inkletblot/inkletblot-forum-com-v1
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated all posts to use formdata for security and also to send session information/catch session failures.

Browse Source
This commit is contained in:
Solomon Laing 2020-02-14 15:58:31 +10:30
parent 3ae20e06da
commit 261cb1ebb1
4 changed files with 78 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
scripts/auth.controllers.js
View File

@ -53,7 +53,7 @@ daddy.controller("loginCtrlr", function($scope, $cookies, $location, $http, stat
}) })
daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) { daddy.controller("signupCtrlr", function($scope, $http, $location, $timeout, stateData) {
let titles = { let titles = {
form : "Sign up here!", form : "Sign up here!",
@ -83,13 +83,15 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
$scope.passwordsMatch() $scope.passwordsMatch()
$scope.emailGood() $scope.emailGood()
if ($scope.match && !$scope.exists && $scope.goodemail) { $timeout(function() {
$scope.status = false if ($scope.match && !$scope.exists && $scope.goodemail) {
$scope.submit() $scope.status = false
} else { $scope.submit()
$scope.status = true } else {
$scope.signupStatus = "Please correct errors above." $scope.status = true
} $scope.signupStatus = "Please correct errors above."
}
}, 1000)
} }
$scope.emailGood = () => { $scope.emailGood = () => {
@ -113,9 +115,16 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
} }
$scope.submit = () => { $scope.submit = () => {
let formData = new FormData()
formData.append('userName', $scope.user.username)
formData.append('userPass', $scope.user.password)
formData.append('userEmail', $scope.user.email)
$http({ $http({
url : server + "/auth/signup?userName=" + $scope.user.username + "&userPass=" + $scope.user.password + "&userEmail=" + $scope.user.email, url : server + "/auth/signup",
method : "POST" method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => { }).then((res) => {
if (res.status == 200) { if (res.status == 200) {
console.log("user created successfully") console.log("user created successfully")
@ -135,9 +144,14 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
$scope.userExists = () => { $scope.userExists = () => {
console.log("checking username is used?") console.log("checking username is used?")
let formData = new FormData()
formData.append('userName', $scope.user.username)
$http({ $http({
url : server + "/auth/exists?userName=" + $scope.user.username, url : server + "/auth/exists",
method : "POST" method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => { }).then((res) => {
if (res.status == 200) { if (res.status == 200) {
console.log(res.data) console.log(res.data)
@ -155,5 +169,4 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
} }
}) })
} }
}) })

