Add a way to submit splash texts

2026-01-30 21:35:43 -07:00
parent cb8c171dcf
commit a85ee726c9
2 changed files with 136 additions and 0 deletions
--- a/src/routes/berrydash/splash-text/post.ts
+++ b/src/routes/berrydash/splash-text/post.ts
@@ -0,0 +1,120 @@
+import { Context } from 'elysia'
+import {
+  getClientIp,
+  getDatabaseConnection,
+  jsonResponse,
+  validateTurnstile
+} from '../../../lib/util'
+import { checkAuthorization } from '../../../lib/auth'
+import { berryDashSplashTexts } from '../../../lib/tables'
+
+type Body = {
+  token: string
+  content: string
+}
+
+export async function handler (context: Context) {
+  const dbInfo0 = getDatabaseConnection(0)
+  const dbInfo1 = getDatabaseConnection(1)
+
+  if (!dbInfo0 || !dbInfo1)
+    return jsonResponse(
+      { success: false, message: 'Failed to connect to database' },
+      500
+    )
+  const { connection: connection0, db: db0 } = dbInfo0
+  const { connection: connection1, db: db1 } = dbInfo0
+
+  const ip = getClientIp(context)
+  if (!ip) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Failed to get required info'
+      },
+      400
+    )
+  }
+  const authorizationToken = context.headers.authorization
+  const authResult = await checkAuthorization(
+    authorizationToken as string,
+    db0,
+    ip
+  )
+  if (!authResult.valid) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse({ success: false, message: 'Unauthorized' }, 401)
+  }
+  const userId = authResult.id
+
+  const body = context.body as Body
+  if (!body.token || !body.content) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Token and content must be in POST data'
+      },
+      400
+    )
+  }
+  if (body.content.length > 72) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Splash texts cannot be over 72 characters'
+      },
+      400
+    )
+  }
+  if (
+    !/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~]+$/.test(
+      body.content
+    )
+  ) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Invalid characters in splash'
+      },
+      400
+    )
+  }
+
+  const result = await validateTurnstile(body.token, ip)
+  if (!result.success) {
+    connection0.end()
+    connection1.end()
+    return jsonResponse(
+      {
+        success: false,
+        message: 'Unable to verify captcha key'
+      },
+      400
+    )
+  }
+
+  const time = Math.floor(Date.now() / 1000)
+  await db1
+    .insert(berryDashSplashTexts)
+    .values({ userId, content: atob(body.content), timestamp: time })
+
+  connection0.end()
+  connection1.end()
+
+  return jsonResponse(
+    {
+      success: true,
+      message: null
+    },
+    200
+  )
+}