blogger-nodejs/app.js

const express = require('express');
const showdown  = require('showdown')
const crypto = require('crypto'); // For encrypting passwords
const { fromUnixTime, format, getUnixTime } = require("date-fns")
const fs = require('fs');
const users = require('./users.js');
const posts = require('./posts.js');
const config = require('./config.js');
let converter = new showdown.Converter({simpleLineBreaks: true, tables: true, strikethrough: true, tasklists: true, encodeEmails: true})
const app = express();
let footer_div = config.site_wide_footer
footer_div = replace_format_indicators(footer_div)

app.use(express.urlencoded({ extended: true }));
app.use(express.json());
app.use(express.static(config.root_path));

function get_userID(username) {
	for (let i = 0; i < users.users.length; i++) {
		if (users.users[i]['username'] == username) {
			return i
		}
	}
	return -1
}

function unix_time_to_date_format(unix_time) {
	date = fromUnixTime(unix_time)
	formatted_date = format(date, config.date_format)

	return formatted_date
}

function unix_time_to_rss_date(unix_time) {
	date = fromUnixTime(unix_time)
	formatted_date = format(date, "EEE, dd MMM yyyy HH:mm:ss")
	return `${formatted_date} ${config.time_zone}`
}

function hyperlink_tags(tags) {
	string = ""
	for (let tag_index = 0; tag_index < tags.length; tag_index++) {
		string += `<a href="/tag/${tags[tag_index]}">${tags[tag_index]}</a>`
		if (tag_index < tags.length - 1) {
			string += ", ";
		}
	}
	return string
}

function replace_format_indicators(input_string, post_index=0, tag_name="tag") {
	post_object = posts.posts[post_index]
	output_string = input_string
		.replaceAll("%%", "&#37;")
		.replaceAll("%A", (post_object["tags"]))
		.replaceAll("%B", (hyperlink_tags(post_object["tags"])))
		.replaceAll("%C", converter.makeHtml(post_object["content"]))
		.replaceAll("%D", unix_time_to_date_format(post_object["pubdate"]))
		.replaceAll("%E", unix_time_to_date_format(post_object["editdate"]))
		.replaceAll("%F", users.users[post_object["userID"]]['prettyname'])
		.replaceAll("%G", tag_name)
		.replaceAll("%I", users.users[post_object['userID']]['description'])
		.replaceAll("%L", `/post/${post_index}`)
		.replaceAll("%N", users.users[post_object["userID"]]['username'])
		.replaceAll("%P", "/post")
		.replaceAll("%O", `/edit/${post_index}`)
		.replaceAll("%R", "/rss")
		.replaceAll("%S", config.seperator)
		.replaceAll("%T", post_object["title"])
		.replaceAll("%U", `/user/${users.users[post_object["userID"]]['username']}`)
		.replaceAll("%Y", config.site_name)
		.replaceAll("%W", config.site_description)
		.replaceAll("%Z", config.attribution)
	if (config.enable_hitcount == true) {
		output_string = output_string
			.replaceAll("%H", fs.readFileSync('hitcount.txt'))
	}

	return output_string
}

function escape_input(input) {
    let output = input
        .replaceAll("<", "&lt;")
        .replaceAll(">", "&gt;")
        .replaceAll("\\", "&#92;")
        .replaceAll('"', "&#34;")
        .replaceAll("'", "&#39;")
        .replaceAll("/", "&#47;")
    return output
}

app.get(config.rss_path, (req,res) => {
	if (config.rss == false) {
		res.send("Sorry, RSS is disabled!")
	}
	else {
		let rss_content = `<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0">
    <channel>
        <title>${config.site_name}</title>
        <link>${config.site_url}</link>
        <description>${config.site_description}</description>
        `
		for (let i = posts.posts.length-1; i >= 0; i--) {
		    rss_content += `
			<item>
			    <title>${posts.posts[i]["title"]}</title>
			    <link>${config.site_url}/post/${i}.${config.file_extension}</link>
			    <description><![CDATA[${converter.makeHtml(posts.posts[i]["content"])}]]></description>
			    <guid isPermaLink="true">${config.site_url}/post/${i}</guid>
			    <pubDate>${unix_time_to_rss_date(posts.posts[i]['pubdate'])}</pubDate>`
			for (let j = 0; j < posts.posts[i]['tags'].length; j++) {
				rss_content += `<category><![CDATA[${posts.posts[i]['tags'][j]}]]></category>`
			};
			rss_content += "</item>"
		}
		rss_content += `
	    </channel>
	</rss>`
		res.setHeader('content-type', 'application/rss+xml');
		res.send(rss_content)
	};
});

app.get("/", (req,res) => {
	if (config.enable_hitcount) {
		let hitcount = parseInt(fs.readFileSync('hitcount.txt'))
		hitcount += 1
		console.log(`/ Is loaded, hitcount: ${hitcount}`)
		fs.writeFileSync(`${__dirname}/hitcount.txt`, `${hitcount}`, 'utf-8');
	}

