sigonasr2
/
sigcrafting_backend
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Secure backend

Browse Source
master
sigonasr2 3 years ago
parent 4c57c0982d
commit 79547fd379
3 changed files with 174 additions and 178 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      ngsplanner_patch.sql
  2. 6
      ngsplanner_schema.sql
  3. 176
      server.js

2
ngsplanner_patch.sql
Unescape View File

@ -3,3 +3,5 @@ alter table potential add column description text;
alter table weapon_existence_data add column icon text; alter table weapon_existence_data add column icon text;
alter table weapon_type add column shorthand text; alter table weapon_type add column shorthand text;
alter table weapon_existence_data add column special_name text; alter table weapon_existence_data add column special_name text;
alter table potential drop column description;
alter table potential_data add column description text;

6
ngsplanner_schema.sql
Unescape View File

@ -85,8 +85,7 @@ CREATE TABLE "weapon_type" (
CREATE TABLE "potential" ( CREATE TABLE "potential" (
"id" SERIAL UNIQUE PRIMARY KEY, "id" SERIAL UNIQUE PRIMARY KEY,
"name" text, "name" text,
"icon" text, "icon" text
"description" text
); );
CREATE TABLE "potential_data" ( CREATE TABLE "potential_data" (
@ -111,7 +110,8 @@ CREATE TABLE "potential_data" (
"panic_res" float, "panic_res" float,
"poison_res" float, "poison_res" float,
"battle_power_value" int, "battle_power_value" int,
"pb_gauge_build" float "pb_gauge_build" float,
"description" text
); );
CREATE TABLE "armor" ( CREATE TABLE "armor" (

