-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathindex.js
139 lines (118 loc) · 3.09 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
const crypto = require('crypto');
const sha = (data) => {
const hash = crypto.createHash('sha256');
hash.update(data);
return hash.digest('hex');
};
const database = require('better-sqlite3')('db.sqlite3');
const db = {
prepare: (query, params) => {
if (params)
for (const [key, value] of Object.entries(params)) {
const clean = value.replace(/['$]/g, '');
query = query.replaceAll(`:${key}`, `'${clean}'`);
}
return query;
},
get: (query, params) => {
const prepared = db.prepare(query, params);
try {
return database.prepare(prepared).get();
} catch {}
},
run: (query, params) => {
const prepared = db.prepare(query, params);
try {
return database.prepare(prepared).run();
} catch {}
},
};
db.run(`
CREATE TABLE IF NOT EXISTS users(
username TEXT,
password TEXT
);
`);
db.run(`
CREATE TABLE IF NOT EXISTS notes(
id TEXT,
username TEXT,
note TEXT,
mode TEXT,
views INTEGER
);
`);
const app = require('express')();
app.use(require('body-parser').json());
app.use(
require('serve-static')('public', {
extensions: ['html'],
})
);
app.post('/register', (req, res) => {
const { username, password } = req.body;
if (!username || !password) return res.json({});
if (db.get('SELECT * FROM users WHERE username = :username', { username }))
return res.json({});
const hash = sha(password);
db.run('INSERT INTO users VALUES (:username, :hash)', { username, hash });
res.json({ success: true });
});
app.post('/login', (req, res) => {
const { username, password } = req.body;
if (!username || !password) return res.json({});
const hash = sha(password);
const user = db.get(
'SELECT * FROM users WHERE username = :username AND password = :hash',
{
username,
hash,
}
);
if (!user) return res.json({});
res.json({ success: true });
});
app.post('/create', (req, res) => {
const { username, password, note, mode } = req.body;
if (!username || !password || !note || !mode) return res.json({});
const hash = sha(password);
const user = db.get(
'SELECT * FROM users WHERE username = :username AND password = :hash',
{
username,
hash,
}
);
if (!user) return res.json({});
const id = crypto.randomBytes(16).toString('hex');
db.run('INSERT INTO notes VALUES (:id, :username, :note, :mode, 0)', {
id,
username,
note: note.replace(/[<>]/g, ''),
mode,
});
res.json({ id });
});
app.post('/view', (req, res) => {
const { username, password, id } = req.body;
if (!username || !password || !id) return res.json({});
const hash = sha(password);
const user = db.get(
'SELECT * FROM users WHERE username = :username AND password = :hash',
{
username,
hash,
}
);
if (!user) return res.json({});
const { note, mode, views } = db.get(
'SELECT note, mode, views FROM notes WHERE id = :id',
{
id,
}
);
if (!note || !mode) return res.json({});
db.run('UPDATE notes SET views = views + 1 WHERE id = :id', { id });
res.json({ note, mode, views });
});
app.listen(3000);