akf-forum/routes/message.js
Akif9748 11965e8de9 ratelimit & crypto & .ejs fix
added ratelimit to post threads and messages.
Added encryption to passwords.
Thread.ejs is fixed
2022-08-10 00:22:12 +03:00

70 lines
No EOL
2 KiB
JavaScript

const { ThreadModel, MessageModel } = require("../models");
const error = require("../errors/error")
const rateLimit = require('express-rate-limit')
const { Router } = require("express");
const app = Router();
app.get("/:id", async (req, res) => {
const message = await MessageModel.get(req.params.id);
if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id.");
res.redirect("/threads/" + message.threadID);
});
app.use(require("../middlewares/login"));
app.post("/", rateLimit({
windowMs: 60_000, max: 1, standardHeaders: true, legacyHeaders: false
}), async (req, res) => {
const thread = await ThreadModel.get(req.body.threadID);
if (thread) {
const message = await new MessageModel({ content: req.body.content, author: req.user, threadID: thread.id }).takeId();
await message.save();
await thread.push(message.id).save();
res.redirect('/threads/' + req.body.threadID);
}
else
error(res, 404, "We have not got this thread.");
});
app.post("/:id/delete", async (req, res) => {
const message = await MessageModel.get(req.params.id);
if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id.");
const user = req.user;
if (user.id != message.authorID && !user.admin)
return error(res, 403, "You have not got permission for this.");
message.deleted = true;
await message.save();
res.status(200).redirect("/threads/" + message.threadID);
})
app.post("/:id/react", async (req, res) => {
const info = req.body;
const message = await MessageModel.get(req.params.id);
if (message) {
if (req.user.id in message.react)
delete message.react[req.session.userid];
else
message.react[req.session.userid] = "like" in info;
await message.save();
res.redirect("/threads/" + message.threadID);
} else error(res, 404, "We have not got this Message for reacting.");
});
module.exports = app;