312 lines
12 KiB
JavaScript
312 lines
12 KiB
JavaScript
|
"use strict";
|
||
|
(() => {
|
||
|
var exports = {};
|
||
|
exports.id = 8336;
|
||
|
exports.ids = [8336];
|
||
|
exports.modules = {
|
||
|
|
||
|
/***/ 6517:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("lodash");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 2261:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("serverless-mysql");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 4300:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("buffer");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 6113:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("crypto");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 7147:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("fs");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 3685:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("http");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 1017:
|
||
|
/***/ ((module) => {
|
||
|
|
||
|
module.exports = require("path");
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 2250:
|
||
|
/***/ ((module, __unused_webpack_exports, __webpack_require__) => {
|
||
|
|
||
|
// @ts-check
|
||
|
|
||
|
const _ = __webpack_require__(6517);
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
/**
|
||
|
* Sanitize SQL function
|
||
|
* ==============================================================================
|
||
|
* @description this function takes in a text(or number) and returns a sanitized
|
||
|
* text, usually without spaces
|
||
|
*
|
||
|
* @param {any} text - Text or number or object
|
||
|
* @param {boolean} [spaces] - Allow spaces
|
||
|
* @param {RegExp?} [regex] - Regular expression, removes any match
|
||
|
*
|
||
|
* @returns {any}
|
||
|
*/ function sanitizeSql(text, spaces, regex) {
|
||
|
/**
|
||
|
* Initial Checks
|
||
|
*
|
||
|
* @description Initial Checks
|
||
|
*/ if (!text) return "";
|
||
|
if (typeof text == "number" || typeof text == "boolean") return text;
|
||
|
if (typeof text == "string" && !text?.toString()?.match(/./)) return "";
|
||
|
if (typeof text == "object" && !Array.isArray(text)) {
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
const newObject = sanitizeObjects(text, spaces);
|
||
|
return newObject;
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
} else if (typeof text == "object" && Array.isArray(text)) {
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
const newArray = sanitizeArrays(text, spaces);
|
||
|
return newArray;
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
}
|
||
|
// if (text?.toString()?.match(/\'|\"/)) {
|
||
|
// console.log("TEXT containing commas =>", text);
|
||
|
// return "";
|
||
|
// }
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
/**
|
||
|
* Declare variables
|
||
|
*
|
||
|
* @description Declare "results" variable
|
||
|
*/ let finalText = text;
|
||
|
if (regex) {
|
||
|
finalText = text.toString().replace(regex, "");
|
||
|
}
|
||
|
if (spaces) {} else {
|
||
|
finalText = text.toString().replace(/\n|\r|\n\r|\r\n/g, "").replace(/ /g, "");
|
||
|
}
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
const escapeRegex = /select |insert |drop |delete |alter |create |exec | union | or | like | concat|LOAD_FILE|ASCII| COLLATE | HAVING | information_schema|DECLARE |\#|WAITFOR |delay |BENCHMARK |\/\*.*\*\//gi;
|
||
|
finalText = finalText.replace(/(?<!\\)\'/g, "\\'").replace(/(?<!\\)\`/g, "\\`")// .replace(/(?<!\\)\"/g, '\\"')
|
||
|
.replace(/\/\*\*\//g, "").replace(escapeRegex, "\\$&");
|
||
|
// const injectionRegexp = /select .* from|\*|delete from|drop database|drop table|update .* set/i;
|
||
|
// if (text?.toString()?.match(injectionRegexp)) {
|
||
|
// console.log("ATTEMPTED INJECTION =>", text);
|
||
|
// return "";
|
||
|
// }
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
return finalText;
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
////////////////////////////////////////
|
||
|
}
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
/**
|
||
|
* Sanitize Objects Function
|
||
|
* ==============================================================================
|
||
|
* @description Sanitize objects in the form { key: "value" }
|
||
|
*
|
||
|
* @param {any} object - Database Full Name
|
||
|
* @param {boolean} [spaces] - Allow spaces
|
||
|
*
|
||
|
* @returns {object}
|
||
|
*/ function sanitizeObjects(object, spaces) {
|
||
|
/** @type {any} */ let objectUpdated = {
|
||
|
...object
|
||
|
};
|
||
|
const keys = Object.keys(objectUpdated);
|
||
|
keys.forEach((key)=>{
|
||
|
const value = objectUpdated[key];
|
||
|
if (!value) {
|
||
|
delete objectUpdated[key];
|
||
|
return;
|
||
|
}
|
||
|
if (typeof value == "string" || typeof value == "number") {
|
||
|
objectUpdated[key] = sanitizeSql(value, spaces);
|
||
|
} else if (typeof value == "object" && !Array.isArray(value)) {
|
||
|
objectUpdated[key] = sanitizeObjects(value, spaces);
|
||
|
} else if (typeof value == "object" && Array.isArray(value)) {
|
||
|
objectUpdated[key] = sanitizeArrays(value, spaces);
|
||
|
}
|
||
|
});
|
||
|
return objectUpdated;
|
||
|
}
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
