/**
|
|
* Boated file which handles all the SQL
|
|
* queries ran by the server
|
|
*
|
|
* @author Jeffery Russell
|
|
*/
|
|
|
|
const mysql = require('mysql');
|
|
|
|
/** Sanitizer to clean user inputs and prevent SQL injections */
|
|
const sanitizer = require('sanitizer');
|
|
|
|
/** Crypto package used for hashing */
|
|
const crypto = require('crypto');
|
|
|
|
/** Used to parse post data */
|
|
const qs = require('querystring');
|
|
|
|
/** Used to load the config file from the disk */
|
|
const config = require('../utils/configLoader').getConfig();
|
|
|
|
/** SQL connection */
|
|
const con = mysql.createConnection({
|
|
host: config.SQL_HOST,
|
|
port: config.SQL_PORT,
|
|
user: config.SQL_USER,
|
|
password: config.SQL_PASSWORD,
|
|
database: config.SQL_DATABASE
|
|
});
|
|
|
|
con.connect(function(err) {
|
|
if (err)
|
|
console.log(err);
|
|
});
|
|
|
|
|
|
/**
|
|
* Function used to query the database for records
|
|
*
|
|
* @param sqlStatement
|
|
* @returns {Array}
|
|
*/
|
|
const fetch = function(sqlStatement)
|
|
{
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
con.query(sanitizer.sanitize(sqlStatement), function (err, result)
|
|
{
|
|
if(err)
|
|
{
|
|
console.log(err);
|
|
reject(err);
|
|
}
|
|
resolve(result);
|
|
});
|
|
});
|
|
};
|
|
|
|
|
|
/**
|
|
* Function used to use insert statements into the database
|
|
*
|
|
* Don't worry, the input gets sanitized
|
|
*
|
|
* @param sqlStatement
|
|
* @return the id of the new record - if there is one
|
|
*/
|
|
const insert = function(sqlStatement)
|
|
{
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
con.query(sanitizer.sanitize(sqlStatement), function (err, result)
|
|
{
|
|
if (err)
|
|
{
|
|
console.log(err);
|
|
reject();
|
|
}
|
|
resolve(result.insertId);
|
|
});
|
|
})
|
|
};
|
|
|
|
|
|
/**
|
|
* Helper function to generate a hashed password
|
|
* from a given plain text password.
|
|
*
|
|
* This uses 64 bits of entropy as the random salt
|
|
* and uses sha256 hashing method to hash the password
|
|
* combined with the salt.
|
|
*
|
|
* @param password
|
|
* @returns {Object pass: hashedPassword, salt: salt used to hash}
|
|
*/
|
|
const createHashedPassword = function(password)
|
|
{
|
|
const randBuff = crypto.randomBytes(64);
|
|
|
|
const salt = crypto.createHash('sha256').update(randBuff).digest('hex');
|
|
|
|
const hashPass = crypto.createHash('sha256')
|
|
.update(password + salt)
|
|
.digest('hex');
|
|
|
|
var hashPassObject = new Object();
|
|
hashPassObject.pass = hashPass;
|
|
hashPassObject.salt = salt;
|
|
|
|
return hashPassObject;
|
|
};
|
|
|
|
|
|
module.exports=
|
|
{
|
|
/**
|
|
* function which fetches the sql info on a post based on it's sql id
|
|
* @param id
|
|
* @returns {Array}
|
|
*/
|
|
getPostById: function(id)
|
|
{
|
|
return new Promise((resolve, reject)=>
|
|
{
|
|
fetch("select * from posts where post_id='" + id + "' limit 1")
|
|
.then(function(post)
|
|
{
|
|
if(post.length === 1)
|
|
{
|
|
resolve(post[0]);
|
|
}
|
|
else
|
|
{
|
|
reject();
|
|
}
|
|
