const express = require("express")
const router = express.Router()
const { requireAuth } = require("./../middleware/authmiddleware")
const User = require("./../model/user.js")
const games = require("./../model/games.js")
const catalog = require("./../model/item.js")
const { requirediscord } = require("./../middleware/requirediscord.js")
var multer = require("multer")
const fs = require("fs")
const path = require("path")
var numbtest = /^\d+\.?\d*$/
const bodyParser = require("body-parser")
const { pngValidator } = require("png-validator")
const fileTypeChecker = require("file-type-checker")
const rateLimit = require("express-rate-limit")
const limiter = rateLimit({
windowMs: 3 * 1000, // 3 seconds
max: 1, // Limit each IP to 1 requests per `window`
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
handler: (request, response, next, options) => {
response.json({
status: "error",
error: "Too many requests try again later.",
})
},
})
async function validateImage(itemid, res) {
return new Promise(async resolve => {
try {
const myArrayBuffer = await fs.promises.readFile(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
null,
)
pngValidator(myArrayBuffer)
// success
} catch {
// file is invalid or corrupt
fs.unlink(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
err => {
if (err) console.log(err)
},
)
return res.json({ status: "error", error: "Image is invalid." })
}
resolve()
})
}
const pages = ["shirts", "pants", "audios", "games", "badges", "meshes"]
router.use(bodyParser.json())
router.post("/creations", requireAuth, async (req, res) => {
const { type } = req.body
let items = await catalog
.find({ Creator: req.userdocument.userid, Type: type })
.lean()
.select(["Name", "Description", "ItemId"])
if (type === "games") {
items = await games
.find({ useridofowner: req.userdocument.userid })
.lean()
.select([
"nameofgame",
"idofgame",
"Description",
"avatartype",
"gearallowed",
])
}
if (type === "audios") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "Audio" })
.lean()
.select(["Name", "Description", "ItemId"])
} else if (type === "badges") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "Badge" })
.lean()
.select(["Name", "Description", "ItemId"])
} else if (type === "meshes") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "Mesh" })
.lean()
.select(["Name", "Description", "ItemId"])
} else if (type === "userads") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "User Ad" })
.lean()
.select(["Name", "Description", "ItemId"])
} else if (type === "gamepasses") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "Gamepass" })
.lean()
.select(["Name", "Description", "ItemId"])
} else if (type === "videos") {
items = await catalog
.find({ Creator: req.userdocument.userid, Type: "Video" })
.lean()
.select(["Name", "Description", "ItemId"])
}
return res.json(items)
})
var storage = multer.diskStorage({
destination: function (req, file, cb) {
// Uploads is the Upload_folder_name
if (file.fieldname === "thumbnail") {
// is a game thumbnail
cb(null, "./assets/gameassets")
} else {
cb(null, "./assets/ugc")
}
},
filename: async function (req, file, cb) {
//console.log(path.basename(file.originalname,'.png'))
if (path.extname(file.originalname) === ".rbxl") {
const placeid = await games.countDocuments()
cb(
null,
"gamefile" + "-" + placeid + path.extname(file.originalname),
)
} else if (file.fieldname === "thumbnail") {
// is a game thumbnail
const placeid = await games.countDocuments()
cb(null, "thumbnail" + "-" + placeid + ".png")
} else if (file.mimetype == "image/png") {
const itemid = await catalog.countDocuments()
cb(null, "itemfile" + "-" + itemid + ".rbxm")
} else if (path.extname(file.originalname) === ".mp3") {
const itemid = await catalog.countDocuments()
cb(null, "itemfile" + "-" + itemid + ".rbxm")
} else if (path.extname(file.originalname) === ".mesh") {
const itemid = await catalog.countDocuments()
cb(null, "itemfile" + "-" + itemid + ".rbxm")
} else if (path.extname(file.originalname) === ".webm") {
