Merge issue-br0xen#13 into dev. Finish issue br0xen#13

backwardn · May 31, 2018 · 741f114 · 741f114
2 parents e302e2a + 7ba071f
commit 741f114
Show file tree

Hide file tree

Showing 43 changed files with 1,371 additions and 2,717 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 pkg
 .vscode
-*.bat
+*.bat
+jsconfig.json
diff --git a/README.md b/README.md
@@ -33,8 +33,28 @@ Flag | Default | Description
 ---- | ------ | -------
 `-port` | `:500` | port of the website
 `-offset` | `100` | number of records on single page
-`-debug` | `false` | switch mode
+`-debug` | `false` | mode of debugging
 `-checkVer` | `true` | should program check a new version
+`-writeMode` | `true` | can program edit databases
+
+### Security
+
+For preventing of js-injection program changes some symbols
+
+Old symbol | New symbol
+---------- | ----------
+`<` | `❮`
+`>` | `❯`
+`"` | `＂`
+`'` | `ߴ`
+
+Scheme of work:
+
+1. User sends a request
+1. Program changes all new symbols to old (backend)
+1. Program get info from a db
+1. Program sends a response
+1. Program changes all old symbols to new (frontend – function `SafeParse()`)
 
 ## Additional info
 

diff --git a/src/db/buckets.go b/src/db/buckets.go
@@ -18,6 +18,7 @@ func (db *BoltAPI) GetRoot() (data Data, err error) {
 	data.PrevRecords = false
 	data.NextRecords = (db.recordsAmount > maxOffset)
 	data.Path = "/"
+	data.RecordsAmount = db.recordsAmount
 
 	return data, err
 }
@@ -40,6 +41,7 @@ func (db *BoltAPI) GetCurrent() (data Data, err error) {
 	data.PrevRecords = (db.pages.top() > 1)
 	data.NextRecords = (db.recordsAmount > maxOffset*db.pages.top())
 	data.Path = "/" + strings.Join(db.currentBucket, "/")
+	data.RecordsAmount = db.recordsAmount
 
 	return data, err
 }
@@ -66,6 +68,7 @@ func (db *BoltAPI) Back() (data Data, err error) {
 	data.PrevRecords = (db.pages.top() > 1)
 	data.NextRecords = (db.recordsAmount > maxOffset*db.pages.top())
 	data.Path = "/" + strings.Join(db.currentBucket, "/")
+	data.RecordsAmount = db.recordsAmount
 
 	return data, err
 }
@@ -88,7 +91,8 @@ func (db *BoltAPI) Next(name string) (data Data, err error) {
 	data.PrevRecords = false
 	data.NextRecords = (db.recordsAmount > maxOffset)
 	data.Path = "/" + strings.Join(db.currentBucket, "/")
-
+	data.RecordsAmount = db.recordsAmount
+
 	return data, err
 }
 
@@ -103,4 +107,4 @@ func (db *BoltAPI) getCurrentBucket(tx *bolt.Tx) (b *bolt.Bucket) {
 	}
 
 	return b
-}
+}
diff --git a/src/db/buckets_test.go b/src/db/buckets_test.go
@@ -23,6 +23,8 @@ import (
 // 				| "name" - "TestUser"
 
 func TestGetRoot(t *testing.T) {
+	SetOffset(100)
+
 	tests := []struct {
 		offset int
 		answer []Record
@@ -52,6 +54,8 @@ func TestGetRoot(t *testing.T) {
 }
 
 func TestNext(t *testing.T) {
+	SetOffset(100)
+
 	type T struct {
 		next   string
 		answer []Record
@@ -100,6 +104,8 @@ func TestNext(t *testing.T) {
 }
 
 func TestBack(t *testing.T) {
+	SetOffset(100)
+
 	tests := []struct {
 		offset int
 		next   []string
@@ -147,6 +153,8 @@ func TestBack(t *testing.T) {
 }
 
 func TestGetCurrent(t *testing.T) {
+	SetOffset(100)
+
 	tests := []struct {
 		offset int
 		next   []string

diff --git a/src/db/db.go b/src/db/db.go
@@ -5,6 +5,8 @@ import (
 	"path/filepath"
 
 	"github.com/boltdb/bolt"
+
+	"params"
 )
 
 const (
@@ -40,11 +42,12 @@ type Record struct {
 
 // Data serves for returning
 type Data struct {
-	Records     []Record
-	PrevBucket  bool
-	PrevRecords bool
-	NextRecords bool
-	Path        string
+	Records       []Record
+	PrevBucket    bool
+	PrevRecords   bool
+	NextRecords   bool
+	RecordsAmount int
+	Path          string
 }
 
 // SetOffset change value of maxOffset (default – 100)
@@ -60,7 +63,15 @@ func Open(path string) (*BoltAPI, error) {
 		return nil, err
 	}
 
