mipilin r9... Fimally

Signed-off-by: roxwize <rae@roxwize.xyz>

routes/admin.ts

@@ -68,6 +68,11 @@ export default function (app: Express, db: NodePgDatabase) {
             return;
         }
         if (!(req.session["status"] & UserStatus.MODERATOR)) {
+            if (!(req.session["status"] & UserStatus.TRUSTED)) {
+                req.flash("error", "Only trusted users can perform this action.");
+                res.redirect(req.get("Referrer") || "/");
+                return;
+            }
             const { codesUsed } = (
                 await db
                     .select({ codesUsed: count() })
@@ -87,7 +92,7 @@ export default function (app: Express, db: NodePgDatabase) {
                     "error",
                     "You've generated the maximum of five codes this week. Your counter will reset next month."
                 );
-                res.redirect("/dashboard");
+                res.redirect(req.get("Referrer") || "/");
                 return;
             }
 
@@ -100,19 +105,19 @@ export default function (app: Express, db: NodePgDatabase) {
                 "success",
                 `Your code has been created as <b>${code}</b>. It expires in a week so use it ASAP!!!`
             );
-            res.redirect("/dashboard");
+            res.redirect(req.get("Referrer") || "/");
             return;
         }
 
         const expiration = new Date(req.body.expiration || 0);
         if (req.body.expiration && expiration.getTime() <= Date.now()) {
             req.flash("error", "Chosen expiration date is in the past.");
-            res.redirect("/mod");
+            res.redirect(req.get("Referrer") || "/");
             return;
         }
         const code = await createInviteCode(db, req.session["uid"], expiration);
 
         req.flash("success", `Your code has been created as <b>${code}</b>.`);
-        res.redirect("/mod");
+        res.redirect(req.get("Referrer") || "/");
     });
 }

routes/login.ts

@@ -2,7 +2,7 @@ import { Express } from "express";
 import bcrypt from "bcrypt";
 import { render } from "./util.js";
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
-import { inviteCodes, profiles, users } from "../db/schema.js";
+import { follows, inviteCodes, profiles, users } from "../db/schema.js";
 import { eq } from "drizzle-orm";
 
 //! TEMP Also not sanitized like at all
@@ -21,6 +21,11 @@ export default function(app: Express, db: NodePgDatabase) {
       return;
     }
     // validation
+    if (!req.body.name || !req.body.referral || !req.body.email || !req.body.pass) {
+      req.flash("error", "A required field wasn't filled in.");
+      res.redirect("/register");
+      return;
+    }
     if (req.body.referral.length < 22) {
       req.flash("error", "Invalid invite code! Make sure you pasted it in correctly WITH the hyphens.");
       res.redirect("/register");
@@ -36,7 +41,11 @@ export default function(app: Express, db: NodePgDatabase) {
       res.redirect("/register");
       return;
     }
-    if (!req.body.name.match(/[A-Z0-9_-]/i)) {
+
+    //! dumb
+    req.body.name = req.body.name.trim();
+    const match = req.body.name.match(/[A-Z0-9_-]+/i);
+    if (match?.[0] !== req.body.name) {
       req.flash(
         "error",
         "Username can only contain letters, numbers, underscores, hyphens, and periods!!"
@@ -101,6 +110,13 @@ export default function(app: Express, db: NodePgDatabase) {
     )[0];
     await db.insert(profiles).values({ user: uid });
 
+    // Follow me by default ;w;;;
+    //! Also this assumes that im at id 1 which might not be true ever
+    await db.insert(follows).values({
+      userId: 1,
+      followerId: uid
+    });
+
     req.session["loggedIn"] = true;
     req.session["status"] = code.confers;
     req.session["user"] = req.body.name;

routes/updates.ts

@@ -112,6 +112,12 @@ export default async function (app: Express, db: NodePgDatabase) {
                 )
         )[0];
 
+        const followed = await db
+            .select({ uname: users.name })
+            .from(follows)
+            .where(eq(follows.followerId, req.session["uid"]))
+            .innerJoin(users, eq(follows.userId, users.id));
+
         render(db, "dashboard", "dashboard", res, req, {
             user,
             moods,
@@ -120,6 +126,8 @@ export default async function (app: Express, db: NodePgDatabase) {
             recentUpdates,
             codes,
             codesUsed,
+            followed,
+            isTrusted: req.session["status"] & (UserStatus.MODERATOR | UserStatus.TRUSTED),
             feed: []
         });
     });
@@ -128,6 +136,15 @@ export default async function (app: Express, db: NodePgDatabase) {
             res.redirect("/login");
             return;
         }
+        // make sure the user isnt updating too fast
+        //! TODO: also do this for journal entries
+        const lastUpdate = (await db.select({ date: updates.date }).from(updates).where(eq(updates.user, req.session["uid"])).orderBy(desc(updates.date)).limit(1))?.[0];
+        if (Date.now() < lastUpdate?.date?.getTime() + 10 * 1000) {
+            req.flash("error", "You're updating your mood too fast! Wait ten seconds between updates.");
+            res.redirect(req.get("Referrer") || "/");
+            return;
+        }
+
         const moodIndex = moods.indexOf(req.body.mood.trim());
         if (moodIndex === -1) {
             req.flash(
@@ -205,7 +222,8 @@ export default async function (app: Express, db: NodePgDatabase) {
         if (
             !entry ||
             (entry.visibility === 0 &&
-                entry.uname !== req.session["user"] && !isMod)
+                entry.uname !== req.session["user"] &&
+                !isMod)
         ) {
             render404(db, res, req);
             return;
@@ -247,16 +265,19 @@ export default async function (app: Express, db: NodePgDatabase) {
         )[0];
 
         const isMod = req.session["status"] & UserStatus.MODERATOR;
-        if (
-            !entry ||
-            (entry?.uid !== req.session["uid"] &&
-                !isMod)
-        ) {
+        if (!entry || (entry?.uid !== req.session["uid"] && !isMod)) {
             render404(db, res, req);
             return;
         }
-        if (isMod && entry.uid !== req.session["uid"] && req.body.action !== "delete") {
-            req.flash("error", "Moderators can only delete other users' posts.");
+        if (
+            isMod &&
+            entry.uid !== req.session["uid"] &&
+            req.body.action !== "delete"
+        ) {
+            req.flash(
+                "error",
+                "Moderators can only delete other users' posts."
+            );
             res.redirect(`/journal/${req.params.id}`);
             return;
         }

routes/users.ts

@@ -149,7 +149,7 @@ export default async function (app: Express, db: NodePgDatabase) {
             (uname || "") !== req.session["user"] &&
             !(req.session["status"] & UserStatus.MODERATOR)
         ) {
-            res.redirect("back");
+            res.redirect(req.get("Referrer") || "/");
             return;
         }
 
@@ -182,11 +182,7 @@ export default async function (app: Express, db: NodePgDatabase) {
                 .where(eq(users.name, req.params.user))
         )[0];
         if (!uid) {
-            req.flash(
-                "error",
-                "It looks like you're trying to follow a user that doesn't exist anymore."
-            );
-            res.redirect("/");
+            render404(db, res, req);
             return;
         }
         const isFollowing = !!(
@@ -217,6 +213,6 @@ export default async function (app: Express, db: NodePgDatabase) {
                 followerId: req.session["uid"]
             });
         }
-        res.redirect(`/users/${req.params.user}`);
+        res.redirect(req.get("Referrer") || "/");
     });
 }