const itemid = await catalog.countDocuments()
cb(null, "itemfile" + "-" + itemid + ".rbxm")
}
},
})
const uploadcloth = multer({
storage: storage,
fileFilter: function (req, file, callback) {
if (
file.mimetype !==
"image/png" /*&& ext !== '.mp3' && ext !== '.rbxl'*/
) {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 1024 * 1024 }, // 1mb
})
router.post(
"/uploadclothing",
requireAuth,
requirediscord,
async (req, res) => {
uploadcloth.single("clothingfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 1MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { clothingname, description, price, type } = req.body
// save shirt template
if (!clothingname) {
return res.json({
status: "error",
error: "Clothing name needs to be sent.",
})
}
if (!description) {
return res.json({
status: "error",
error: "Description needs to be sent.",
})
}
if (!price) {
return res.json({
status: "error",
error: "Price needs to be sent.",
})
}
if (type != "Shirts" && type != "Pants") {
return res.json({
status: "error",
error: "Type needs to be a shirt or pant value",
})
}
if (numbtest.test(price) == false) {
return res.json({
status: "error",
error: "Price can only be a number!",
})
}
if (price < 5) {
return res.json({
status: "error",
error: "Minimum price is 5 rocks.",
})
}
if (req.userdocument.coins < 5) {
// less than
return res.json({
status: "error",
error: "You don't have 5 rocks >:(!",
})
} else if (req.userdocument.admin === false) {
req.userdocument.coins -= 5
req.userdocument.markModified("coins")
await req.userdocument.save()
}
const itemid = await catalog.countDocuments()
// check if the file they just uploaded is valid
await validateImage(itemid, res)
let approved = req.userdocument.admin === false ? false : true
try {
await catalog.create({
Name: xss(clothingname),
Description: xss(description),
Price: Math.ceil(price),
Type: "Image",
Hidden: true,
ItemId: itemid,
approved,
})
} catch {}
// save actual item
let xml =
`
null
nil
-
http://mete0r.xyz/asset/?id=` +
itemid +
`
Shirt
true
`
if (type === "Pants") {
xml =
`
null
nil
-
http://mete0r.xyz/asset/?id=` +
itemid +
`
Pants
true
`
}
let shirtid = itemid + 1 // prevent any race conditions
shirtid = shirtid.toString()
fs.writeFile(
"./assets/ugc/itemfile-" + shirtid + ".rbxm",
xml,
async function (err) {
if (err) {
return console.log(err)
}
let approved =
req.userdocument.admin === false ? false : true
try {
await catalog.create({
Name: xss(clothingname),
Description: xss(description),
Price: Math.ceil(price),
Creator: req.userdocument.userid,
Type: type,
ItemId: shirtid,
approved,
})
} catch {}
},
)
// give player shirt
User.updateOne(
{ userid: req.userdocument.userid },
{
$push: {
inventory: {
Type: type,
ItemId: shirtid,
ItemName: xss(clothingname),
Equipped: false,
},
},
},
function (err, doc) {
//console.log(err)
},
)
return res.json({ status: "success", message: "Done!" })
})
},
)
// upload game WOW
const uploadgame = multer({
storage: storage,
fileFilter: function (req, file, callback) {
var ext = path.extname(file.originalname)
if (ext !== ".png" && ext !== ".rbxl" /* && ext !== '.mp3'*/) {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 5120 * 1024 * 2 }, // 10mb
})
const uploadaudio = multer({
storage: storage,
fileFilter: function (req, file, callback) {
var ext = path.extname(file.originalname)
if (ext !== ".mp3" && ext !== ".ogg") {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 5120 * 1024 }, // 5mb
})
var editgamestorage = multer.diskStorage({
destination: function (req, file, cb) {
// Uploads is the Upload_folder_name
if (file.fieldname === "thumbnail") {
// is a game thumbnail
cb(null, "./assets/gameassets")
} else {
cb(null, "./assets/ugc")
}
},
filename: async function (req, file, cb) {
//console.log(path.basename(file.originalname,'.png'))
if (path.extname(file.originalname) === ".rbxl") {
const item = await games
.findOne({ idofgame: req.body.gameid })
.lean()
if (!item) {
return cb("Item doesn't exist!")
