diff --git a/lib/server/middlewareButNotReally/captcha.ts b/lib/server/middlewareButNotReally/captcha.ts deleted file mode 100644 index 3c164c7..0000000 --- a/lib/server/middlewareButNotReally/captcha.ts +++ /dev/null @@ -1,21 +0,0 @@ -import { H3Event, EventHandlerRequest } from "h3"; -export default async function (ev: H3Event) { - const body = await readBody(ev); - - let { data: cres }: { data: any } = await useFetch( - "https://www.google.com/recaptcha/api/siteverify", - { - method: "post", - body: { - secret: useRuntimeConfig().captcha.secret, - response: body["g-recaptcha-response"], - }, - }, - ); - if (!cres.value.success) { - throw createError({ - statusCode: 400, - message: "bad recaptcha", - }); - } -} diff --git a/lib/server/middlewareButNotReally/index.ts b/lib/server/middlewareButNotReally/index.ts index 02c11f0..2b6f16e 100644 --- a/lib/server/middlewareButNotReally/index.ts +++ b/lib/server/middlewareButNotReally/index.ts @@ -1,6 +1,80 @@ -import isIdNan from "./isIdNan"; -import isAdmin from "./isAdmin"; -import isLoggedIn from "./isLoggedIn"; -import storyCheck from "./storyCheck"; -import * as storyPrivileges from "./storyPrivileges"; -export { isIdNan, isAdmin, isLoggedIn, storyCheck, storyPrivileges }; +import { EventHandlerRequest, H3Event } from "h3"; +import { messages } from "@server/constants"; +import { IStory } from "@models/stories"; +import { isFicmasHidden } from "@functions"; +import { IDraft } from "@models/stories/draft"; +export function isIdNan(ev: H3Event) { + const id = parseInt(getRouterParam(ev, "id")!); + if (Number.isNaN(id)) { + throw createError({ + statusCode: 400, + message: "Invalid id provided.", + }); + } + return id; +} +export function isAdmin(ev: H3Event) { + isLoggedIn(ev); + if (!ev.context.currentUser?.profile.isAdmin) { + throw createError({ + statusCode: 403, + statusMessage: messages[403], + }); + } +} +export function isLoggedIn(ev: H3Event) { + if (!ev.context.currentUser) { + throw createError({ + statusCode: 401, + statusMessage: messages[401], + }); + } +} + +export async function storyCheck( + event: H3Event, + story: IStory, + idx: number, +) { + let ret: any = {}; + if (!story) { + ret.statusCode = 404; + ret.message = messages[404]; + } else if (story.ficmas != null) { + if (isFicmasHidden(story)) { + ret = { + statusCode: 423, + message: `TOP SECRET! This story is part of an ongoing challenge. You'll be able to read it after the challenge's reveal date.`, + }; + } + } else if ( + story.chapters[idx]?.hidden && + event.context.currentUser?._id !== story.author._id && + !event.context.currentUser?.profile.isAdmin + ) { + ret.statusCode = 403; + ret.message = messages[403]; + } + return !!Object.keys(ret).length ? ret : null; +} + +export async function captcha(ev: H3Event) { + const body = await readBody(ev); + + let { data: cres }: { data: any } = await useFetch( + "https://www.google.com/recaptcha/api/siteverify", + { + method: "post", + body: { + secret: useRuntimeConfig().captcha.secret, + response: body["g-recaptcha-response"], + }, + }, + ); + if (!cres.value.success) { + throw createError({ + statusCode: 400, + message: "bad recaptcha", + }); + } +} diff --git a/lib/server/middlewareButNotReally/isAdmin.ts b/lib/server/middlewareButNotReally/isAdmin.ts deleted file mode 100644 index 0a882c6..0000000 --- a/lib/server/middlewareButNotReally/isAdmin.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { H3Event, EventHandlerRequest } from "h3"; -import { messages } from "../constants"; -import isLoggedIn from "./isLoggedIn"; -export default function (ev: H3Event) { - isLoggedIn(ev); - if (!ev.context.currentUser?.profile.isAdmin) { - throw createError({ - statusCode: 403, - statusMessage: messages[403], - }); - } -} diff --git a/lib/server/middlewareButNotReally/isIdNan.ts b/lib/server/middlewareButNotReally/isIdNan.ts deleted file mode 100644 index d2542c1..0000000 --- a/lib/server/middlewareButNotReally/isIdNan.