From 43209070cd69ba2ce996a795a2050bf6cc2f7af0 Mon Sep 17 00:00:00 2001 From: WubzyGD Date: Fri, 10 Feb 2023 15:48:40 -0500 Subject: [PATCH] basic series validation --- api/ani/v1/routes/series/add.js | 64 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 34 deletions(-) diff --git a/api/ani/v1/routes/series/add.js b/api/ani/v1/routes/series/add.js index 082b3ae..f54a8f8 100644 --- a/api/ani/v1/routes/series/add.js +++ b/api/ani/v1/routes/series/add.js @@ -56,49 +56,35 @@ module.exports = (app, router) => { //VALIDATION const badReq = msg => {res.status(400).send(msg); return null;}; - const validateStringList = (maxLength, list, listName, regex) => { - let bad = false; - list.forEach(item => {bad = !bad && typeof item === 'string' && item.length < maxLength && (!regex || item.match(regex))}); - if (bad) {return badReq();} + const validateStringList = (maxLength, list, listName, maxListLength, regex) => { + let good = false; + if (maxListLength !== -1 && list.length > maxListLength) {return badReq(`Your ${listName} had too many items.`);} + list.forEach(item => {good = !good && typeof item === 'string' && item.length < maxLength && (!regex || item.match(regex));}); + if (!good) {return badReq(`Your ${listName} did not contain purely strings, or one of them was too long.`);} return list; }; let options = req.body; - if (options.altNames && Array.isArray(options.altNames) && options.altNames.length <= 10) { - let bad = false; - options.altNames.forEach(name => bad = !bad && typeof name === 'string' && name.length < 150); - if (bad) {return badReq("Your altNames did not contain purely strings, or one of them was too long.");} - series.altNames = options.altNames; - } - - if (options.tags && Array.isArray(options.tags) && options.tags.length <= 10) { - let bad = false; - options.tags.forEach(tag => bad = !bad && typeof tag === 'string' && tag.length < 25 && tag.match(/^[\w-]+$/gm)); - if (bad) {return badReq("Your tags did not contain purely strings, or one of them was too long, or contained invalud characters");} - series.tags = options.tags.map(tag => tag.toLowerCase()); - } + if (options.altNames) {series.altNames = validateStringList(150, options.altNames, 'altNames'); if (!series.altNames) {return;}} + if (options.tags) {series.tags = validateStringList(25, options.tags, 'tags', 25, /^[\w-]+$/gm);if (!series.tags) {return;}} if (options.nsfw === true && !(options.nsfwReason || ['gore', 'language', 'nudity', 'themes'].includes(options.nsfwReason))) {return badReq("You marked this series as nsfw, but did not provide a reason.");} else if (options.nsfw) { series.nsfw = options.nsfw; series.nsfwReason = options.nsfwReason; } - if (options.genres && Array.isArray(options.genres) && options.genres.length <= 10) { - let bad = false; - options.genres.forEach(tag => bad = !bad && typeof tag === 'string' && tag.length < 25 && tag.match(/^[\w- ]+$/gm)); - if (bad) {return badReq("Your genres did not contain purely strings, or one of them was too long.");} - series.genres = options.genres; - } //TODO genres as DB - if (options.streamAt && Array.isArray(options.streamAt) && options.streamAt.length <= 10) { - let bad = false; - options.streamAt.forEach(tag => bad = !bad && typeof tag === 'string' && tag.length < 25 && tag.match(/^[\w- ]+$/gm)); - if (bad) {return badReq("Your streamAt locations did not contain purely strings, or one of them was too long.");} - series.streamAt = options.streamAt; - } - if (options.publishers && Array.isArray(options.publishers) && options.publishers.length <= 10) { - let bad = false; - options.publishers.forEach(tag => bad = !bad && typeof tag === 'string' && tag.length < 25 && tag.match(/^[\w- ]+$/gm)); - if (bad) {return badReq("Your publishers did not contain purely strings, or one of them was too long.");} - series.publishers = options.publishers; + if (options.genres) {series.genres = validateStringList(25, options.genres, 'genres', 10, /^[\w- ]+$/gm); if (!series.genres) {return;}} //TODO genres as DB + if (options.streamAt) {series.streamAt = validateStringList(25, options.streamAt, 'streamAt locations', 10, /^[\w- ]+$/gm);if (!series.streamAt) {return;}} + if (options.publishers) {series.publishers = validateStringList(25, options.publishers, 'publishers', 5, /^[\w- ]+$/gm);if (!series.publishers) {return;}} + //well this is hell. never again will i make a schema so fat // i have no idea what im doing here + //TODO validate pt. 2, the requiem + if (options.air) { + if (options.air.from) {series.air.from = options.air.from;} + if (options.air.to) {series.air.to = options.air.to;} //it's 9am send help } + //unvalidated BS at this point fuck it + //get rotated idiot + if (options.art) {series.art = options.art;} + if (options.officialSite) {series.officialSite = options.officialSite;} + if (options.videos) {series.videos = options.videos;} //it probably works. good enough yeah? return series.save().then(async () => { app.cache.series[series.id] = { @@ -110,8 +96,18 @@ module.exports = (app, router) => { genres: series.genres, tags: series.tags }; + app.cache.seriesCount++; return res.send(`Your series was successfully ${series.meta.submitted ? 'submitted' : "added"}.`); }).catch((e) => {console.error(e); res.status(500).send("There was an error trying to process your request. It's likely that our database found something wrong with your body fields, and the server didn't realize. Check your request and try again.");}); //TODO remove console error + }) + .get(app.auth.tokenPass, app.auth.permsPass('series-approve'), async (req, res) => { + const series = await Anime.findOne({id: req.params.id}); + if (!series || (series && !series.meta.completed && req.unauthorized)) {return res.status(400).send("A series with that ID doesn't exist!");} + let {name, id, romaji, kanji, air, rating, likes, seasons, characters, altNames, genres, tags, nsfw, nsfwReason, synopsis, numericalId, completed, publishers, studios} = series; + return res.json({ + name, id, romaji, kanji, air, rating, likes, seasons, characters, altNames, genres, tags, nsfw, nsfwReason, synopsis, numericalId, completed, publishers, studios, + meta: {completed: series.meta.completed, creator: series.meta.creator, locked: series.meta.locked} + }); }); }; \ No newline at end of file