/**
|
||
|
* Sanitize Objects Function
|
||
|
* ==============================================================================
|
||
|
* @description Sanitize objects in the form { key: "value" }
|
||
|
*
|
||
|
* @param {any[]} array - Database Full Name
|
||
|
* @param {boolean} [spaces] - Allow spaces
|
||
|
*
|
||
|
* @returns {string[]|number[]|object[]}
|
||
|
*/ function sanitizeArrays(array, spaces) {
|
||
|
let arrayUpdated = _.cloneDeep(array);
|
||
|
arrayUpdated.forEach((item, index)=>{
|
||
|
const value = item;
|
||
|
if (!value) {
|
||
|
arrayUpdated.splice(index, 1);
|
||
|
return;
|
||
|
}
|
||
|
if (typeof item == "string" || typeof item == "number") {
|
||
|
arrayUpdated[index] = sanitizeSql(value, spaces);
|
||
|
} else if (typeof item == "object" && !Array.isArray(value)) {
|
||
|
arrayUpdated[index] = sanitizeObjects(value, spaces);
|
||
|
} else if (typeof item == "object" && Array.isArray(value)) {
|
||
|
arrayUpdated[index] = sanitizeArrays(item, spaces);
|
||
|
}
|
||
|
});
|
||
|
return arrayUpdated;
|
||
|
}
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
////////////////////////////////////////////////////////////////////////////////
|
||
|
module.exports = sanitizeSql;
|
||
|
|
||
|
|
||
|
/***/ }),
|
||
|
|
||
|
/***/ 4373:
|
||
|
/***/ ((__unused_webpack_module, __webpack_exports__, __webpack_require__) => {
|
||
|
|
||
|
__webpack_require__.r(__webpack_exports__);
|
||
|
/* harmony export */ __webpack_require__.d(__webpack_exports__, {
|
||
|
/* harmony export */ "default": () => (/* binding */ handler)
|
||
|
/* harmony export */ });
|
||
|
/* harmony import */ var path__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1017);
|
||
|
/* harmony import */ var path__WEBPACK_IMPORTED_MODULE_0___default = /*#__PURE__*/__webpack_require__.n(path__WEBPACK_IMPORTED_MODULE_0__);
|
||
|
/* harmony import */ var _functions_backend_userAuth__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6825);
|
||
|
/* harmony import */ var _functions_backend_userAuth__WEBPACK_IMPORTED_MODULE_1___default = /*#__PURE__*/__webpack_require__.n(_functions_backend_userAuth__WEBPACK_IMPORTED_MODULE_1__);
|
||
|
/* harmony import */ var _package_shared_functions_backend_db_sanitizeSql__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(2250);
|
||
|
/* harmony import */ var _package_shared_functions_backend_db_sanitizeSql__WEBPACK_IMPORTED_MODULE_2___default = /*#__PURE__*/__webpack_require__.n(_package_shared_functions_backend_db_sanitizeSql__WEBPACK_IMPORTED_MODULE_2__);
|
||
|
// @ts-check
|
||
|
/**
|
||
|
* ==============================================================================
|
||
|
* Imports
|
||
|
* ==============================================================================
|
||
|
*/ const fs = __webpack_require__(7147);
|
||
|
|
||
|
|
||
|
|
||
|
/** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /** ****************************************************************************** */ /**
|
||
|
* API handler
|
||
|
* ==============================================================================
|
||
|
* @type {import("next").NextApiHandler}
|
||
|
*/ async function handler(req, res) {
|
||
|
/**
|
||
|
* Check method
|
||
|
*
|
||
|
* @description Check request method and return if invalid
|
||
|
*/ if (req.method !== "POST") return res.json({
|
||
|
msg: "Failed!"
|
||
|
});
|
||
|
/**
|
||
|
* User auth
|
||
|
*
|
||
|
* @description Authenticate user
|
||
|
*/ const user = await _functions_backend_userAuth__WEBPACK_IMPORTED_MODULE_1___default()(req, res, true);
|
||
|
if (!user) {
|
||
|
return res.json({
|
||
|
success: false,
|
||
|
msg: "Unauthorized"
|
||
|
});
|
||
|
}
|
||
|
/**
|
||
|
* User auth
|
||
|
*
|
||
|
* @description Authenticate user
|
||
|
*/ const sanitizedReqBody = _package_shared_functions_backend_db_sanitizeSql__WEBPACK_IMPORTED_MODULE_2___default()(req.body);
|
||
|
const { name } = sanitizedReqBody;
|
||
|
const STATIC_ROOT = process.env.DSQL_STATIC_SERVER_DIR;
|
||
|
if (!STATIC_ROOT) {
|
||
|
console.log("Static File ENV not Found!");
|
||
|
return res.json({
|
||
|
success: false,
|
||
|
msg: "No Static File Path"
|
||
|
});
|
||
|
}
|
||
|
const folderPath = path__WEBPACK_IMPORTED_MODULE_0___default().join(STATIC_ROOT, `images/user-images/user-${user.id}/`);
|
||
|
const newFolderPath = folderPath + name;
|
||
|
const doesFolderExist = fs.existsSync(newFolderPath);
|
||
|
if (doesFolderExist) return res.json({
|
||
|
success: false
|
||
|
});
|
||
|
fs.mkdirSync(newFolderPath);
|
||
|
/**
|
||
|
* Send Response
|
||
|
*
|
||
|
* @description Send a boolean response
|
||
|
*/ res.json({
|
||
|
success: true
|
||
|
});
|
||
|
}
|
||
|
|
||
|
|
||
|
/***/ })
|
||
|
|
||
|
};
|
||
|
;
|
||
|
|
||
|
// load runtime
|
||
|
var __webpack_require__ = require("../../webpack-api-runtime.js");
|
||
|
__webpack_require__.C(exports);
|
||
|
var __webpack_exec__ = (moduleId) => (__webpack_require__(__webpack_require__.s = moduleId))
|
||
|
var __webpack_exports__ = __webpack_require__.X(0, [5425,2224,6825], () => (__webpack_exec__(4373)));
|
||
|
module.exports = __webpack_exports__;
|
||
|
|
||
|
})();
|