diff --git a/controllers/api.js b/controllers/api.js index 7f065269..dfe15793 100644 --- a/controllers/api.js +++ b/controllers/api.js @@ -10,10 +10,11 @@ const express = require('express') , getRecent = require(__dirname+'/../models/api/get-recent.js') , getThread = require(__dirname+'/../models/api/get-thread.js') , getCatalog = require(__dirname+'/../models/api/get-catalog.js') - , getBoards = require(__dirname+'/../models/api/get-boards.js'); + , getBoards = require(__dirname+'/../models/api/get-boards.js') + , numberConverter = require(__dirname+'/../helpers/number-converter.js'); // make new post -router.post('/board/:board', Boards.exists, (req, res, next) => { +router.post('/board/:board', Boards.exists, numberConverter, (req, res, next) => { let numFiles = 0; if (req.files && req.files.file) { @@ -59,7 +60,7 @@ router.post('/board/:board', Boards.exists, (req, res, next) => { }); // delete a post. using POST isntead of DELETE because of html forms supprot -router.post('/board/:board/delete', Boards.exists, (req, res, next) => { +router.post('/board/:board/delete', Boards.exists, numberConverter, (req, res, next) => { const errors = []; diff --git a/controllers/pages.js b/controllers/pages.js index 416758ee..70887a36 100644 --- a/controllers/pages.js +++ b/controllers/pages.js @@ -7,7 +7,8 @@ const express = require('express') , register = require(__dirname+'/../models/pages/register.js') , login = require(__dirname+'/../models/pages/login.js') , board = require(__dirname+'/../models/pages/board.js') - , thread = require(__dirname+'/../models/pages/thread.js'); + , thread = require(__dirname+'/../models/pages/thread.js') + , numberConverter = require(__dirname+'/../helpers/number-converter.js'); //login page router.get('/login', login); @@ -19,7 +20,7 @@ router.get('/register', register); router.get('/', home); // board page/recents -router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => { +router.get('/:board/:page(\\d+)?', Boards.exists, numberConverter, (req, res, next) => { const errors = []; @@ -40,7 +41,7 @@ router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => { }); // thread view page -router.get('/:board/thread/:id(\\d+)', Boards.exists, thread); +router.get('/:board/thread/:id(\\d+)', Boards.exists, numberConverter, thread); module.exports = router; diff --git a/db-models/boards.js b/db-models/boards.js index a272e073..6dc718b3 100644 --- a/db-models/boards.js +++ b/db-models/boards.js @@ -58,8 +58,7 @@ module.exports = { } ); - // faster than toString() - return increment.value.sequence_value + ''; + return increment.value.sequence_value; }, diff --git a/db-models/posts.js b/db-models/posts.js index d0d3c68d..1537a6d0 100644 --- a/db-models/posts.js +++ b/db-models/posts.js @@ -104,13 +104,18 @@ module.exports = { getPost: async (board, id, admin) => { // get a post + if (admin) { + return db.collection(board).findOne({ + '_id': id + }); + } + return db.collection(board).findOne({ '_id': id }, { 'projection': { - 'salt': admin || false, - 'password': admin || false - //only reveal passwords when admin is true (e.g. getting to check salt) + 'salt': 0, + 'password': 0 } }); @@ -119,15 +124,22 @@ module.exports = { //takes array "ids" of post ids getPosts: async(board, ids, admin) => { + if (admin) { + return db.collection(board).find({ + '_id': { + '$in': ids + } + }).toArray(); + } + return db.collection(board).find({ '_id': { '$in': ids } }, { 'projection': { - 'salt': admin || false, - 'password': admin || false - //only reveal passwords when admin is true (e.g. when fetching for deletion) + 'salt': 0, + 'password': 0 } }).toArray(); @@ -136,7 +148,7 @@ module.exports = { insertOne: async (board, data) => { // bump thread if name not sage - if (data.thread !== null && data.author !== 'sage') { + if (data.thread !== null && data.name !== 'sage') { await db.collection(board).updateOne({ '_id': data.thread }, { diff --git a/helpers/number-converter.js b/helpers/number-converter.js new file mode 100644 index 00000000..149ce2f4 --- /dev/null +++ b/helpers/number-converter.js @@ -0,0 +1,24 @@ +'use strict'; + +module.exports = (req, res, next) => { + + //for body + if (req.body.thread) { + req.body.thread = +req.body.thread; + } + if (req.body.checked) { + //syntax casts all string to number + req.body.checked = req.body.checked.map(Number); + } + + //and for params + if (req.params.id) { + req.params.id = +req.params.id; + } + if (req.params.page) { + req.params.page = +req.params.page; + } + + next(); + +} diff --git a/models/api/make-post.js b/models/api/make-post.js index 5f5ba0f7..6242763d 100644 --- a/models/api/make-post.js +++ b/models/api/make-post.js @@ -165,6 +165,7 @@ module.exports = async (req, res, numFiles) => { 'files': files, 'salt': salt, }; + const post = await Posts.insertOne(req.params.board, data) const successRedirect = `/${req.params.board}/thread/${req.body.thread || post.insertedId}`; diff --git a/models/pages/thread.js b/models/pages/thread.js index fb408437..e11ebd34 100644 --- a/models/pages/thread.js +++ b/models/pages/thread.js @@ -3,6 +3,7 @@ const Posts = require(__dirname+'/../../db-models/posts.js'); module.exports = async (req, res) => { + //get the recently bumped thread & preview posts let thread; try { diff --git a/wipe.js b/wipe.js index 7cd8dbaa..e7abfcb1 100644 --- a/wipe.js +++ b/wipe.js @@ -37,13 +37,15 @@ const Mongo = require(__dirname+'/helpers/db.js') }) console.log('creating indexes') await Posts.db.collection('b').createIndex({"thread": 1}); + await Posts.db.collection('b').createIndex({"bumped": 1}); await Posts.db.collection('pol').createIndex({"thread": 1}); + await Posts.db.collection('pol').createIndex({"bumped": 1}); await readdir('static/img/').then(async files => { await Promise.all(files.map(async file => { unlink(path.join('static/img/', file)); })) }); - console.log('creating admin account: admin:changeme'); - await Accounts.insertOne('admin', 'changeme', 3); +// console.log('creating admin account: admin:changeme'); +// await Accounts.insertOne('admin', 'changeme', 3); console.log('done'); })();