}).catch((error)=>
|
|
{
|
|
reject(error);
|
|
});
|
|
});
|
|
},
|
|
|
|
getPostIds: function(categoryID)
|
|
{
|
|
var q = categoryID == 0 ? "select post_id from posts order by published desc" :
|
|
"select post_id from posts where category_id='" + categoryID + "' order by published desc";
|
|
return fetch(q);
|
|
},
|
|
|
|
insert: function(sqlStatement)
|
|
{
|
|
return insert(sqlStatement);
|
|
},
|
|
|
|
|
|
/**
|
|
* Not to be mistaken for getPostData() in @file utils/utils.js,
|
|
* this function extracts a post entry from the sql server
|
|
*
|
|
* @param requestURL url user used to request blog post
|
|
* @return {*} the entry found in the data base -- if any
|
|
*/
|
|
getPost : function(requestURL)
|
|
{
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
var splitURL = requestURL.split("/")
|
|
if(splitURL.length >= 1)
|
|
{
|
|
var q = "SELECT posts.post_id, posts.pinned, posts.name, posts.url, posts.category_id, posts.published, posts.picture_url FROM categories INNER JOIN posts on categories.category_id=posts.category_id and categories.url='" + splitURL[1] + "' AND posts.url='" + splitURL[2] + "'";
|
|
fetch(q).then(function (sql_res)
|
|
{
|
|
if(sql_res.length != 0)
|
|
{
|
|
resolve(sql_res);
|
|
}
|
|
else
|
|
{
|
|
resolve(0);
|
|
}
|
|
});
|
|
}
|
|
else
|
|
{
|
|
resolve(0);
|
|
}
|
|
});
|
|
},
|
|
|
|
|
|
/**
|
|
* Function used to retrieve all categories when making the sidebar
|
|
*
|
|
* @return {Promise<Response> | * | Array}
|
|
*/
|
|
getCategories : function()
|
|
{
|
|
const q = "SELECT * FROM categories ORDER BY name";
|
|
return fetch(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Function which currently returns all blog of a particular
|
|
* category from the database
|
|
* @param requestURL
|
|
* @return {*|Promise}
|
|
*/
|
|
getPostsFromCategory: function(requestURL)
|
|
{
|
|
var q = "SELECT posts.post_id, posts.pinned, posts.name, posts.url, posts.category_id, posts.published, posts.picture_url FROM categories INNER JOIN posts on categories.category_id=posts.category_id and categories.url='" + requestURL + "' order by posts.published desc";
|
|
return fetch(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Fetches the recent posts from the database.
|
|
* @returns {Array}
|
|
*/
|
|
getRecentPostSQL: function()
|
|
{
|
|
return fetch("select * from posts order by post_id desc");
|
|
},
|
|
|
|
/**
|
|
* Helper method which returns a list of objects which contains the url
|
|
* and name of thee ten most recent posts
|
|
*
|
|
* {[name: , url: ],[name: , url: ],[name: , url: ],...}
|
|
*
|
|
* @return {*|Promise}
|
|
*/
|
|
getRecentPosts: function(limit)
|
|
{
|
|
limit = (limit == null) ? 10 : limit;
|
|
var q = "select posts.name, posts.url, posts.published, posts.category_id, categories.url as category from posts INNER JOIN categories on posts.category_id=categories.category_id order " +
|
|
"by post_id desc limit " + limit;
|
|
return fetch(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Returns a list of all the pinned posts in the database.
