X-Git-Url: http://git.osdn.jp/view?a=blobdiff_plain;f=profile.js;h=5cdc399097b237e6fb99d5973a18e7967c83ebc5;hb=6c6339c91ef5bbc9f39384b3027930c9183fe225;hp=8fef58b581f409a683cc10f41f2578e40e8fa221;hpb=243495769eea50d1496b077f1185e86f9e6824e6;p=webchat%2FWebChat.git

diff --git a/profile.js b/profile.js
index 8fef58b..5cdc399 100644
--- a/profile.js
+++ b/profile.js
@@ -1,14 +1,5 @@
-ï»¿$db_user = "user";
-$db_password = "user";
-$db_limit = 50;
-
-$unmatch_password = "ãã¹ã¯ã¼ããä¸è´ãã¾ãã";
-$invaild_parameter = "ãã©ã¡ã¼ã¿ã¼ãæ­£ããããã¾ãã";
-$success_registor = "ç»é²ã«æåãã¾ãã";
-$success_remove = "åé¤ã«æåãã¾ãã";
-$success_edit = "ç·¨éã«æåãã¾ãã";
-$notfound_name = "è©²å½åãå­å¨ãã¾ãã";
-
+ï»¿var config = require("./configure.js");
+var resource = require("./resources.js");
 var util = require("util");
 var async = require("async");
 var security = require("./security.js");
@@ -40,18 +31,15 @@ function admin_proc(req, res)
 		if(err != null)
 			RenderMessage(res,err,info);
 		else{
-			result.token = info.token;
-			res.render("profile\\admin",result);
+			result.token = req.session._csrf;
+			res.setHeader("X-FRAME-OPTIONS","DENY");
+			res.render("profile/admin",result);
 		}
 	});
 }
 
 function admin_postproc(req,res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,$invaild_parameter,req.session.items);
-		return;
-	}
 	async.waterfall([
 		function(cb){
 			if(typeof(req.body.removeall) != "undefined")
@@ -63,7 +51,7 @@ function admin_postproc(req,res)
 		if(err != null)
 			RenderMessage(res,err,req.session.items);
 		else
-			RenderMessage(res,$success_remove,req.session.items);
+			RenderMessage(res,resource.success_remove,req.session.items);
 	});
 }
 
@@ -79,13 +67,13 @@ function list_proc(req, res)
 		if(err != null)
 			RenderMessage(res,err,req.session.items);
 		else
-			res.render("profile\\list",result);
+			res.render("profile/list",result);
 	});
 }
 
 function PrepaerListAsync(req,callback)
 {
-	var limit = $db_limit;
+	var limit = config.db_limit;
 	var start = 0;
 	var parttern = "";
 	if(typeof(req.query.start) != "undefined")
@@ -105,7 +93,7 @@ function PrepaerListAsync(req,callback)
 		}
 	],function(err,result){
 		if(err != null){
-			cb(err,null);
+			callback(err,null);
 		}else{
 			var next = start + limit;
 			var prev = start - limit;
@@ -122,7 +110,7 @@ function detail_proc(req, res)
 {
 	if(typeof(req.query.name) == "undefined")
 	{
-		RenderMessage(res,$invaild_parameter,req.session.items);
+		RenderMessage(res,resource.invaild_parameter,req.session.items);
 		return;
 	}
 
@@ -137,23 +125,23 @@ function detail_proc(req, res)
 		if(err != null)
 			RenderMessage(res,err,req.session.items);
 		else if(result.length == 0)
-			RenderMessage(res,$notfound_name,req.session.items);
+			RenderMessage(res,resource.notfound_name,req.session.items);
 		else{
-			res.render("profile\\detail",{list:result,token:req.session.items.token});
+			res.setHeader("X-FRAME-OPTIONS","DENY");
+			res.render("profile/detail",{list:result,alias:config.alias,token:req.session._csrf,admin:req.session.items.admin});
 		}
 	});
 }
 
