ig-ctf-solutions/write-ups-challenges-2021-2022
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8044682c19
write-ups-challenges-2021-2022/moderated/app.js

150 lines
3.6 KiB
JavaScript
Raw Normal View History

added writeups
2021-12-02 23:33:26 +00:00
const express = require("express")
const bodyParser = require("body-parser");
const app = express();
const hbs = require('hbs');
const path = require('path');
const db = require("./db")
const session = require("express-session");
require("./moderator");
hbs.registerPartials(path.join(__dirname, 'views/partials'));
app.use(session({
secret: 'this is the most random keyphrase that you have ever encountered. it should be very secure and not easy to crack so that nobody can fake the cookie',
resave: false,
saveUninitialized: true,
cookie: { secure: false, httpOnly: false }
}))
app.use(bodyParser.urlencoded());
app.set('view engine', 'hbs');
app.set('views', path.join(__dirname, 'views'));
function addErrors(request) {
return []
}
function checkForm(fields, data) {
for (let field in fields) {
if (!(data.hasOwnProperty(field) && typeof data[field] === fields[field])) {
return false;
}
}
return true;
}
app.get("/", (req, res) => {
res.render("index");
});
app.get("/login", (req, res) => {
const errors = addErrors(req)
res.render("login",{
errors,
})
});
app.post("/login", (req, res) => {
if (!checkForm({
username: "string",
password: "string",
}, req.body)) {
res.redirect("/login?error=invalid")
} else {
const user = db.checkLogin(req.body.username, req.body.password);
if (user) {
req.session.loggedIn = user;
res.redirect("/posts")
} else {
res.redirect("/login?error=invalid pwd")
}
}
});
app.post("/register", (req, res) => {
if (!checkForm({
username: "string",
password: "string"
}, req.body)) {
res.redirect("/register?error")
} else {
const registerTry = db.registerUser(req.body.username, req.body.password);
if (registerTry) {
res.redirect("/register?error=user already exists");
} else {
res.redirect("/login")
}
}
});
app.get("/register", (req, res) => {
const errors = addErrors(req)
res.render("register", {
errors,
})
});
app.get("/posts", (req, res) => {
if (req.session.loggedIn) {
const userId = req.session.loggedIn;
const posts = db.getPostsBy(userId);
res.render("posts", {posts: posts});
} else {
res.redirect("/login");
}
});
app.get("/create", (req, res) => {
if (req.session.loggedIn) {
res.render("create_post");
} else {
res.redirect("/login");
}
});
app.post("/create", (req, res) => {
if (req.session.loggedIn && !db.isModerator(req.session.loggedIn)) {
if (checkForm({content: "string"}, req.body))  {
const userId = req.session.loggedIn;
db.addPost(req.body.content, userId);
res.redirect("/posts")
} else {
res.redirect("/create");
}
} else {
res.redirect("/login");
}
});
app.get("/post/:id", (req, res) => {
if (req.session.loggedIn) {
const userId = req.session.loggedIn;
const postId = req.params.id;
const post = db.getPostById(postId);
if (post.by != userId && !db.isModerator(userId)) {
res.redirect("/posts");
} else {
res.render("post", {post: post});
}
} else {
res.redirect("/login");
}
});
app.get("/moderate", (req, res) => {
if (db.isModerator(req.session.loggedIn)) {
res.render("posts", {posts: db.getAllPosts() })
} else {
res.redirect("/posts?error=access denied");
}
});
app.use(express.static('public'))
db.resetStore()
setInterval(() => { console.log("resetting store"); db.resetStore() }, 60*1000*15);
app.listen(8001);
Reference in New Issue Copy Permalink