From e82d9498d836ea100a186c4d87a7d0314ec1693a Mon Sep 17 00:00:00 2001
From: HampusM <hampus@hampusmat.com>
Date: Wed, 19 May 2021 15:59:12 +0200
Subject: Backend uses nodegit, gettings repos is a single function & backend
 cleaned up

---
 app.js | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

(limited to 'app.js')

diff --git a/app.js b/app.js
index 1a6f8ab..ed21334 100644
--- a/app.js
+++ b/app.js
@@ -4,6 +4,7 @@ const git = require("./api/git");
 const yaml = require('js-yaml');
 const fs = require('fs');
 const { exit } = require("process");
+const sanitization = require("./api/sanitization");
 
 let settings;
 
@@ -42,18 +43,28 @@ app.use("/api/v1", (req, res, next) =>
 
 app.use("/:repo", async (req, res, next) =>
 {
-	let repo_dirs = await git.getRepos(settings["base_dir"]);
-
-	if(repo_dirs["error"]) {
-		res.status(500).send("Internal server error!");
+	if(!sanitization.sanitizeRepoName(req.params.repo)) {
+		res.status(400).json({ "error": "Unacceptable git repository name!" });
 		return;
 	}
 
-	if(!repo_dirs["data"].includes(req.params.repo)) {
-		res.status(404).send("404: Page not found");
-		return;
-	}
-	next();
+	fs.readdir(settings["base_dir"], (err, dir_content) =>
+	{
+		if(err) {
+			res.status(404).send("404: Page not found");
+			return;
+		}
+		
+		dir_content = dir_content.filter(repo => repo.endsWith(".git"));
+
+		if(!dir_content.includes(req.params.repo + ".git")) {
+			res.status(404).send("404: Page not found");
+			return;
+		}
+		else {
+			next();
+		}
+	});
 })
 
 app.get("/:repo", (req, res) =>
@@ -72,10 +83,9 @@ app.get("/:repo/:page", (req, res, next) =>
 	res.sendFile("dist/app.html", { root: __dirname });
 });
 
-app.get("/:repo/log/:hash", (req, res, next) =>
+app.get("/:repo/log/:commit", (req, res, next) =>
 {
-	const valid_hash = /^[0-9a-f]+$/;
-	if(!valid_hash.test(req.params.hash)) {
+	if(!sanitization.sanitizeCommitID(req.params.commit)) {
 		next();
 		return;
 	}
-- 
cgit v1.2.3-18-g5258