rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Cleaned up validators and browser-side ajax utils

Browse source
This commit is contained in:
rainbownapkin 2024-11-17 18:33:57 -05:00
parent 8a4a21cff0
commit cf55be21eb
8 changed files with 79 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/routers/api/accountRouter.js
View file

@ -18,7 +18,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
const { Router } = require('express'); const { Router } = require('express');
//local imports //local imports
const {accountValidator} = require("../../utils/validators"); const accountValidator = require("../../validators/accountValidator");
const loginController = require("../../controllers/api/account/loginController"); const loginController = require("../../controllers/api/account/loginController");
const logoutController = require("../../controllers/api/account/logoutController"); const logoutController = require("../../controllers/api/account/logoutController");
const registerController = require("../../controllers/api/account/registerController"); const registerController = require("../../controllers/api/account/registerController");

4
src/routers/api/adminRouter.js
View file

@ -19,7 +19,7 @@ const { Router } = require('express');
//local imports //local imports
const {accountValidator} = require("../../utils/validators"); const accountValidator = require("../../validators/accountValidator");
const permissionSchema = require("../../schemas/permissionSchema"); const permissionSchema = require("../../schemas/permissionSchema");
const listUsersController = require("../../controllers/api/admin/listUsersController"); const listUsersController = require("../../controllers/api/admin/listUsersController");
const listChannelsController = require("../../controllers/api/admin/listChannelsController"); const listChannelsController = require("../../controllers/api/admin/listChannelsController");
@ -29,7 +29,7 @@ const changeRankController = require("../../controllers/api/admin/changeRankCont
const router = Router(); const router = Router();
//Use authentication middleware //Use authentication middleware
router.use(permissionSchema.reqPermCheck("adminPanel")) router.use(permissionSchema.reqPermCheck("adminAPI"));
//routing functions //routing functions
router.get('/listUsers', listUsersController.get); router.get('/listUsers', listUsersController.get);

2
src/routers/api/channelRouter.js
View file

@ -19,7 +19,7 @@ const { Router } = require('express');
//local imports //local imports
const permissionSchema = require("../../schemas/permissionSchema"); const permissionSchema = require("../../schemas/permissionSchema");
const {channelValidator} = require("../../utils/validators"); const channelValidator = require("../../validators/channelValidator");
const registerController = require("../../controllers/api/channel/registerController"); const registerController = require("../../controllers/api/channel/registerController");
const listController = require("../../controllers/api/channel/listController"); const listController = require("../../controllers/api/channel/listController");
const settingsController = require("../../controllers/api/channel/settingsController"); const settingsController = require("../../controllers/api/channel/settingsController");

6
src/schemas/permissionSchema.js
View file

@ -26,6 +26,12 @@ const permissionSchema = new mongoose.Schema({
default: "admin", default: "admin",
required: true required: true
}, },
adminAPI: {
type: mongoose.SchemaTypes.String,
enum: rankEnum,
default: "admin",
required: true
},
registerChannel: { registerChannel: {
type: mongoose.SchemaTypes.String, type: mongoose.SchemaTypes.String,
enum: rankEnum, enum: rankEnum,

19
src/utils/validators.js → src/validators/accountValidator.js
View file

@ -26,13 +26,13 @@ function isRank(value){
return rankVal != -1; return rankVal != -1;
} }
module.exports.accountValidator = { module.exports = {
user: (field = 'user') => body(field).escape().trim().isLength({min: 1, max: 22}), user: (field = 'user') => body(field).escape().trim().isLength({min: 1, max: 22}),
//Password security requirements may change over time, therefore we should only validate against strongPassword() when creating new accounts //Password security requirements may change over time, therefore we should only validate against strongPassword() when creating new accounts
//that way we don't break old ones upon change //that way we don't break old ones upon change
pass: (field = 'pass') => body(field).notEmpty().escape().trim(), pass: (field = 'pass') => body(field).notEmpty().escape().trim(),
securePass: (field) => this.accountValidator.pass(field).isStrongPassword({minLength: 8, minLowercase: 1, minUppercase: 1, minNumbers: 1, minSymbols: 1}), securePass: (field) => module.exports.pass(field).isStrongPassword({minLength: 8, minLowercase: 1, minUppercase: 1, minNumbers: 1, minSymbols: 1}),
email: (field = 'email') => body(field).optional().isEmail().normalizeEmail(), email: (field = 'email') => body(field).optional().isEmail().normalizeEmail(),
@ -43,19 +43,4 @@ module.exports.accountValidator = {
bio: (field = 'bio') => body(field).optional().escape().trim().isLength({min: 1, max: 1000}), bio: (field = 'bio') => body(field).optional().escape().trim().isLength({min: 1, max: 1000}),
rank: (field = 'rank') => body(field).escape().trim().custom(isRank) rank: (field = 'rank') => body(field).escape().trim().custom(isRank)
}
module.exports.channelValidator = {
name: (field = 'name') => check(field).escape().trim().isLength({min: 1, max: 50}),
description: (field = 'description') => body(field).escape().trim().isLength({min: 1, max: 1000}),
thumbnail: (field = 'thumbnail') => this.accountValidator.img(field),
settingsMap: () => checkExact(checkSchema({
'settingsMap.hidden': {
optional: true,
isBoolean: true,
}
}))
} }

