sigonasr2/ngsplanner_backend
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Secure backend

Browse Source
This commit is contained in:
sigonasr2 2021-08-09 09:14:05 -05:00
parent 4c57c0982d
commit 79547fd379
3 changed files with 177 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ngsplanner_patch.sql
View File

@ -3,3 +3,5 @@ alter table potential add column description text;
alter table weapon_existence_data add column icon text; alter table weapon_existence_data add column icon text;
alter table weapon_type add column shorthand text; alter table weapon_type add column shorthand text;
alter table weapon_existence_data add column special_name text; alter table weapon_existence_data add column special_name text;
alter table potential drop column description;
alter table potential_data add column description text;

6
ngsplanner_schema.sql
View File

@ -85,8 +85,7 @@ CREATE TABLE "weapon_type" (
CREATE TABLE "potential" ( CREATE TABLE "potential" (
"id" SERIAL UNIQUE PRIMARY KEY, "id" SERIAL UNIQUE PRIMARY KEY,
"name" text, "name" text,
"icon" text, "icon" text
"description" text
); );
CREATE TABLE "potential_data" ( CREATE TABLE "potential_data" (
@ -111,7 +110,8 @@ CREATE TABLE "potential_data" (
"panic_res" float, "panic_res" float,
"poison_res" float, "poison_res" float,
"battle_power_value" int, "battle_power_value" int,
"pb_gauge_build" float "pb_gauge_build" float,
"description" text
); );
CREATE TABLE "armor" ( CREATE TABLE "armor" (

