diff options
| -rw-r--r-- | app/auth.js | 16 | ||||
| -rw-r--r-- | app/lib/router.js | 5 | ||||
| -rw-r--r-- | app/lib/static.js | 4 | ||||
| -rw-r--r-- | app/note-store.js | 4 | ||||
| -rw-r--r-- | app/public/main.js | 2 |
5 files changed, 16 insertions, 15 deletions
diff --git a/app/auth.js b/app/auth.js index 7859a24..8a55857 100644 --- a/app/auth.js +++ b/app/auth.js @@ -1,5 +1,5 @@ -import {readFile as rf, writeFile as wf} from "node:fs/promises"; -import {readFileSync, rename} from "node:fs"; +import {readFile as rf, writeFile as wf, rename} from "node:fs/promises"; +import {readFileSync} from "node:fs"; import {randomBytes} from "node:crypto"; import argon2 from "argon2"; @@ -37,10 +37,10 @@ function debounce(fn, interval=100) { function loadJSONSync(path) { const obj = {}; try { - Object.assign(obj, JSON.parse(readFileSync(path))); + Object.assign(obj, JSON.parse(readFileSync(path, "utf8"))); } catch(e) { console.log(Date.now()+` Error loading ${path}, creating fallback empty set`); - rename(path, path+".bad."+Date.now(), err => {}); + rename(path, path+".bad."+Date.now()).catch(() => {}); // TODO make synchronous? } return obj; } @@ -175,7 +175,7 @@ async function login(req, res, match, data) { if (!uid) return sendError(res); // User doesn't exist let user; - try { user = JSON.parse(await rf(`private/${uid}.json`)); + try { user = JSON.parse(await rf(`private/${uid}.json`, "utf8")); } catch (e) { return err500(res); } // Can't load user data checkReferer(req); @@ -235,7 +235,7 @@ function changePassword(req, res, match, data) { if (!uid) return token? err401(res) : sendError(req); let user; - try { user = JSON.parse(await rf(`private/${uid}.json`)); + try { user = JSON.parse(await rf(`private/${uid}.json`, "utf8")); } catch (e) { return err500(res); } checkReferer(req); @@ -261,7 +261,7 @@ function changePassword(req, res, match, data) { await wf(`private/${uid}.json`, JSON.stringify(user)); if (!res.getHeader("Set-Cookie")) { // Might have been renewed by authed() - if (token) renewToken(res, token, fingerprint, 0); + if (token) renewToken(res, token, collectFingerprint(req), 0); else setTokenCookie(res, createToken(uid, Object.assign(collectFingerprint(req), { sessionID: newSessionID(), @@ -286,7 +286,7 @@ async function changeUsernameReq(req, res, match, data) { const sendError = res => { rateLimitIP(req, 2, 8); sj(res, error); }; let user; - try { user = JSON.parse(await rf(`private/${req.uid}.json`)); + try { user = JSON.parse(await rf(`private/${req.uid}.json`, "utf8")); } catch (e) { return err500(res); } const pass = user.password; diff --git a/app/lib/router.js b/app/lib/router.js index 186e6ad..7d30ccf 100644 --- a/app/lib/router.js +++ b/app/lib/router.js @@ -1,4 +1,4 @@ -import {parse as parseURL} from "node:url"; +import {URL} from "node:url"; const degroup = path => Object.assign(path, path.groups); export default class Router { @@ -7,7 +7,7 @@ export default class Router { } route(req, res) { - const pathname = parseURL(req.url).pathname; + const pathname = new URL(req.url, "file:").pathname; // TODO double-check return this.routes.some(route => { const isMatch = route.method === req.method && route.re.test(pathname); if (isMatch) route.cb(req, res, degroup(route.re.exec(pathname))); @@ -30,6 +30,7 @@ export default class Router { } jpost(re, cb, max) { + // TODO check req content-type? set accepts? this.gpost(re, (req, res, match, data) => { try { data = JSON.parse(data); diff --git a/app/lib/static.js b/app/lib/static.js index 26fc231..08c877f 100644 --- a/app/lib/static.js +++ b/app/lib/static.js @@ -1,5 +1,5 @@ import {normalize, extname} from "node:path"; -import {parse as parseURL} from "node:url"; +import {URL} from "node:url"; import fs from "node:fs"; const mimeTypes = { @@ -46,7 +46,7 @@ export default class Static { return; } - const pathname = parseURL(req.url).pathname; + const pathname = new URL(req.url, "file:").pathname; // TODO double-check const sane = normalize(pathname).replace(/^(\.\.\/)+/, ""); let path = `${this.root}${sane}`; //Path.join(__dirname, sane); diff --git a/app/note-store.js b/app/note-store.js index eeebf28..8ad54db 100644 --- a/app/note-store.js +++ b/app/note-store.js @@ -21,7 +21,7 @@ async function newNote(req, res) { async function getNote(req, res, match) { console.log(Date.now()+` Getting note ${req.uid}:${match.noteID}`); const noteFile = `${NOTE_DIR}/${req.uid}/${match.noteID}.md`; - const content = await rf(noteFile, "UTF-8"); + const content = await rf(noteFile, "utf8"); sj(res, {id:match.noteID, content}); } @@ -29,7 +29,7 @@ async function setNote(req, res, match, data) { console.log(Date.now()+` Setting note ${req.uid}:${match.noteID}`); if (match.noteID !== data.id) return err400(res); const noteFile = `${NOTE_DIR}/${req.uid}/${match.noteID}.md`; - await wf(noteFile, data.content, "UTF-8"); + await wf(noteFile, data.content, "utf8"); sj(res, {}); } diff --git a/app/public/main.js b/app/public/main.js index 5746142..2a30c45 100644 --- a/app/public/main.js +++ b/app/public/main.js @@ -1,6 +1,5 @@ document.addEventListener("DOMContentLoaded", async () => { "use strict"; -const secure = location.protocol === "https:"; const $ = (s,c) => (c||document).querySelector(s); function $$(x,y,z,a){a=(z||document).querySelectorAll(x);if(typeof y=="function")[].forEach.call(a,y);return a} function m(a,b,c){c=document;b=c.createElement(b||"p");b.innerHTML=a.trim();for(a=c.createDocumentFragment();c=b.firstChild;)a.appendChild(c);return a.firstChild} @@ -16,6 +15,7 @@ function debounce(fn, delay) { } } +//const secure = location.protocol === "https:"; //sock.init(`ws${secure?"s":""}://${location.host}/ws`); //sock.on("hello", e => { // console.log("hello", e); |