
|
|
@ -16,8 +16,9 @@ app.post("/", rateLimit({
|
||||||
let { username, password: body_pass, about } = req.body;
|
let { username, password: body_pass, about } = req.body;
|
||||||
|
|
||||||
if (!username || !body_pass) return res.error(400, "You forgot entering some values");
|
if (!username || !body_pass) return res.error(400, "You forgot entering some values");
|
||||||
if (username.length < 3 || username.length > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
const {names} = req.app.get("limits");
|
||||||
if (body_pass.length < 3 || body_pass.length > 25) return res.error(400, "Password must be between 3 - 25 characters");
|
if (username.length < 3 || names > 25) return res.error(400, "Username must be between 3 - 25 characters");
|
||||||
|
if (body_pass.length < 3 || names > 25) return res.error(400, "Password must be between 3 - 25 characters");
|
||||||
|
|
||||||
const user = await SecretModel.findOne({ username });
|
const user = await SecretModel.findOne({ username });
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue