2022-07-03 13:45:55 -04:00 · 2022-07-03 14:04:42 -04:00 · 2022-07-03 13:45:55 -04:00 · 2022-07-03 14:04:20 -04:00
3 changed files with 46 additions and 36 deletions
--- a/api/post/like.js
+++ b/api/post/like.js
@ -1,17 +1,18 @@
 "use strict";
 const crypto = require('crypto')
-function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
+const sha1 = data => crypto.createHash("sha1").update(data, "binary").digest("hex")

 module.exports = async (app, req, res) => {
+  const send = (msg, c=400) => res.status(c).send(msg)

-  if (req.method !== 'POST') return res.status(405).send("Method not allowed.")
+  if (req.method !== 'POST') return send("Method not allowed.", 405)

-  if (!req.body.ID) return res.status(400).send("No ID provided!")
-  if (!req.body.accountID) return res.status(400).send("No account ID provided!")
-  if (!req.body.password) return res.status(400).send("No password provided!")
-  if (!req.body.like) return res.status(400).send("No like flag provided! (1=like, 0=dislike)")
-  if (!req.body.type) return res.status(400).send("No type provided! (1=level, 2=comment, 3=profile")
-  if (!req.body.extraID) return res.status(400).send("No extra ID provided! (this should be a level ID, account ID, or '0' for levels")
+  if (!req.body.ID) return send("No ID provided!")
+  if (!req.body.accountID) return send("No account ID provided!")
+  if (!req.body.password) return send("No password provided!")
+  if (!req.body.like) return send("No like flag provided! (1=like, 0=dislike)")
+  if (!req.body.type) return send("No type provided! (1=level, 2=comment, 3=profile")
+  if (!req.body.extraID) return send("No extra ID provided! (this should be a level ID, account ID, or '0' for levels")
  /*
  // A compound error message is more helpful, but IDK if this may cause bugs,
  // so this is commented-out
@ -22,7 +23,7 @@ module.exports = async (app, req, res) => {
  if (!req.body.like) errMsg += "No like flag provided! (1=like, 0=dislike)\n"
  if (!req.body.type) errMsg += "No type provided! (1=level, 2=comment, 3=profile\n"
  if (!req.body.extraID) errMsg += "No extra ID provided! (this should be a level ID, account ID, or '0' for levels)\n"
-  if (errMsg) return res.status(400).send(errMsg)
+  if (errMsg) return send(errMsg)
  */

  let params = {
@ -46,7 +47,7 @@ module.exports = async (app, req, res) => {
  params.chk = chk

  req.gdRequest('likeGJItem211', params, function (err, resp, body) {
-    if (err) return res.status(400).send(`The Geometry Dash servers rejected your vote! Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
+    if (err) return send(`The Geometry Dash servers rejected your vote! Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
    else app.trackSuccess(req.id)
    res.send((params.like == 1 ? 'Successfully liked!' : 'Successfully disliked!') + " (this will only take effect if this is your first time doing so)")
  })
--- a/api/post/postComment.js
+++ b/api/post/postComment.js
@ -1,11 +1,11 @@
 "use strict";
 const crypto = require('crypto')
-function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
+const sha1 = data => crypto.createHash("sha1").update(data, "binary").digest("hex")

 let rateLimit = {}
 let cooldown = 15000  // GD has a secret rate limit and doesn't return -1 when a comment is rejected, so this keeps track

-// converts a milisecond-precision timestamp to seconds (wrapped-around minutes)
+// converts timestamp miliseconds to s (wrapped-around minutes)
 function getTime(time) {
  let seconds = Math.ceil(time / 1000)
  seconds %= 60
@ -13,14 +13,15 @@ function getTime(time) {
 }

 module.exports = async (app, req, res) => {
+  const send = (msg, c=400) => res.status(c).send(msg)

-  if (req.method !== 'POST') return res.status(405).send("Method not allowed.")
+  if (req.method !== 'POST') return send("Method not allowed.", 405)

-  if (!req.body.comment) return res.status(400).send("No comment provided!")
-  if (!req.body.username) return res.status(400).send("No username provided!")
-  if (!req.body.levelID) return res.status(400).send("No level ID provided!")
-  if (!req.body.accountID) return res.status(400).send("No account ID provided!")
-  if (!req.body.password) return res.status(400).send("No password provided!")
+  if (!req.body.comment) return send("No comment provided!")
+  if (!req.body.username) return send("No username provided!")
+  if (!req.body.levelID) return send("No level ID provided!")
+  if (!req.body.accountID) return send("No account ID provided!")
+  if (!req.body.password) return send("No password provided!")
  /*
  // A compound error message is more helpful, but IDK if this may cause bugs,
  // so this is commented-out
@ -30,16 +31,16 @@ module.exports = async (app, req, res) => {
  if (!req.body.levelID) errMsg += "No level ID provided!\n"
  if (!req.body.accountID) errMsg += "No account ID provided!\n"
  if (!req.body.password) errMsg += "No password provided!\n"
-  if (errMsg) return res.status(400).send(errMsg)
+  if (errMsg) return send(errMsg)
  */

-  if (req.body.comment.includes('\n')) return res.status(400).send("Comments cannot contain line breaks!")
+  if (req.body.comment.includes('\n')) return send("Comments cannot contain line breaks!")

