SolidScribe/server/routes/publicController.js

var express = require('express')
var router = express.Router()
const rateLimit = require('express-rate-limit')

const Note = require('@models/Note')
const User = require('@models/User')
const Attachment = require('@models/Attachment')


//
// Public Note action
//
const sharedNoteLimiter = rateLimit({
	windowMs: 30 * 60 * 1000, //30 min window
	max: 50, // start blocking after 50 requests
	message:'Unable to open that many shared notes'
})
router.post('/opensharednote', sharedNoteLimiter, function (req, res) {
	
	Note.getShared(req.body.noteId, req.body.sharedKey)
	.then(results => res.send(results))
})

//
// Login User
//
const loginLimiter = rateLimit({
	windowMs: 30 * 60 * 1000, // 30 min window
	max: 25, // start blocking after 25 requests
	message:'Please try to login again later'
})
router.post('/login', loginLimiter, function (req, res) {

	User.login(req.body.username, req.body.password, req.body.authToken)
	.then( returnData => {

		res.send(returnData)
	})
})

//
// Register User
//
const registerLimiter = rateLimit({
	windowMs: 60 * 60 * 1000, // 1 hour window
	max: 5, // start blocking after 5 requests
	message:'Please try again to create an acount in an hour'
})
router.post('/register', registerLimiter, function (req, res) {

	User.register(req.body.username, req.body.password)
	.then( returnData => {

		res.send(returnData)
	})
})

//
// Public Pushme Action
//
const pushMeLimiter = rateLimit({
	windowMs: 30 * 60 * 1000, //30 min window
	max: 50, // start blocking after x requests
	message:'Error'
})
router.get('/pushmebaby', pushMeLimiter, function (req, res) {

	
	Attachment.pushUrl(req.query.pushkey, req.query.url)
	.then((() => {
		const jsCode = `
			<script>
				window.close();
			</script>
			<h1>Posting URL</h1>
		`;
		res.header('Content-Security-Policy', "script-src 'unsafe-inline'");
		res.set('Content-Type', 'text/html');
		res.send(Buffer.from(jsCode));
	}))
})

module.exports = router
I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00			`var express = require('express')`
			`var router = express.Router()`
* Added fake site warning * Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated 2020-07-22 22:00:20 -07:00			`const rateLimit = require('express-rate-limit')`

			`const Note = require('@models/Note')`
			`const User = require('@models/User')`
Gigantic Update * Migrated manual tests to jest and started working on better coverage * Added a bookmarklet and push key generation tool allowing URL pushing from bookmarklets * Updated web scraping with tons of bug fixes * Updated attachments page to handle new push links * Aggressive note change checking, if patches get out of sync, server overwrites bad updates. 2023-10-17 12:46:14 -07:00			`const Attachment = require('@models/Attachment')`
* Added fake site warning * Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated 2020-07-22 22:00:20 -07:00

I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00

* Adjusted theme colors to add more contrast on white theme while making black more OLED friendly * Links now get an underline on hover * Cleaned up CSS variable names, added another theme color for more control * Cleaned up unused CSS, removed scrollbars popping up, tons of other little UI tweaks * Renamed shared notes to inbox * Tweaked form display, seperated login and create accouts * Put login/sign up form on home page * Created more legitimate marketing for home page * Tons up updates to note page and note input panel * Better support for two users editing a note * MUCH better diff handling, web sockets restore notes with unsaved diffs * Moved all squire text modifier functions into a mixin class * It now says saving when closing a note * Lots of cleanup and better handiling of events on mount and destroy * Scroll behavior modified to load notes when closer to bottom of page * Pretty decent shared notes and sharable link support * Updated help text * Search now includes tag suggestions and attachment suggestions * Cleaned up scratch pad a ton, allow for users to create new scratch pads * Created a 404 Page and a Shared note page * So many other small improvements. Oh my god, what is wrong with me, not doing commits!? 2020-06-07 13:57:35 -07:00			`//`
			`// Public Note action`
			`//`
* Added fake site warning * Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated 2020-07-22 22:00:20 -07:00			`const sharedNoteLimiter = rateLimit({`
			`windowMs: 30 * 60 * 1000, //30 min window`
			`max: 50, // start blocking after 50 requests`
			`message:'Unable to open that many shared notes'`
			`})`
			`router.post('/opensharednote', sharedNoteLimiter, function (req, res) {`
* Adjusted theme colors to add more contrast on white theme while making black more OLED friendly * Links now get an underline on hover * Cleaned up CSS variable names, added another theme color for more control * Cleaned up unused CSS, removed scrollbars popping up, tons of other little UI tweaks * Renamed shared notes to inbox * Tweaked form display, seperated login and create accouts * Put login/sign up form on home page * Created more legitimate marketing for home page * Tons up updates to note page and note input panel * Better support for two users editing a note * MUCH better diff handling, web sockets restore notes with unsaved diffs * Moved all squire text modifier functions into a mixin class * It now says saving when closing a note * Lots of cleanup and better handiling of events on mount and destroy * Scroll behavior modified to load notes when closer to bottom of page * Pretty decent shared notes and sharable link support * Updated help text * Search now includes tag suggestions and attachment suggestions * Cleaned up scratch pad a ton, allow for users to create new scratch pads * Created a 404 Page and a Shared note page * So many other small improvements. Oh my god, what is wrong with me, not doing commits!? 2020-06-07 13:57:35 -07:00
			`Note.getShared(req.body.noteId, req.body.sharedKey)`
			`.then(results => res.send(results))`
I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00			`})`

