i dont really know what i added

Signed-off-by: roxwize <rae@roxwize.xyz>
2025-05-10 23:33:07 +00:00 · 2024-11-17 14:16:27 -05:00 · 2024-11-17 14:16:27 -05:00 · 7b563f5c31
commit 7b563f5c31
parent e3c09d7f0d
24 changed files with 797 additions and 151 deletions
--- a/main.ts
+++ b/main.ts
@ -1,5 +1,5 @@
 //! TODO: There is like no error checking in queries at all
-import type { Response, Request } from "express";
+//! TODO: Also no API? seriously? also when a form errors it just redirects with a 301 like everything is okay when it ISNT and it NEVER HAS BEEN

 import "dotenv/config";
 import dayjs from "dayjs";
@ -12,19 +12,20 @@ import connectPgSimple from "connect-pg-simple";
 import flash from "connect-flash";

 import { drizzle } from "drizzle-orm/node-postgres";
-import { follows, profiles, updates, users } from "./db/schema.js";
-import { and, desc, eq } from "drizzle-orm";
+import { updates, users } from "./db/schema.js";
+import { desc, eq } from "drizzle-orm";

 // routes
 import loginRoutes from "./routes/login.js";
 import userRoutes from "./routes/users.js";
-import { getMoods, render } from "./routes/util.js";
+import updateRoutes from "./routes/updates.js";
+import { getMoods, render, setNonce } from "./routes/util.js";

 const db = drizzle(process.env.DATABASE_URL!);

 //! TODO: Make sure SQL queries arent being repeated too much
 (async () => {
-  const { moods, moodsSorted } = await getMoods();
+  const { moods } = await getMoods();

  // setup dayjs
  dayjs.extend(relativeTime);
@ -43,6 +44,19 @@ const db = drizzle(process.env.DATABASE_URL!);
    })
  );
  app.use(flash());
+  //== Content Security Policy
+  app.use((_, res, next) => {
+    res.setHeader("X-Powered-By", "Lots and lots of milk");
+    res.setHeader(
+      "Content-Security-Policy",
+      "\
+script-src 'nonce-" +
+        setNonce() +
+        "';\
+object-src 'none'; base-uri 'none';"
+    );
+    return next();
+  });

  app.get("/", async (req, res) => {
    const upd = db
@ -57,121 +71,38 @@ const db = drizzle(process.env.DATABASE_URL!);
      .as("upd");
    const recentUpdates = await db.select().from(upd).orderBy(desc(upd.date));

-    render(db, "index", "Home", res, req, {
-      users: (await db.select().from(users)).length,
-      recentUpdates
-    });
-  });
-
-  await userRoutes(app, db);
-
-  //! -- TEMP DASHBOARD START --
-  app.get("/dashboard", async (req, res) => {
-    if (!req.session["loggedIn"]) {
-      res.redirect("/login");
-      return;
-    }
-    const user = (
-      await db
-        .select({
-          name: users.name,
-          bio: profiles.bio,
-          website: profiles.website //! validate this
-        })
-        .from(users)
-        .where(eq(users.name, req.session["user"]))
-        .leftJoin(profiles, eq(users.id, profiles.user))
-    )[0];
-
-    const now = dayjs();
-    const moodHistory = (
-      await db
-        .select({ mood: updates.mood, date: updates.date })
-        .from(updates)
-        .where(eq(updates.user, req.session["uid"]))
-        .orderBy(desc(updates.date))
-        .limit(10)
-    ).map((e) => {
-      return { mood: moods[e.mood], date: now.to(dayjs(e.date)) };
-    });
-
-    const recentUpdates = (
+    const date = dayjs();
+    const feedUpdates = (
      await db
        .select({
          user: users.name,
          mood: updates.mood,
-          desc: updates.description,
-          date: updates.date
+          date: updates.date,
+          desc: updates.description
        })
        .from(updates)
-        .innerJoin(
-          follows,
-          and(
-            eq(follows.userId, updates.user),
-            eq(follows.followerId, req.session["uid"])
-          )
-        )
-        .leftJoin(users, eq(updates.user, users.id))
+        .innerJoin(users, eq(updates.user, users.id))
+        .limit(50)
        .orderBy(desc(updates.date))
-        .limit(25)
    ).map((e) => {
      return {
        user: e.user,
        mood: moods[e.mood],
-        desc: e.desc,
-        date: dayjs().to(dayjs(e.date))
+        date: date.to(dayjs(e.date)),
+        desc: e.desc
      };
    });

-    render(db, "dashboard", "Dashboard", res, req, {
-      user,
-      moods,
-      moodsSorted,
-      moodHistory,
+    render(db, "index", "Home", res, req, {
+      users: (await db.select().from(users)).length,
      recentUpdates,
-      feed: []
+      feedUpdates
    });
  });
-  app.post("/update", async (req, res) => {
-    if (!req.session["loggedIn"]) {
-      res.redirect("/login");
-      return;
-    }
-    const moodIndex = moods.indexOf(req.body.mood.trim());
-    if (moodIndex === -1) {
-      req.flash(
-        "error",
-        "That mood doesn't exist in the database, WTF are you trying to do??"
-      );
-      res.redirect("/dashboard");
-      return;
-    }
-    if (req.body.desc.length > 512) {
-      req.flash(
-        "error",
-        "Mood description can't be longer than 512 characters"
-      );
-      res.redirect("/dashboard");
-    }

-    await db
-      .insert(updates)
-      // @ts-expect-error
-      .values({
-        user: req.session["uid"],
-        mood: moodIndex,
-        description: req.body.desc,
-        date: new Date(Date.now())
-      });
-    req.flash("success", "Mood updated!");
-    res.redirect("/dashboard");
-  });
-  //! -- TEMP DASHBOARD END   --
-
-  //! TEMP Also not sanitized like at all
-  //! Also make sure user isnt logged in before doing this
+  await userRoutes(app, db);
+  await updateRoutes(app, db);
  loginRoutes(app, db);
-  //! TEMP done

  app.listen(1337, () => {
    console.log("Listening on http://127.0.0.1:1337/");