 function detail_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,$invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.remove) != "undefined"){
 		async.waterfall([
 			function(cb){
-				collection.AuthAsync(req.body.name,req.body.password,cb);
+				if(typeof(req.session.items) != "undefined" && req.session.items.admin)
+					cb(null,true);
+				else
+					collection.AuthAsync(req.body.name,req.body.password,cb);
 			},
 			function(result,cb){
 				if(result)
@@ -165,14 +153,17 @@ function detail_postproc(req, res)
 			if(err != null)
 				RenderMessage(res,err,req.session.items);
 			else if(result == null)
-				RenderMessage(res,$unmatch_password,req.session.items);
+				RenderMessage(res,resource.unmatch_password,req.session.items);
 			else
-				RenderMessage(res,$success_remove,req.session.items);
+				RenderMessage(res,resource.success_remove,req.session.items);
 		});
 	}else if(typeof(req.body.edit) != "undefined"){
 		async.waterfall([
 			function(cb){
-				collection.AuthAsync(req.body.name,req.body.password,cb);
+				if(typeof(req.session.items) != "undefined" && req.session.items.admin)
+					cb(null,true);
+				else
+					collection.AuthAsync(req.body.name,req.body.password,cb);
 			},
 			function(result,cb){
 				if(result)
@@ -184,49 +175,54 @@ function detail_postproc(req, res)
 			if(err != null){
 				RenderMessage(res,err,req.session.items);
 			}else if(result != null){
-				res.render("profile\\edit",{list:result,token:req.body.token});
+				res.setHeader("X-FRAME-OPTIONS","DENY");
+				res.render("profile/edit",{list:result,token:req.session._csrf,alias:config.alias});
 			}else{
-				RenderMessage(res,$unmatch_password,req.session.items);
+				RenderMessage(res,resource.unmatch_password,req.session.items);
 			}
 		});
 	}else{
-		RenderMessage(res,$invaild_parameter,req.session.items);
+		RenderMessage(res,resource.invaild_parameter,req.session.items);
 	}
 }
 
 function edit_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,$invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.name) == "undefined")
 	{
-		RenderMessage(res,$invaild_parameter,req.session.items);
+		RenderMessage(res,resource.invaild_parameter,req.session.items);
 		return;
 	}else if(typeof(req.body.edit) != "undefined"){
+		var validator = new Validator();
+		if(validator.Validate(req.body,config.alias))
+		{
+			RenderMessage(res,validator.Message,req.session.items);
+			return;
+		}
 		async.waterfall([
 			function(cb){
 				collection.UpdatAsync(req.body.name,req.body,cb);
-			}
+			},
 		],function(err,result){
 			if(err != null)
 				RenderMessage(res,err,req.session.items);
 			else
-				RenderMessage(res,$success_edit,req.session.items);
+				RenderMessage(res,resource.success_edit,req.session.items);
 		});
 	}else{
-		RenderMessage(res,$invaild_parameter,req.session.items);
+		RenderMessage(res,resource.invaild_parameter,req.session.items);
 	}
 }
 
 function registor_postproc(req, res)
 {
-	if(req.session.items.token != req.body.token){
-		RenderMessage(res,$invaild_parameter,req.session.items);
-		return;
-	}
 	if(typeof(req.body.registor) != "undefined"){
+		var validator = new Validator();
+		if(validator.Validate(req.body,config.alias))
+		{
+			RenderMessage(res,validator.Message,req.session.items);
+			return;
+		}
 		async.waterfall([
 			function(cb){
 				collection.AddAsync(req.body,cb);
@@ -235,10 +231,10 @@ function registor_postproc(req, res)
 			if(err != null)
 				RenderMessage(res,err,req.session.items);
 			else
-				RenderMessage(res,$success_registor,req.session.items);
+				RenderMessage(res,resource.success_registor,req.session.items);
 		});
 	}else{
-		RenderMessage($invaild_parameter,req.session.items);
+		RenderMessage(resource.invaild_parameter,req.session.items);
 	}
 }
 
@@ -247,15 +243,18 @@ function registor_proc(req, res)
 	if(typeof(req.session.items) == "undefined")
 		req.session.items = new security.SessionInfomation(false);
 
-	res.render("profile\\registor",{token:req.session.items.token});
+	res.setHeader("X-FRAME-OPTIONS","DENY");
+	res.render("profile/registor",{token:req.session._csrf,alias:config.alias});
 }
 
 function RenderMessage(res,msg,info)
 {
-	if(typeof(info) == "undefined")
-		res.render("profile\\message",{message:msg});
+	if(typeof(msg) == "string")
+		msg = new Array(msg);
+	if(typeof(info) == "undefined" || typeof(info.admin) == "undefined")
+		res.render("profile/message",{message:msg,admin:false});
 	else
-		res.render("profile\\message",{message:msg,admin:info.admin});
+		res.render("profile/message",{message:msg,admin:info.admin});
 }
 
 //
@@ -264,19 +263,21 @@ function RenderMessage(res,msg,info)
 function ProfileCollection()
 {
 	var MySQLPool = new require("./mysql_pool.js");
+	var murmurhash = require("murmurhash");
 	var pool = new MySQLPool({
-				host     : "localhost",
-				user     : $db_user,
-				password : $db_password,
-				database : "profile",
+				host     : config.db_host,
+				user     : config.db_user,
+				password : config.db_password,
+				port     : config.db_port,
+				database : "webchat",
 			});
 	this.AuthAsync = function(name,password,cb){
 		async.waterfall([
 			function(next){
-				pool.query("SELECT * FROM list WHERE name = ?",[name],next);
+				pool.query("SELECT password FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],next);
 			},
 			function(result,next){
-				if(result[0].password == password)
+				if(result[0].password == md5_hex(password))
 					next(null,true);
 				else
 					next(null,false);
@@ -284,50 +285,131 @@ function ProfileCollection()
 		],cb);
 	}
 	this.GetAsync = function(name,cb){
-		pool.query("SELECT * FROM list WHERE name = ?",[name],cb);
+		pool.query("SELECT * FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
 	}
 	this.AddAsync = function(data,cb){
-		var item = {
-			name:data.name,
-			age:data.age,
-			gender:data.gender,
-			height:data.height,
-			weight:data.weight,
-			race:data.race,
-			password:data.password,
-			lastmodified:new Date(),
-			etc:data.etc
-		};
-		pool.query("INSERT INTO list SET ?",[item],cb);
+		var item = GetItem(data);;
+		pool.query("INSERT INTO profilelist SET ?",[item],cb);
 	}
 	this.UpdatAsync = function(name,data,cb){
-		var item = {
-			name:data.name,
-			age:data.age,
-			gender:data.gender,
-			height:data.height,
-			weight:data.weight,
-			race:data.race,
-			password:data.password,
-			lastmodified:new Date(),
-			etc:data.etc
-		};
-		pool.query("UPDATE list SET ? WHERE name = ?",[item,name],cb);
+		var item = GetItem(data);
+		pool.query("UPDATE profilelist SET ? WHERE name = ?",[item,name],cb);
 	}
 	this.ClearAsync = function(cb){
-		pool.query("TRUNCATE TABLE list",null,cb);
+		pool.query("TRUNCATE TABLE profilelist",null,cb);
 	}
 	this.RemoveRangeAsync = function(names,cb){
-		pool.query("DELETE FROM list WHERE name IN (?)",[names],cb);
+		pool.query("DELETE FROM profilelist WHERE name IN (?)",[names],cb);
 	}
 	this.RemoveAsync = function(name,cb){
-		pool.query("DELETE FROM list WHERE name = ?",[name],cb);
+		pool.query("DELETE FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
 	}
 	this.FindByNameAsync = function(pattern,start,count,cb){
-		pool.query("SELECT * FROM list WHERE name LIKE ? LIMIT ?,?",[pattern+"%",start,count],cb);
+		pool.query("SELECT * FROM profilelist WHERE name LIKE ? LIMIT ?,?",[pattern+"%",start,count],cb);
 	}
 	this.ToArrayAsync = function(start,count,cb){
-		pool.query("SELECT * FROM list LIMIT ?,?",[start,count],cb);
+		pool.query("SELECT name,lastmodified FROM profilelist LIMIT ?,?",[start,count],cb);
+	}
+
+	var crypto = require("crypto");
+	function md5_hex(src)
+	{
+		var md5 = crypto.createHash('md5');
+		md5.update(src, 'utf8');
+	return md5.digest('hex');
+	}
+
+	function GetItem(data,newpw)
+	{
+		var item = {
+			name_hash:murmurhash.v3(data.name),
+			lastmodified:new Date(),
+		};
+		for(var key in config.alias)
+		{
+			if(typeof(config.alias[key].nodefinetable) != "undefined" && 
+				config.alias[key].nodefinetable)
+				continue;
+			if(config.alias[key].visible_edit)
+			{
+				if(config.alias[key].type == "password")
+					item[key] = md5_hex(data[key]);
+				else if(data[key] == "" && typeof(config.alias[key].defaultvalue) != "undefined")
+					item[key] = config.alias[key].defaultvalue;
+				else
+					item[key] = data[key];
+			}
+		}
+		return item;
 	}
 }
 
