forked from Mirrors/keyoxide-web
feat: escape parameters
This commit is contained in:
parent
785647bbb8
commit
255e99af39
1 changed files with 97 additions and 74 deletions
|
@ -28,6 +28,7 @@ if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
import express from 'express'
|
import express from 'express'
|
||||||
|
import { param } from 'express-validator'
|
||||||
import bodyParserImport from 'body-parser'
|
import bodyParserImport from 'body-parser'
|
||||||
import { rateLimit } from 'express-rate-limit'
|
import { rateLimit } from 'express-rate-limit'
|
||||||
import { generateSignatureProfile, utils, generateWKDProfile, generateHKPProfile, generateAutoProfile, generateKeybaseProfile } from '../server/index.js'
|
import { generateSignatureProfile, utils, generateWKDProfile, generateHKPProfile, generateAutoProfile, generateKeybaseProfile } from '../server/index.js'
|
||||||
|
@ -60,11 +61,16 @@ if (process.env.ENABLE_EXPERIMENTAL_RATE_LIMITER) {
|
||||||
{ component: 'profile_rate_limiter', action: 'start' })
|
{ component: 'profile_rate_limiter', action: 'start' })
|
||||||
}
|
}
|
||||||
|
|
||||||
router.get('/sig', profileRateLimiter, (req, res) => {
|
router.get('/sig',
|
||||||
|
profileRateLimiter,
|
||||||
|
(req, res) => {
|
||||||
res.render('profile', { isSignature: true, signature: null, meta: getMetaFromReq(req) })
|
res.render('profile', { isSignature: true, signature: null, meta: getMetaFromReq(req) })
|
||||||
})
|
})
|
||||||
|
|
||||||
router.post('/sig', profileRateLimiter, bodyParser, async (req, res) => {
|
router.post('/sig',
|
||||||
|
profileRateLimiter,
|
||||||
|
bodyParser,
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateSignatureProfile(req.body.signature)
|
const data = await generateSignatureProfile(req.body.signature)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
res.set('ariadne-identity-proof', data.identifier)
|
res.set('ariadne-identity-proof', data.identifier)
|
||||||
|
@ -77,9 +83,12 @@ router.post('/sig', profileRateLimiter, bodyParser, async (req, res) => {
|
||||||
enable_signature_verification: false,
|
enable_signature_verification: false,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/wkd/:id', profileRateLimiter, async (req, res) => {
|
router.get('/wkd/:id',
|
||||||
|
profileRateLimiter,
|
||||||
|
param('id').escape(),
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateWKDProfile(req.params.id)
|
const data = await generateWKDProfile(req.params.id)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
res.set('ariadne-identity-proof', data.identifier)
|
res.set('ariadne-identity-proof', data.identifier)
|
||||||
|
@ -90,9 +99,12 @@ router.get('/wkd/:id', profileRateLimiter, async (req, res) => {
|
||||||
enable_signature_verification: false,
|
enable_signature_verification: false,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/hkp/:id', profileRateLimiter, async (req, res) => {
|
router.get('/hkp/:id',
|
||||||
|
profileRateLimiter,
|
||||||
|
param('id').escape(),
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateHKPProfile(req.params.id)
|
const data = await generateHKPProfile(req.params.id)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
res.set('ariadne-identity-proof', data.identifier)
|
res.set('ariadne-identity-proof', data.identifier)
|
||||||
|
@ -103,9 +115,13 @@ router.get('/hkp/:id', profileRateLimiter, async (req, res) => {
|
||||||
enable_signature_verification: false,
|
enable_signature_verification: false,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/hkp/:server/:id', profileRateLimiter, async (req, res) => {
|
router.get('/hkp/:server/:id',
|
||||||
|
profileRateLimiter,
|
||||||
|
param('server').escape(),
|
||||||
|
param('id').escape(),
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateHKPProfile(req.params.id, req.params.server)
|
const data = await generateHKPProfile(req.params.id, req.params.server)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
res.set('ariadne-identity-proof', data.identifier)
|
res.set('ariadne-identity-proof', data.identifier)
|
||||||
|
@ -116,9 +132,13 @@ router.get('/hkp/:server/:id', profileRateLimiter, async (req, res) => {
|
||||||
enable_signature_verification: false,
|
enable_signature_verification: false,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/keybase/:username/:fingerprint', profileRateLimiter, async (req, res) => {
|
router.get('/keybase/:username/:fingerprint',
|
||||||
|
profileRateLimiter,
|
||||||
|
param('username').escape(),
|
||||||
|
param('fingerprint').escape(),
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateKeybaseProfile(req.params.username, req.params.fingerprint)
|
const data = await generateKeybaseProfile(req.params.username, req.params.fingerprint)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
res.set('ariadne-identity-proof', data.identifier)
|
res.set('ariadne-identity-proof', data.identifier)
|
||||||
|
@ -129,9 +149,12 @@ router.get('/keybase/:username/:fingerprint', profileRateLimiter, async (req, re
|
||||||
enable_signature_verification: false,
|
enable_signature_verification: false,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/:id', profileRateLimiter, async (req, res) => {
|
router.get('/:id',
|
||||||
|
profileRateLimiter,
|
||||||
|
param('id').escape(),
|
||||||
|
async (req, res) => {
|
||||||
const data = await generateAutoProfile(req.params.id)
|
const data = await generateAutoProfile(req.params.id)
|
||||||
const theme = generateProfileTheme(data)
|
const theme = generateProfileTheme(data)
|
||||||
const title = utils.generatePageTitle('profile', data)
|
const title = utils.generatePageTitle('profile', data)
|
||||||
|
@ -144,6 +167,6 @@ router.get('/:id', profileRateLimiter, async (req, res) => {
|
||||||
theme,
|
theme,
|
||||||
meta: getMetaFromReq(req)
|
meta: getMetaFromReq(req)
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
export default router
|
export default router
|
||||||
|
|
Loading…
Reference in a new issue