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { EventHandlerRequest, H3Event } from "h3"; - -export default function (ev: H3Event) { - const id = parseInt(getRouterParam(ev, "id")!); - if (Number.isNaN(id)) { - throw createError({ - statusCode: 400, - message: "Invalid id provided.", - }); - } - return id; -} diff --git a/lib/server/middlewareButNotReally/isLoggedIn.ts b/lib/server/middlewareButNotReally/isLoggedIn.ts deleted file mode 100644 index 345a85d..0000000 --- a/lib/server/middlewareButNotReally/isLoggedIn.ts +++ /dev/null @@ -1,10 +0,0 @@ -import { H3Event, EventHandlerRequest } from "h3"; -import { messages } from "../constants"; -export default function (ev: H3Event) { - if (!ev.context.currentUser) { - throw createError({ - statusCode: 401, - statusMessage: messages[401], - }); - } -} diff --git a/lib/server/middlewareButNotReally/storyCheck.ts b/lib/server/middlewareButNotReally/storyCheck.ts deleted file mode 100644 index 238ae37..0000000 --- a/lib/server/middlewareButNotReally/storyCheck.ts +++ /dev/null @@ -1,30 +0,0 @@ -import type { H3Event, EventHandlerRequest } from "h3"; -import { isFicmasHidden } from "@functions"; -import { IStory } from "@models/stories"; -import { messages } from "../constants"; -export default async function ( - event: H3Event, - story: IStory, - idx: number, -) { - let ret: any = {}; - if (!story) { - ret.statusCode = 404; - ret.message = messages[404]; - } else if (story.ficmas != null) { - if (isFicmasHidden(story)) { - ret = { - statusCode: 423, - message: `TOP SECRET! This story is part of an ongoing challenge. You'll be able to read it after the challenge's reveal date.`, - }; - } - } else if ( - story.chapters[idx]?.hidden && - event.context.currentUser?._id !== story.author._id && - !event.context.currentUser?.profile.isAdmin - ) { - ret.statusCode = 403; - ret.message = messages[403]; - } - return !!Object.keys(ret).length ? ret : null; -} diff --git a/lib/server/middlewareButNotReally/storyPrivileges.ts b/lib/server/middlewareButNotReally/storyPrivileges.ts index 40ae7df..0f7b3d9 100644 --- a/lib/server/middlewareButNotReally/storyPrivileges.ts +++ b/lib/server/middlewareButNotReally/storyPrivileges.ts @@ -1,6 +1,6 @@ import type { H3Event, EventHandlerRequest } from "h3"; import { IStory } from "@models/stories"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { IDraft } from "@models/stories/draft"; export function canDelete(event: H3Event, story: IStory) { isLoggedIn(event); diff --git a/server/api/band/[id]/index.put.ts b/server/api/band/[id]/index.put.ts index b254cbc..5ab86b3 100644 --- a/server/api/band/[id]/index.put.ts +++ b/server/api/band/[id]/index.put.ts @@ -1,6 +1,6 @@ import { messages } from "@server/constants"; -import isAdmin from "@server/middlewareButNotReally/isAdmin"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isAdmin } from "@server/middlewareButNotReally"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Band, IBand } from "@models/band"; export default eventHandler(async (ev) => { diff --git a/server/api/review/[id]/index.delete.ts b/server/api/review/[id]/index.delete.ts index 806ffcc..6cddf2c 100644 --- a/server/api/review/[id]/index.delete.ts +++ b/server/api/review/[id]/index.delete.ts @@ -1,5 +1,5 @@ import { messages } from "@server/constants"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Story } from "@models/stories"; import { Review } from "@models/stories/review"; @@ -29,7 +29,7 @@ export default eventHandler(async (ev) => { }); s2v.reviews += 1; await s2v!.save(); - await Review.findByIdAndRemove(revid); + await Review.findByIdAndDelete(revid); return { success: true, }; diff --git