fix sage, param/body data types and projectons

5 years ago · c0be2c0c9f
parent 54b5f4c9e1
commit c0be2c0c9f
8 changed files with 58 additions and 17 deletions
--- a/controllers/api.js
+++ b/controllers/api.js
@ -10,10 +10,11 @@ const express  = require('express')
 	, getRecent = require(__dirname+'/../models/api/get-recent.js')
 	, getThread = require(__dirname+'/../models/api/get-thread.js')
 	, getCatalog = require(__dirname+'/../models/api/get-catalog.js')
-	, getBoards = require(__dirname+'/../models/api/get-boards.js');
+	, getBoards = require(__dirname+'/../models/api/get-boards.js')
+	, numberConverter = require(__dirname+'/../helpers/number-converter.js');

 // make new post
-router.post('/board/:board', Boards.exists, (req, res, next) => {
+router.post('/board/:board', Boards.exists, numberConverter, (req, res, next) => {

 	let numFiles = 0;
 	if (req.files && req.files.file) {
@ -59,7 +60,7 @@ router.post('/board/:board', Boards.exists, (req, res, next) => {
 });

 // delete a post. using POST isntead of DELETE because of html forms supprot
-router.post('/board/:board/delete', Boards.exists, (req, res, next) => {
+router.post('/board/:board/delete', Boards.exists, numberConverter, (req, res, next) => {

 	const errors = [];

--- a/controllers/pages.js
+++ b/controllers/pages.js
@ -7,7 +7,8 @@ const express  = require('express')
    , register = require(__dirname+'/../models/pages/register.js')
    , login = require(__dirname+'/../models/pages/login.js')
 	, board = require(__dirname+'/../models/pages/board.js')
-	, thread = require(__dirname+'/../models/pages/thread.js');
+	, thread = require(__dirname+'/../models/pages/thread.js')
+	, numberConverter = require(__dirname+'/../helpers/number-converter.js');

 //login page
 router.get('/login', login);
@ -19,7 +20,7 @@ router.get('/register', register);
 router.get('/', home);

 // board page/recents
-router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => {
+router.get('/:board/:page(\\d+)?', Boards.exists, numberConverter, (req, res, next) => {

    const errors = [];

@ -40,7 +41,7 @@ router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => {
 });

 // thread view page
-router.get('/:board/thread/:id(\\d+)', Boards.exists, thread);
+router.get('/:board/thread/:id(\\d+)', Boards.exists, numberConverter, thread);

 module.exports = router;

--- a/db-models/boards.js
+++ b/db-models/boards.js
@ -58,8 +58,7 @@ module.exports = {
 			}
 		);

-		// faster than toString()
-		return increment.value.sequence_value + '';
+		return increment.value.sequence_value;

 	},

--- a/db-models/posts.js
+++ b/db-models/posts.js
@ -104,13 +104,18 @@ module.exports = {
 	getPost: async (board, id, admin) => {

 		// get a post
+		if (admin) {
+			return db.collection(board).findOne({
+				'_id': id
+			});
+		}
+
 		return db.collection(board).findOne({
 			'_id': id
 		}, {
 			'projection': {
-				'salt': admin || false,
-				'password': admin || false
-				//only reveal passwords when admin is true (e.g. getting to check salt)
+				'salt': 0,
+				'password': 0
 			}
 		});

@ -119,15 +124,22 @@ module.exports = {
 	//takes array "ids" of post ids
 	getPosts: async(board, ids, admin) => {

+		if (admin) {
+			return db.collection(board).find({
+				'_id': {
+					'$in': ids
+				}
+			}).toArray();
+		}
+
 		return db.collection(board).find({
 			'_id': {
 				'$in': ids
 			}
 		}, {
 			'projection': {
-				'salt': admin || false,
-				'password': admin || false
-				//only reveal passwords when admin is true (e.g. when fetching for deletion)
+				'salt': 0,
+				'password': 0
 			}
 		}).toArray();

@ -136,7 +148,7 @@ module.exports = {
 	insertOne: async (board, data) => {

 		// bump thread if name not sage
-		if (data.thread !== null && data.author !== 'sage') {
+		if (data.thread !== null && data.name !== 'sage') {
 			await db.collection(board).updateOne({
 				'_id': data.thread
 			}, {
--- a/helpers/number-converter.js
+++ b/helpers/number-converter.js
@ -0,0 +1,24 @@
+'use strict';
+
+module.exports = (req, res, next) => {
+
+	//for body
+	if (req.body.thread) {
+		req.body.thread = +req.body.thread;
+	}
+	if (req.body.checked) {
+		//syntax casts all string to number
+		req.body.checked = req.body.checked.map(Number);
+	}
+
+	//and for params
+	if (req.params.id) {
+		req.params.id = +req.params.id;
+	}
+	if (req.params.page) {
+		req.params.page = +req.params.page;
+	}
+
+	next();
+
+}
--- a/models/api/make-post.js
+++ b/models/api/make-post.js
@ -165,6 +165,7 @@ module.exports = async (req, res, numFiles) => {
 		'files': files,
 		'salt': salt,
 	};
+
 	const post = await Posts.insertOne(req.params.board, data)
 	const successRedirect = `/${req.params.board}/thread/${req.body.thread || post.insertedId}`;

--- a/models/pages/thread.js
+++ b/models/pages/thread.js
@ -3,6 +3,7 @@
 const Posts = require(__dirname+'/../../db-models/posts.js');

 module.exports = async (req, res) => {
+
    //get the recently bumped thread & preview posts
    let thread;
    try {
--- a/wipe.js
+++ b/wipe.js
@ -37,13 +37,15 @@ const Mongo = require(__dirname+'/helpers/db.js')
 	})
 	console.log('creating indexes')
 	await Posts.db.collection('b').createIndex({"thread": 1});
+	await Posts.db.collection('b').createIndex({"bumped": 1});
 	await Posts.db.collection('pol').createIndex({"thread": 1});
+	await Posts.db.collection('pol').createIndex({"bumped": 1});
 	await readdir('static/img/').then(async files => {
 		await Promise.all(files.map(async file => {
 			unlink(path.join('static/img/', file));
 		}))
 	});
-	console.log('creating admin account: admin:changeme');
-	await Accounts.insertOne('admin', 'changeme', 3);
+//	console.log('creating admin account: admin:changeme');
+//	await Accounts.insertOne('admin', 'changeme', 3);
 	console.log('done');
 })();