fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

correct force op subject checking for threads

Browse Source
merge-requests/208/head
fatchan 5 years ago
parent 2c6ee4d9ee
commit e1c0fd615c
3 changed files with 29 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 37
      controllers/forms.js
  2. 10
      models/forms/makepost.js
  3. 6
      models/forms/uploadbanners.js

37
controllers/forms.js
Unescape View File

@ -181,28 +181,35 @@ router.post('/register', verifyCaptcha, (req, res, next) => {
// make new post // make new post
router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConverter, verifyCaptcha, async (req, res, next) => { router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConverter, verifyCaptcha, async (req, res, next) => {
let numFiles = 0;
if (req.files && req.files.file) { if (req.files && req.files.file) {
if (Array.isArray(req.files.file)) { if (Array.isArray(req.files.file)) {
numFiles = req.files.file.filter(file => file.size > 0).length; res.locals.numFiles = req.files.file.filter(file => file.size > 0).length;
} else { } else {
numFiles = req.files.file.size > 0 ? 1 : 0; res.locals.numFiles = req.files.file.size > 0 ? 1 : 0;
req.files.file = [req.files.file]; req.files.file = [req.files.file];
} }
numFiles = Math.min(numFiles, res.locals.board.settings.maxFiles) res.locals.numFiles = Math.min(res.locals.numFiles, res.locals.board.settings.maxFiles)
} }
const errors = []; const errors = [];
if (!req.body.message && numFiles === 0) { // even if force file and message are off, the psot must contain one of either.
if (!req.body.message && res.locals.numFiles === 0) {
errors.push('Must provide a message or file'); errors.push('Must provide a message or file');
} }
if (!req.body.thread && (res.locals.board.settings.forceOPFile && res.locals.board.settings.maxFiles !== 0) && numFiles === 0) {
// ensure OP has file, subject and message acording to board settings
if (!req.body.thread && res.locals.board.settings.forceOPSubject && (!req.body.subject || req.body.subject.length === 0)) {
errors.push('Threads must include a subject');
}
if (!req.body.thread && (res.locals.board.settings.forceOPFile && res.locals.board.settings.maxFiles !== 0) && res.locals.numFiles === 0) {
errors.push('Threads must include a file'); errors.push('Threads must include a file');
} }
if (!req.body.thread && res.locals.board.settings.forceOPMessage && (!req.body.message || req.body.message.length === 0)) { if (!req.body.thread && res.locals.board.settings.forceOPMessage && (!req.body.message || req.body.message.length === 0)) {
errors.push('Threads must include a message'); errors.push('Threads must include a message');
} }
// make sure, min message length <= message length < max length (4k)
if (req.body.message) { if (req.body.message) {
if (req.body.message.length > 4000) { if (req.body.message.length > 4000) {
errors.push('Message must be 4000 characters or less'); errors.push('Message must be 4000 characters or less');
@ -210,12 +217,11 @@ router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConve
errors.push(`Message must be at least ${res.locals.board.settings.minMessageLength} characters long`); errors.push(`Message must be at least ${res.locals.board.settings.minMessageLength} characters long`);
} }
} }
// subject, email, name, password limited length
if (req.body.name && req.body.name.length > 50) { if (req.body.name && req.body.name.length > 50) {
errors.push('Name must be 50 characters or less'); errors.push('Name must be 50 characters or less');
} }
if (res.locals.board.settings.forceOPSubject && (!req.body.subject || req.body.subject.length === 0)) {
errors.push('Threads must include a subject');
}
if (req.body.subject && req.body.subject.length > 50) { if (req.body.subject && req.body.subject.length > 50) {
errors.push('Subject must be 50 characters or less'); errors.push('Subject must be 50 characters or less');
} }
@ -236,7 +242,7 @@ router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConve
} }
try { try {
await makePost(req, res, next, numFiles); await makePost(req, res, next);
} catch (err) { } catch (err) {
await deleteTempFiles(req).catch(e => console.error); await deleteTempFiles(req).catch(e => console.error);
return next(err); return next(err);
@ -284,22 +290,21 @@ router.post('/board/:board/settings', csrf, Boards.exists, checkPermsMiddleware,
//upload banners //upload banners
router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkPermsMiddleware, paramConverter, async (req, res, next) => { router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkPermsMiddleware, paramConverter, async (req, res, next) => {
let numFiles = 0;
if (req.files && req.files.file) { if (req.files && req.files.file) {
if (Array.isArray(req.files.file)) { if (Array.isArray(req.files.file)) {
numFiles = req.files.file.filter(file => file.size > 0).length; res.locals.numFiles = req.files.file.filter(file => file.size > 0).length;
} else { } else {
numFiles = req.files.file.size > 0 ? 1 : 0; res.locals.numFiles = req.files.file.size > 0 ? 1 : 0;
req.files.file = [req.files.file]; req.files.file = [req.files.file];
} }
} }
const errors = []; const errors = [];
if (numFiles === 0) { if (res.locals.numFiles === 0) {
errors.push('Must provide a file'); errors.push('Must provide a file');
} }
if (res.locals.board.banners.length+numFiles > 100) { if (res.locals.board.banners.length+res.locals.numFiles > 100) {
errors.push('Number of uploads would exceed 100 banner limit'); errors.push('Number of uploads would exceed 100 banner limit');
} }
@ -313,7 +318,7 @@ router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, checkP
} }
try { try {
await uploadBanners(req, res, next, numFiles); await uploadBanners(req, res, next);
} catch (err) { } catch (err) {
await deleteTempFiles(req).catch(e => console.error); await deleteTempFiles(req).catch(e => console.error);
return next(err); return next(err);