}
//console.log(item)
if (item.useridofowner != req.userdocument.userid) {
// player doesn't own this item
return cb("You don't own this")
}
cb(
null,
"gamefile" +
"-" +
req.body.gameid +
path.extname(file.originalname),
)
}
},
})
const editgame = multer({
storage: editgamestorage,
fileFilter: function (req, file, callback) {
var ext = path.extname(file.originalname)
if (ext !== ".rbxl" /* && ext !== '.mp3'*/) {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 5120 * 1024 * 2 }, // 10mb
})
router.post("/editgame", requireAuth, requirediscord, async (req, res) => {
const { nameofgame, description, gameid } = req.body
var xss = require("xss")
if (!gameid) {
return res.json({ status: "error", error: "GameID required" })
}
const item = await games.findOne({ idofgame: gameid })
if (!item) {
return res.json({ status: "error", error: "Game doesn't exist." })
}
//console.log(item)
if (item.useridofowner != req.userdocument.userid) {
// player doesn't own this item
return res.json({
status: "error",
error: "You don't have permissions for this!",
})
}
if (nameofgame && nameofgame != "") {
item.nameofgame = xss(nameofgame)
item.markModified("nameofgame")
await item.save()
}
if (description && description != "") {
item.descrption = xss(description)
item.markModified("descrption")
await item.save()
}
return res.json({ status: "success", message: "Done!" })
})
router.post(
"/editavatartype",
requireAuth,
requirediscord,
async (req, res) => {
const { avatartype, gameid } = req.body
if (!gameid) {
return res.json({ status: "error", error: "GameID required" })
}
if (!avatartype) {
return res.json({ status: "error", error: "Avatar type required" })
}
if (avatartype != "R6" && avatartype != "R15" && avatartype != "PC") {
return res.json({ status: "error", error: "Avatar type required" })
}
const item = await games.findOne({ idofgame: gameid })
if (!item) {
return res.json({ status: "error", error: "Game doesn't exist." })
}
//console.log(item)
if (item.useridofowner != req.userdocument.userid) {
// player doesn't own this item
return res.json({
status: "error",
error: "You don't have permissions for this!",
})
}
item.avatartype = avatartype
item.markModified("avatartype")
await item.save()
return res.json({ status: "success", message: "Done!" })
},
)
router.post(
"/editgearstatus",
requireAuth,
requirediscord,
async (req, res) => {
const { newgearstatus, gameid } = req.body
if (!gameid) {
return res.json({ status: "error", error: "GameID required" })
}
if (newgearstatus != true && newgearstatus != false) {
return res.json({ status: "error", error: "Gear status required" })
}
const item = await games.findOne({ idofgame: gameid })
if (!item) {
return res.json({ status: "error", error: "Game doesn't exist." })
}
//console.log(item)
if (item.useridofowner != req.userdocument.userid) {
// player doesn't own this item
return res.json({
status: "error",
error: "You don't have permissions for this!",
})
}
item.gearallowed = newgearstatus
item.markModified("gearallowed")
await item.save()
return res.json({ status: "success", message: "Done!" })
},
)
router.post(
"/editgameupload",
requireAuth,
requirediscord,
async (req, res) => {
editgame.single("gamefile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 10MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
return res.json({ status: "success", message: "Done!" })
})
},
)
router.post("/uploadgame", requireAuth, requirediscord, async (req, res) => {
uploadgame.fields([
{ name: "gamefile", maxCount: 1 },
{ name: "thumbnail", maxCount: 1 },
])(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 10MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res.status(400).send({ status: "error", error: err.message })
}
var xss = require("xss")
const { gamename, description, version } = req.body
// save game
if (!gamename) {
return res.json({
status: "error",
error: "Game name needs to be sent.",
})
}
if (gamename?.length > 50) {
return res.json({
status: "error",
error: "Game name can not be more than 50 characters",
})
}
if (!description) {
return res.json({
status: "error",
error: "Description needs to be sent.",
})
}
if (description?.length > 1000) {
return res.json({