	header_div = config.timeline_header
	header_div = replace_format_indicators(header_div);
	posts_div = "";
	counter = posts.posts.length - 1;
	while ((counter >= 0) && (counter > (posts.posts.length - (config.timeline_length + 1))))
	{
		let post = config.timeline_post_format;
		posts_div += replace_format_indicators(post, counter);
		counter -= 1;
	}
	res.send(`<html><head><meta charset="${config.charset}"><style>${config.css}</style></head><body><div id="header">${header_div}</div><div id="posts">${posts_div}</div></body><footer>${footer_div}</footer></html>`);
});
app.get("/user/:username", (req, res) => {
	header_div = config.user_page_header
	header_div = replace_format_indicators(header_div)
	posts_div = "";
	for (let post_index = posts.posts.length-1; post_index >= 0; post_index--)	{
		if (users.users[posts.posts[post_index]["userID"]]["username"] == req.params.username) {
			let post = config.user_post_format;
			posts_div += replace_format_indicators(post, post_index);
		}
	}
	res.send(`<html><head><meta charset="${config.charset}"><style>${config.css}</style></head><body><div id="header">${header_div}</div><div id="posts">${posts_div}</div></body><footer>${footer_div}</footer></html>`);
});
app.get("/post/:post_index", (req, res) => {
	post_div = "";
	let post = config.post_page_format;
	post_div += replace_format_indicators(post, req.params.post_index);
	res.send(`<html><head><meta charset="${config.charset}"><style>${config.css}</style></head><body><div id="posts">${post_div}</div></body><footer>${footer_div}</footer></html>`);
});
app.get("/tag/:tag", (req,res) => {
	const tag = req.params.tag
	let header_div = config.tag_page_header
	header_div = replace_format_indicators(header_div,0,tag)
	let page_content = ""
	for (let i = posts.posts.length-1; i >= 0; i--) {
		if (posts.posts[i]['tags'].includes(tag)) {
			let post = config.tag_post_format;
			page_content += replace_format_indicators(post, i);
		};
	};
	res.send(`<html><style>${config.css}</style><body><div id="header">${header_div}</div><div id="posts">${page_content}</div></body><footer>${footer_div}</footer></html>`);
});

app.get("/post", (req,res) => {
	res.send(`</html><head><meta charset="${config.charset}"><style>${config.css}</style></head><form action="/submit_post" method="POST">
	<label>Username: </label><input required name="username"><br/>
	<label>Password: </label><input type="password" required id="password" name="password"><br/>
	<label>Title: </label><input required name="title"><br/>
	<label>Content*: </label><textarea required name="content"></textarea><br/>
	<label>Tags (comma seperated): </label><input name="tags"><br/>
	<input type="submit" value="Submit"><br/>
    <small>* Markdown supported</small>
</form></html>`);
});
app.get("/edit/:post_id", (req,res) => {
	const post_id = req.params.post_id
	const post = posts.posts[post_id]
	const user = users.users[post['userID']]
	res.send(`</html><head><meta charset="${config.charset}"><style>${config.css}</style></head>
	<form action="/submit_edit" method="POST" onsubmit="sha512password()">
		<input name="userID" type="hidden" value="${post['userID']}">
		<input name="postID" type="hidden" value="${post_id}">
		<label>${user.prettyname}'s Password: </label><input type="password" required id="password" name="password"><br/>
		<label>Title: </label><input value="${post['title']}" required name="title"><br/>
		<label>Content*: </label>
		<textarea required name="content">${post['content']}</textarea><br/>
		<label>Tags (comma seperated): </label><input value="${post['tags']}" name="tags"><br/>
		<label>Delete forever (no undo): </label><input name="delete" type="checkbox"><br/>
		<input type="submit" value="Submit"><br/>
        <small>* Markdown supported</small>
	</form></html>`);
});

app.post("/submit_edit", (req,res) => {
	const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
	const postID = req.body.postID
	const userID = req.body.userID
	const title = req.body.title
	const content = req.body.content
	const tags = req.body.tags.split(',');
	const delete_bool = req.body.delete
	const unix_timestamp = getUnixTime(new Date())
	console.log(users.users[userID]['prettyname'], "is editting the post titled:", title);	

	if (users.users[userID]['hash'] == password) { // password matches
		let post = posts.posts[postID]
		post['title'] = title
		post['content'] = content
		post['tags'] = tags
		post['editdate'] = unix_timestamp
		if (typeof delete_bool != "undefined") {
			console.log("Deleting post!")
			posts.posts.splice(postID,1)
		}
		fs.writeFileSync(`${__dirname}/posts.js`, `export const posts = ${JSON.stringify(posts.posts)}`, 'utf-8');
		res.redirect(302, "/");
	}
	else {
		res.send(`Invalid Password for user`,users.users[userID]['prettyname']);
	}
});
app.post("/submit_post", (req,res) => {
	const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
	const username = escape_input(req.body.username)
	const title = escape_input(req.body.title)
	const content = escape_input(req.body.content)
	const tags = escape_input(req.body.tags).split(',');
	const unix_timestamp = getUnixTime(new Date())
	console.log(username, "is submitting a post titled:", title);	

	if (get_userID(username) == -1) {
		res.send("User does not exist")	
	}

	else if (users.users[get_userID(username)]['hash'] == password) { // Password matches
		posts.posts.push({
			"userID": get_userID(username),
			"title": title,
			"content": content,
			"pubdate": unix_timestamp,
			"editdate": unix_timestamp,
			"tags": tags,
		})
		fs.writeFileSync(`${__dirname}/posts.js`, `export const posts = ${JSON.stringify(posts.posts)}`, 'utf-8');
		res.redirect(302, "/");
	}
	else {
		res.send(`Invalid Password for user`,username);
	}
});

app.listen(config.port, () => {
	console.log(`Server is running at http://localhost:${config.port} in ${config.root_path}`);
});