a/server/api/review/[id]/index.get.ts b/server/api/review/[id]/index.get.ts index 322fcd5..de8d70e 100644 --- a/server/api/review/[id]/index.get.ts +++ b/server/api/review/[id]/index.get.ts @@ -1,6 +1,6 @@ import { messages } from "@server/constants"; import { Review } from "@models/stories/review"; -import isIdNan from "@server/middlewareButNotReally/isIdNan"; +import { isIdNan } from "@server/middlewareButNotReally"; export default eventHandler(async (ev) => { const revid = isIdNan(ev); diff --git a/server/api/review/[id]/index.put.ts b/server/api/review/[id]/index.put.ts index 80edaf9..f3ccc58 100644 --- a/server/api/review/[id]/index.put.ts +++ b/server/api/review/[id]/index.put.ts @@ -1,7 +1,7 @@ import san from "sanitize-html"; import { messages } from "@server/constants"; import { log } from "@server/logger"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Review } from "@models/stories/review"; export default eventHandler(async (ev) => { diff --git a/server/api/review/[id]/reply.post.ts b/server/api/review/[id]/reply.post.ts index 0f97eed..cbea629 100644 --- a/server/api/review/[id]/reply.post.ts +++ b/server/api/review/[id]/reply.post.ts @@ -1,6 +1,6 @@ import san from "sanitize-html"; import { messages } from "@server/constants"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Story } from "@models/stories"; import { Review } from "@models/stories/review"; diff --git a/server/api/story/[id]/[chapter]/index.get.ts b/server/api/story/[id]/[chapter]/index.get.ts index 9f3e83b..492bb43 100644 --- a/server/api/story/[id]/[chapter]/index.get.ts +++ b/server/api/story/[id]/[chapter]/index.get.ts @@ -1,6 +1,6 @@ import { chapterTransformer } from "@server/dbHelpers"; import { storyQuerier } from "@server/dbHelpers"; -import storyCheck from "@server/middlewareButNotReally/storyCheck"; +import { storyCheck } from "@server/middlewareButNotReally"; export default eventHandler(async (ev) => { const story = await storyQuerier(ev); diff --git a/server/api/story/[id]/[chapter]/index.put.ts b/server/api/story/[id]/[chapter]/index.put.ts index 053c4d2..ea49006 100644 --- a/server/api/story/[id]/[chapter]/index.put.ts +++ b/server/api/story/[id]/[chapter]/index.put.ts @@ -2,7 +2,7 @@ import { FormChapter } from "@client/types/form/story"; import { countWords } from "@functions"; import { messages } from "@server/constants"; import { storyQuerier } from "@server/dbHelpers"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { canModify } from "@server/middlewareButNotReally/storyPrivileges"; import { replaceOrUploadContent, bodyHandler } from "@server/storyHelpers"; import { Story } from "@models/stories"; diff --git a/server/api/story/[id]/[chapter]/reviews/index.post.ts b/server/api/story/[id]/[chapter]/reviews/index.post.ts index 7e025a8..a56a8f6 100644 --- a/server/api/story/[id]/[chapter]/reviews/index.post.ts +++ b/server/api/story/[id]/[chapter]/reviews/index.post.ts @@ -1,6 +1,6 @@ import san from "sanitize-html"; import { storyQuerier } from "@server/dbHelpers"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Story } from "@models/stories"; import { Review } from "@models/stories/review"; diff --git a/server/api/story/[id]/full.get.ts b/server/api/story/[id]/full.get.ts index af06ca7..b205aa4 100644 --- a/server/api/story/[id]/full.get.ts +++ b/server/api/story/[id]/full.get.ts @@ -1,6 +1,6 @@ import { storyQuerier } from "@server/dbHelpers"; import { chapterTransformer } from "@server/dbHelpers"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { messages } from "@server/constants"; export default eventHandler(async (ev) => { diff --git a/server/api/story/[id]/index.get.ts b/server/api/story/[id]/index.get.ts index 33d6716..60c7cb9 100644 --- a/server/api/story/[id]/index.get.ts +++ b/server/api/story/[id]/index.get.ts @@ -1,5 +1,5 @@ import { storyQuerier } from "@server/dbHelpers"; -import storyCheck from "@server/middlewareButNotReally/storyCheck"; +import { storyCheck } from "@server/middlewareButNotReally"; export default eventHandler(async (ev) => { const story = await storyQuerier(ev); let chrs = await storyCheck(ev, story, 0); diff --git a/server/api/story/[id]/index.put.ts b/server/api/story/[id]/index.put.ts index 0765362..80d2f1f 100644 --- a/server/api/story/[id]/index.put.ts +++ b/server/api/story/[id]/index.put.ts @@ -3,7 +3,7 @@ import { Document } from "mongoose"; import { IStory, Story } from "@models/stories"; import { FormStory } from "@client/types/form/story"; import { storyQuerier } from "@server/dbHelpers"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { canModify } from "@server/middlewareButNotReally/storyPrivileges"; import { bodyHandler, diff --git a/server/api/story/[id]/lovers.get.ts b/server/api/story/[id]/lovers.get.ts index 2ba8a55..f0bef9c 100644 --- a/server/api/story/[id]/lovers.get.ts +++ b/server/api/story/[id]/lovers.get.ts @@ -1,5 +1,5 @@ import { User } from "@models/user"; -import isIdNan from "@server/middlewareButNotReally/isIdNan"; +import { isIdNan } from "@server/middlewareButNotReally"; export default eventHandler(async (ev) => { const id = isIdNan(ev); diff --git a/server/api/story/new.post.ts b/server/api/story/new.post.ts index 3f7d320..d59280e 100644 --- a/server/api/story/new.post.ts +++ b/server/api/story/new.post.ts @@ -1,7 +1,7 @@ import { Readable } from "stream"; import san from "sanitize-html"; import { FormStory } from "@client/types/form/story"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { getBucket, bodyHandler, modelFormChapter } from "@server/storyHelpers"; import { Story } from "@models/stories"; import { sanitizeConf } from "@server/constants"; diff --git a/server/api/upload/avatar.post.ts b/server/api/upload/avatar.post.ts index ad8a365..8794211 100644 --- a/server/api/upload/avatar.post.ts +++ b/server/api/upload/avatar.post.ts @@ -1,7 +1,8 @@ import { v4 } from "uuid"; import { resolve } from "path"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import sharp from "sharp"; +import { User } from "@models/user"; export default eventHandler(async (ev) => { isLoggedIn(ev); @@ -21,7 +22,13 @@ export default eventHandler(async (ev) => { background: { r: 0, g: 0, b: 0, alpha: 0 }, }) .toFormat("png") - .toFile(resolve(`public/${nn}.png`)); + .toFile(resolve(`public/avatars/${nn}.png`)); + await User.findByIdAndUpdate(ev.context.currentUser!._id, { + $set: { + "profile.avatar": nn, + }, + }); + return { success: true, file: `${nn}.png`, diff --git a/server/api/upload/content.post.ts b/server/api/upload/content.post.ts index 02ac9b1..4d07a51 100644 --- a/server/api/upload/content.post.ts +++ b/server/api/upload/content.post.ts @@ -3,7 +3,7 @@ import { extname } from "path"; import { v4 } from "uuid"; import { ContentFilenameRegex } from "@server/constants"; import { log } from "@server/logger"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; export default eventHandler(async (ev) => { const noMultipart = "no multipart data found!???!?"; diff --git a/server/api/user/[id]/admin.post.ts b/server/api/user/[id]/admin.post.ts index 44f692d..b4a77ad 100644 --- a/server/api/user/[id]/admin.post.ts +++ b/server/api/user/[id]/admin.post.ts @@ -1,5 +1,4 @@ -import isAdmin from "@server/middlewareButNotReally/isAdmin"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isAdmin, isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/[id]/ban.post.ts b/server/api/user/[id]/ban.post.ts index e9cc465..91c6f06 100644 --- a/server/api/user/[id]/ban.post.ts +++ b/server/api/user/[id]/ban.post.ts @@ -1,5 +1,5 @@ -import isAdmin from "@server/middlewareButNotReally/isAdmin"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isAdmin } from "@server/middlewareButNotReally"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/[id]/block.post.ts b/server/api/user/[id]/block.post.ts index c4f4cec..d4f4815 100644 --- a/server/api/user/[id]/block.post.ts +++ b/server/api/user/[id]/block.post.ts @@ -1,4 +1,4 @@ -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/[id]/shared-ip.get.ts b/server/api/user/[id]/shared-ip.get.ts index 262a4bb..197aea4 100644 --- a/server/api/user/[id]/shared-ip.get.ts +++ b/server/api/user/[id]/shared-ip.get.ts @@ -1,6 +1,6 @@ import { messages } from "@server/constants"; -import isAdmin from "@server/middlewareButNotReally/isAdmin"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isAdmin } from "@server/middlewareButNotReally"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/[id]/unblock.post.ts b/server/api/user/[id]/unblock.post.ts index 274e52c..cf1329a 100644 --- a/server/api/user/[id]/unblock.post.ts +++ b/server/api/user/[id]/unblock.post.ts @@ -1,4 +1,4 @@ -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/me/favs.put.ts b/server/api/user/me/favs.put.ts index 3912d88..83785a5 100644 --- a/server/api/user/me/favs.put.ts +++ b/server/api/user/me/favs.put.ts @@ -1,5 +1,5 @@ import { FavPayload, SubPayload } from "@client/types/form/favSub"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/me/hide.put.ts b/server/api/user/me/hide.put.ts index d530724..e3f5dc1 100644 --- a/server/api/user/me/hide.put.ts +++ b/server/api/user/me/hide.put.ts @@ -1,5 +1,5 @@ import { HidePayload } from "@client/types/form/favSub"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { diff --git a/server/api/user/me/index.put.ts b/server/api/user/me/index.put.ts index cb99373..03b44eb 100644 --- a/server/api/user/me/index.put.ts +++ b/server/api/user/me/index.put.ts @@ -2,7 +2,7 @@ import san from "sanitize-html"; import { weirdToNormalChars } from "weird-to-normal-chars"; import { Profile, MyStuff } from "@client/types/form/myStuff"; import { apiRoot, messages } from "@server/constants"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Review } from "@models/stories/review"; import { IUser, User } from "@models/user"; import axios from "axios"; diff --git a/server/api/user/me/profile.put.ts b/server/api/user/me/profile.put.ts index a8aeb6c..e87e8fe 100644 --- a/server/api/user/me/profile.put.ts +++ b/server/api/user/me/profile.put.ts @@ -3,7 +3,7 @@ import axios from "axios"; import { Profile } from "@client/types/form/myStuff"; import { apiRoot, h2m } from "@server/constants"; import forumId from "@server/forumId"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => { @@ -15,10 +15,9 @@ export default eventHandler(async (ev) => { "profile.blog": body.blog, "profile.bio": san(body.bio), "profile.showEmail": !!body.showEmail, - "profile.avatar": body.avatar, }; let d = { - signature: h2m.turndown(body.signature), + signature: h2m.turndown(body.signature || ""), _uid: 1, }; let lookup = await forumId(ev.context.currentUser!._id!); diff --git a/server/api/user/me/reviews.get.ts b/server/api/user/me/reviews.get.ts index def87b8..1f184db 100644 --- a/server/api/user/me/reviews.get.ts +++ b/server/api/user/me/reviews.get.ts @@ -1,4 +1,4 @@ -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { Story } from "@models/stories"; import { Review } from "@models/stories/review"; diff --git a/server/api/user/me/subscriptions.put.ts b/server/api/user/me/subscriptions.put.ts index 031d911..4238fff 100644 --- a/server/api/user/me/subscriptions.put.ts +++ b/server/api/user/me/subscriptions.put.ts @@ -1,5 +1,5 @@ import { SubPayload } from "@client/types/form/favSub"; -import isLoggedIn from "@server/middlewareButNotReally/isLoggedIn"; +import { isLoggedIn } from "@server/middlewareButNotReally"; import { User } from "@models/user"; export default eventHandler(async (ev) => {