From 4b8fbf8e7f51b967807af62be2c269e8b317cec5 Mon Sep 17 00:00:00 2001 From: fatchan Date: Thu, 2 May 2019 12:20:26 +0000 Subject: [PATCH] ability to force anon and toggle ids + changed postform order and placeholders --- models/forms/make-post.js | 41 ++++++++++++++++++++++++------------- views/includes/postform.pug | 15 +++++++------- views/mixins/post.pug | 13 ++++++------ wipe.js | 9 ++++++++ 4 files changed, 50 insertions(+), 28 deletions(-) diff --git a/models/forms/make-post.js b/models/forms/make-post.js index 463ee66d..babc2f7d 100644 --- a/models/forms/make-post.js +++ b/models/forms/make-post.js @@ -147,18 +147,25 @@ module.exports = async (req, res, next, numFiles) => { } } - //post salt for IDs + //poster ip + const ip = req.headers['x-real-ip'] || req.connection.remoteAddress; + + let userId = null; if (!salt) { + //thread salt for IDs salt = (await randomBytes(128)).toString('hex'); } - const ip = req.headers['x-real-ip'] || req.connection.remoteAddress; - const fullUserIdHash = crypto.createHash('sha256').update(salt + ip + req.params.board).digest('hex'); - const userId = fullUserIdHash.substring(fullUserIdHash.length-6); + if (res.locals.board.settings.ids) { + const fullUserIdHash = crypto.createHash('sha256').update(salt + ip + req.params.board).digest('hex'); + userId = fullUserIdHash.substring(fullUserIdHash.length-6); + } - let name = null; + let name = 'Anonymous'; let tripcode = null; let capcode = null; - if (req.body.name && req.body.name.length > 0) { + //if forceanon, only allow sage as email + const email = res.locals.board.settings.forceAnon && req.body.email !== 'sage' ? null : req.body.email; + if ((hasPerms || !res.locals.board.settings.forceAnon) && req.body.name && req.body.name.length > 0) { // get matches with named groups for name, trip and capcode in 1 regex const matches = req.body.name.match(nameRegex); if (matches && matches.groups) { @@ -190,7 +197,7 @@ module.exports = async (req, res, next, numFiles) => { //build post data for db const data = { 'date': new Date(), - 'name': name || 'Anonymous', + 'name': name, 'board': req.params.board, 'tripcode': tripcode, 'capcode': capcode, @@ -198,7 +205,7 @@ module.exports = async (req, res, next, numFiles) => { 'message': message || null, 'thread': req.body.thread || null, 'password': req.body.password || null, - 'email': req.body.email || null, + 'email': email, 'salt': !req.body.thread ? salt : null, 'spoiler': req.body.spoiler ? true : false, 'banmessage': null, @@ -207,12 +214,18 @@ module.exports = async (req, res, next, numFiles) => { 'files': files, 'reports': [], 'globalreports': [], - 'replyposts': 0, - 'replyfiles': 0, - 'sticky': false, - 'locked': false, - 'saged': false, - }; + } + + if (!req.body.thread) { + //if this is a thread, add replies, sticky, sage, lock, etc + Object.assign(data, { + 'replyposts': 0, + 'replyfiles': 0, + 'sticky': false, + 'locked': false, + 'saged': false + }); + } let postId; try { diff --git a/views/includes/postform.pug b/views/includes/postform.pug index 9d1e6888..e077b560 100644 --- a/views/includes/postform.pug +++ b/views/includes/postform.pug @@ -2,18 +2,16 @@ section.form-wrapper form.form-post(action=`/forms/board/${board._id}/post`, enctype='multipart/form-data', method='POST') input(type='hidden' name='_csrf' value=csrf) input(type='hidden' name='thread' value=thread != null ? thread.postId : null) - section.postform-row - .postform-label Name - input#name(type='text', name='name', placeholder='Anonymous' autocomplete='off' maxlength='50') + if !board.settings.forceAnon + section.postform-row + .postform-label Name + input#name(type='text', name='name', placeholder='Anonymous' autocomplete='off' maxlength='50') section.postform-row .postform-label Subject input#title(type='text', name='subject', autocomplete='off' maxlength='50') section.postform-row .postform-label Email input#name(type='text', name='email', autocomplete='off' maxlength='50') - section.postform-row - .postform-label Password - input#password(type='password', name='password', autocomplete='off' maxlength='50') section.postform-row .postform-label Message textarea#message(name='message', rows='5', autocomplete='off' maxlength='2000') @@ -23,6 +21,9 @@ section.form-wrapper label.postform-style.ph-5.ml-1 input#spoiler(type='checkbox', name='spoiler', value='true') | Spoiler + section.postform-row + .postform-label Password + input#password(type='password', name='password', autocomplete='off' placeholder='password for deleting post later' maxlength='50') section.postform-row .postform-label Captcha .postform-col @@ -30,5 +31,3 @@ section.form-wrapper input#captcha(type='text', name='captcha', autocomplete='off' placeholder='captcha text' maxlength='6') input(type='submit', value='submit') - - diff --git a/views/mixins/post.pug b/views/mixins/post.pug index 4562b118..e3b86c04 100644 --- a/views/mixins/post.pug +++ b/views/mixins/post.pug @@ -14,10 +14,10 @@ mixin post(post, truncate, manage=false, globalmanage=false) img(src='/img/saged.svg' height='12') if post.locked img(src='/img/locked.svg' height='12') - | + | if post.subject span.post-subject #{post.subject} - | + | if post.email a(href=`mailto:${post.email}`) span.post-name #{post.name} @@ -26,14 +26,15 @@ mixin post(post, truncate, manage=false, globalmanage=false) | if post.tripcode span.post-tripcode #{post.tripcode} - | + | if post.capcode span.post-capcode #{post.capcode} - | + | span #{post.date.toLocaleString()} | - span.user-id(style=`background: #${post.userId}`) #{post.userId} - | + if board.settings.ids && post.userId + span.user-id(style=`background: #${post.userId}`) #{post.userId} + | span: a(href=postURL) No.#{post.postId} .post-data if post.files.length > 0 diff --git a/wipe.js b/wipe.js index 9e16d2e5..00cdf194 100644 --- a/wipe.js +++ b/wipe.js @@ -1,3 +1,4 @@ + 'use strict'; const Mongo = require(__dirname+'/db/db.js') @@ -38,6 +39,10 @@ const Mongo = require(__dirname+'/db/db.js') owner: '', moderators: [], banners: [], + settings: { + forceAnon: true, + ids: true, + } }) await Boards.insertOne({ _id: 'b', @@ -46,6 +51,10 @@ const Mongo = require(__dirname+'/db/db.js') owner: '', moderators: [], banners: [], + settings: { + forceAnon: false, + ids: false, + } }) console.log('creating indexes') await Bans.db.dropIndexes();