Merge branch 'nl'

PlaceAutism · Apr 4, 2022 · ddc4cbe · ddc4cbe
2 parents 1be7f88 + 5c10095
commit ddc4cbe
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 4 deletions.
diff --git a/index.js b/index.js
@@ -8,6 +8,8 @@ const getPixels = require('get-pixels');
 const multer = require('multer')
 const upload = multer({ dest: `${__dirname}/uploads/` });
 
+const safeCompare = require('safe-compare')
+
 const VALID_COLORS = ['#6D001A', '#BE0039', '#FF4500', '#FFA800', '#FFD635', '#FFF8B8', '#00A368', '#00CC78', '#7EED56', '#00756F', '#009EAA', '#00CCC0', '#2450A4', '#3690EA', '#51E9F4', '#493AC1', '#6A5CFF', '#94B3FF', '#811E9F', '#B44AC0', '#E4ABFF', '#DE107F', '#FF3881', '#FF99AA', '#6D482F', '#9C6926', '#FFB470', '#000000', '#515252', '#898D90', '#D4D7D9', '#FFFFFF'];
 
 var appData = {
@@ -45,8 +47,8 @@ app.get('/api/stats', (req, res) => {
 });
 
 app.post('/updateorders', upload.single('image'), async (req, res) => {
-    if (!req.body || !req.file || !req.body.reason || !req.body.password || req.body.password !== process.env.PASSWORD) {
-        res.send('Incorrect password!');
+    if (!req.body || !req.file || !req.body.reason || !req.body.password || !safeCompare(req.body.password, process.env.PASSWORD)) {
+        res.send('Incorrect Password!');
         fs.unlinkSync(req.file.path);
         return;
     }
@@ -166,7 +168,8 @@ function isAlphaNumeric(str) {
         code = str.charCodeAt(i);
         if (!(code > 47 && code < 58) && // numeric (0-9)
             !(code > 64 && code < 91) && // upper alpha (A-Z)
-            !(code > 96 && code < 123)) { // lower alpha (a-z)
+            !(code > 96 && code < 123) && // lower alpha (a-z)
+            !(code == 45)) { // `-` character
             return false;
         }
     }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,6 +20,7 @@
     "express.js": "^1.0.0",
     "get-pixels": "^3.3.3",
     "multer": "^1.4.4",
+    "safe-compare": "^1.1.4",
     "ws": "^8.5.0"
   }
 }
diff --git a/static/index.html b/static/index.html
@@ -75,7 +75,7 @@ <h3>order history</h3>
                 document.querySelector('[data-statistic=\'connectionCount\']').innerText = data.connectionCount;
                 document.querySelector('.current-order').src = `/maps/${data.currentMap}`;
                 document.querySelector('.maphistory').innerHTML = data.mapHistory.reverse().map((item) => `<li class="list-group-item">
-                    <img style="max-width: 250px; max-height: 250px; border: 1px solid black;" src="/maps/${escapeHtml(item.file)}" />
+    <img style="max-width: 250px; max-height: 250px; border: 1px solid black;" src="/maps/${escapeHtml(item.file)}" />
     <br />
     ${new Date(item.date).toLocaleString()}
     <br />