status: "error",
error: "Description can not be more than 1000 characters",
})
}
if (!version) {
return res.json({
status: "error",
error: "Version needs to be sent.",
})
}
const versions = [
//"2014",
"2016",
"2018",
"2020",
]
if (versions.includes(version) === false) {
return res.json({ status: "error", error: "Invalid version sent." })
}
if (req.userdocument.coins < 5) {
// less than
return res.json({
status: "error",
error: "You don't have 5 rocks >:(!",
})
} else if (req.userdocument.admin === false) {
req.userdocument.coins -= 5
req.userdocument.markModified("coins")
await req.userdocument.save()
}
const placeid = await games.countDocuments()
try {
await games.create({
useridofowner: req.userdocument.userid,
idofgame: placeid,
nameofgame: xss(gamename),
numberofplayers: "0",
descrption: xss(description),
version: version,
})
} catch {
throw error
}
return res.json({ status: "success", message: "Done!" })
})
})
const uploadasset = multer({
storage: storage,
fileFilter: function (req, file, callback) {
var ext = path.extname(file.originalname)
if (ext !== ".png" && ext !== ".mesh") {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 5120 * 1024 }, // 1mb
})
router.post(
"/uploadmeshes",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadasset.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 1MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname } = req.body
// save mesh
if (!itemname) {
return res.json({
status: "error",
error: "Mesh name needs to be sent.",
})
}
const itemid = await catalog.countDocuments()
const myArrayBuffer = await fs.promises.readFile(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
null,
)
if (fileTypeChecker.detectFile(myArrayBuffer)) {
// not a mesh
fs.unlink(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
err => {
if (err) console.log(err)
},
)
return res.json({ status: "error", error: "Mesh is invalid." })
}
try {
await catalog.create({
Name: xss(itemname),
Price: "0",
Type: "Mesh",
Creator: req.userdocument.userid,
Hidden: true,
ItemId: itemid,
approved: true,
})
} catch (err) {
throw err
}
return res.json({
status: "success",
message: "Done! Mesh ID : " + itemid,
})
})
},
)
router.post(
"/uploadbadges",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadasset.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.json({
status: "error",
error: "File too large! 1MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.json({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.json({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname } = req.body
// save badge
if (!itemname) {
return res.json({
status: "error",
error: "Badge name needs to be sent.",
})
}
const itemid = await catalog.countDocuments()
//check if the file thye just uploaded is valid
await validateImage(itemid, res)
try {
let approved = req.userdocument.admin === false ? false : true
await catalog.create({
Name: xss(itemname),
Price: "0",
Type: "Badge",
Creator: req.userdocument.userid,
Hidden: true,
ItemId: itemid,
approved,
})
} catch (err) {
throw err
}
return res.json({
status: "success",
message: "Done! Badge ID : " + itemid,
})
})
},
)
router.post(
"/uploaduserads",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadasset.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 1MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname } = req.body
// save userad
if (!itemname) {
return res.json({
status: "error",
error: "User Ad name needs to be sent.",
})
}
const itemid = await catalog.countDocuments()
// check if the file they just uploaded is valid
await validateImage(itemid, res)
try {
let approved = req.userdocument.admin === false ? false : true
await catalog.create({
Name: xss(itemname),
Price: "0",
Type: "User Ad",
Creator: req.userdocument.userid,
ItemId: itemid,
ActiveAd: false,
approved,
})
} catch (err) {
throw err
}
return res.json({ status: "success", message: "Done!" })
})
},
)
router.post(
"/uploadgamepasses",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadasset.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 1MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname, price, gameid } = req.body
// save game pass
if (!itemname) {
