X-Git-Url: http://git.osdn.jp/view?a=blobdiff_plain;f=profile.js;h=5cdc399097b237e6fb99d5973a18e7967c83ebc5;hb=6c6339c91ef5bbc9f39384b3027930c9183fe225;hp=346bf5f9f73147f1a94453a3f0b4d10a4484fdb1;hpb=91c91fd810e358d389d0de34081ba9ff59a14894;p=webchat%2FWebChat.git

diff --git a/profile.js b/profile.js
index 346bf5f..5cdc399 100644
--- a/profile.js
+++ b/profile.js
@@ -31,7 +31,8 @@ function admin_proc(req, res)
 		if(err != null)
 			RenderMessage(res,err,info);
 		else{
-			result.token = info.token;
+			result.token = req.session._csrf;
+			res.setHeader("X-FRAME-OPTIONS","DENY");
 			res.render("profile/admin",result);
 		}
 	});
@@ -39,10 +40,6 @@ function admin_proc(req, res)
 
 function admin_postproc(req,res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,resource.invaild_parameter,req.session.items);
-		return;
-	}
 	async.waterfall([
 		function(cb){
 			if(typeof(req.body.removeall) != "undefined")
@@ -130,17 +127,14 @@ function detail_proc(req, res)
 		else if(result.length == 0)
 			RenderMessage(res,resource.notfound_name,req.session.items);
 		else{
-			res.render("profile/detail",{list:result,token:req.session.items.token,admin:req.session.items.admin});
+			res.setHeader("X-FRAME-OPTIONS","DENY");
+			res.render("profile/detail",{list:result,alias:config.alias,token:req.session._csrf,admin:req.session.items.admin});
 		}
 	});
 }
 
 function detail_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,resource.invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.remove) != "undefined"){
 		async.waterfall([
 			function(cb){
@@ -181,7 +175,8 @@ function detail_postproc(req, res)
 			if(err != null){
 				RenderMessage(res,err,req.session.items);
 			}else if(result != null){
-				res.render("profile/edit",{list:result,token:req.body.token});
+				res.setHeader("X-FRAME-OPTIONS","DENY");
+				res.render("profile/edit",{list:result,token:req.session._csrf,alias:config.alias});
 			}else{
 				RenderMessage(res,resource.unmatch_password,req.session.items);
 			}
@@ -193,19 +188,21 @@ function detail_postproc(req, res)
 
 function edit_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,resource.invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.name) == "undefined")
 	{
 		RenderMessage(res,resource.invaild_parameter,req.session.items);
 		return;
 	}else if(typeof(req.body.edit) != "undefined"){
+		var validator = new Validator();
+		if(validator.Validate(req.body,config.alias))
+		{
+			RenderMessage(res,validator.Message,req.session.items);
+			return;
+		}
 		async.waterfall([
 			function(cb){
 				collection.UpdatAsync(req.body.name,req.body,cb);
-			}
+			},
 		],function(err,result){
 			if(err != null)
 				RenderMessage(res,err,req.session.items);
@@ -219,11 +216,13 @@ function edit_postproc(req, res)
 
 function registor_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,resource.invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.registor) != "undefined"){
+		var validator = new Validator();
+		if(validator.Validate(req.body,config.alias))
+		{
+			RenderMessage(res,validator.Message,req.session.items);
+			return;
+		}
 		async.waterfall([
 			function(cb){
 				collection.AddAsync(req.body,cb);
@@ -244,13 +243,16 @@ function registor_proc(req, res)
 	if(typeof(req.session.items) == "undefined")
 		req.session.items = new security.SessionInfomation(false);
 
-	res.render("profile/registor",{token:req.session.items.token});
+	res.setHeader("X-FRAME-OPTIONS","DENY");
+	res.render("profile/registor",{token:req.session._csrf,alias:config.alias});
 }
 
