summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/auth.js16
-rw-r--r--app/lib/router.js5
-rw-r--r--app/lib/static.js4
-rw-r--r--app/note-store.js4
-rw-r--r--app/public/main.js2
5 files changed, 16 insertions, 15 deletions
diff --git a/app/auth.js b/app/auth.js
index 7859a24..8a55857 100644
--- a/app/auth.js
+++ b/app/auth.js
@@ -1,5 +1,5 @@
-import {readFile as rf, writeFile as wf} from "node:fs/promises";
-import {readFileSync, rename} from "node:fs";
+import {readFile as rf, writeFile as wf, rename} from "node:fs/promises";
+import {readFileSync} from "node:fs";
import {randomBytes} from "node:crypto";
import argon2 from "argon2";
@@ -37,10 +37,10 @@ function debounce(fn, interval=100) {
function loadJSONSync(path) {
const obj = {};
try {
- Object.assign(obj, JSON.parse(readFileSync(path)));
+ Object.assign(obj, JSON.parse(readFileSync(path, "utf8")));
} catch(e) {
console.log(Date.now()+` Error loading ${path}, creating fallback empty set`);
- rename(path, path+".bad."+Date.now(), err => {});
+ rename(path, path+".bad."+Date.now()).catch(() => {}); // TODO make synchronous?
}
return obj;
}
@@ -175,7 +175,7 @@ async function login(req, res, match, data) {
if (!uid) return sendError(res); // User doesn't exist
let user;
- try { user = JSON.parse(await rf(`private/${uid}.json`));
+ try { user = JSON.parse(await rf(`private/${uid}.json`, "utf8"));
} catch (e) { return err500(res); } // Can't load user data
checkReferer(req);
@@ -235,7 +235,7 @@ function changePassword(req, res, match, data) {
if (!uid) return token? err401(res) : sendError(req);
let user;
- try { user = JSON.parse(await rf(`private/${uid}.json`));
+ try { user = JSON.parse(await rf(`private/${uid}.json`, "utf8"));
} catch (e) { return err500(res); }
checkReferer(req);
@@ -261,7 +261,7 @@ function changePassword(req, res, match, data) {
await wf(`private/${uid}.json`, JSON.stringify(user));
if (!res.getHeader("Set-Cookie")) { // Might have been renewed by authed()
- if (token) renewToken(res, token, fingerprint, 0);
+ if (token) renewToken(res, token, collectFingerprint(req), 0);
else setTokenCookie(res, createToken(uid,
Object.assign(collectFingerprint(req), {
sessionID: newSessionID(),
@@ -286,7 +286,7 @@ async function changeUsernameReq(req, res, match, data) {
const sendError = res => { rateLimitIP(req, 2, 8); sj(res, error); };
let user;
- try { user = JSON.parse(await rf(`private/${req.uid}.json`));
+ try { user = JSON.parse(await rf(`private/${req.uid}.json`, "utf8"));
} catch (e) { return err500(res); }
const pass = user.password;
diff --git a/app/lib/router.js b/app/lib/router.js
index 186e6ad..7d30ccf 100644
--- a/app/lib/router.js
+++ b/app/lib/router.js
@@ -1,4 +1,4 @@
-import {parse as parseURL} from "node:url";
+import {URL} from "node:url";
const degroup = path => Object.assign(path, path.groups);
export default class Router {
@@ -7,7 +7,7 @@ export default class Router {
}
route(req, res) {
- const pathname = parseURL(req.url).pathname;
+ const pathname = new URL(req.url, "file:").pathname; // TODO double-check
return this.routes.some(route => {
const isMatch = route.method === req.method && route.re.test(pathname);
if (isMatch) route.cb(req, res, degroup(route.re.exec(pathname)));
@@ -30,6 +30,7 @@ export default class Router {
}
jpost(re, cb, max) {
+ // TODO check req content-type? set accepts?
this.gpost(re, (req, res, match, data) => {
try {
data = JSON.parse(data);
diff --git a/app/lib/static.js b/app/lib/static.js
index 26fc231..08c877f 100644
--- a/app/lib/static.js
+++ b/app/lib/static.js
@@ -1,5 +1,5 @@
import {normalize, extname} from "node:path";
-import {parse as parseURL} from "node:url";
+import {URL} from "node:url";
import fs from "node:fs";
const mimeTypes = {
@@ -46,7 +46,7 @@ export default class Static {
return;
}
- const pathname = parseURL(req.url).pathname;
+ const pathname = new URL(req.url, "file:").pathname; // TODO double-check
const sane = normalize(pathname).replace(/^(\.\.\/)+/, "");
let path = `${this.root}${sane}`; //Path.join(__dirname, sane);
diff --git a/app/note-store.js b/app/note-store.js
index eeebf28..8ad54db 100644
--- a/app/note-store.js
+++ b/app/note-store.js
@@ -21,7 +21,7 @@ async function newNote(req, res) {
async function getNote(req, res, match) {
console.log(Date.now()+` Getting note ${req.uid}:${match.noteID}`);
const noteFile = `${NOTE_DIR}/${req.uid}/${match.noteID}.md`;
- const content = await rf(noteFile, "UTF-8");
+ const content = await rf(noteFile, "utf8");
sj(res, {id:match.noteID, content});
}
@@ -29,7 +29,7 @@ async function setNote(req, res, match, data) {
console.log(Date.now()+` Setting note ${req.uid}:${match.noteID}`);
if (match.noteID !== data.id) return err400(res);
const noteFile = `${NOTE_DIR}/${req.uid}/${match.noteID}.md`;
- await wf(noteFile, data.content, "UTF-8");
+ await wf(noteFile, data.content, "utf8");
sj(res, {});
}
diff --git a/app/public/main.js b/app/public/main.js
index 5746142..2a30c45 100644
--- a/app/public/main.js
+++ b/app/public/main.js
@@ -1,6 +1,5 @@
document.addEventListener("DOMContentLoaded", async () => { "use strict";
-const secure = location.protocol === "https:";
const $ = (s,c) => (c||document).querySelector(s);
function $$(x,y,z,a){a=(z||document).querySelectorAll(x);if(typeof y=="function")[].forEach.call(a,y);return a}
function m(a,b,c){c=document;b=c.createElement(b||"p");b.innerHTML=a.trim();for(a=c.createDocumentFragment();c=b.firstChild;)a.appendChild(c);return a.firstChild}
@@ -16,6 +15,7 @@ function debounce(fn, delay) {
}
}
+//const secure = location.protocol === "https:";
//sock.init(`ws${secure?"s":""}://${location.host}/ws`);
//sock.on("hello", e => {
// console.log("hello", e);