A little bit more safer, I guess.

main.js

@@ -60,7 +60,7 @@ let ncmAPIUrl = "http://localhost:5999";
 
 let currentTask = [];
 
-function Submit(req) {
+async function Submit(req) {
 
     let uuid = crypto.randomUUID()
 
@@ -74,10 +74,17 @@ function Submit(req) {
 
     let albumCover = null;
     try {
-
-        fetch(req.body.file).then(res => {
-            res.arrayBuffer().then(r => fs.writeFileSync("./" + uuid, Buffer.from(r)));
-        })
+        let resource = await fetch(req.body.file)
+        if (!resource.ok) {
+            GC()
+            currentTask.shift();
+            console.log(queue.contents)
+            console.log(currentTask)
+            queue.next()
+            return
+        }
+        let ab = await resource.arrayBuffer()
+        fs.writeFileSync("./" + uuid, Buffer.from(ab))
 
 
         if (URL.canParse(req.body.albumCover)) {
@@ -89,9 +96,10 @@ function Submit(req) {
                     }
                     fs.writeFileSync("tmp/" + uuid, new Buffer.from(r));
                     await webp.cwebp("tmp/" + uuid, "tmp/" + uuid + ".webp", "-q 50 -mt ", "-v")
-                    try{
+                    try {
                         albumCover = fs.readFileSync("tmp/" + uuid + ".webp")
-                    }catch (e) {
+                    } catch (e) {
+                        fs.rmSync("tmp/" + uuid);
                         albumCover = null;
                     }
                 })
@@ -100,11 +108,14 @@ function Submit(req) {
 
 
     } catch (err) {
-
-        console.log(err)
-
+        GC()
+        currentTask.shift();
+        console.log(queue.contents)
+        console.log(currentTask)
+        queue.next()
         return
     }
+    console.log(albumCover);
 
     const callback = function (d) {
         console.log(d.toString());
@@ -145,57 +156,70 @@ function Submit(req) {
 
 
     }
-    nrc.run([kind_of[0]], {
-        onData: callback, onError: errcb
-    }).then(() => {
 
-        db.execute(("INSERT INTO instrunet_entry (uuid, song_name, album_name, link_to, databinary, artist,kind, albumcover, email) VALUES (?,?,?,?,?,?,?,?,?)"), [uuid, req.body.name, req.body.albumName, req.body.link, fs.readFileSync(kind_of[1]), req.body.artist, req.body.kind, albumCover === null ? new Buffer.from([]) : albumCover, (req.body.email === null || req.body.email === undefined || req.body.email === "") ? "" : req.body.email])
-        db.unprepare()
-        fs.rm(kind_of[1], (err) => {
-            if (err) {
-                console.log(err);
+    function GC() {
 
-            }
-        })
-        fs.rm(kind_of[3], (err) => {
-            if (err) {
-                console.log(err);
 
-            }
-        })
-        fs.rm(uuid, (err) => {
-            if (err) {
-                console.log(err);
+        try {
+            fs.rm(kind_of[1], (err) => {
+                if (err) {
+                    console.log(err);
 
-            }
+                }
+            })
+            fs.rm(kind_of[3], (err) => {
+                if (err) {
+                    console.log(err);
 
+                }
+            })
+            fs.rm(uuid, (err) => {
+                if (err) {
+                    console.log(err);
 
-        })
-        try {
+                }
+
+
+            })
             fs.rmSync("tmp/" + uuid)
             fs.rmSync("tmp/" + uuid + ".webp")
         } catch (err) {
 
         }
-        if (req.body.email !== undefined && req.body.email !== "") {
-            console.log(req.body.email)
-            transporter.sendMail({
-                from: '"xiey0" <xiey0@qq.com>',
-                to: req.body.email,
-                subject: "你的音频已处理完成。",
-                text: "你的音频已处理完成。",
-                html: fs.readFileSync("./Template.html", "utf8").toString().replace("{song_name}", req.body.name).replace("{href_link}", "https://andyxie.cn:4000/player?play=" + uuid).replace("{kind}", Kind[req.body.kind]).replace("{album}", req.body.albumName)
-            }).then((result) => {
-                console.log("Message sent: %s", result.messageId)
+    }
 
