GDBrowser/api/post/postComment.js

const crypto = require('crypto')
function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }

let rateLimit = {};
let cooldown = 15000  // GD has a secret rate limit and doesn't return -1 when a comment is rejected, so this keeps track

function getTime(time) {
  let seconds = Math.ceil(time / 1000);
  seconds = seconds % 60;
  return seconds}

module.exports = async (app, req, res) => {

  if (req.method !== 'POST') return res.status(405).send("Method not allowed.")

  if (!req.body.comment) return res.status(400).send("No comment provided!")
  if (!req.body.username) return res.status(400).send("No username provided!")
  if (!req.body.levelID) return res.status(400).send("No level ID provided!")
  if (!req.body.accountID) return res.status(400).send("No account ID provided!")
  if (!req.body.password) return res.status(400).send("No password provided!")

  if (req.body.comment.includes('\n')) return res.status(400).send("Comments cannot contain line breaks!")

  if (rateLimit[req.body.username]) return res.status(400).send(`Please wait ${getTime(rateLimit[req.body.username] + cooldown - Date.now())} seconds before posting another comment!`)
  
  let params = { percent: 0 }

  params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")
  params.gjp = app.xor.encrypt(req.body.password, 37526)
  params.levelID = req.body.levelID.toString()
  params.accountID = req.body.accountID.toString()
  params.userName = req.body.username

  let percent = parseInt(req.body.percent)
  if (percent && percent > 0 && percent <= 100) params.percent = percent.toString()

  let chk = params.userName + params.comment + params.levelID + params.percent + "0xPT6iUrtws0J"
  chk = sha1(chk)
  chk = app.xor.encrypt(chk, 29481)
  params.chk = chk

  req.gdRequest('uploadGJComment21', params, function (err, resp, body) {
    if (err) return res.status(400).send(`The Geometry Dash servers rejected your comment! Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
    if (body.startsWith("temp")) {
      let banStuff = body.split("_")
      return res.status(400).send(`You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. Reason: ${banStuff[2] || "None"}`)
    }

    res.status(200).send(`Comment posted to level ${params.levelID} with ID ${body}`)
    app.trackSuccess(req.id)
    rateLimit[req.body.username] = Date.now();
    setTimeout(() => {delete rateLimit[req.body.username]; }, cooldown);
  })
}
Added commenting! 2019-11-17 17:00:19 -05:00			`const crypto = require('crypto')`
			`function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }`

			`let rateLimit = {};`
IP changes 2020-04-08 13:08:58 -04:00			`let cooldown = 15000 // GD has a secret rate limit and doesn't return -1 when a comment is rejected, so this keeps track`
Added commenting! 2019-11-17 17:00:19 -05:00
			`function getTime(time) {`
			`let seconds = Math.ceil(time / 1000);`
			`seconds = seconds % 60;`
			`return seconds}`

			`module.exports = async (app, req, res) => {`

Better error handling + general cleanup (#182) * chore: cleanup .gitignore - remove unused /typings, not using typescript - remove .next as this is not using next.js + add editors to ignore file + add exceptions for more .env files, .env.local, etc. + seperate lockfiles and add yarn lockfile * feat(package.json): add dev command * feat: better error handling 1/4 + add status codes to all of the errors. ? I understand this is similar to robtop so I didn't change any of the very cryptic responses, i.e. -1, -2, -3. * feat: cleanup unused params & add status codes * chore(servers.json): remove weird space in json * feat: final status codes * fix(leaderboard): fix comment for private server * fix(merge): merge on 7da5632 * revert: revert icon.js 2021-12-07 11:06:33 -08:00			`if (req.method !== 'POST') return res.status(405).send("Method not allowed.")`

Added commenting! 2019-11-17 17:00:19 -05:00			`if (!req.body.comment) return res.status(400).send("No comment provided!")`
			`if (!req.body.username) return res.status(400).send("No username provided!")`
			`if (!req.body.levelID) return res.status(400).send("No level ID provided!")`
			`if (!req.body.accountID) return res.status(400).send("No account ID provided!")`
			`if (!req.body.password) return res.status(400).send("No password provided!")`

Added comment liking! I also added level liking, but I decided to comment it all out (on level.html) because GD levels take a few minutes to update. It would just be confusing to the client :P 2019-11-18 18:39:17 -05:00			`if (req.body.comment.includes('\n')) return res.status(400).send("Comments cannot contain line breaks!")`

