수업소개
입력정보와 관련해서 보안적으로 처리해야 할 이슈를 살펴보겠습니다.
강의
소스코드
main.js (변경사항)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 | var http = require('http');var fs = require('fs');var url = require('url');var qs = require('querystring');var template = require('./lib/template.js');var path = require('path');var app = http.createServer(function(request,response){ var _url = request.url; var queryData = url.parse(_url, true).query; var pathname = url.parse(_url, true).pathname; if(pathname === '/'){ if(queryData.id === undefined){ fs.readdir('./data', function(error, filelist){ var title = 'Welcome'; var description = 'Hello, Node.js'; var list = template.list(filelist); var html = template.HTML(title, list, `<h2>${title}</h2>${description}`, `<a href="/create">create</a>` ); response.writeHead(200); response.end(html); }); } else { fs.readdir('./data', function(error, filelist){ var filteredId = path.parse(queryData.id).base; var filteredId = path.parse(queryData.id).base; fs.readFile(`data/${filteredId}`, 'utf8', function(err, description){ var title = queryData.id; var list = template.list(filelist); var html = template.HTML(title, list, `<h2>${title}</h2>${description}`, ` <a href="/create">create</a> <a href="/update?id=${title}">update</a> <form action="delete_process" method="post"> <input type="hidden" name="id" value="${title}"> <input type="submit" value="delete"> </form>` ); response.writeHead(200); response.end(html); }); }); } } else if(pathname === '/create'){ fs.readdir('./data', function(error, filelist){ var title = 'WEB - create'; var list = template.list(filelist); var html = template.HTML(title, list, ` <form action="/create_process" method="post"> <p><input type="text" name="title" placeholder="title"></p> <p> <textarea name="description" placeholder="description"></textarea> </p> <p> <input type="submit"> </p> </form> `, ''); response.writeHead(200); response.end(html); }); } else if(pathname === '/create_process'){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); var title = post.title; var description = post.description; fs.writeFile(`data/${title}`, description, 'utf8', function(err){ response.writeHead(302, {Location: `/?id=${title}`}); response.end(); }) }); } else if(pathname === '/update'){ fs.readdir('./data', function(error, filelist){ var filteredId = path.parse(queryData.id).base; fs.readFile(`data/${filteredId}`, 'utf8', function(err, description){ var title = queryData.id; var list = template.list(filelist); var html = template.HTML(title, list, ` <form action="/update_process" method="post"> <input type="hidden" name="id" value="${title}"> <p><input type="text" name="title" placeholder="title" value="${title}"></p> <p> <textarea name="description" placeholder="description">${description}</textarea> </p> <p> <input type="submit"> </p> </form> `, `<a href="/create">create</a> <a href="/update?id=${title}">update</a>` ); response.writeHead(200); response.end(html); }); }); } else if(pathname === '/update_process'){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); var id = post.id; var title = post.title; var description = post.description; fs.rename(`data/${id}`, `data/${title}`, function(error){ fs.writeFile(`data/${title}`, description, 'utf8', function(err){ response.writeHead(302, {Location: `/?id=${title}`}); response.end(); }) }); }); } else if(pathname === '/delete_process'){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); var id = post.id; var filteredId = path.parse(id).base; fs.unlink(`data/${filteredId}`, function(error){ response.writeHead(302, {Location: `/`}); response.end(); }) }); } else { response.writeHead(404); response.end('Not found'); }});app.listen(3000); |