176
server.js
Unescape View File

@ -63,6 +63,15 @@ new Pool({
port: 5432, port: 5432,
}) })
var db4 =
new Pool({
user: 'postgres',
password: '',
host: 'postgres',
database: 'postgres',
port: 5432,
})
const PREFIX="" const PREFIX=""
const ENDPOINTDATA=[ const ENDPOINTDATA=[
@ -117,13 +126,13 @@ const ENDPOINTDATA=[
{ {
endpoint:"potential", endpoint:"potential",
requiredfields:["name"], requiredfields:["name"],
optionalfields:["icon","description"], optionalfields:["icon"],
excludedfields:[] //Fields to not output in GET. excludedfields:[] //Fields to not output in GET.
}, },
{ {
endpoint:"potential_data", endpoint:"potential_data",
requiredfields:["potential_id","level","name"], requiredfields:["potential_id","level","name"],
optionalfields:["mel_dmg","rng_dmg","tec_dmg","crit_rate","crit_dmg","pp_cost_reduction","active_pp_recovery","natural_pp_recovery","dmg_res","all_down_res","burn_res","freeze_res","blind_res","shock_res","panic_res","poison_res","battle_power_value","pb_gauge_build"], optionalfields:["mel_dmg","rng_dmg","tec_dmg","crit_rate","crit_dmg","pp_cost_reduction","active_pp_recovery","natural_pp_recovery","dmg_res","all_down_res","burn_res","freeze_res","blind_res","shock_res","panic_res","poison_res","battle_power_value","pb_gauge_build","description"],
excludedfields:[] //Fields to not output in GET. excludedfields:[] //Fields to not output in GET.
}, },
{ {
@ -214,7 +223,14 @@ const ENDPOINTDATA=[
for (var test of ["","/test"]) { for (var test of ["","/test"]) {
app.get(PREFIX+test+"/databases",(req,res)=>{ app.get(PREFIX+test+"/databases",(req,res)=>{
db.query('select * from pg_database where datname like \'ngsplanner%\' order by datname desc limit 100') db4.query('select * from password where password=$1',[req.query.pass])
.then((data)=>{
if (data.rows.length>0) {
return db.query('select * from pg_database where datname like \'ngsplanner%\' order by datname desc limit 100')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) res.status(200).json(data.rows)
}) })
@ -225,13 +241,20 @@ for (var test of ["","/test"]) {
app.post(PREFIX+test+"/databases/restorefrombackup",(req,res)=>{ app.post(PREFIX+test+"/databases/restorefrombackup",(req,res)=>{
if (req.body.database) { if (req.body.database) {
db3.query('select * from pg_database where datname=$1',[req.body.database]) db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
return db3.query('select * from pg_database where datname=$1',[req.body.database])
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then((data)=>{ .then((data)=>{
if (data.rows.length>0) { if (data.rows.length>0) {
db.end(()=>{}) db.end(()=>{})
return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'') return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'')
} else { } else {
throw "Could not find requested database "+req.body.database var msg="Could not find requested database "+req.body.database;res.status(500).send(msg);throw msg
} }
}) })
.then(()=>{ .then(()=>{
@ -259,9 +282,16 @@ for (var test of ["","/test"]) {
} }
}) })
app.post(PREFIX+test+"/databases/testtolive",(req,res)=>{ app.post(PREFIX+test+"/databases/testtolive",(req,res)=>{
db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
db.end(()=>{}) db.end(()=>{})
db2.end(()=>{}) db2.end(()=>{})
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'') return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('drop database ngsplanner') return db3.query('drop database ngsplanner')
}) })
@ -292,9 +322,16 @@ for (var test of ["","/test"]) {
}) })
app.post(PREFIX+test+"/databases/livetotest",(req,res)=>{ app.post(PREFIX+test+"/databases/livetotest",(req,res)=>{
db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
db.end(()=>{}) db.end(()=>{})
db2.end(()=>{}) db2.end(()=>{})
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'') return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\' or pg_stat_activity.datname=\'ngsplanner2\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('drop database ngsplanner2') return db3.query('drop database ngsplanner2')
}) })
@ -324,9 +361,16 @@ for (var test of ["","/test"]) {
}) })
app.post(PREFIX+test+"/databases/backup",(req,res)=>{ app.post(PREFIX+test+"/databases/backup",(req,res)=>{
db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
db.end(()=>{}) db.end(()=>{})
var date = new Date() var date = new Date()
db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'') return db3.query('select pg_terminate_backend (pid) from pg_stat_activity where pg_stat_activity.datname=\'ngsplanner\'')
} else {
var msg="Could not authenticate!";res.status(500).send(msg);throw msg
}
})
.then(()=>{ .then(()=>{
return db3.query('create database ngsplanner'+String(date.getFullYear()).padStart(4,'0')+String(date.getMonth()).padStart(2,'0')+String(date.getDate()).padStart(2,'0')+String(date.getHours()).padStart(2,'0')+String(date.getMinutes()).padStart(2,'0')+String(date.getSeconds()).padStart(2,'0')+' with template ngsplanner') return db3.query('create database ngsplanner'+String(date.getFullYear()).padStart(4,'0')+String(date.getMonth()).padStart(2,'0')+String(date.getDate()).padStart(2,'0')+String(date.getHours()).padStart(2,'0')+String(date.getMinutes()).padStart(2,'0')+String(date.getSeconds()).padStart(2,'0')+' with template ngsplanner')
}) })
@ -348,9 +392,13 @@ for (var test of ["","/test"]) {
function CreateDynamicEndpoints() { function CreateDynamicEndpoints() {
ENDPOINTDATA.forEach((endpoint)=>{ ENDPOINTDATA.forEach((endpoint)=>{
app.get(PREFIX+"/"+endpoint.endpoint,(req,res)=>{ for (var mydb of [db,db2]) {
app.get(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
db4.query('select * from password where password=$1',[req.query.pass])
.then((data)=>{
if (data.rows.length>0) {
if (endpoint.requiredfields.includes("name")) { if (endpoint.requiredfields.includes("name")) {
db.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc') mydb.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc')
.then((data)=>{ .then((data)=>{
res.status(200).json({fields:data.fields,rows:data.rows}) res.status(200).json({fields:data.fields,rows:data.rows})
}) })
@ -358,7 +406,7 @@ function CreateDynamicEndpoints() {
res.status(500).send(err.message) res.status(500).send(err.message)
}) })
} else { } else {
