fix sage, param/body data types and projectons

5 years ago · c0be2c0c9f
parent 54b5f4c9e1
commit c0be2c0c9f
8 changed files with 58 additions and 17 deletions
--- a/controllers/api.js
+++ b/controllers/api.js
@ -10,10 +10,11 @@ const express  = require('express')
 	, getRecent = require(__dirname+'/../models/api/get-recent.js')
 	, getThread = require(__dirname+'/../models/api/get-thread.js')
 	, getCatalog = require(__dirname+'/../models/api/get-catalog.js')
-	, getBoards = require(__dirname+'/../models/api/get-boards.js');
+	, getBoards = require(__dirname+'/../models/api/get-boards.js')
 	, numberConverter = require(__dirname+'/../helpers/number-converter.js');
 // make new post
-router.post('/board/:board', Boards.exists, (req, res, next) => {
+router.post('/board/:board', Boards.exists, numberConverter, (req, res, next) => {
 	let numFiles = 0;
 	if (req.files && req.files.file) {
@ -59,7 +60,7 @@ router.post('/board/:board', Boards.exists, (req, res, next) => {
 });
 // delete a post. using POST isntead of DELETE because of html forms supprot
-router.post('/board/:board/delete', Boards.exists, (req, res, next) => {
+router.post('/board/:board/delete', Boards.exists, numberConverter, (req, res, next) => {
 	const errors = [];
--- a/controllers/pages.js
+++ b/controllers/pages.js
@ -7,7 +7,8 @@ const express  = require('express')
    , register = require(__dirname+'/../models/pages/register.js')
    , login = require(__dirname+'/../models/pages/login.js')
 	, board = require(__dirname+'/../models/pages/board.js')
-	, thread = require(__dirname+'/../models/pages/thread.js');
+	, thread = require(__dirname+'/../models/pages/thread.js')
 	, numberConverter = require(__dirname+'/../helpers/number-converter.js');
 //login page
 router.get('/login', login);
@ -19,7 +20,7 @@ router.get('/register', register);
 router.get('/', home);
 // board page/recents
-router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => {
+router.get('/:board/:page(\\d+)?', Boards.exists, numberConverter, (req, res, next) => {
    const errors = [];
@ -40,7 +41,7 @@ router.get('/:board/:page(\\d+)?', Boards.exists, (req, res, next) => {
 });
 // thread view page
-router.get('/:board/thread/:id(\\d+)', Boards.exists, thread);
+router.get('/:board/thread/:id(\\d+)', Boards.exists, numberConverter, thread);
 module.exports = router;
--- a/db-models/boards.js
+++ b/db-models/boards.js
@ -58,8 +58,7 @@ module.exports = {
 			}
 		);
-		// faster than toString()
+		return increment.value.sequence_value;
 		return increment.value.sequence_value + '';
 	},
--- a/db-models/posts.js
+++ b/db-models/posts.js
@ -104,13 +104,18 @@ module.exports = {
 	getPost: async (board, id, admin) => {
 		// get a post
 		if (admin) {
 			return db.collection(board).findOne({
 				'_id': id
 			});
 		}
 		return db.collection(board).findOne({
 			'_id': id
 		}, {
 			'projection': {
-				'salt': admin || false,
+				'salt': 0,
-				'password': admin || false
+				'password': 0
 				//only reveal passwords when admin is true (e.g. getting to check salt)
 			}
 		});
@ -119,15 +124,22 @@ module.exports = {
 	//takes array "ids" of post ids
 	getPosts: async(board, ids, admin) => {
 		if (admin) {
 			return db.collection(board).find({
 				'_id': {
 					'$in': ids
 				}
 			}).toArray();
 		}
 		return db.collection(board).find({
 			'_id': {
 				'$in': ids
 			}
 		}, {
 			'projection': {
-				'salt': admin || false,
+				'salt': 0,
-				'password': admin || false
+				'password': 0
 				//only reveal passwords when admin is true (e.g. when fetching for deletion)
 			}
 		}).toArray();
@ -136,7 +148,7 @@ module.exports = {
 	insertOne: async (board, data) => {
 		// bump thread if name not sage
-		if (data.thread !== null && data.author !== 'sage') {
+		if (data.thread !== null && data.name !== 'sage') {
 			await db.collection(board).updateOne({
 				'_id': data.thread
 			}, {
--- a/helpers/number-converter.js
+++ b/helpers/number-converter.js
@ -0,0 +1,24 @@
 'use strict';
 module.exports = (req, res, next) => {
 	//for body
 	if (req.body.thread) {
 		req.body.thread = +req.body.thread;
 	}
 	if (req.body.checked) {
 		//syntax casts all string to number
 		req.body.checked = req.body.checked.map(Number);
 	}
 	//and for params
 	if (req.params.id) {
 		req.params.id = +req.params.id;
 	}
 	if (req.params.page) {
 		req.params.page = +req.params.page;
 	}
 	next();
 }
--- a/models/api/make-post.js
+++ b/models/api/make-post.js
@ -165,6 +165,7 @@ module.exports = async (req, res, numFiles) => {
 		'files': files,
 		'salt': salt,
 	};
 	const post = await Posts.insertOne(req.params.board, data)
 	const successRedirect = `/${req.params.board}/thread/${req.body.thread || post.insertedId}`;
--- a/models/pages/thread.js
+++ b/models/pages/thread.js
@ -3,6 +3,7 @@
 const Posts = require(__dirname+'/../../db-models/posts.js');
 module.exports = async (req, res) => {
    //get the recently bumped thread & preview posts
    let thread;
    try {
--- a/wipe.js
+++ b/wipe.js
@ -37,13 +37,15 @@ const Mongo = require(__dirname+'/helpers/db.js')
 	})
 	console.log('creating indexes')
 	await Posts.db.collection('b').createIndex({"thread": 1});
 	await Posts.db.collection('b').createIndex({"bumped": 1});
 	await Posts.db.collection('pol').createIndex({"thread": 1});
 	await Posts.db.collection('pol').createIndex({"bumped": 1});
 	await readdir('static/img/').then(async files => {
 		await Promise.all(files.map(async file => {
 			unlink(path.join('static/img/', file));
 		}))
 	});
-	console.log('creating admin account: admin:changeme');
+//	console.log('creating admin account: admin:changeme');
-	await Accounts.insertOne('admin', 'changeme', 3);
+//	await Accounts.insertOne('admin', 'changeme', 3);
 	console.log('done');
 })();