10
models/forms/makepost.js
Unescape View File

@ -31,7 +31,7 @@ const path = require('path')
, deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js') , deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js')
, { buildCatalog, buildThread, buildBoard, buildBoardMultiple } = require(__dirname+'/../../build.js'); , { buildCatalog, buildThread, buildBoard, buildBoardMultiple } = require(__dirname+'/../../build.js');
module.exports = async (req, res, next, numFiles) => { module.exports = async (req, res, next) => {
// check if this is responding to an existing thread // check if this is responding to an existing thread
let redirect = `/${req.params.board}/` let redirect = `/${req.params.board}/`
@ -68,7 +68,7 @@ module.exports = async (req, res, next, numFiles) => {
}); });
} }
} }
if (numFiles > res.locals.board.settings.maxFiles) { if (res.locals.numFiles > res.locals.board.settings.maxFiles) {
await deleteTempFiles(req).catch(e => console.error); await deleteTempFiles(req).catch(e => console.error);
return res.status(400).render('message', { return res.status(400).render('message', {
'title': 'Bad request', 'title': 'Bad request',
@ -78,9 +78,9 @@ module.exports = async (req, res, next, numFiles) => {
} }
let files = []; let files = [];
// if we got a file // if we got a file
if (numFiles > 0) { if (res.locals.numFiles > 0) {
// check all mime types befoer we try saving anything // check all mime types befoer we try saving anything
for (let i = 0; i < numFiles; i++) { for (let i = 0; i < res.locals.numFiles; i++) {
if (!fileCheckMimeType(req.files.file[i].mimetype, {animatedImage: true, image: true, video: true})) { if (!fileCheckMimeType(req.files.file[i].mimetype, {animatedImage: true, image: true, video: true})) {
await deleteTempFiles(req).catch(e => console.error); await deleteTempFiles(req).catch(e => console.error);
return res.status(400).render('message', { return res.status(400).render('message', {
@ -91,7 +91,7 @@ module.exports = async (req, res, next, numFiles) => {
} }
} }
// then upload, thumb, get metadata, etc. // then upload, thumb, get metadata, etc.
for (let i = 0; i < numFiles; i++) { for (let i = 0; i < res.locals.numFiles; i++) {
const file = req.files.file[i]; const file = req.files.file[i];
const filename = file.sha256 + path.extname(file.name); const filename = file.sha256 + path.extname(file.name);
file.filename = filename; //for error to delete failed files file.filename = filename; //for error to delete failed files

6
models/forms/uploadbanners.js
Unescape View File

@ -9,12 +9,12 @@ const path = require('path')
, deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js') , deleteTempFiles = require(__dirname+'/../../helpers/files/deletetempfiles.js')
, Boards = require(__dirname+'/../../db/boards.js') , Boards = require(__dirname+'/../../db/boards.js')
module.exports = async (req, res, next, numFiles) => { module.exports = async (req, res, next) => {
const redirect = `/${req.params.board}/manage.html` const redirect = `/${req.params.board}/manage.html`
// check all mime types befoer we try saving anything // check all mime types befoer we try saving anything
for (let i = 0; i < numFiles; i++) { for (let i = 0; i < res.locals.numFiles; i++) {
if (!fileCheckMimeType(req.files.file[i].mimetype, {image: true, animatedImage: true, video: false})) { if (!fileCheckMimeType(req.files.file[i].mimetype, {image: true, animatedImage: true, video: false})) {
await deleteTempFiles(req).catch(e => console.error); await deleteTempFiles(req).catch(e => console.error);
return res.status(400).render('message', { return res.status(400).render('message', {
@ -26,7 +26,7 @@ module.exports = async (req, res, next, numFiles) => {
} }
const filenames = []; const filenames = [];
for (let i = 0; i < numFiles; i++) { for (let i = 0; i < res.locals.numFiles; i++) {
const file = req.files.file[i]; const file = req.files.file[i];
const filename = file.sha256 + path.extname(file.name); const filename = file.sha256 + path.extname(file.name);
file.filename = filename; file.filename = filename;

Write Preview
Loading…
Cancel
Save