-	db.db, err = bolt.Open(path, 0600, nil)
+	var options *bolt.Options
+	// Check is ReadOnly mode
+	if !params.IsWriteMode {
+		options = &bolt.Options{ReadOnly: true}
+	} else {
+		options = nil
+	}
+
+	db.db, err = bolt.Open(path, 0600, options)
 	if err != nil {
 		return nil, err
 	}
@@ -80,4 +91,4 @@ func Open(path string) (*BoltAPI, error) {
 // Close closes db
 func (db *BoltAPI) Close() error {
 	return db.db.Close()
-}
+}
diff --git a/src/db/db_test.go b/src/db/db_test.go
@@ -1,6 +1,7 @@
 package db_test
 
 import (
+	"errors"
 	"testing"
 
 	. "db"
@@ -47,6 +48,14 @@ func rcrd(key, value string) Record {
 	return Record{T: RecordTemplate, Key: key, Value: value}
 }
 
+func newErr(err string) error {
+	if err == "" {
+		return nil
+	} else {
+		return errors.New(err)
+	}
+}
+
 func TestOpen(t *testing.T) {
 	// Try to open correct db
 	testDB, err := Open("testdata/test.db")

diff --git a/src/db/editing.go b/src/db/editing.go
@@ -0,0 +1,137 @@
+package db
+
+import (
+	"errors"
+
+	"github.com/boltdb/bolt"
+)
+
+func (db *BoltAPI) AddBucket(bucketName string) (err error) {
+	err = db.db.Update(func(tx *bolt.Tx) error {
+		var err error
+
+		b := db.getCurrentBucket(tx)
+		if b.Bucket([]byte(bucketName)) != nil {
+			// Bucket already exists
+			err = errors.New("bucket already exist")
+		} else if b.Get([]byte(bucketName)) != nil {
+			// There's a record with same key
+			err = errors.New("\"" + bucketName + "\" is a record")
+		} else {
+			_, err = b.CreateBucket([]byte(bucketName))
+		}
+
+		return err
+	})
+
+	if err == nil {
+		db.recordsAmount++
+	}
+
+	return err
+}
+
+func (db *BoltAPI) DeleteBucket(key string) (err error) {
+	err = db.db.Update(func(tx *bolt.Tx) error {
+		var err error
+
+		b := db.getCurrentBucket(tx)
+
+		if b.Bucket([]byte(key)) != nil {
+			// Bucket can be deleted
+			err = b.DeleteBucket([]byte(key))
+		} else if b.Get([]byte(key)) != nil {
+			// It is a record
+			err = errors.New("\"" + key + "\" is a record")
+		}
+
+		return err
+	})
+
+	if err == nil {
+		db.recordsAmount--
+	}
+
+	return err
+}
+
+func (db *BoltAPI) AddRecord(key, value string) (err error) {
+	err = db.db.Update(func(tx *bolt.Tx) error {
+		var err error
+
+		b := db.getCurrentBucket(tx)
+		if b.Bucket([]byte(key)) != nil {
+			// If it is bucket
+			err = errors.New("\"" + key + "\" is a bucket")
+		} else if b.Get([]byte(key)) == nil {
+			// If record doesn't exist
+			err = b.Put([]byte(key), []byte(value))
+		} else {
+			// If record exist
+			err = errors.New("\"" + key + "\" already exists")
+		}
+
+		return err
+	})
+
+	if err == nil {
+		db.recordsAmount++
+	}
+
+	return err
+}
+
+func (db *BoltAPI) DeleteRecord(key string) (err error) {
+	err = db.db.Update(func(tx *bolt.Tx) error {
+		var err error
+
+		b := db.getCurrentBucket(tx)
+		if b.Get([]byte(key)) != nil {
+			// If record exists
+			b.Delete([]byte(key))
+		} else if b.Bucket([]byte(key)) != nil {
+			// If it is bucket
+			err = errors.New("\"" + key + "\" is a bucket")
+		} else {
+			// If record doesn't exist
+			err = errors.New("\"" + key + "\" doesn't exist")
+		}
+
+		return err
+	})
+
+	if err == nil {
+		db.recordsAmount--
+	}
+
+	return err
+}
+
+func (db *BoltAPI) EditRecord(oldKey, newKey, newValue string) error {
+	return db.db.Update(func(tx *bolt.Tx) error {
+		var err error
+		b := db.getCurrentBucket(tx)
+
+		if b.Bucket([]byte(oldKey)) != nil {
+			// If it is bucket
+			err = errors.New("\"" + oldKey + "\" is a bucket")
+		} else if b.Get([]byte(oldKey)) != nil {
+			if oldKey == newKey {
+				err = b.Put([]byte(oldKey), []byte(newValue))
+			} else {
+				if b.Get([]byte(newKey)) != nil {
+					// If newKey already exists
+					err = errors.New("\"" + newKey + "\" already exists")
+				} else {
+					b.Delete([]byte(oldKey))
+					err = b.Put([]byte(newKey), []byte(newValue))
+				}
+			}
+		} else {
+			// If record doesn't exist
+			err = errors.New("\"" + oldKey + "\" doesn't exist")
+		}
+
+		return err
+	})
+}