mirror of https://gitgud.io/fatchan/jschan.git
parent
e7dc699cbc
commit
8a0160a924
17 changed files with 196 additions and 30 deletions
@ -1,4 +1,6 @@ |
||||
node_modules/ |
||||
configs/*.json |
||||
uploads/img/* |
||||
uploads/captcha/* |
||||
gulp/dist/ |
||||
tmp/ |
||||
|
@ -0,0 +1,25 @@ |
||||
'use strict'; |
||||
|
||||
const Mongo = require(__dirname+'/db.js') |
||||
, db = Mongo.client.db('jschan').collection('captchas'); |
||||
|
||||
module.exports = { |
||||
|
||||
db, |
||||
|
||||
findOne: (id) => { |
||||
return db.findOne({ '_id': id }); |
||||
}, |
||||
|
||||
insertOne: (text) => { |
||||
return db.insertOne({ |
||||
'text': text, |
||||
'expireAt': new Date((new Date).getTime() + (5*1000*60)) //5 minute expiration
|
||||
}); |
||||
}, |
||||
|
||||
deleteAll: () => { |
||||
return db.deleteMany({}); |
||||
}, |
||||
|
||||
} |
@ -0,0 +1,47 @@ |
||||
'use strict'; |
||||
|
||||
const Captchas = require(__dirname+'/../db/captchas.js') |
||||
, Mongo = require(__dirname+'/../db/db.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
//check if captcha field in form is valid
|
||||
const input = req.body.captcha; |
||||
if (!input || input.length !== 6) { |
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Incorrect captcha' |
||||
}); |
||||
} |
||||
|
||||
//make sure they have captcha cookie and its 24 chars
|
||||
const captchaId = req.cookies.captchaid; |
||||
if (!captchaId || captchaId.length !== 24) { |
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Captcha expired' |
||||
}); |
||||
} |
||||
|
||||
// try to get the captcha from the DB
|
||||
let captcha; |
||||
try { |
||||
const captchaMongoId = Mongo.ObjectId(captchaId); |
||||
captcha = await Captchas.findOne(captchaMongoId); |
||||
} catch (err) { |
||||
return next(err); |
||||
} |
||||
|
||||
//check that it exists and matches captcha in DB
|
||||
if (!captcha || captcha.text !== input) { |
||||
return res.status(403).render('message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Incorrect captcha' |
||||
}); |
||||
} |
||||
|
||||
//it was correct, so continue
|
||||
res.clearCookie('captchaid'); |
||||
return next(); |
||||
|
||||
} |
@ -0,0 +1,27 @@ |
||||
'use strict'; |
||||
|
||||
const Boards = require(__dirname+'/../../db/boards.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
if (!req.query.board) { |
||||
return next(); |
||||
} |
||||
|
||||
// get all threads
|
||||
let board; |
||||
try { |
||||
board = await Boards.findOne(req.query.board); |
||||
} catch (err) { |
||||
return next(err); |
||||
} |
||||
|
||||
if (!board) { |
||||
return next(); |
||||
} |
||||
|
||||
const randomBanner = board.banners[Math.floor(Math.random()*board.banners.length)]; |
||||
|
||||
return res.redirect(`/img/${randomBanner}`); |
||||
|
||||
} |
@ -0,0 +1,32 @@ |
||||
'use strict'; |
||||
|
||||
const crypto = require('crypto') |
||||
, Captchas = require(__dirname+'/../../db/captchas.js') |
||||
, generateCaptcha = require(__dirname+'/../../helpers/captchagenerate.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
//will move captcha cookie check to nginx at some point
|
||||
if (req.cookies.captchaid) { |
||||
return res.redirect(`/captcha/${req.cookies.captchaid}.png`); |
||||
} |
||||
|
||||
// if we got here, they dont have a cookie so we need to
|
||||
// gen a captcha, set their cookie and redirect to the captcha
|
||||
const text = crypto.randomBytes(20).toString('hex').substring(0,6); |
||||
let captchaId; |
||||
try { |
||||
captchaId = await Captchas.insertOne(text).then(r => r.insertedId); //get id of document as filename and captchaid
|
||||
await generateCaptcha(text, captchaId); |
||||
} catch (err) { |
||||
return next(err); |
||||
} |
||||
|
||||
return res |
||||
.cookie('captchaid', captchaId, { |
||||
'maxAge': 5*60*1000, //5 minute cookie
|
||||
'httpOnly': true |
||||
}) |
||||
.redirect(`/captcha/${captchaId}.png`); |
||||
|
||||
} |
@ -1,6 +1,6 @@ |
||||
section.board-header |
||||
if board.banners.length > 0 |
||||
object.board-banner(data=`/img/${board.banners[Math.floor(Math.random()*board.banners.length)]}` width='300' height='100') |
||||
object.board-banner(data=`/banners?board=${board._id}` width='300' height='100') |
||||
a.no-decoration(href=`/${board._id}`) |
||||
h1.board-title /#{board._id}/ - #{board.name} |
||||
h4.board-description #{board.description} |
||||
|
Loading…
Reference in new issue