340
server.js
View File

@ -63,6 +63,15 @@ new Pool({
port: 5432, port: 5432,
}) })
var db4 =
new Pool({
user: 'postgres',
password: '',
host: 'postgres',
database: 'postgres',
port: 5432,
})
const PREFIX="" const PREFIX=""
const ENDPOINTDATA=[ const ENDPOINTDATA=[
@ -117,13 +126,13 @@ const ENDPOINTDATA=[
{ {
endpoint:"potential", endpoint:"potential",
requiredfields:["name"], requiredfields:["name"],
optionalfields:["icon","description"], optionalfields:["icon"],
excludedfields:[] //Fields to not output in GET. excludedfields:[] //Fields to not output in GET.
}, },
{ {
endpoint:"potential_data", endpoint:"potential_data",
requiredfields:["potential_id","level","name"], requiredfields:["potential_id","level","name"],
optionalfields:["mel_dmg","rng_dmg","tec_dmg","crit_rate","crit_dmg","pp_cost_reduction","active_pp_recovery","natural_pp_recovery","dmg_res","all_down_res","burn_res","freeze_res","blind_res","shock_res","panic_res","poison_res","battle_power_value","pb_gauge_build"], optionalfields:["mel_dmg","rng_dmg","tec_dmg","crit_rate","crit_dmg","pp_cost_reduction","active_pp_recovery","natural_pp_recovery","dmg_res","all_down_res","burn_res","freeze_res","blind_res","shock_res","panic_res","poison_res","battle_power_value","pb_gauge_build","description"],
excludedfields:[] //Fields to not output in GET. excludedfields:[] //Fields to not output in GET.
}, },
{ {
@ -214,7 +223,14 @@ const ENDPOINTDATA=[
for (var test of ["","/test"]) { for (var test of ["","/test"]) {
app.get(PREFIX+test+"/databases",(req,res)=>{ app.get(PREFIX+test+"/databases",(req,res)=>{
db.query('select * from pg_database where datname like \'ngsplanner%\' order by datname desc limit 100') db4.query('select * from password where password=$1',[req.query.pass])
.then((data)=>{
if (data.rows.length>0) {
return db.query('select * from pg_database where datname like \'ngsplanner%\' order by datname desc limit 100')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) res.status(200).json(data.rows)
}) })
@ -225,13 +241,20 @@ for (var test of ["","/test"]) {
app.post(PREFIX+test+"/databases/restorefrombackup",(req,res)=>{ app.post(PREFIX+test+"/databases/restorefrombackup",(req,res)=>{
if (req.body.database) { if (req.body.database) {
db3.query('select * from pg_database where datname=$1',[req.body.database]) db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
return db3.query('select * from pg_database where datname=$1',[req.body.database])
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then((data)=>{ .then((data)=>{
if (data.rows.length>0) { if (data.rows.length>0) {
db.end(()=>{}) db.end(()=>{})
return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'') return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'')
} else { } else {
throw "Could not find requested database "+req.body.database var msg="Could not find requested database "+req.body.database;res.status(500).send(msg);throw msg
} }
}) })
.then(()=>{ .then(()=>{
@ -259,9 +282,16 @@ for (var test of ["","/test"]) {
} }
}) })
app.post(PREFIX+test+"/databases/testtolive",(req,res)=>{ app.post(PREFIX+test+"/databases/testtolive",(req,res)=>{
db.end(()=>{}) db4.query('select * from password where password=$1',[req.body.pass])
db2.end(()=>{}) .then((data)=>{
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'') if (data.rows.length>0) {
db.end(()=>{})
db2.end(()=>{})
return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('drop database ngsplanner') return db3.query('drop database ngsplanner')
}) })
@ -292,9 +322,16 @@ for (var test of ["","/test"]) {
}) })
app.post(PREFIX+test+"/databases/livetotest",(req,res)=>{ app.post(PREFIX+test+"/databases/livetotest",(req,res)=>{
db.end(()=>{}) db4.query('select * from password where password=$1',[req.body.pass])
db2.end(()=>{}) .then((data)=>{
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'') if (data.rows.length>0) {
db.end(()=>{})
db2.end(()=>{})
return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('drop database ngsplanner2') return db3.query('drop database ngsplanner2')
}) })
@ -324,9 +361,16 @@ for (var test of ["","/test"]) {
}) })
app.post(PREFIX+test+"/databases/backup",(req,res)=>{ app.post(PREFIX+test+"/databases/backup",(req,res)=>{
db.end(()=>{}) db4.query('select * from password where password=$1',[req.body.pass])
var date = new Date() .then((data)=>{
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'') if (data.rows.length>0) {
db.end(()=>{})
var date = new Date()
return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('create database ngsplanner'+String(date.getFullYear()).padStart(4,'0')+String(date.getMonth()).padStart(2,'0')+String(date.getDate()).padStart(2,'0')+String(date.getHours()).padStart(2,'0')+String(date.getMinutes()).padStart(2,'0')+String(date.getSeconds()).padStart(2,'0')+' with template ngsplanner') return db3.query('create database ngsplanner'+String(date.getFullYear()).padStart(4,'0')+String(date.getMonth()).padStart(2,'0')+String(date.getDate()).padStart(2,'0')+String(date.getHours()).padStart(2,'0')+String(date.getMinutes()).padStart(2,'0')+String(date.getSeconds()).padStart(2,'0')+' with template ngsplanner')
}) })
@ -348,178 +392,128 @@ for (var test of ["","/test"]) {
function CreateDynamicEndpoints() { function CreateDynamicEndpoints() {
ENDPOINTDATA.forEach((endpoint)=>{ ENDPOINTDATA.forEach((endpoint)=>{
app.get(PREFIX+"/"+endpoint.endpoint,(req,res)=>{ for (var mydb of [db,db2]) {
if (endpoint.requiredfields.includes("name")) { app.get(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
db.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc') db4.query('select * from password where password=$1',[req.query.pass])
.then((data)=>{ .then((data)=>{
res.status(200).json({fields:data.fields,rows:data.rows}) if (data.rows.length>0) {
}) if (endpoint.requiredfields.includes("name")) {
.catch((err)=>{ mydb.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc')
res.status(500).send(err.message) .then((data)=>{
}) res.status(200).json({fields:data.fields,rows:data.rows})
} else { })
db.query('select * from '+endpoint.endpoint+" order by id desc") .catch((err)=>{
.then((data)=>{ res.status(500).send(err.message)