-  if (rateLimit[req.body.username]) return res.status(400).send(`Please wait ${getTime(rateLimit[req.body.username] + cooldown - Date.now())} seconds before posting another comment!`)
+  if (rateLimit[req.body.username]) return send(`Please wait ${getTime(rateLimit[req.body.username] + cooldown - Date.now())} seconds before posting another comment!`)

  let params = { percent: 0 }

-  params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64').replace('/', '_').replace('+', '-')
+  params.comment = Buffer.from(req.body.comment + (req.body.color ? "☆" : "")).toString('base64url')
  params.gjp = app.xor.encrypt(req.body.password, 37526)
  params.levelID = req.body.levelID.toString()
  params.accountID = req.body.accountID.toString()
@ -54,15 +55,22 @@ module.exports = async (app, req, res) => {
  params.chk = chk

  req.gdRequest('uploadGJComment21', params, function (err, resp, body) {
-    if (err) return res.status(400).send(`The Geometry Dash servers rejected your comment! Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
+    if (err) return send(
+      `The Geometry Dash servers rejected your comment! `+
+      `Try again later, or make sure your username and password are entered correctly. `+
+      `Last worked: ${app.timeSince(req.id)} ago.`
+    )
    if (body.startsWith("temp")) {
      let banStuff = body.split("_")
-      return res.status(400).send(`You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. Reason: ${banStuff[2] || "None"}`)
+      return send(
+        `You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. `+
+        `Reason: ${banStuff[2] || "None"}`
+      )
    }

    res.send(`Comment posted to level ${params.levelID} with ID ${body}`)
    app.trackSuccess(req.id)
    rateLimit[req.body.username] = Date.now()
-    setTimeout(() => {delete rateLimit[req.body.username]; }, cooldown);
+    setTimeout(() => {delete rateLimit[req.body.username]}, cooldown);
  })
 }
--- a/api/post/postProfileComment.js
+++ b/api/post/postProfileComment.js
@ -1,15 +1,16 @@
 "use strict";
 const crypto = require('crypto')
-function sha1(data) { return crypto.createHash("sha1").update(data, "binary").digest("hex"); }
+const sha1 = data => crypto.createHash("sha1").update(data, "binary").digest("hex")

 module.exports = async (app, req, res) => {
+  const send = (msg, c=400) => res.status(c).send(msg)

-  if (req.method !== 'POST') return res.status(405).send("Method not allowed.")
+  if (req.method !== 'POST') return send("Method not allowed.", 405)

-  if (!req.body.comment) return res.status(400).send("No comment provided!")
-  if (!req.body.username) return res.status(400).send("No username provided!")
-  if (!req.body.accountID) return res.status(400).send("No account ID provided!")
-  if (!req.body.password) return res.status(400).send("No password provided!")
+  if (!req.body.comment) return send("No comment provided!")
+  if (!req.body.username) return send("No username provided!")
+  if (!req.body.accountID) return send("No account ID provided!")
+  if (!req.body.password) return send("No password provided!")
  /*
  // A compound error message is more helpful, but IDK if this may cause bugs,
  // so this is commented-out
@ -18,14 +19,14 @@ module.exports = async (app, req, res) => {
  if (!req.body.username) errMsg += "No username provided!\n"
  if (!req.body.accountID) errMsg += "No account ID provided!\n"
  if (!req.body.password) errMsg += "No password provided!\n"
-  if (errMsg) return res.status(400).send(errMsg)
+  if (errMsg) return send(errMsg)
  */

-  if (req.body.comment.includes('\n')) return res.status(400).send("Profile posts cannot contain line breaks!")
+  if (req.body.comment.includes('\n')) return send("Profile posts cannot contain line breaks!")

  let params = { cType: '1' }

-  params.comment = Buffer.from(req.body.comment.slice(0, 190) + (req.body.color ? "☆" : "")).toString('base64').replace('/', '_').replace('+', '-')
+  params.comment = Buffer.from(req.body.comment.slice(0, 190) + (req.body.color ? "☆" : "")).toString('base64url')
  params.gjp = app.xor.encrypt(req.body.password, 37526)
  params.accountID = req.body.accountID.toString()
  params.userName = req.body.username
@ -36,10 +37,10 @@ module.exports = async (app, req, res) => {
  params.chk = chk

  req.gdRequest('uploadGJAccComment20', params, function (err, resp, body) {
-    if (err) return res.status(400).send(`The Geometry Dash servers rejected your profile post! Try again later, or make sure your username and password are entered correctly. Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
+    if (err) return send(`The Geometry Dash servers rejected your profile post! Try again later, or make sure your username and password are entered correctly. Try again later, or make sure your username and password are entered correctly. Last worked: ${app.timeSince(req.id)} ago.`)
    else if (body.startsWith("temp")) {
      let banStuff = body.split("_")
-      return res.status(400).send(`You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. Reason: ${banStuff[2] || "None"}`)
+      return send(`You have been banned from commenting for ${(parseInt(banStuff[1]) / 86400).toFixed(0)} days. Reason: ${banStuff[2] || "None"}`)
    }
    else app.trackSuccess(req.id)
    res.send(`Comment posted to ${params.userName} with ID ${body}`)