47
scripts/forum.controller.js
View File

@ -148,6 +148,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
$scope.createTopic = () => { $scope.createTopic = () => {
console.log("sending new topic to server!!") console.log("sending new topic to server!!")
let formData = new FormData() let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('topicSubject', $scope.topic.topicSubject) formData.append('topicSubject', $scope.topic.topicSubject)
formData.append('topicCat', $scope.topic.topicCat) formData.append('topicCat', $scope.topic.topicCat)
formData.append('userNo', stateData.state.user.userNo) formData.append('userNo', stateData.state.user.userNo)
@ -166,6 +168,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
if (res.status == 500) { if (res.status == 500) {
console.log("something went wrong: " + res.data) console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
@ -173,6 +179,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
$scope.createPost = (postContent, topicNo) => { $scope.createPost = (postContent, topicNo) => {
console.log("sending new post to server") console.log("sending new post to server")
let formData = new FormData() let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('postContent', postContent) formData.append('postContent', postContent)
formData.append('topicNo', topicNo) formData.append('topicNo', topicNo)
formData.append('userNo', stateData.state.user.userNo) formData.append('userNo', stateData.state.user.userNo)
@ -191,6 +199,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
if (res.status == 500) { if (res.status == 500) {
console.log("something went wrong: " + res.data) console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
@ -241,6 +253,8 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
$scope.status.text = "Adding category..." $scope.status.text = "Adding category..."
let formData = new FormData() let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('catName', $scope.category.catName) formData.append('catName', $scope.category.catName)
formData.append('catDescr', $scope.category.catDescr) formData.append('catDescr', $scope.category.catDescr)
@ -260,10 +274,13 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
if (res.status == 500) { if (res.status == 500) {
console.log("something went wrong: " + res.data) console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
}) })
daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http, $location, stateData) { daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http, $location, stateData) {
@ -325,6 +342,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
$scope.makeReply = (topicNo) => { $scope.makeReply = (topicNo) => {
console.log("sending new post to server") console.log("sending new post to server")
let formData = new FormData() let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('postContent', $scope.reply.postContent) formData.append('postContent', $scope.reply.postContent)
formData.append('topicNo', topicNo) formData.append('topicNo', topicNo)
formData.append('userNo', stateData.state.user.userNo) formData.append('userNo', stateData.state.user.userNo)
@ -345,6 +364,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ") console.log("something went wrong: ")
console.log(res.data) console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
@ -361,9 +384,16 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
if (!window.confirm("Are you sure you want to delete this post?")) { if (!window.confirm("Are you sure you want to delete this post?")) {
return return
} }
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append("postNo", postNo)
$http({ $http({
url : server + "/forum/topic/post/delete?postNo=" + postNo, url : server + "/forum/topic/post/delete",
method : "POST" method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => { }).then((res) => {
if (res.status == 200) { if (res.status == 200) {
console.log("post deleted") console.log("post deleted")
@ -378,6 +408,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ") console.log("something went wrong: ")
console.log(res.data) console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
@ -386,6 +420,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
/* This is incomplete, need to figure out hiding the edit box after edit. Would rather not use timeout. */ /* This is incomplete, need to figure out hiding the edit box after edit. Would rather not use timeout. */
console.log("submitting edited post") console.log("submitting edited post")
let formData = new FormData() let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append("postNo", postNo) formData.append("postNo", postNo)
formData.append("postContent", postContent) formData.append("postContent", postContent)
$http({ $http({
@ -408,10 +444,13 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ") console.log("something went wrong: ")
console.log(res.data) console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status $scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
} }
}) })
} }
}) })
daddy.controller("topicCtrlr", function($scope, $http, $location, stateData) { daddy.controller("topicCtrlr", function($scope, $http, $location, stateData) {

5
scripts/main.js
View File

@ -83,7 +83,6 @@ daddy.controller("navCtrlr", function($scope, $location, $cookies, stateData){
} }
$scope.logOut = () => { $scope.logOut = () => {
$cookies.remove('user')
stateData.logOut() stateData.logOut()
} }
@ -106,7 +105,7 @@ daddy.config(function ($routeProvider) {
$routeProvider.otherwise({template : "<article><section class='item border'><h1>404 ... no clue fam ... try something else?</h1></section></article>"}) $routeProvider.otherwise({template : "<article><section class='item border'><h1>404 ... no clue fam ... try something else?</h1></section></article>"})
}) })
daddy.factory('stateData', function(){ daddy.factory('stateData', function($cookies){
let state = { let state = {
page : "forum", page : "forum",
title : "Forum;", title : "Forum;",
@ -136,12 +135,14 @@ daddy.factory('stateData', function(){
} }
logOut = () => { logOut = () => {
$cookies.remove('user')
state.user.userNo = null state.user.userNo = null
state.user.userName = null state.user.userName = null
state.user.userLevel = 0 state.user.userLevel = 0
} }
setUser = (user) => { setUser = (user) => {
state.user.sessionID = user.sessionID
state.user.userNo = user.userNo state.user.userNo = user.userNo
state.user.userName = user.userName state.user.userName = user.userName
state.user.userLevel = user.userLevel state.user.userLevel = user.userLevel

8
views/signup.html
View File

@ -1,4 +1,8 @@
<article ng-controller="signupCtrlr"> <article ng-controller="signupCtrlr">
<section class="item center border" ng-show="success" style="min-width: 30%;">
<h3>{{titles.success}}</h3>
<p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
</section>
<section class="item center border"> <section class="item center border">
<h3>{{titles.form}}</h3> <br /> <h3>{{titles.form}}</h3> <br />
<form id="signupForm" name="signupForm" ng-submit="signup()" enctype="application/x-www-form-urlencoded"> <form id="signupForm" name="signupForm" ng-submit="signup()" enctype="application/x-www-form-urlencoded">
@ -16,8 +20,4 @@
</form> </form>
<p class="status" ng-show="status">{{signupStatus}}</p> <p class="status" ng-show="status">{{signupStatus}}</p>
</section> </section>
<section class="item center border" ng-show="success">
<h3>{{titles.success}}</h3>
<p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
</section>
</article> </article>