res.status(200).json({fields:data.fields,rows:data.rows}) })
}) } else {
.catch((err)=>{ mydb.query('select * from '+endpoint.endpoint+" order by id desc")
res.status(500).send(err.message) .then((data)=>{
}) res.status(200).json({fields:data.fields,rows:data.rows})
} })
}) .catch((err)=>{
res.status(500).send(err.message)
app.post(PREFIX+"/"+endpoint.endpoint,async(req,res)=>{ })
var allExist=true }
endpoint.requiredfields.forEach((field)=>{
if (!(field in req.body)) {
allExist=false;
}
})
if (!allExist) {
res.status(300).send("Required fields are: "+endpoint.requiredfields.filter((field)=>!(field in req.body)).join(','))
return
}
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
//console.log(combinedfields)
var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
var requiresInsert=true
if (endpoint.requiredfields.includes("name")) {
await db.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+' where name=$'+(all_filled_fields.length+1)+' returning *',[...all_filled_fields.map((field)=>req.body[field]),req.body["name"]])
.then((data)=>{
if (data.rows.length===0) {
requiresInsert=true
} else { } else {
requiresInsert=false res.status(500).send("Could not authenticate!")
res.status(200).json(data.rows)
} }
}) })
.catch((err)=>{ })
res.status(500).send(err.message)
})
}
if (requiresInsert) {
db.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field]))
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
}
})
app.patch(PREFIX+"/"+endpoint.endpoint,(req,res)=>{ app.post(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,async(req,res)=>{
if (req.body.id) { db4.query('select * from password where password=$1',[req.body.pass])
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields] .then(async(data)=>{
//console.log(combinedfields) if (data.rows.length>0) {
var all_filled_fields=combinedfields.filter((field)=>(field in req.body)) var allExist=true
endpoint.requiredfields.forEach((field)=>{
if (!(field in req.body)) {
allExist=false;
}
})
if (!allExist) {
res.status(300).send("Required fields are: "+endpoint.requiredfields.filter((field)=>!(field in req.body)).join(','))
return
}
db.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id]) var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
.then((data)=>{ //console.log(combinedfields)
res.status(200).json(data.rows) var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
var requiresInsert=true
if (endpoint.requiredfields.includes("name")) {
await mydb.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+' where name=$'+(all_filled_fields.length+1)+' returning *',[...all_filled_fields.map((field)=>req.body[field]),req.body["name"]])
.then((data)=>{
if (data.rows.length===0) {
requiresInsert=true
} else {
requiresInsert=false
res.status(200).json(data.rows)
}
})
.catch((err)=>{
res.status(500).send(err.message)
})
}
if (requiresInsert) {
mydb.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field]))
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
}
} else {
res.status(500).send("Could not authenticate!")
}
}) })
.catch((err)=>{ })
res.status(500).send(err.message)
})
} else {
res.status(300).send("Invalid query!")
}
})
app.delete(PREFIX+"/"+endpoint.endpoint,(req,res)=>{ app.patch(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
if (req.body.id) { if (req.body.id) {
db.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id]) db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) if (data.rows.length>0) {
}) var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
.catch((err)=>{ //console.log(combinedfields)
res.status(500).send(err.message) var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
})
} else {
res.status(300).send("Invalid query!")
}
})
return mydb.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id])
app.get(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{ } else {
if (endpoint.requiredfields.includes("name")) { var msg="Could not authenticate!";res.status(500).send(msg);throw msg
db2.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc') }
.then((data)=>{ })
res.status(200).json({fields:data.fields,rows:data.rows}) .then((data)=>{
}) res.status(200).json(data.rows)
.catch((err)=>{ })
res.status(500).send(err.message) .catch((err)=>{
}) res.status(500).send(err.message)
} else { })
db2.query('select * from '+endpoint.endpoint+" order by id desc") } else {
.then((data)=>{ res.status(300).send("Invalid query!")
res.status(200).json({fields:data.fields,rows:data.rows})
})
.catch((err)=>{
res.status(500).send(err.message)
})
}
})
app.post(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
var allExist=true
endpoint.requiredfields.forEach((field)=>{
if (!(field in req.body)) {
allExist=false;
} }
}) })
if (!allExist) {
res.status(300).send("Required fields are: "+endpoint.requiredfields.filter((field)=>!(field in req.body)).join(','))
return
}
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields] app.delete(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
//console.log(combinedfields) if (req.body.id) {
var all_filled_fields=combinedfields.filter((field)=>(field in req.body)) db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
db2.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field])) if (data.rows.length>0) {
.then((data)=>{ return mydb.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id])
res.status(200).json(data.rows) } else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
} else {
res.status(300).send("Invalid query!")
}
}) })
.catch((err)=>{ }
res.status(500).send(err.message)
})
})
app.patch(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
if (req.body.id) {
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
//console.log(combinedfields)
var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
db2.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id])
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
} else {
res.status(300).send("Invalid query!")
}
})
app.delete(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
if (req.body.id) {
db2.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id])
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
} else {
res.status(300).send("Invalid query!")
}
})
}) })
} }