return res.json({
status: "error",
error: "Gamepass name needs to be sent.",
})
}
if (!price) {
return res.json({
status: "error",
error: "Price needs to be sent.",
})
}
if (!gameid) {
return res.json({
status: "error",
error: "Gameid needs to be sent.",
})
}
if (numbtest.test(price) == false) {
return res.json({
status: "error",
error: "Price can only be a number!",
})
}
if (price < 1) {
return res.json({
status: "error",
error: "Minimum price is 1 rock.",
})
}
const gamedoc = await games.findOne({ idofgame: gameid })
if (!gamedoc) {
return res.json({ status: "error", error: "Game not found" })
}
if (gamedoc.useridofowner != req.userdocument.userid) {
return res.json({
status: "error",
error: "You don't own this game!",
})
}
const currentgamepasscount = await catalog.countDocuments({
associatedgameid: gamedoc.idofgame,
})
if (currentgamepasscount >= 20) {
return res.json({
status: "error",
error: "No more than 20 game passes per game.",
})
}
const itemid = await catalog.countDocuments()
// check if the file they just uploaded is valid
await validateImage(itemid, res)
try {
let approved = req.userdocument.admin === false ? false : true
await catalog.create({
Name: xss(itemname),
Description: "",
Price: Math.ceil(price),
Creator: req.userdocument.userid,
Type: "Gamepass",
ItemId: itemid,
approved,
associatedgameid: gamedoc.idofgame,
})
} catch (err) {
throw err
}
return res.json({ status: "success", message: "Done!" })
})
},
)
router.post(
"/uploadaudios",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadaudio.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 5MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname } = req.body
// save audio
if (!itemname) {
return res.json({
status: "error",
error: "Audio name needs to be sent.",
})
}
const itemid = await catalog.countDocuments()
const myArrayBuffer = await fs.promises.readFile(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
null,
)
if (
fileTypeChecker.isMP3(myArrayBuffer) === false &&
fileTypeChecker.isOGG(myArrayBuffer) === false
) {
fs.unlink(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
err => {
if (err) console.log(err)
},
)
return res.json({ status: "error", error: "Audio is invalid." })
}
try {
let approved = req.userdocument.admin === false ? false : true
await catalog.create({
Name: xss(itemname),
Price: "0",
Type: "Audio",
Creator: req.userdocument.userid,
Hidden: true,
ItemId: itemid,
approved,
})
} catch (err) {
throw err
}
return res.json({
status: "success",
message: "Done! Audio ID : " + itemid,
})
})
},
)
const uploadvideo = multer({
storage: storage,
fileFilter: function (req, file, callback) {
var ext = path.extname(file.originalname)
if (ext !== ".webm") {
return callback("Invalid file type")
}
callback(null, true)
},
limits: { fileSize: 10240 * 1024 }, // 10mb
})
router.post(
"/uploadvideos",
requireAuth,
requirediscord,
limiter,
async (req, res) => {
uploadvideo.single("assetfile")(req, res, async function (err) {
if (err) {
if (err?.message === "File too large") {
return res
.status(400)
.send({
status: "error",
error: "File too large! 10MB Limit",
})
}
if (err === "Invalid file type") {
return res
.status(400)
.send({ status: "error", error: "Invalid file type" })
}
return res
.status(400)
.send({ status: "error", error: err.message })
}
var xss = require("xss")
const { itemname } = req.body
// save audio
if (!itemname) {
return res.json({
status: "error",
error: "Video name needs to be sent.",
})
}
const itemid = await catalog.countDocuments()
const myArrayBuffer = await fs.promises.readFile(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
null,
)
if (fileTypeChecker.isWEBM(myArrayBuffer) === false) {
fs.unlink(
path.resolve(`assets/ugc/itemfile-${itemid}.rbxm`),
err => {
if (err) console.log(err)
},
)
return res.json({ status: "error", error: "Video is invalid." })
}
try {
let approved = req.userdocument.admin === false ? false : true
await catalog.create({
Name: xss(itemname),
Price: "0",
Type: "Video",
Creator: req.userdocument.userid,
ItemId: itemid,
approved,
})
} catch (err) {
throw err
}
return res.json({
status: "success",
message: "Done! Video ID : " + itemid,
})
})
},
)
module.exports = router