36
src/validators/channelValidator.js Normal file
View file

@ -0,0 +1,36 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//NPM Imports
const { check, body, checkSchema, checkExact} = require('express-validator');
//local imports
const accountValidator = require('./accountValidator');
module.exports = {
name: (field = 'name') => check(field).escape().trim().isLength({min: 1, max: 50}),
description: (field = 'description') => body(field).escape().trim().isLength({min: 1, max: 1000}),
thumbnail: (field = 'thumbnail') => accountValidator.img(field),
settingsMap: () => checkExact(checkSchema({
'settingsMap.hidden': {
optional: true,
isBoolean: true,
}
}))
}

16
www/js/profile.js
View file

@ -63,11 +63,10 @@ class profileEditPrompt{
updateObj[this.field] = this.prompt.value; updateObj[this.field] = this.prompt.value;
//contact server, and collect response //contact server, and collect response
var response = await utils.ajax.updateProfile(updateObj); var updated_content = (await utils.ajax.updateProfile(updateObj))[this.field];
var updated_content = (await response.json())[this.field];
//Update label //Update label
if(response.status == 200){ if(updated_content != null){
if(this.field == "img"){ if(this.field == "img"){
this.content.src = updated_content; this.content.src = updated_content;
}else{ }else{
@ -76,7 +75,6 @@ class profileEditPrompt{
} }
this.finish(); this.finish();
}else if(event.key == "Escape" || event.key == "Enter"){ }else if(event.key == "Escape" || event.key == "Enter"){
console.log(response);
this.finish(); this.finish();
} }
} }
@ -144,7 +142,7 @@ class passwordResetPrompt{
const response = await utils.ajax.updateProfile(updateObj); const response = await utils.ajax.updateProfile(updateObj);
if(response.status == 200){ if(response != null){
//Return user homepage after good pass change, as we've probably been logged out by the server for security. //Return user homepage after good pass change, as we've probably been logged out by the server for security.
window.location.pathname = '/'; window.location.pathname = '/';
} }
@ -167,13 +165,7 @@ class deleteAccountPrompt{
async deletePrompt(event){ async deletePrompt(event){
const pass = window.prompt("Warning: You are about to nuke your account off of the face of the fucking planet, no taksie-backsies.\n \n (todo: replace with dialog that has obscured password input) \n Enter your password to confirm."); const pass = window.prompt("Warning: You are about to nuke your account off of the face of the fucking planet, no taksie-backsies.\n \n (todo: replace with dialog that has obscured password input) \n Enter your password to confirm.");
const response = await utils.ajax.deleteAccount(pass); await utils.ajax.deleteAccount(pass);
if(response.status == 200){
window.location.pathname = '/';
}else{
utils.ux.displayResponseError(await response.json());
}
} }
} }

29
www/js/utils.js
View file

@ -137,6 +137,8 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
location = "/"; location = "/";
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
@ -151,6 +153,8 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
location.reload(); location.reload();
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
@ -161,27 +165,42 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
location.reload(); location.reload();
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
//We need to fix this one to use displayResponseError function
async updateProfile(update){ async updateProfile(update){
return await fetch(`/api/account/update`,{ const response = await fetch(`/api/account/update`,{
method: "POST", method: "POST",
headers: { headers: {
"Content-Type": "application/json" "Content-Type": "application/json"
}, },
body: JSON.stringify(update) body: JSON.stringify(update)
}); });
if(response.status == 200){
return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
}
} }
async deleteAccount(pass){ async deleteAccount(pass){
return await fetch(`/api/account/delete`,{ const response = await fetch(`/api/account/delete`,{
method: "POST", method: "POST",
headers: { headers: {
"Content-Type": "application/json" "Content-Type": "application/json"
}, },
body: JSON.stringify({pass}) body: JSON.stringify({pass})
}); });
if(response.status == 200){
window.location.pathname = '/';
}else{
utils.ux.displayResponseError(await response.json());
}
} }
async newChannel(name, description, thumbnail){ async newChannel(name, description, thumbnail){
@ -195,6 +214,8 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
location = "/"; location = "/";
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
@ -210,6 +231,8 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
return await response.json(); return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
@ -224,6 +247,8 @@ class canopyAjaxUtils{
if(response.status == 200){ if(response.status == 200){
location = "/"; location = "/";
}else{
utils.ux.displayResponseError(await response.json());
} }
} }
} }