inkletblot/inkletblot-forum-com-v1
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated all posts to use formdata for security and also to send session information/catch session failures.

Browse Source
This commit is contained in:
Solomon Laing 2020-02-14 15:58:31 +10:30
parent 3ae20e06da
commit 261cb1ebb1
4 changed files with 78 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
scripts/auth.controllers.js
View File

@ -53,7 +53,7 @@ daddy.controller("loginCtrlr", function($scope, $cookies, $location, $http, stat
})
daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
daddy.controller("signupCtrlr", function($scope, $http, $location, $timeout, stateData) {
let titles = {
form : "Sign up here!",
@ -83,6 +83,7 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
$scope.passwordsMatch()
$scope.emailGood()
$timeout(function() {
if ($scope.match && !$scope.exists && $scope.goodemail) {
$scope.status = false
$scope.submit()
@ -90,6 +91,7 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
$scope.status = true
$scope.signupStatus = "Please correct errors above."
}
}, 1000)
}
$scope.emailGood = () => {
@ -113,9 +115,16 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
}
$scope.submit = () => {
let formData = new FormData()
formData.append('userName', $scope.user.username)
formData.append('userPass', $scope.user.password)
formData.append('userEmail', $scope.user.email)
$http({
url : server + "/auth/signup?userName=" + $scope.user.username + "&userPass=" + $scope.user.password + "&userEmail=" + $scope.user.email,
method : "POST"
url : server + "/auth/signup",
method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => {
if (res.status == 200) {
console.log("user created successfully")
@ -135,9 +144,14 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
$scope.userExists = () => {
console.log("checking username is used?")
let formData = new FormData()
formData.append('userName', $scope.user.username)
$http({
url : server + "/auth/exists?userName=" + $scope.user.username,
method : "POST"
url : server + "/auth/exists",
method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => {
if (res.status == 200) {
console.log(res.data)
@ -155,5 +169,4 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
}
})
}
})

47
scripts/forum.controller.js
View File

@ -148,6 +148,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
$scope.createTopic = () => {
console.log("sending new topic to server!!")
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('topicSubject', $scope.topic.topicSubject)
formData.append('topicCat', $scope.topic.topicCat)
formData.append('userNo', stateData.state.user.userNo)
@ -166,6 +168,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
if (res.status == 500) {
console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
@ -173,6 +179,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
$scope.createPost = (postContent, topicNo) => {
console.log("sending new post to server")
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('postContent', postContent)
formData.append('topicNo', topicNo)
formData.append('userNo', stateData.state.user.userNo)
@ -191,6 +199,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
if (res.status == 500) {
console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
@ -241,6 +253,8 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
$scope.status.text = "Adding category..."
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('catName', $scope.category.catName)
formData.append('catDescr', $scope.category.catDescr)
@ -260,10 +274,13 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
if (res.status == 500) {
console.log("something went wrong: " + res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
})
daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http, $location, stateData) {
@ -325,6 +342,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
$scope.makeReply = (topicNo) => {
console.log("sending new post to server")
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append('postContent', $scope.reply.postContent)
formData.append('topicNo', topicNo)
formData.append('userNo', stateData.state.user.userNo)
@ -345,6 +364,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ")
console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
@ -361,9 +384,16 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
if (!window.confirm("Are you sure you want to delete this post?")) {
return
}
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append("postNo", postNo)
$http({
url : server + "/forum/topic/post/delete?postNo=" + postNo,
method : "POST"
url : server + "/forum/topic/post/delete",
method : "POST",
data : formData,
headers : { 'Content-Type' : undefined },
transformRequest : angular.identity
}).then((res) => {
if (res.status == 200) {
console.log("post deleted")
@ -378,6 +408,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ")
console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
@ -386,6 +420,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
/* This is incomplete, need to figure out hiding the edit box after edit. Would rather not use timeout. */
console.log("submitting edited post")
let formData = new FormData()
formData.append('user', stateData.state.user.userName)
formData.append('sessionID', stateData.state.user.sessionID)
formData.append("postNo", postNo)
formData.append("postContent", postContent)
$http({
@ -408,10 +444,13 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
console.log("something went wrong: ")
console.log(res.data)
$scope.status.text = "Something went wrong: " + res.status
} else if (res.status == 403) {
console.log("something went worng: " + res.data)
$scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
stateData.logOut()
}
})
}
})
daddy.controller("topicCtrlr", function($scope, $http, $location, stateData) {

5
scripts/main.js
View File

@ -83,7 +83,6 @@ daddy.controller("navCtrlr", function($scope, $location, $cookies, stateData){
}
$scope.logOut = () => {
$cookies.remove('user')
stateData.logOut()
}
@ -106,7 +105,7 @@ daddy.config(function ($routeProvider) {
$routeProvider.otherwise({template : "<article><section class='item border'><h1>404 ... no clue fam ... try something else?</h1></section></article>"})
})
daddy.factory('stateData', function(){
daddy.factory('stateData', function($cookies){
let state = {
page : "forum",
title : "Forum;",
@ -136,12 +135,14 @@ daddy.factory('stateData', function(){
}
logOut = () => {
$cookies.remove('user')
state.user.userNo = null
state.user.userName = null
state.user.userLevel = 0
}
setUser = (user) => {
state.user.sessionID = user.sessionID
state.user.userNo = user.userNo
state.user.userName = user.userName
state.user.userLevel = user.userLevel

8
views/signup.html
View File

@ -1,4 +1,8 @@
<article ng-controller="signupCtrlr">
<section class="item center border" ng-show="success" style="min-width: 30%;">
<h3>{{titles.success}}</h3>
<p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
</section>
<section class="item center border">
<h3>{{titles.form}}</h3> <br />
<form id="signupForm" name="signupForm" ng-submit="signup()" enctype="application/x-www-form-urlencoded">
@ -16,8 +20,4 @@
</form>
<p class="status" ng-show="status">{{signupStatus}}</p>
</section>
<section class="item center border" ng-show="success">
<h3>{{titles.success}}</h3>
<p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
</section>
</article>