const express = require('express');
const cookieParser = require("cookie-parser");
const path = require('path')
const sessions = require('express-session');
const nunjucks = require('nunjucks');
const parser = require('url');
const { userTable, notesTable } = require('./database');
const { visit } = require('./bot');
app.use(express.urlencoded({ extended: true }));
const oneDay = 1000 * 60 * 60 * 24;
secret: process.env.SECRET,
cookie: { maxAge: oneDay },
nunjucks.configure('views', {
app.set('views', './views');
app.use('/static', express.static(path.resolve('static')));
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', '*');
'Access-Control-Allow-Methods',
'OPTIONS, GET, POST, PUT, PATCH, DELETE'
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
app.get('/', (req, res) => {
if(req.session.loggedIn){
const query = "SELECT notes from notes where username = ?";
const param = [req.session.username];
notesTable.all(query, param, (err, rows) => {
if(err) console.log(err);
for(let i = 0; i < rows.length; i++){
result.push(rows[i].notes);
return res.render('home.html', { username: req.session.username, notes: result });
return res.redirect('/login')
app.get('/login', (req, res) => {
return res.render('login.html');
app.get('/register', (req, res) => {
return res.render('register.html')
app.post('/register', (req, res) => {
const { username } = req.body;
const { password } = req.body;
const query = "SELECT username from user where username = ?";
const param = [username];
userTable.all(query, param, (err, rows) => {
if(err) console.log(err);
msg = "username already exists";
return res.render('register.html', { msg: msg });
msg = "User have been created";
const query2 = "INSERT INTO user(username, password) VALUES (?,?)";
const param = [username, password]
userTable.run(query2, param);
return res.render('register.html', { msg: msg });
app.post('/login', (req, res) => {
const { username } = req.body;
const { password } = req.body;
const query = "SELECT username, password from user where username = ? and password = ?";
const param = [username, password];
if(username && password){
userTable.all(query, param, (err, rows) => {
req.session.loggedIn = true;
req.session.username = username;
return res.redirect('/');
msg = "username or password is incorrect";
return res.render('login.html', { msg: msg });
app.post("/note", (req, res) => {
if(req.session.loggedIn){
const { note } = req.body;
const query = "INSERT INTO notes(username, notes) VALUES (?,?)";
const param = [req.session.username, note];
notesTable.run(query, param, () => {
return res.redirect('/');
return res.redirect('/login');
app.get('/report', (req, res) => {
if(req.session.loggedIn){
return res.render('report.html');
if(req.ip.includes('127.0.0.1')){
return res.render('report.html');
return res.redirect('/login');
app.post('/admin/review', async (req, res) => {
const { url } = req.body;
regex = /https?:\/\/(www\.)?[[email protected]:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/\/=]*)/ if(decodeURIComponent(url).match(regex)){
const parse_url = parser.parse(url);
if(parse_url.host.split(':')[0] == "127.0.0.1"){
await visit(url).then(res => {
return res.json({msg: "We sent your report to the admin"});
return res.json({msg: "Invalid url"});
res.json({msg: "please submit a url"});
app.get('/admin/note', (req, res) => {
if(!req.ip.includes('127.0.0.1')) return res.redirect('/');
return res.json({flag: process.env.FLAG});
app.get('/logout', (req, res) => {
console.log("Listening on port 1337")