aboutsummaryrefslogtreecommitdiffstats
path: root/src/routes
diff options
context:
space:
mode:
authorMatt Strapp <matt@mattstrapp.net>2022-02-11 00:11:52 -0600
committerMatt Strapp <matt@mattstrapp.net>2022-02-11 00:11:52 -0600
commit0fbc317e926b5d80363979ee51a4e3c930014efd (patch)
treebfd8ce0fc829d80a46a2182b759057c25e4894fa /src/routes
parentGet rid of express-session and use a cookie instead (diff)
downloadee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.gz
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.bz2
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.lz
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.xz
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.tar.zst
ee4511w-web-0fbc317e926b5d80363979ee51a4e3c930014efd.zip
Do a bunch of random things (still no feature parity)
sadge Signed-off-by: Matt Strapp <matt@mattstrapp.net>
Diffstat (limited to '')
-rw-r--r--src/routes/api.ts40
-rw-r--r--src/routes/api/actuate.ts0
-rw-r--r--src/routes/api/login.ts0
3 files changed, 40 insertions, 0 deletions
diff --git a/src/routes/api.ts b/src/routes/api.ts
new file mode 100644
index 0000000..4612c16
--- /dev/null
+++ b/src/routes/api.ts
@@ -0,0 +1,40 @@
+import express, { Request, Response } from 'express';
+import csurf from 'csurf';
+import cookieParser from 'cookie-parser';
+import fileUpload, { UploadedFile } from 'express-fileupload';
+import slowDown from 'express-slow-down';
+
+
+// Slow down everything to prevent DoS attacks
+const speedLimiter = slowDown({
+ windowMs: 5 * 60 * 1000, // 15 minutes
+ delayAfter: 50, // allow 100 requests per 5 minutes, then...
+ delayMs: 500 // begin adding 500ms of delay per request above 100:
+ // request # 101 is delayed by 500ms
+ // request # 102 is delayed by 1000ms
+ // request # 103 is delayed by 1500ms
+ // etc.
+});
+
+
+const api = express.Router();
+
+api.use(fileUpload());
+api.use(speedLimiter);
+
+// CSRF protection
+api.use(cookieParser());
+const csrf = csurf({ cookie: true });
+
+api.post('/upload', csrf, (req: Request, res: Response) => {
+ if (!req.files || Object.keys(req.files).length === 0)
+ return res.status(400).json({ err: 'ENOENT' });
+ // Kludge to prevent a compiler error
+ const file: UploadedFile = req.files.file as UploadedFile;
+ console.log(file.mimetype);
+ if (file.mimetype !== 'text/x-python')
+ return res.status(400).json({ err: 'EINVAL' });
+ res.status(200).json({ err: null });
+});
+
+export default api; \ No newline at end of file
diff --git a/src/routes/api/actuate.ts b/src/routes/api/actuate.ts
deleted file mode 100644
index e69de29..0000000
--- a/src/routes/api/actuate.ts
+++ /dev/null
diff --git a/src/routes/api/login.ts b/src/routes/api/login.ts
deleted file mode 100644
index e69de29..0000000
--- a/src/routes/api/login.ts
+++ /dev/null