+//
+// Validatorã¯ã©ã¹
+//
+function Validator()
+{
+	//
+	// ããªãã¼ã·ã§ã³ãè¡ãã
+	// ã¨ã©ã¼ããã£ãå ´åã¯çãããã§ãªãå ´åã¯å½ãè¿ã
+	//
+	// @body ããªãã¼ã·ã§ã³ã®å¯¾è±¡ã¨ãªãé£æ³éå
+	// @alias ããªãã¼ã·ã§ã³ãè¡ãè¦ç´ ã®ãªã¹ã
+	this.Validate = function(body,alias){
+		var result = false;
+		this.Message = new Array();
+		for(var key in alias)
+		{
+			if(alias[key].visible_edit == false)
+				continue;
+			var message;
+			if(typeof(alias[key].isnotempty) != "undefined" &&
+				alias[key].isnotempty && body[key] == "")
+					message = resource.is_not_empty;
+			else if(typeof(alias[key].mustmatchitem) != "undefined" &&
+				body[key] != body[alias[key].mustmatchitem])
+					message = util.format(resource.must_match_item,alias[alias[key].mustmatchitem].name); 
+			else
+				message = IsValidate(body[key],alias[key].type,alias[key].rule);
+			if(message != null)
+			{
+				this.Message.push(alias[key].name + "ï¼" + message);
+				result = true;
+			}
+		}
+		return result;
+	}
+	// ããªãã¼ã·ã§ã³æã«ã¨ã©ã¼ããã£ãå ´åãã¡ãã»ã¼ã¸ãè¨é²ããã
+	this.Message = "";
+	function IsValidate(data,type,rule){
+		if(typeof(data) == "undefined")
+			throw "data is undefined";
+		if(typeof(type) == "undefined")
+			throw "type is undefined";
+
+		var result = null;
+
+		switch(type)
+		{
+			case "text":
+			case "textarea":
+			case "password":
+				if(typeof(data) != "string")
+					result = resource.is_not_string;
+				break;
+			case "number":
+				if(data.match(/[^0-9]/g))
+					result = resource.is_not_number;
+				break;
+			case "mail":
+				if(data != "" && !data.match(/^[A-Za-z0-9]+[\w\-\+]+@[\w\.-]+\.\w{2,}$/))
+					result = resource.is_not_mail;
+				break;
+		}
+
+		if(typeof(rule) == "function")
+			result = rule(data,type);
+
+		return result;
+	}
+}