From 5a68d5d7eb5486f85565a07511b8b8e13e6f7c95 Mon Sep 17 00:00:00 2001
From: oriionn <xemilien67@gmail.com>
Date: Mon, 30 Oct 2023 22:38:11 +0100
Subject: [PATCH] fix(app.js): add validation for invalid URL and return
 appropriate error response fix(app.js): handle case when DB_JSON_PATH is not
 found and return appropriate error response fix(app.js): handle case when db
 is not found in MongoDB and return appropriate error response fix(app.js):
 add validation for custom code already existing and return appropriate error
 response fix(app.js): redirect to error page if shorten response does not
 contain shorten data feat(app.js): add support for custom_code parameter to
 allow users to specify their own short code fix(app.js): fix indentation in
 console.log statement feat(package.json): update version to 1.0.7
 feat(public/index.html): add script to display error message if present in
 URL parameters

---
 app.js            | 33 ++++++++++++++++++++++++---------
 package.json      |  2 +-
 public/index.html | 11 +++++++++++
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/app.js b/app.js
index 32266fe..6595bd3 100644
--- a/app.js
+++ b/app.js
@@ -48,19 +48,28 @@ function generateCode() {
     return Date.now().toString(16) + hex;
 }
 
-async function shorten(url, password) {
+async function shorten(url, password, custom) {
     let data = {}
+    let regex = /^(http|https):\/\/[^\s/$.?#].[^\s]*$/;
+
+    if (!regex.test(url)) return { status: 400, data: {}, message: "Error: Invalid URL" };
 
     if (isJSON) {
         if (!config.DB_JSON_PATH) {
             console.log("Error: DB_JSON_PATH not found");
-            return res.status(500).send("Error: DB_JSON_PATH not found");
+            return { status: 500, data: {}, message: "Error: DB_JSON_PATH not found" }
         } else {
             if (!fs.existsSync(config.DB_JSON_PATH)) fs.writeFileSync(config.DB_JSON_PATH, JSON.stringify({}));
         }
 
         let db = JSON.parse(fs.readFileSync(config.DB_JSON_PATH));
-        let code = generateCode();
+        let code = "";
+        if (custom) {
+            if (db[custom]) return { status: 400, data: {}, message: "Error: Code already exists" };
+            code = custom;
+        } else {
+            code = generateCode();
+        }
 
         if (password) {
             let hashPass = SHA256(password).toString();
@@ -72,16 +81,21 @@ async function shorten(url, password) {
         fs.writeFileSync(config.DB_JSON_PATH, JSON.stringify(db));
         data = { status: 200, data: { original: url, shorten: `${config.DOMAIN}/s/${code}` } };
     } else if (isMongoDB) {
-        let code = generateCode();
-
         await client.connect();
         let db = client.db(dbName);
         if (!db) {
             console.log("Error: db not found");
-            return;
+            return { status: 500, data: {}, message: "Error: DB not found." }
         }
         let collection = db.collection('links');
 
+        let code = generateCode();
+        if (custom) {
+            let filtered = await collection.find({code: custom}).toArray();
+            if (filtered.length > 0) return { status: 400, data: {}, message: "Error: Code already exists" };
+            code = custom;
+        }
+
         if (password) {
             let hashPass = SHA256(password).toString();
             await collection.insertOne({link: url, code: code, password: hashPass});
@@ -96,12 +110,13 @@ async function shorten(url, password) {
 }
 
 app.post('/api/form_shorten', multer().none(), async (req, res) => {
-    let resp = await shorten(req.body.link, req.body.password);
+    let resp = await shorten(req.body.link, req.body.password, req.body.custom_code);
+    if (!resp.data.shorten) return res.redirect(`/?error=${Base64.encode(resp.message)}`);
     res.redirect(`/generated?link=${Base64.encode(resp.data.shorten)}`);
 });
 
 app.post('/api/shorten', multer().none(), async (req, res) => {
-    res.json(await shorten(req.body.link, req.body.password));
+    res.json(await shorten(req.body.link, req.body.password, req.body.custom_code));
 });
 
 app.get("/s/:code", async (req, res) => {
@@ -288,5 +303,5 @@ app.listen(process.env.PORT || config.PORT, async () => {
     }
 
     const port = process.env.PORT || config.PORT;
-	console.log(`Quecto listening on port ${port}!`);
+	  console.log(`Quecto listening on port ${port}!`);
 });
diff --git a/package.json b/package.json
index a0ab235..d51aebe 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "quecto",
-  "version": "1.0.5g",
+  "version": "1.0.7",
   "description": "",
   "main": "index.js",
   "scripts": {
diff --git a/public/index.html b/public/index.html
index 4cb76ad..8bbb176 100644
--- a/public/index.html
+++ b/public/index.html
@@ -5,14 +5,25 @@
     <title>Quecto</title>
 
     <link rel="stylesheet" href="/public/style.css">
+    <script src="https://cdn.jsdelivr.net/npm/js-base64@3.7.5/base64.min.js"></script>
 </head>
 <body>
     <form action="/api/form_shorten" method="post">
         <div class="content">
             <input type="text" name="link" placeholder="Link" required>
             <input type="password" name="password" placeholder="Password"> <br>
+            <input type="text" name="custom_code" placeholder="Custom Short Code"> <br>
             <input type="submit" value="Shorten">
         </div>
     </form>
+
+    <script>
+        window.onload = () => {
+            const searchParams = new URLSearchParams(window.location.search);
+            const error = searchParams.get('error');
+            if (!error) return;
+            alert(Base64.decode(error));
+        }
+    </script>
 </body>
 </html>
\ No newline at end of file