db.query('select * from '+endpoint.endpoint+" order by id desc") mydb.query('select * from '+endpoint.endpoint+" order by id desc")
.then((data)=>{ .then((data)=>{
res.status(200).json({fields:data.fields,rows:data.rows}) res.status(200).json({fields:data.fields,rows:data.rows})
}) })
@ -366,9 +414,16 @@ function CreateDynamicEndpoints() {
res.status(500).send(err.message) res.status(500).send(err.message)
}) })
} }
} else {
res.status(500).send("Could not authenticate!")
}
})
}) })
app.post(PREFIX+"/"+endpoint.endpoint,async(req,res)=>{ app.post(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,async(req,res)=>{
db4.query('select * from password where password=$1',[req.body.pass])
.then(async(data)=>{
if (data.rows.length>0) {
var allExist=true var allExist=true
endpoint.requiredfields.forEach((field)=>{ endpoint.requiredfields.forEach((field)=>{
if (!(field in req.body)) { if (!(field in req.body)) {
@ -385,7 +440,7 @@ function CreateDynamicEndpoints() {
var all_filled_fields=combinedfields.filter((field)=>(field in req.body)) var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
var requiresInsert=true var requiresInsert=true
if (endpoint.requiredfields.includes("name")) { if (endpoint.requiredfields.includes("name")) {
await db.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+' where name=$'+(all_filled_fields.length+1)+' returning *',[...all_filled_fields.map((field)=>req.body[field]),req.body["name"]]) await mydb.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+' where name=$'+(all_filled_fields.length+1)+' returning *',[...all_filled_fields.map((field)=>req.body[field]),req.body["name"]])
.then((data)=>{ .then((data)=>{
if (data.rows.length===0) { if (data.rows.length===0) {
requiresInsert=true requiresInsert=true
@ -399,7 +454,7 @@ function CreateDynamicEndpoints() {
}) })
} }
if (requiresInsert) { if (requiresInsert) {
db.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field])) mydb.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field]))
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) res.status(200).json(data.rows)
}) })
@ -407,29 +462,26 @@ function CreateDynamicEndpoints() {
res.status(500).send(err.message) res.status(500).send(err.message)
}) })
} }
} else {
res.status(500).send("Could not authenticate!")
}
})
}) })
app.patch(PREFIX+"/"+endpoint.endpoint,(req,res)=>{ app.patch(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
if (req.body.id) { if (req.body.id) {
db4.query('select * from password where password=$1',[req.body.pass])
.then((data)=>{
if (data.rows.length>0) {
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields] var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
//console.log(combinedfields) //console.log(combinedfields)
var all_filled_fields=combinedfields.filter((field)=>(field in req.body)) var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
db.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id]) return mydb.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id])
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
} else { } else {
res.status(300).send("Invalid query!") var msg="Could not authenticate!";res.status(500).send(msg);throw msg
} }
}) })
app.delete(PREFIX+"/"+endpoint.endpoint,(req,res)=>{
if (req.body.id) {
db.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id])
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) res.status(200).json(data.rows)
}) })
@ -441,75 +493,16 @@ function CreateDynamicEndpoints() {
} }
}) })
app.delete(PREFIX+"/"+(mydb===db2?"test/":"")+endpoint.endpoint,(req,res)=>{
app.get(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
if (endpoint.requiredfields.includes("name")) {
db2.query('select distinct on (name) name,* from '+endpoint.endpoint+' order by name,id desc')
.then((data)=>{
res.status(200).json({fields:data.fields,rows:data.rows})
})
.catch((err)=>{
res.status(500).send(err.message)
})
} else {
db2.query('select * from '+endpoint.endpoint+" order by id desc")
.then((data)=>{
res.status(200).json({fields:data.fields,rows:data.rows})
})
.catch((err)=>{
res.status(500).send(err.message)
})
}
})
app.post(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
var allExist=true
endpoint.requiredfields.forEach((field)=>{
if (!(field in req.body)) {
allExist=false;
}
})
if (!allExist) {
res.status(300).send("Required fields are: "+endpoint.requiredfields.filter((field)=>!(field in req.body)).join(','))
return
}
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields]
//console.log(combinedfields)
var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
db2.query('insert into '+endpoint.endpoint+"("+all_filled_fields.join(',')+") values("+all_filled_fields.map((field,i)=>"$"+(i+1)).join(",")+") returning *",all_filled_fields.map((field)=>req.body[field]))
.then((data)=>{
res.status(200).json(data.rows)
})
.catch((err)=>{
res.status(500).send(err.message)
})
})
app.patch(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
if (req.body.id) { if (req.body.id) {
var combinedfields = [...endpoint.requiredfields,...endpoint.optionalfields,...endpoint.excludedfields] db4.query('select * from password where password=$1',[req.body.pass])
//console.log(combinedfields)
var all_filled_fields=combinedfields.filter((field)=>(field in req.body))
db2.query('update '+endpoint.endpoint+' set '+all_filled_fields.map((field,i)=>field+"=$"+(i+1)).join(",")+" where id=$"+(all_filled_fields.length+1)+" returning *",[...all_filled_fields.map((field)=>req.body[field]),req.body.id])
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) if (data.rows.length>0) {
}) return mydb.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id])
.catch((err)=>{
res.status(500).send(err.message)
})
} else { } else {
res.status(300).send("Invalid query!") var msg="Could not authenticate!";res.status(500).send(msg);throw msg
} }
}) })
app.delete(PREFIX+"/test/"+endpoint.endpoint,(req,res)=>{
if (req.body.id) {
db2.query('delete from '+endpoint.endpoint+' where id=$1 returning *',[req.body.id])
.then((data)=>{ .then((data)=>{
res.status(200).json(data.rows) res.status(200).json(data.rows)
}) })
@ -520,6 +513,7 @@ function CreateDynamicEndpoints() {
res.status(300).send("Invalid query!") res.status(300).send("Invalid query!")
} }
}) })
}
}) })
} }

Write Preview
Loading…
Cancel
Save