2020-05-04 15:06:07 +00:00
|
|
|
const constants = require("../../lib/constants")
|
|
|
|
const {render, redirect} = require("pinski/plugins")
|
2020-05-09 15:20:13 +00:00
|
|
|
const {getSettings, getToken, generateCSRF, checkCSRF} = require("./utils/getsettings")
|
2020-05-29 08:46:45 +00:00
|
|
|
const {getSettingsReferrer} = require("./utils/settingsreferrer")
|
2020-05-04 15:06:07 +00:00
|
|
|
const crypto = require("crypto")
|
|
|
|
const db = require("../../lib/db")
|
|
|
|
|
|
|
|
module.exports = [
|
|
|
|
{
|
2020-05-05 13:45:56 +00:00
|
|
|
route: "/settings", methods: ["GET"], code: async ({req, url}) => {
|
2020-06-19 07:12:43 +00:00
|
|
|
const token = getToken(req)
|
2020-05-05 13:45:56 +00:00
|
|
|
const settings = getSettings(req)
|
|
|
|
// console.log(settings)
|
2020-05-09 15:20:13 +00:00
|
|
|
const csrf = generateCSRF()
|
|
|
|
const message = url.searchParams.get("message")
|
|
|
|
const status = url.searchParams.get("status")
|
2020-05-29 08:46:45 +00:00
|
|
|
return render(200, "pug/settings.pug", {
|
|
|
|
stayAction: getSettingsReferrer(url.searchParams.get("referrer"), "/settings/stay"),
|
|
|
|
returnAction: getSettingsReferrer(url.searchParams.get("referrer"), "/settings/return"),
|
|
|
|
returnURL: url.searchParams.get("referrer") || "/",
|
|
|
|
constants,
|
|
|
|
settings,
|
2020-06-19 07:12:43 +00:00
|
|
|
token,
|
2020-05-29 08:46:45 +00:00
|
|
|
csrf,
|
|
|
|
status,
|
|
|
|
message
|
|
|
|
})
|
2020-05-04 15:06:07 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
2020-05-29 08:46:45 +00:00
|
|
|
route: "/settings/(stay|return)", methods: ["POST"], upload: true, code: async ({req, body, fill, url}) => {
|
|
|
|
const action = fill[0]
|
2020-06-19 07:12:43 +00:00
|
|
|
const token = getToken(req)
|
2020-05-04 15:06:07 +00:00
|
|
|
const params = new URLSearchParams(body.toString())
|
2020-05-09 15:20:13 +00:00
|
|
|
if (!checkCSRF(params.get("csrf"))) {
|
|
|
|
const returnParams = new URLSearchParams()
|
|
|
|
returnParams.append("status", "fail")
|
|
|
|
returnParams.append("message", "Form timed out or reused.\n(Invalid or missing CSRF token.)")
|
|
|
|
return redirect("/settings?" + returnParams.toString(), 303)
|
|
|
|
}
|
2020-05-04 15:06:07 +00:00
|
|
|
const prepared = {}
|
|
|
|
for (const setting of constants.user_settings) {
|
|
|
|
let valueOrDefault
|
|
|
|
if (params.has(setting.name) && params.get(setting.name) !== "") {
|
|
|
|
valueOrDefault = params.get(setting.name)
|
|
|
|
} else if (setting.replaceEmptyWithDefault) {
|
|
|
|
valueOrDefault = setting.default
|
|
|
|
} else {
|
|
|
|
valueOrDefault = ""
|
|
|
|
}
|
|
|
|
let valueCorrectType
|
|
|
|
if (setting.boolean) {
|
|
|
|
valueCorrectType = +(valueOrDefault !== "")
|
|
|
|
} else {
|
|
|
|
valueCorrectType = valueOrDefault
|
|
|
|
}
|
|
|
|
prepared[setting.name] = valueCorrectType
|
|
|
|
}
|
2020-05-05 13:45:56 +00:00
|
|
|
// console.log(prepared)
|
2020-06-19 07:12:43 +00:00
|
|
|
if (token) {
|
|
|
|
prepared.token = token
|
|
|
|
} else {
|
|
|
|
const checkPrepared = db.prepare("SELECT token FROM UserSettings WHERE token = ?")
|
|
|
|
do {
|
|
|
|
prepared.token = crypto.randomBytes(16).toString("hex")
|
|
|
|
} while (checkPrepared.get(prepared.token))
|
|
|
|
}
|
2020-05-04 15:06:07 +00:00
|
|
|
prepared.created = Date.now()
|
2020-05-05 15:35:18 +00:00
|
|
|
const fields = constants.user_settings.map(s => s.name)
|
2020-06-19 07:12:43 +00:00
|
|
|
db.prepare(`REPLACE INTO UserSettings (token, created, ${fields.join(", ")}) VALUES (@token, @created, ${fields.map(f => "@"+f).join(", ")})`).run(prepared)
|
2020-05-04 15:06:07 +00:00
|
|
|
const expires = new Date(Date.now() + 4000*24*60*60*1000).toUTCString()
|
2020-05-29 08:46:45 +00:00
|
|
|
let location
|
|
|
|
if (action === "return" && url.searchParams.has("referrer")) {
|
|
|
|
location = url.searchParams.get("referrer")
|
|
|
|
} else { // stay
|
|
|
|
const newParams = new URLSearchParams()
|
|
|
|
newParams.append("status", "success")
|
|
|
|
newParams.append("message", "Saved.")
|
|
|
|
if (url.searchParams.has("referrer")) {
|
|
|
|
newParams.append("referrer", url.searchParams.get("referrer"))
|
|
|
|
}
|
|
|
|
location = "/settings?" + newParams.toString()
|
|
|
|
}
|
2020-05-04 15:06:07 +00:00
|
|
|
return {
|
|
|
|
statusCode: 303,
|
|
|
|
headers: {
|
2020-05-29 08:46:45 +00:00
|
|
|
"Location": location,
|
2020-05-09 15:20:13 +00:00
|
|
|
"Set-Cookie": `settings=${prepared.token}; Path=/; Expires=${expires}; SameSite=Lax`
|
2020-05-04 15:06:07 +00:00
|
|
|
},
|
2020-05-09 15:20:13 +00:00
|
|
|
contentType: "text/html; charset=UTF-8",
|
2020-05-04 15:06:07 +00:00
|
|
|
content: "Redirecting..."
|
|
|
|
}
|
|
|
|
}
|
2020-06-19 07:12:43 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
route: "/applysettings/([0-9a-f]+)", methods: ["GET"], code: async ({fill}) => {
|
|
|
|
const expires = new Date(Date.now() + 4000*24*60*60*1000).toUTCString()
|
|
|
|
return {
|
|
|
|
statusCode: 302,
|
|
|
|
headers: {
|
|
|
|
"Location": "/",
|
|
|
|
"Set-Cookie": `settings=${fill[0]}; Path=/; Expires=${expires}; SameSite=Lax`
|
|
|
|
},
|
|
|
|
contentType: "text/html; charset=UTF-8",
|
|
|
|
content: "Settings restored. Redirecting..."
|
|
|
|
}
|
|
|
|
}
|
2020-05-04 15:06:07 +00:00
|
|
|
}
|
|
|
|
]
|