2017-12-12 17:40:07 -07:00
|
|
|
'use strict'
|
2017-03-15 02:01:55 -06:00
|
|
|
|
2017-12-12 17:40:07 -07:00
|
|
|
const router = require('express').Router()
|
|
|
|
const xss = require('xss')
|
|
|
|
const User = require('../models.js').user
|
2018-08-14 17:09:52 -06:00
|
|
|
// Trim slug to patch CVE-2017-16117
|
|
|
|
const slug = function(s) {
|
|
|
|
return require('slug')(s.slice(0,99))
|
|
|
|
}
|
2017-03-14 22:05:03 -06:00
|
|
|
|
2017-04-25 15:22:23 -06:00
|
|
|
module.exports = router
|
2017-04-10 01:00:56 -06:00
|
|
|
|
2017-12-12 17:40:07 -07:00
|
|
|
// Index
|
|
|
|
.get('/', (req, res, next) => {
|
|
|
|
res.render('index', {active: 'home'})
|
|
|
|
})
|
|
|
|
|
|
|
|
// Demo redirect
|
|
|
|
.get('/demo', (req, res, next) => {
|
|
|
|
res.redirect('/map/demo')
|
|
|
|
})
|
|
|
|
|
|
|
|
// Help
|
|
|
|
.get('/help', (req, res) => {
|
|
|
|
res.render('help', {active: 'help'})
|
|
|
|
})
|
|
|
|
|
|
|
|
// Terms of Service and Privacy Policy
|
|
|
|
.get('/terms', (req, res) => {
|
|
|
|
res.render('terms', {active: 'terms'})
|
|
|
|
})
|
|
|
|
.get('/privacy', (req, res) => {
|
|
|
|
res.render('privacy', {active: 'privacy'})
|
|
|
|
})
|
|
|
|
|
|
|
|
// robots.txt
|
|
|
|
.get('/robots.txt', (req, res) => {
|
2017-12-18 23:41:30 -07:00
|
|
|
res.set('Content-Type', 'text/plain')
|
|
|
|
.send('User-agent: *\n' +
|
|
|
|
'Disallow: /map/*\n' +
|
|
|
|
'Allow: /map/demo'
|
2017-12-12 17:40:07 -07:00
|
|
|
)
|
|
|
|
})
|
|
|
|
|
|
|
|
// favicon.ico
|
|
|
|
// TODO: Just serve it
|
|
|
|
.get('/favicon.ico', (req, res) => {
|
|
|
|
res.redirect('/static/img/icon/by/16-32-48.ico')
|
|
|
|
})
|
|
|
|
|
|
|
|
// Endpoint to validate forms
|
2018-01-20 20:45:25 -07:00
|
|
|
.get('/validate', async (req, res, next) => {
|
2017-12-12 17:40:07 -07:00
|
|
|
// Validate unique slug
|
|
|
|
if (req.query.slug) {
|
2018-01-20 20:45:25 -07:00
|
|
|
try {
|
|
|
|
let existingUser = await User.findOne({
|
|
|
|
slug: slug(req.query.slug)
|
|
|
|
})
|
2017-12-13 12:52:01 -07:00
|
|
|
if (existingUser && existingUser.id!==req.user.id) res.sendStatus(400)
|
|
|
|
else res.sendStatus(200)
|
2018-01-20 20:45:25 -07:00
|
|
|
} catch (err) {
|
2017-12-12 17:40:07 -07:00
|
|
|
console.error(err)
|
|
|
|
res.sendStatus(500)
|
2018-01-20 20:45:25 -07:00
|
|
|
}
|
2017-12-12 17:40:07 -07:00
|
|
|
|
|
|
|
// Validate unique email
|
|
|
|
} else if (req.query.email) {
|
2018-01-20 20:45:25 -07:00
|
|
|
try {
|
|
|
|
let existingUser = User.findOne({ email: req.query.email })
|
2017-12-12 17:40:07 -07:00
|
|
|
if (existingUser && existingUser.id !== req.user.id) {
|
|
|
|
res.sendStatus(400)
|
|
|
|
} else { res.sendStatus(200) }
|
2018-01-20 20:45:25 -07:00
|
|
|
} catch (err) {
|
2017-12-12 17:40:07 -07:00
|
|
|
console.error(err)
|
|
|
|
res.sendStatus(500)
|
2018-01-20 20:45:25 -07:00
|
|
|
}
|
2017-12-12 17:40:07 -07:00
|
|
|
|
|
|
|
// Create slug
|
2017-12-13 12:52:01 -07:00
|
|
|
} else if (req.query.slugify) res.send(slug(xss(req.query.slugify)))
|
2017-12-12 17:40:07 -07:00
|
|
|
|
|
|
|
// Sanitize for XSS
|
2017-12-13 12:52:01 -07:00
|
|
|
else if (req.query.xss) res.send(xss(req.query.xss))
|
2017-12-12 17:40:07 -07:00
|
|
|
|
|
|
|
// 404
|
2017-12-13 12:52:01 -07:00
|
|
|
else next()
|
2017-12-12 17:40:07 -07:00
|
|
|
})
|
|
|
|
|
|
|
|
// Link to androidapp in play store
|
|
|
|
.get('/android', (req, res) => {
|
|
|
|
res.redirect('https://play.google.com/store/apps/details?id=us.keithirwin.tracman')
|
|
|
|
})
|
|
|
|
|
|
|
|
// Link to iphone app in the apple store
|
|
|
|
// ... maybe someday
|
|
|
|
.get('/ios', (req, res) => {
|
|
|
|
res.redirect('/help#why-is-there-no-ios-app')
|
|
|
|
})
|