|
|
*
|
|
* @returns {Promise}
|
|
*/
|
|
getPinnedPosts: function()
|
|
{
|
|
return fetch("select posts.name, posts.url, posts.category_id, categories.url as category from posts INNER JOIN categories on posts.category_id=categories.category_id where pinned=1 order by post_id desc");
|
|
},
|
|
|
|
|
|
/**
|
|
* Function which checks to see if a user successfully logged in based on
|
|
* the post data which they sent
|
|
*
|
|
* @param postData the post data
|
|
* @return {*|Promise} a json object with {pass: , user: }
|
|
* the pass is whether or not they logged in successfully and the user is
|
|
* the username they successfully logged in with
|
|
*/
|
|
checkLogin: function(postData)
|
|
{
|
|
const post = qs.parse(postData);
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
var result = Object();
|
|
result.pass = false;
|
|
|
|
if(post.username && post.password)
|
|
{
|
|
const cleanName = sanitizer.sanitize(post.username);
|
|
const cleanPassword = sanitizer.sanitize(post.password);
|
|
|
|
const getSalt = "select * from users where user_name='" +
|
|
cleanName + "'";
|
|
fetch(getSalt).then(function(saltResult)
|
|
{
|
|
if(saltResult.length == 1)
|
|
{
|
|
const hashedPassword = crypto.createHash('sha256')
|
|
.update(cleanPassword + saltResult[0].salt)
|
|
.digest('hex');
|
|
if(saltResult[0].password === hashedPassword)
|
|
{
|
|
result.pass = true;
|
|
result.user = cleanName;
|
|
resolve(result);
|
|
}
|
|
else
|
|
{
|
|
resolve(result)
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//incorrect username
|
|
resolve(result);
|
|
}
|
|
})
|
|
}
|
|
else
|
|
{
|
|
//no login attempts were made
|
|
resolve(result);
|
|
}
|
|
});
|
|
},
|
|
|
|
|
|
/**
|
|
* Fetches a promise containing every post in the database
|
|
* @returns {Array}
|
|
*/
|
|
getAllPosts: function()
|
|
{
|
|
return fetch("select * from posts order by published desc");
|
|
},
|
|
|
|
getAllUsers: function()
|
|
{
|
|
return fetch("select * from users");
|
|
},
|
|
|
|
getUserByID: function(userID)
|
|
{
|
|
const cleanID = sanitizer.sanitize(userID);
|
|
|
|
const q = "select * from users where user_id='" + cleanID + "'";
|
|
|
|
return fetch(q);
|
|
},
|
|
|
|
|
|
|
|
removeUser: function(user_id)
|
|
{
|
|
const cleanID = sanitizer.sanitize(user_id);
|
|
|
|
return insert("delete from users where user_id='" + cleanID + "'");
|
|
},
|
|
|
|
addUser: function(username, password)
|
|
{
|
|
const cleanName = sanitizer.sanitize(username);
|
|
const cleanPassword = sanitizer.sanitize(password);
|
|
const hashedPassword = createHashedPassword(cleanPassword);
|
|
|
|
const q = "insert into users(user_name, password, salt) values('" + cleanName + "'," +
|
|
"'" + hashedPassword.pass + "','" + hashedPassword.salt + "')";
|
|
|
|
return insert(q);
|
|
},
|
|
|
|
|
|
updateUser: function(userID, username, password)
|
|
{
|
|
const cleanID = sanitizer.sanitize(userID);
|
|
const cleanName = sanitizer.sanitize(username);
|
|
const cleanPassword = sanitizer.sanitize(password);
|
|
const hashedPassword = createHashedPassword(cleanPassword);
|
|
|
|
const q = "update users " +
|
|
"set user_name='" + cleanName + "'" +
|
|
",password='" + hashedPassword.pass + "'" +
|
|
",salt='" + hashedPassword.salt + "'" +
|
|
" where user_id='" + cleanID + "'";
|
|
|
|
return insert(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Fetches the sql category information based on it's id
|
|
* @param categoryId
|
|
* @returns {Array}
|
|
*/
|
|
getCategory: function(categoryId)
|
|
{
|
|
return fetch("select * from categories where category_id='"
|
|
+ categoryId + "'");
|
|
},
|
|
|
|
|
|
/**Returns download information associated with a download name
|
|
*
|
|
* @param downloadURL
|
|
* @returns {Array}
|
|
*/
|
|
getDownload: function(downloadURL)
|
|
{
|
|
var cleanD = sanitizer.sanitize(downloadURL);
|
|
var q = "select * from downloads where name='" + cleanD + "' limit 1";
|
|
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
