Fixed potential memory overflow attack via the cache system.

includes/includes.js

@@ -50,9 +50,9 @@ const sendCachedContent = function(path, type, result)
                     'Vary': 'Accept-Encoding'});
             result.write(content);
             result.end();
-            cache.put(path, content);
         }).catch(function(error)
         {
+            cache.del(path);
             console.log(error);
         });
     }

posts/category.js

@@ -31,7 +31,7 @@ const renderPosts = function(resultURL, page)
     }
     else
     {
-        return utils.print404();
+        reject("Page Not Found");
     }
 };
 

posts/posts.js

@@ -30,7 +30,7 @@ const renderPost = function(requestURL)
                 }
                 else
                 {
-                    return utils.print404();
+                    reject("Page Not Found");
                 }
             }).then(function(html)
             {
@@ -42,10 +42,7 @@ const renderPost = function(requestURL)
         }
         else
         {
-            utils.print404().then(function(html)
-            {
-               resolve("<div class='col-md-8'>" + html + "</div>");
-            });
+            reject("Page Not Found");
         }
     });
 };

posts/renderBatchOfPreviewes.js

@@ -17,9 +17,9 @@ module.exports=
             {
                 currentPage = Number(currentPage);
             }
+
             return new Promise(function(resolve, reject)
             {
-
                 const promises = [];
                 for(var i = (currentPage-1) * numOfPosts; i < (currentPage-1) * numOfPosts + numOfPosts; i++)
                 {
@@ -33,7 +33,7 @@ module.exports=
                                 res(html);
                             }).catch(function(error)
                             {
-                                rej(error);
+                                reject(error)
                             })
                         }));
                     }

posts/renderNextBar.js

@@ -1,38 +1,47 @@
 const isValidPage = function(page, postsPerPage, totalPosts)
 {
-    return (!(page === 0 || page -1 >= totalPosts/postsPerPage));
+    return !(page === 0 || page -1 >= totalPosts/postsPerPage);
 };
 
-
 module.exports=
     {
         main: function(baseURL, currentPage, postsPerPage, totalPosts)
         {
-            var nextPage = currentPage + 1;
-            var previousPage = currentPage - 1;
+            return new Promise(function(resolve, reject)
+            {
 
-            var olderPosts = "";
-            var newerPosts = "";
+                if(!isValidPage(currentPage, postsPerPage, totalPosts))
+                {
+                    reject("Invalid Page");
+                }
 
-            if (isValidPage(previousPage, postsPerPage, totalPosts))
-            {
-                newerPosts = "<button class=\"btn btn-secondary btn-lg " +
-                "w3-padding-large w3-white w3-border\"  onclick=\"location.href='" +
-                baseURL + "?page=" + previousPage +
-                "'\"><b>Newer Posts &raquo;</b></button>";
-            }
+                var nextPage = currentPage + 1;
+                var previousPage = currentPage - 1;
+
+                var olderPosts = "";
+                var newerPosts = "";
+
+                if (isValidPage(previousPage, postsPerPage, totalPosts))
+                {
+                    newerPosts = "<button class=\"btn btn-secondary btn-lg " +
+                        "w3-padding-large w3-white w3-border\"  onclick=\"location.href='" +
+                        baseURL + "?page=" + previousPage +
+                        "'\"><b>Newer Posts &raquo;</b></button>";
+                }
+
+                if (isValidPage(nextPage, postsPerPage, totalPosts))
+                {
+                    olderPosts = "<button class=\"btn btn-secondary btn-lg " +
+                        "w3-padding-large w3-white w3-border\"  onclick=\"location.href='" +
+                        baseURL + "?page=" + nextPage +
+                        "'\"><b>Older Posts &raquo;</b></button>";
+                }
+
+                resolve("    <div class=\"row\">\n" +
+                    "        <div class=\"col-6\">" + newerPosts + "</div>\n" +
+                    "        <div class=\"col-6\"><span class=\"float-right\">" + olderPosts + "</span></div>\n" +
+                    "    <br><br></div>");
+            })
 
-            if (isValidPage(nextPage, postsPerPage, totalPosts))
-            {
-                olderPosts = "<button class=\"btn btn-secondary btn-lg " +
-                    "w3-padding-large w3-white w3-border\"  onclick=\"location.href='" +
-                    baseURL + "?page=" + nextPage +
-                    "'\"><b>Older Posts &raquo;</b></button>";
-            }
-
-            return "    <div class=\"row\">\n" +
-                "        <div class=\"col-6\">" + newerPosts + "</div>\n" +
-                "        <div class=\"col-6\"><span class=\"float-right\">" + olderPosts + "</span></div>\n" +
-                "    <br><br></div>";
         }
     };

sites/blog.js

@@ -8,6 +8,9 @@ const contentLoader = require('../includes/staticContentServer.js');
 //caching program to make the application run faster
 const cache = require('memory-cache');
 
+//file io
+const utils = require('../utils/utils.js');
+
 /**
  * @author Jeffery Russell 11-3-18
  *
@@ -59,12 +62,14 @@ module.exports=
 
                         if (urlSplit.length >= 2 && urlSplit[1] === 'category') //single category page
                             file = "../posts/category.js";
-
                         else
+                        {
                             file = "../posts/posts.js";
+                            page = 1; // all posts are single page, everyone must be one to ensure
+                            // cache is not tricked into storing same blog post a ton of times
+                        }
                     }
 
-
                     Promise.all([includes.printHeader(),
                         require(file).main(filename, request),
                         includes.printFooter()]).then(function (content)
@@ -72,11 +77,14 @@ module.exports=
                         result.write(content.join(''));
                         result.end();
                         cache.put(filename + "?page=" + page, content.join(''));
-
                     }).catch(function (err)
                     {
-                        console.log(err);
-                        throw err;
+                        cache.del(filename + "?page=" + page);
+                        utils.print404().then(function(content)
+                        {
+                            result.write(content);
+                            result.end();
+                        })
                     });
                 }
                 else

sites/projects.js

@@ -1,6 +1,3 @@
-//file io
-const utils = require('../utils/utils.js');
-
 //used to parse the request URL
 const url = require('url');