* Added fake site warning * Fixed a bunch of style bugs for chrome browsers * Improved check box styles on desktop and mobile * Touch up tool tip styles. Only dark now. * Created a separate terms page * Added 2FA auth token options to login * Added tool tip displays to some buttons on editor * Added pinned and archived options to overflow menu * Changed shared note styles * Disabled Scroll into view * Made image display smaller when adding images to notes * Added a last used color option * Updated help page * Fixed spelling error on terms page * Added a big ass green label on the new note icon * Scratch pad now opens a note, which is the scratch pad * Added better 2fa guide * Added change password option * Added log out and log out all active sessions option * Added strict rate limiting on login and register actions * Added middleware to routes that force authentication to be accessed * Fixed bug that was causing shared notes to appear empty * Updated option now appears on shared notes after they are actually updated 2020-07-22 22:00:20 -07:00			`//`
			`// Login User`
			`//`
			`const loginLimiter = rateLimit({`
			`windowMs: 30 * 60 * 1000, // 30 min window`
			`max: 25, // start blocking after 25 requests`
			`message:'Please try to login again later'`
			`})`
			`router.post('/login', loginLimiter, function (req, res) {`

			`User.login(req.body.username, req.body.password, req.body.authToken)`
			`.then( returnData => {`

			`res.send(returnData)`
			`})`
			`})`

			`//`
			`// Register User`
			`//`
			`const registerLimiter = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 1 hour window`
			`max: 5, // start blocking after 5 requests`
			`message:'Please try again to create an acount in an hour'`
			`})`
			`router.post('/register', registerLimiter, function (req, res) {`

			`User.register(req.body.username, req.body.password)`
			`.then( returnData => {`

			`res.send(returnData)`
			`})`
			`})`
I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00
Gigantic Update * Migrated manual tests to jest and started working on better coverage * Added a bookmarklet and push key generation tool allowing URL pushing from bookmarklets * Updated web scraping with tons of bug fixes * Updated attachments page to handle new push links * Aggressive note change checking, if patches get out of sync, server overwrites bad updates. 2023-10-17 12:46:14 -07:00			`//`
			`// Public Pushme Action`
			`//`
			`const pushMeLimiter = rateLimit({`
			`windowMs: 30 * 60 * 1000, //30 min window`
			`max: 50, // start blocking after x requests`
			`message:'Error'`
			`})`
			`router.get('/pushmebaby', pushMeLimiter, function (req, res) {`
I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00
Gigantic Update * Migrated manual tests to jest and started working on better coverage * Added a bookmarklet and push key generation tool allowing URL pushing from bookmarklets * Updated web scraping with tons of bug fixes * Updated attachments page to handle new push links * Aggressive note change checking, if patches get out of sync, server overwrites bad updates. 2023-10-17 12:46:14 -07:00
			`Attachment.pushUrl(req.query.pushkey, req.query.url)`
			`.then((() => {`
			const jsCode = `
			`<script>`
			`window.close();`
			`</script>`
			`<h1>Posting URL</h1>`
			`;
			`res.header('Content-Security-Policy', "script-src 'unsafe-inline'");`
			`res.set('Content-Type', 'text/html');`
			`res.send(Buffer.from(jsCode));`
			`}))`
			`})`
I need to get back into using git. The hell is wrong with me!? 2019-12-19 21:50:50 -08:00
			`module.exports = router`