Added commenting! 2019-11-17 17:00:19 -05:00			if (rateLimit[req.body.username]) return res.status(400).send(`Please wait ${getTime(rateLimit[req.body.username] + cooldown - Date.now())} seconds before posting another comment!`)

Added IP forwarded for my boy Rob 2020-11-01 15:29:32 -05:00			`let params = { percent: 0 }`
Added commenting! 2019-11-17 17:00:19 -05:00
Lots of QOL + Icon Kit improvements - added an optional col3 to icon kit - added an options menu to the icon kit - added a random button to the icon kit - added a proper popup for the icon kit's 'steal icon' button - redid the buttons on the icon kit - tripled icon cache duration - rewrote and minified the XOR class - idk some other fun stuff 2020-09-22 18:37:21 -04:00			`params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")`
HE WILL NEVER ADD PRIVATE SERVERS TO GDBROWSER holy shit this is probably my biggest update yet 2021-01-18 21:54:18 -05:00			`params.gjp = app.xor.encrypt(req.body.password, 37526)`
Added comment liking! I also added level liking, but I decided to comment it all out (on level.html) because GD levels take a few minutes to update. It would just be confusing to the client :P 2019-11-18 18:39:17 -05:00			`params.levelID = req.body.levelID.toString()`
			`params.accountID = req.body.accountID.toString()`
Added commenting! 2019-11-17 17:00:19 -05:00			`params.userName = req.body.username`

			`let percent = parseInt(req.body.percent)`
Added comment liking! I also added level liking, but I decided to comment it all out (on level.html) because GD levels take a few minutes to update. It would just be confusing to the client :P 2019-11-18 18:39:17 -05:00			`if (percent && percent > 0 && percent <= 100) params.percent = percent.toString()`
Added commenting! 2019-11-17 17:00:19 -05:00
			`let chk = params.userName + params.comment + params.levelID + params.percent + "0xPT6iUrtws0J"`
			`chk = sha1(chk)`
HE WILL NEVER ADD PRIVATE SERVERS TO GDBROWSER holy shit this is probably my biggest update yet 2021-01-18 21:54:18 -05:00			`chk = app.xor.encrypt(chk, 29481)`
Added commenting! 2019-11-17 17:00:19 -05:00			`params.chk = chk`

HE WILL NEVER ADD PRIVATE SERVERS TO GDBROWSER holy shit this is probably my biggest update yet 2021-01-18 21:54:18 -05:00			`req.gdRequest('uploadGJComment21', params, function (err, resp, body) {`
Better server error handling RobTop finally got https lets goo 2021-08-18 20:10:35 -04:00			if (err) return res.status(400).send(`The Geometry Dash servers rejected your comment! Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
ADDED MESSAGES!!! You can now read, write, and delete messages through GDBrowser! Blocking and viewing sent messages have not been done yet. Also, a message now appears if you're comment banned 2019-12-29 18:59:29 -05:00			`if (body.startsWith("temp")) {`
			`let banStuff = body.split("_")`
stuff ksdjfksdjkjds 2019-12-31 18:51:08 -05:00			return res.status(400).send(`You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. Reason: ${banStuff[2] \|\| "None"}`)
ADDED MESSAGES!!! You can now read, write, and delete messages through GDBrowser! Blocking and viewing sent messages have not been done yet. Also, a message now appears if you're comment banned 2019-12-29 18:59:29 -05:00			`}`
Achievements Browser!!! 2021-01-11 16:00:21 -05:00
Added commenting! 2019-11-17 17:00:19 -05:00			res.status(200).send(`Comment posted to level ${params.levelID} with ID ${body}`)
HE WILL NEVER ADD PRIVATE SERVERS TO GDBROWSER holy shit this is probably my biggest update yet 2021-01-18 21:54:18 -05:00			`app.trackSuccess(req.id)`
i'm kinda retarded 2020-02-27 23:35:42 -05:00			`rateLimit[req.body.username] = Date.now();`
			`setTimeout(() => {delete rateLimit[req.body.username]; }, cooldown);`
Added commenting! 2019-11-17 17:00:19 -05:00			`})`
100th commit! 🎉🎉🎉 Quality of life fixes: - Fixed undefined backgrounds/grounds in analysis - Fixed leaderboards being buggy when switching tabs while the current one is still loading - Fixed still being able to switch pages with arrow keys while typing a comment - Fixed remaining character count for comments not updating in some cases - Documented liking and commenting on the API page - Ucrash changed some of the CSS on the API page - Screw you, you're not my dad and you can't make my type me commit descriptions in present tense - Remove herobrine 2019-11-19 23:53:24 -05:00			`}`