Skip to content
This repository has been archived by the owner on Jul 21, 2022. It is now read-only.

Added new API endpoints + Updated API endpoints #116

Merged
merged 1 commit into from
Aug 7, 2021
Merged

Added new API endpoints + Updated API endpoints #116

merged 1 commit into from
Aug 7, 2021

Conversation

FireMario211
Copy link
Collaborator

This pull request updates and adds new api endpoints.

Updated files:

  • website.ts - Updated to remove body-parser and add new URLs to CSP.
  • /api/register.ts - Updated to add recaptcha.
  • init.sql - Adds announcements table for annoncements.
  • permissions.json - For announcement permissions (POST & DELETE)
  • /api/order.ts - To add support for /api/order/checkout (For ordering a package) and /api/order/webhook (May change but it's for stripe to send a request to the server to give the client their package.

New files/endpoints:

  • /api/announcements.ts - Allows you to view the announcements posted. (Or to create/delete announcements)
  • success.eta - Success page for ordering
  • cancel.eta - Cancel page for ordering (If you press the back button on stripe)

New packages added:

  • stripe - For orders.
  • node-fetch - For fetching results from a site (Used for recaptcha)

If there are any bugs with this PR, please let me know so I can fix them.

@github-actions
Copy link

github-actions bot commented Aug 7, 2021

SQL Risks Found

src/sql/init.sql 
+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token (refresh token) createdin timestamp not null, -- when the token was
created expiresin timestamp not null, -- when the token expires ip text not
null, -- remote address rememberme integer not null default 0 -- will change
what expiresin should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists ticket_msgs ( msg_id integer not null primary key, --
message id ticket_id integer not null, -- ticket id user_id integer not null, --
user id of who sent the message. content text not null default 'message', --
message content (encoded in base64, will probably encrypt in aes256) files text
not null default 0, -- any files that are uploaded. (will be shown in url form)
createdin timestamp not null, -- when the message was created. editedin
timestamp not null default 0 -- when the message was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists announcements ( announcement_id integer not null
primary key, -- announcement id. announcementtype text not null default 'news',
-- announcement type ("outage", "news", "warning") announcementtext text not
null default 'announcement', -- what the text should show deletein timestamp not
null, -- when the announcement should be deleted (or invalid)
showtocustomersonly integer not null default 0 -- if it should only show to
users who are logged in (0 = false | 1 = true) );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Values In Definition
[Matching Expression: in (]


==================== Summary ===================
All Anti-Patterns and Hints  :: 7
>  High Risk   :: 4
>  Medium Risk :: 3
>  Low Risk    :: 0
>  Hints       :: 0
src/sql/init.sql 
+-------------------------------------------------+
|                   SQLCHECK                      |
+-------------------------------------------------+
> RISK LEVEL    :: ONLY MEDIUM AND HIGH RISK ANTI-PATTERNS
> SQL FILE NAME :: src/sql/init.sql
> COLOR MODE    :: DISABLED
> VERBOSE MODE  :: DISABLED
> DELIMITER     :: ;
-------------------------------------------------
==================== Results ===================

-------------------------------------------------
SQL Statement: -- initialize all tables create table if not exists users ( user_id integer not
null primary key, -- the users id registered timestamp not null, -- when the
user registered name text not null, -- the users real name email text not null,
-- for contacting the user password text not null, -- required salt text not
null, -- extra security, this will be used as an extra salt verified integer not
null default 0, -- if the user verified their email (1) or if they verified
their phone # (2) permission_id integer not null default 0 -- users permission
id. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]

[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists invoices ( invoice_id integer not null primary key,
opened timestamp not null, due timestamp not null, price real not null default
0.00, currency text not null default '€' );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Imprecise Data Type
[Matching Expression: real]


-------------------------------------------------
SQL Statement: create table if not exists sessions ( session_id integer not null primary key,
-- session id user_id integer not null, -- user id jwt text not null, -- jwt
token (refresh token) createdin timestamp not null, -- when the token was
created expiresin timestamp not null, -- when the token expires ip text not
null, -- remote address rememberme integer not null default 0 -- will change
what expiresin should be );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists tickets ( ticket_id integer not null primary key, --
ticket id user_id integer not null, -- user id of who created the ticket.
subject text not null default 'ticket', -- ticket subject (or title) content
text not null default 'message', -- contents of the ticket. category_ids text
not null default '0,1', -- category(s) for the ticket. (0 being billing, and 1
being bug) status integer not null default 0, -- status of the ticket, if its
open (0), or if its closed (1). opened timestamp not null, -- when the ticket
was opened. closed timestamp not null default 0, -- when the ticket was closed.
files text not null default 0, -- any files that are uploaded. (will be shown in
url form) level integer not null default 3, -- level of support createdin
timestamp not null, -- when the ticket was created. editedin timestamp not null
default 0 -- when the ticket was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists ticket_msgs ( msg_id integer not null primary key, --
message id ticket_id integer not null, -- ticket id user_id integer not null, --
user id of who sent the message. content text not null default 'message', --
message content (encoded in base64, will probably encrypt in aes256) files text
not null default 0, -- any files that are uploaded. (will be shown in url form)
createdin timestamp not null, -- when the message was created. editedin
timestamp not null default 0 -- when the message was edited. );
[src/sql/init.sql]: (HIGH RISK) (LOGICAL_DATABASE_DESIGN ANTI-PATTERN) Generic Primary Key
[Matching Expression:  id ]


-------------------------------------------------
SQL Statement: create table if not exists announcements ( announcement_id integer not null
primary key, -- announcement id. announcementtype text not null default 'news',
-- announcement type ("outage", "news", "warning") announcementtext text not
null default 'announcement', -- what the text should show deletein timestamp not
null, -- when the announcement should be deleted (or invalid)
showtocustomersonly integer not null default 0 -- if it should only show to
users who are logged in (0 = false | 1 = true) );
[src/sql/init.sql]: (MEDIUM RISK) (PHYSICAL_DATABASE_DESIGN ANTI-PATTERN) Values In Definition
[Matching Expression: in (]


==================== Summary ===================
All Anti-Patterns and Hints  :: 7
>  High Risk   :: 4
>  Medium Risk :: 3
>  Low Risk    :: 0
>  Hints       :: 0

@FireMario211 FireMario211 merged commit 3b108eb into main Aug 7, 2021
@FireMario211 FireMario211 deleted the announcement-pr branch August 7, 2021 22:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@FireMario211