Add files via upload

api/post/like.js

@@ -1,3 +1,4 @@
+"use strict";
 const crypto = require('crypto')
 function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
 
@@ -11,7 +12,19 @@ module.exports = async (app, req, res) => {
   if (!req.body.like) return res.status(400).send("No like flag provided! (1=like, 0=dislike)")
   if (!req.body.type) return res.status(400).send("No type provided! (1=level, 2=comment, 3=profile")
   if (!req.body.extraID) return res.status(400).send("No extra ID provided! (this should be a level ID, account ID, or '0' for levels")
-  
+  /*
+  // A compound error message is more helpful, but IDK if this may cause bugs,
+  // so this is commented-out
+  let errMsg = ""
+  if (!req.body.ID) errMsg += "No ID provided!\n"
+  if (!req.body.accountID) errMsg += "No account ID provided!\n"
+  if (!req.body.password) errMsg += "No password provided!\n"
+  if (!req.body.like) errMsg += "No like flag provided! (1=like, 0=dislike)\n"
+  if (!req.body.type) errMsg += "No type provided! (1=level, 2=comment, 3=profile\n"
+  if (!req.body.extraID) errMsg += "No extra ID provided! (this should be a level ID, account ID, or '0' for levels)\n"
+  if (errMsg) return res.status(400).send(errMsg)
+  */
+
   let params = {
     udid: '0',
     uuid: '0',
@@ -25,10 +38,11 @@ module.exports = async (app, req, res) => {
   params.special = req.body.extraID.toString()
   params.type = req.body.type.toString()
 
-  let chk = params.special + params.itemID + params.like + params.type + params.rs + params.accountID + params.udid + params.uuid + "ysg6pUrtjn0J"
+  let chk = "";
+  ['special', 'itemID', 'like', 'type', 'rs', 'accountID', 'udid', 'uuid'].forEach(k => chk += params[k])
+  chk += "ysg6pUrtjn0J"
   chk = sha1(chk)
   chk = app.xor.encrypt(chk, 58281)
-
   params.chk = chk
 
   req.gdRequest('likeGJItem211', params, function (err, resp, body) {

api/post/postComment.js

@@ -1,13 +1,16 @@
+"use strict";
 const crypto = require('crypto')
 function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
 
-let rateLimit = {};
+let rateLimit = {}
 let cooldown = 15000  // GD has a secret rate limit and doesn't return -1 when a comment is rejected, so this keeps track
 
+// converts a milisecond-precision timestamp to seconds (wrapped-around minutes)
 function getTime(time) {
-  let seconds = Math.ceil(time / 1000);
-  seconds = seconds % 60;
-  return seconds}
+  let seconds = Math.ceil(time / 1000)
+  seconds %= 60
+  return seconds
+}
 
 module.exports = async (app, req, res) => {
 
@@ -18,14 +21,25 @@ module.exports = async (app, req, res) => {
   if (!req.body.levelID) return res.status(400).send("No level ID provided!")
   if (!req.body.accountID) return res.status(400).send("No account ID provided!")
   if (!req.body.password) return res.status(400).send("No password provided!")
+  /*
+  // A compound error message is more helpful, but IDK if this may cause bugs,
+  // so this is commented-out
+  let errMsg = ""
+  if (!req.body.comment) errMsg += "No comment provided!\n"
+  if (!req.body.username) errMsg += "No username provided!\n"
+  if (!req.body.levelID) errMsg += "No level ID provided!\n"
+  if (!req.body.accountID) errMsg += "No account ID provided!\n"
+  if (!req.body.password) errMsg += "No password provided!\n"
+  if (errMsg) return res.status(400).send(errMsg)
+  */
 
   if (req.body.comment.includes('\n')) return res.status(400).send("Comments cannot contain line breaks!")
 
   if (rateLimit[req.body.username]) return res.status(400).send(`Please wait ${getTime(rateLimit[req.body.username] + cooldown - Date.now())} seconds before posting another comment!`)
-  
+
   let params = { percent: 0 }
 
-  params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")
+  params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64').replace('/', '_').replace('+', '-')
   params.gjp = app.xor.encrypt(req.body.password, 37526)
   params.levelID = req.body.levelID.toString()
   params.accountID = req.body.accountID.toString()
@@ -48,7 +62,7 @@ module.exports = async (app, req, res) => {
 
     res.send(`Comment posted to level ${params.levelID} with ID ${body}`)
     app.trackSuccess(req.id)
-    rateLimit[req.body.username] = Date.now();
+    rateLimit[req.body.username] = Date.now()
     setTimeout(() => {delete rateLimit[req.body.username]; }, cooldown);
   })
 }

api/post/postProfileComment.js

@@ -1,3 +1,4 @@
+"use strict";
 const crypto = require('crypto')
 function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
 
@@ -9,12 +10,22 @@ module.exports = async (app, req, res) => {
   if (!req.body.username) return res.status(400).send("No username provided!")
   if (!req.body.accountID) return res.status(400).send("No account ID provided!")
   if (!req.body.password) return res.status(400).send("No password provided!")
+  /*
+  // A compound error message is more helpful, but IDK if this may cause bugs,
+  // so this is commented-out
+  let errMsg = ""
+  if (!req.body.comment) errMsg += "No comment provided!\n"
+  if (!req.body.username) errMsg += "No username provided!\n"
+  if (!req.body.accountID) errMsg += "No account ID provided!\n"
+  if (!req.body.password) errMsg += "No password provided!\n"
+  if (errMsg) return res.status(400).send(errMsg)
+  */
 
   if (req.body.comment.includes('\n')) return res.status(400).send("Profile posts cannot contain line breaks!")
-  
+
   let params = { cType: '1' }
 
-  params.comment = Buffer.from(req.body.comment.slice(0, 190) + (req.body.color ? "☆" : "")).toString('base64').replace(/\//g, '_').replace(/\+/g, "-")
+  params.comment = Buffer.from(req.body.comment.slice(0, 190) + (req.body.color ? "☆" : "")).toString('base64').replace('/', '_').replace('+', '-')
   params.gjp = app.xor.encrypt(req.body.password, 37526)
   params.accountID = req.body.accountID.toString()
   params.userName = req.body.username