From 8cc0360c577372b849d7271d669bc01006cb8f94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20M=C3=BCller?= <no@way.click>
Date: Sat, 17 Oct 2015 21:57:56 +0200
Subject: [PATCH] POST request parsing added

---
 package.json                      |  1 +
 resources/public/js/publishing.js |  3 ++-
 server.js                         | 19 +++++++++++++++++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index bce9858..4e582e4 100644
--- a/package.json
+++ b/package.json
@@ -23,6 +23,7 @@
   },
   "homepage": "https://github.com/chmllr/NoteHub",
   "dependencies": {
+    "body-parser": "^1.14.1",
     "express": "^4.13.3",
     "lru-cache": "^2.6.5",
     "marked": "^0.3.5",
diff --git a/resources/public/js/publishing.js b/resources/public/js/publishing.js
index ac2abf6..03b34b9 100644
--- a/resources/public/js/publishing.js
+++ b/resources/public/js/publishing.js
@@ -38,7 +38,8 @@ function onLoad() {
   $("publish-button").onclick = function(e) {
     if ($plain_password.value != "") $("password").value = md5($plain_password.value);
     $plain_password.value = null;
-    $("signature").value = md5($("session").value + $note.value);
+    $("signature").value = md5($("session").value + 
+      $note.value.replace(/[\n\r]/g, ""));
   }
   if (iosDetected) $note.className += " ui-border";
   else $note.focus();
diff --git a/server.js b/server.js
index 905a393..f570187 100644
--- a/server.js
+++ b/server.js
@@ -2,9 +2,13 @@ var express = require('express');
 var page = require('./src/page');
 var storage = require('./src/storage');
 var md5 = require('md5');
-var LRU = require("lru-cache");
+var LRU = require("lru-cache")
+var bodyParser = require('body-parser');
 
 var app = express();
+
+app.use(bodyParser.urlencoded({ extended: true }));
+
 var CACHE = new LRU(30);
 
 var getTimeStamp = () => {
@@ -20,7 +24,13 @@ app.get('/new', function (req, res) {
 });
 
 app.post('/note', function (req, res) {
-  console.log(req.params);
+  var body = req.body, session = body.session, note = body.note; 
+  if (session.indexOf(getTimeStamp()) != 0)
+    return sendResponse(res, 400, "Session expired");
+  var expectedSignature = md5(session + note.replace(/[\n\r]/g, "")); 
+  if (expectedSignature != body.signature)
+    return sendResponse(res, 400, "Signature mismatch");
+  sendResponse(res, 200, JSON.stringify(body));
 });
 
 app.get("/:year/:month/:day/:title", function (req, res) {
@@ -39,6 +49,11 @@ app.get(/\/([a-zA-Z0-9]*)/, function (req, res) {
   });
 });
 
+var sendResponse = (res, code, message) => {
+  res.status(code);
+  res.send(message);
+};
+
 var server = app.listen(3000, function () {
   console.log('NoteHub server listening on port %s', server.address().port);
 });