You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
118 lines
3.7 KiB
118 lines
3.7 KiB
var fs = require('fs'); |
|
var logger = require('../tools/logger'); |
|
var danmaku = require('../models/danmaku'); |
|
var redis = require('../tools/redis'); |
|
|
|
function htmlEncode(str) { |
|
return str.replace(/&/g, "&") |
|
.replace(/</g, "<") |
|
.replace(/>/g, ">") |
|
.replace(/"/g, """) |
|
.replace(/'/g, "'") |
|
.replace(/\//g, "/"); |
|
} |
|
|
|
var postIP = []; |
|
|
|
module.exports = function (req, res) { |
|
var body = ''; |
|
var jsonStr = {}; |
|
var ip = req.headers['x-forwarded-for'] || |
|
req.connection.remoteAddress || |
|
req.socket.remoteAddress || |
|
req.connection.socket.remoteAddress; |
|
|
|
// check black ip |
|
var blanklist = fs.readFileSync('blacklist').toString().split('\n'); |
|
if (blanklist.indexOf(ip.split(',')[0]) !== -1) { |
|
logger.info(`Reject POST form ${ip} for black ip.`); |
|
res.send(`{"code": -1, "msg": "Rejected for black ip."}`); |
|
return; |
|
} |
|
|
|
// frequency limitation |
|
if (postIP.indexOf(ip) !== -1) { |
|
logger.info(`Reject POST form ${ip} for frequent operation.`); |
|
res.send(`{"code": -2, "msg": "Rejected for frequent operation."}`); |
|
return; |
|
} |
|
else { |
|
postIP.push(ip); |
|
setTimeout(function () { |
|
postIP.splice(0, 1); |
|
}, 1000); |
|
} |
|
|
|
req.on('data', dataListener); |
|
req.on('end', endListener); |
|
|
|
function dataListener (chunk) { |
|
body += chunk; |
|
} |
|
function endListener () { |
|
cleanListener(); |
|
try { |
|
jsonStr = JSON.parse(body); |
|
} catch (err) { |
|
jsonStr = {}; |
|
} |
|
|
|
// check data |
|
if (jsonStr.player === undefined |
|
|| jsonStr.author === undefined |
|
|| jsonStr.time === undefined |
|
|| jsonStr.text === undefined |
|
|| jsonStr.color === undefined |
|
|| jsonStr.type === undefined |
|
|| jsonStr.text.length >= 30) { |
|
logger.info(`Reject POST form ${ip} for illegal data: ${JSON.stringify(jsonStr)}`); |
|
res.send(`{"code": -3, "msg": "Rejected for illegal data"}`); |
|
return; |
|
} |
|
|
|
// check token: set it yourself |
|
function checkToken (token) { |
|
return true; |
|
} |
|
if (!checkToken(jsonStr.token)) { |
|
logger.info(`Rejected POST form ${ip} for illegal token: ${jsonStr.token}`); |
|
res.send(`{"code": -4, "msg": "Rejected for illegal token: ${jsonStr.token}"}`); |
|
return; |
|
} |
|
|
|
// check black username |
|
if (blanklist.indexOf(jsonStr.author) !== -1) { |
|
logger.info(`Reject POST form ${jsonStr.author} for black user.`); |
|
res.send(`{"code": -5, "msg": "Rejected for black user."}`); |
|
return; |
|
} |
|
|
|
logger.info(`POST form ${ip}, data: ${JSON.stringify(jsonStr)}`); |
|
|
|
var dan = new danmaku({ |
|
player: htmlEncode(jsonStr.player), |
|
author: htmlEncode(jsonStr.author), |
|
time: jsonStr.time, |
|
text: htmlEncode(jsonStr.text), |
|
color: htmlEncode(jsonStr.color), |
|
type: htmlEncode(jsonStr.type), |
|
ip: ip, |
|
referer: req.headers.referer |
|
}); |
|
dan.save(function (err, d) { |
|
if (err) { |
|
logger.error(err); |
|
res.send(`{"code": 0, "msg": "Error happens, please contact system administrator."}`); |
|
} |
|
else { |
|
res.send(`{"code": 1, "data": ${JSON.stringify(d)}}`); |
|
redis.client.del(`dplayer${htmlEncode(jsonStr.player)}`); |
|
} |
|
}); |
|
} |
|
|
|
function cleanListener () { |
|
req.removeListener('data', dataListener); |
|
req.removeListener('end', endListener); |
|
} |
|
}; |