 function RenderMessage(res,msg,info)
 {
-	if(typeof(info) == "undefined")
-		res.render("profile/message",{message:msg});
+	if(typeof(msg) == "string")
+		msg = new Array(msg);
+	if(typeof(info) == "undefined" || typeof(info.admin) == "undefined")
+		res.render("profile/message",{message:msg,admin:false});
 	else
 		res.render("profile/message",{message:msg,admin:info.admin});
 }
@@ -261,6 +263,7 @@ function RenderMessage(res,msg,info)
 function ProfileCollection()
 {
 	var MySQLPool = new require("./mysql_pool.js");
+	var murmurhash = require("murmurhash");
 	var pool = new MySQLPool({
 				host     : config.db_host,
 				user     : config.db_user,
@@ -271,10 +274,10 @@ function ProfileCollection()
 	this.AuthAsync = function(name,password,cb){
 		async.waterfall([
 			function(next){
-				pool.query("SELECT * FROM list WHERE name = ?",[name],next);
+				pool.query("SELECT password FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],next);
 			},
 			function(result,next){
-				if(result[0].password == password)
+				if(result[0].password == md5_hex(password))
 					next(null,true);
 				else
 					next(null,false);
@@ -282,50 +285,131 @@ function ProfileCollection()
 		],cb);
 	}
 	this.GetAsync = function(name,cb){
-		pool.query("SELECT * FROM list WHERE name = ?",[name],cb);
+		pool.query("SELECT * FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
 	}
 	this.AddAsync = function(data,cb){
-		var item = {
-			name:data.name,
-			age:data.age,
-			gender:data.gender,
-			height:data.height,
-			weight:data.weight,
-			race:data.race,
-			password:data.password,
-			lastmodified:new Date(),
-			etc:data.etc
-		};
-		pool.query("INSERT INTO list SET ?",[item],cb);
+		var item = GetItem(data);;
+		pool.query("INSERT INTO profilelist SET ?",[item],cb);
 	}
 	this.UpdatAsync = function(name,data,cb){
-		var item = {
-			name:data.name,
-			age:data.age,
-			gender:data.gender,
-			height:data.height,
-			weight:data.weight,
-			race:data.race,
-			password:data.password,
-			lastmodified:new Date(),
-			etc:data.etc
-		};
-		pool.query("UPDATE list SET ? WHERE name = ?",[item,name],cb);
+		var item = GetItem(data);
+		pool.query("UPDATE profilelist SET ? WHERE name = ?",[item,name],cb);
 	}
 	this.ClearAsync = function(cb){
-		pool.query("TRUNCATE TABLE list",null,cb);
+		pool.query("TRUNCATE TABLE profilelist",null,cb);
 	}
 	this.RemoveRangeAsync = function(names,cb){
-		pool.query("DELETE FROM list WHERE name IN (?)",[names],cb);
+		pool.query("DELETE FROM profilelist WHERE name IN (?)",[names],cb);
 	}
 	this.RemoveAsync = function(name,cb){
-		pool.query("DELETE FROM list WHERE name = ?",[name],cb);
+		pool.query("DELETE FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
 	}
 	this.FindByNameAsync = function(pattern,start,count,cb){
-		pool.query("SELECT * FROM list WHERE name LIKE ? LIMIT ?,?",[pattern+"%",start,count],cb);
+		pool.query("SELECT * FROM profilelist WHERE name LIKE ? LIMIT ?,?",[pattern+"%",start,count],cb);
 	}
 	this.ToArrayAsync = function(start,count,cb){
-		pool.query("SELECT * FROM list LIMIT ?,?",[start,count],cb);
+		pool.query("SELECT name,lastmodified FROM profilelist LIMIT ?,?",[start,count],cb);
+	}
+
+	var crypto = require("crypto");
+	function md5_hex(src)
+	{
+		var md5 = crypto.createHash('md5');
+		md5.update(src, 'utf8');
+	return md5.digest('hex');
+	}
+
+	function GetItem(data,newpw)
+	{
+		var item = {
+			name_hash:murmurhash.v3(data.name),
+			lastmodified:new Date(),
+		};
+		for(var key in config.alias)
+		{
+			if(typeof(config.alias[key].nodefinetable) != "undefined" && 
+				config.alias[key].nodefinetable)
+				continue;
+			if(config.alias[key].visible_edit)
+			{
+				if(config.alias[key].type == "password")
+					item[key] = md5_hex(data[key]);
+				else if(data[key] == "" && typeof(config.alias[key].defaultvalue) != "undefined")
+					item[key] = config.alias[key].defaultvalue;
+				else
+					item[key] = data[key];
+			}
+		}
+		return item;
 	}
 }
 
+//
+// Validatorã¯ã©ã¹
+//
+function Validator()
+{
+	//
+	// ããªãã¼ã·ã§ã³ãè¡ãã
+	// ã¨ã©ã¼ããã£ãå ´åã¯çãããã§ãªãå ´åã¯å½ãè¿ã
+	//
+	// @body ããªãã¼ã·ã§ã³ã®å¯¾è±¡ã¨ãªãé£æ³éå
+	// @alias ããªãã¼ã·ã§ã³ãè¡ãè¦ç´ ã®ãªã¹ã
+	this.Validate = function(body,alias){
+		var result = false;
+		this.Message = new Array();
+		for(var key in alias)
+		{
+			if(alias[key].visible_edit == false)
+				continue;
+			var message;
+			if(typeof(alias[key].isnotempty) != "undefined" &&
+				alias[key].isnotempty && body[key] == "")
+					message = resource.is_not_empty;
+			else if(typeof(alias[key].mustmatchitem) != "undefined" &&
+				body[key] != body[alias[key].mustmatchitem])
+					message = util.format(resource.must_match_item,alias[alias[key].mustmatchitem].name); 
+			else
+				message = IsValidate(body[key],alias[key].type,alias[key].rule);
+			if(message != null)
+			{
+				this.Message.push(alias[key].name + "ï¼" + message);
+				result = true;
+			}
+		}
+		return result;
+	}
+	// ããªãã¼ã·ã§ã³æã«ã¨ã©ã¼ããã£ãå ´åãã¡ãã»ã¼ã¸ãè¨é²ããã
+	this.Message = "";
+	function IsValidate(data,type,rule){
+		if(typeof(data) == "undefined")
+			throw "data is undefined";
+		if(typeof(type) == "undefined")
+			throw "type is undefined";
+
+		var result = null;
+
+		switch(type)
+		{
+			case "text":
+			case "textarea":
+			case "password":
+				if(typeof(data) != "string")
+					result = resource.is_not_string;
+				break;
+			case "number":
+				if(data.match(/[^0-9]/g))
+					result = resource.is_not_number;
+				break;
+			case "mail":
+				if(data != "" && !data.match(/^[A-Za-z0-9]+[\w\-\+]+@[\w\.-]+\.\w{2,}$/))
+					result = resource.is_not_mail;
+				break;
+		}
+
+		if(typeof(rule) == "function")
+			result = rule(data,type);
+
+		return result;
+	}
+}