fetch(q).then(function(sqlData)
|
|
{
|
|
return module.exports.incrementDownloadCount(sqlData);
|
|
}).then(function(sqlData)
|
|
{
|
|
resolve(sqlData)
|
|
}).catch(function(error)
|
|
{
|
|
reject(error);
|
|
})
|
|
});
|
|
},
|
|
|
|
|
|
/** Increments the download count in the database
|
|
*
|
|
* @param sqlRow
|
|
* @returns {*|Promise}
|
|
*/
|
|
incrementDownloadCount: function(sqlRow)
|
|
{
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
if(sqlRow.length == 1)
|
|
{
|
|
var q = "update downloads set download_count='" +
|
|
(sqlRow[0].download_count + 1) + "' where download_id='" +
|
|
sqlRow[0].download_id + "'";
|
|
console.log(q);
|
|
insert(q).then(function(r)
|
|
{
|
|
resolve(sqlRow);
|
|
}).catch(function(err)
|
|
{
|
|
reject(err);
|
|
})
|
|
}
|
|
else
|
|
{
|
|
resolve(sqlRow);
|
|
}
|
|
});
|
|
},
|
|
|
|
|
|
/**
|
|
* Fetches all the downloads from the database
|
|
*
|
|
* @returns {Array}
|
|
*/
|
|
getAllDownloads: function()
|
|
{
|
|
return fetch("select * from downloads");
|
|
},
|
|
|
|
|
|
/**
|
|
* Inserts a download row into the database
|
|
*
|
|
* @param name of the download
|
|
* @param file name of file
|
|
* @returns {*|the}
|
|
*/
|
|
addDownload: function(name, file)
|
|
{
|
|
const q = "insert into downloads (name, file, download_count) " +
|
|
"values('" + name + "', '" + file + "', '0')";
|
|
|
|
return insert(q);
|
|
},
|
|
|
|
|
|
/**
|
|
*
|
|
* @param id
|
|
*/
|
|
removeDownload: function(id)
|
|
{
|
|
const q = "delete from downloads where download_id='" + id + "'";
|
|
|
|
return insert(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Based on the post data submitted by the user this function updates
|
|
* the information on the post in the database
|
|
* @param postData
|
|
* @returns {*|the}
|
|
*/
|
|
editPost: function(postData)
|
|
{
|
|
const url = postData.edit_name_new.split(" ").join("-").toLowerCase();
|
|
|
|
console.log(postData);
|
|
|
|
var pinned = ("pinned_checkbox" in postData) == false ? "NULL": "1";
|
|
console.log(pinned);
|
|
|
|
const q = "update posts " +
|
|
"set category_id='" + postData.edit_cat_num + "' " +
|
|
",name='" + postData.edit_name_new + "' " +
|
|
",url='" + url + "' " +
|
|
",picture_url='" + postData.edit_pic + "' " +
|
|
",published='" + postData.edit_date + "' " +
|
|
",pinned=" + pinned+
|
|
" where post_id='" + postData.edit_post_2 + "'";
|
|
|
|
console.log(q);
|
|
|
|
return insert(q);
|
|
},
|
|
|
|
|
|
/**
|
|
* Function which returns a promise which contains the string of the
|
|
* entire sitemap for the blog.
|
|
* @returns {Promise|*}
|
|
*/
|
|
getSiteMap: function()
|
|
{
|
|
return new Promise(function(resolve, reject)
|
|
{
|
|
const base = "http://jrtechs.net/";
|
|
|
|
var sm = base + "\n";
|
|
var promises = [];
|
|
module.exports.getCategories().then(function(categories)
|
|
{
|
|
categories.forEach(function(cat)
|
|
{
|
|
promises.push(new Promise(function(res, rej)
|
|
{
|
|
sm += base + "category/" + cat.url + "\n";
|
|
|
|
module.exports.getPostsFromCategory(cat.url).then(function(posts)
|
|
{
|
|
posts.forEach(function(post)
|
|
{
|
|
sm += base + cat.url + "/" + post.url + "\n";
|
|
});
|
|
res()
|
|
})
|
|
}));
|
|
});
|
|
|
|
Promise.all(promises).then(function()
|
|
{
|
|
resolve(sm);
|
|
}).catch(function(error)
|
|
{
|
|
throw error;
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
},
|
|
|
|
|
|
/**
|
|
* Logs visited page for backend server analytics.
|
|
*
|
|
* @param ip
|
|
* @param page
|
|
*/
|
|
logTraffic: function(ip, page)
|
|
{
|
|
if(page.length > 40)
|
|
{
|
|
console.log("Error, request too long to log ip:"
|
|
+ ip + " page: " + page);
|
|
return;
|
|
}
|
|
|
|
if(ip.length > 20)
|
|
{
|
|
ip = "";
|
|
}
|
|
|
|
const q = "insert into traffic_log (url, ip, date) values " +
|
|
"('" + page + "', '" + ip + "', now())";
|
|
|
|
insert(q);
|
|
},
|
|
|
|
getTraffic: function()
|
|
{
|
|
return fetch("select * from traffic_log");
|
|
}
|
|
};
|