-            })
-        }
-        currentTask.shift();
-        console.log(queue.contents)
-        console.log(currentTask)
-        queue.next()
+    try {
+        nrc.run([kind_of[0]], {
+            onData: callback, onError: errcb
+        }).then(() => {
+
+            // db.execute(("INSERT INTO instrunet_entry (uuid, song_name, album_name, link_to, databinary, artist,kind, albumcover, email) VALUES (?,?,?,?,?,?,?,?,?)"), [uuid, req.body.name, req.body.albumName, req.body.link, fs.readFileSync(kind_of[1]), req.body.artist, req.body.kind, albumCover === null ? new Buffer.from([]) : albumCover, (req.body.email === null || req.body.email === undefined || req.body.email === "") ? "" : req.body.email])
+            db.unprepare()
+            GC();
+            if (req.body.email !== undefined && req.body.email !== "") {
+                console.log(req.body.email)
+                transporter.sendMail({
+                    from: '"xiey0" <xiey0@qq.com>',
+                    to: req.body.email,
+                    subject: "你的音频已处理完成。",
+                    text: "你的音频已处理完成。",
+                    html: fs.readFileSync("./Template.html", "utf8").toString().replace("{song_name}", req.body.name).replace("{href_link}", "https://andyxie.cn:4000/player?play=" + uuid).replace("{kind}", Kind[req.body.kind]).replace("{album}", req.body.albumName)
+                }).then((result) => {
+                    console.log("Message sent: %s", result.messageId)
 
-    })
+                })
+            }
+            currentTask.shift();
+            console.log(queue.contents)
+            console.log(currentTask)
+            queue.next()
+
+        })
+    } catch (e) {
+        GC()
+        console.error(e)
+        return
+    }
 
 
 }
@@ -212,82 +236,93 @@ app.post('/submit', SubmitWrapper)
 async function SubmitWrapper(req, res) {
     // TODO
     //  May extract logic for dupe check in the future.
-    if(req.body.name !== undefined && req.body.name !== "" && req.body.name !== null){
-        db.execute(("SELECT uuid, song_name, album_name, artist, kind FROM instrunet_entry WHERE song_name = ? and artist = ? and kind = ?"), [await converters2t.convertPromise(req.body.name), await converters2t.convertPromise(req.body.artist), req.body.kind], async (err, rowsT) => {
-            db.execute("SELECT uuid, song_name, album_name, artist, kind FROM instrunet_entry WHERE song_name = ? and artist = ? and kind = ?", [await convertert2s.convertPromise(req.body.name), await convertert2s.convertPromise(req.body.artist), req.body.kind], (err, rowsS) => {
-                let dedupe = [];
-                rowsT.forEach(row => {
+    if (req.body.file === undefined || req.body.file === null || req.body.file === "" || req.body.kind === undefined || req.body.kind === null || req.body.kind === "") {
+        res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
+
+        return
+    }
+    if (req.body.artist === undefined || req.body.albumName === undefined || req.body.artist === null || req.body.albumName === null || req.body.artist === "" || req.body.albumName === "") {
+        req.body.artist = "未知艺术家"
+        req.body.albumName = "未知专辑"
+    }
+    if (req.body.name === undefined || req.body.name === null || req.body.name === "") {
+        res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
+        return
+    }
+    if (!URL.canParse(req.body.file)) {
+        res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
+        return
+    }
+    db.execute(("SELECT uuid, song_name, album_name, artist, kind FROM instrunet_entry WHERE song_name = ? and artist = ? and kind = ?"), [await converters2t.convertPromise(req.body.name), await converters2t.convertPromise(req.body.artist), req.body.kind], async (err, rowsT) => {
+        db.execute("SELECT uuid, song_name, album_name, artist, kind FROM instrunet_entry WHERE song_name = ? and artist = ? and kind = ?", [await convertert2s.convertPromise(req.body.name), await convertert2s.convertPromise(req.body.artist), req.body.kind], (err, rowsS) => {
+            let dedupe = [];
+            rowsT.forEach(row => {
+                dedupe = dedupe.concat(row);
+            })
+            rowsS.forEach(row => {
+                if (JSON.stringify(dedupe).indexOf(JSON.stringify(row)) === -1) {
                     dedupe = dedupe.concat(row);
-                })
-                rowsS.forEach(row => {
-                    if (JSON.stringify(dedupe).indexOf(JSON.stringify(row)) === -1) {
-                        dedupe = dedupe.concat(row);
-                    }
-                })
-                if (dedupe.length === 0) {
-                    // Verify
-                    if (req.body.file.substring(0, 5) !== "data:") {
-                        res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
-                        return
-                    }
-                    for (const item of currentTask) {
-                        if (req.body.name === item.name) {
-                            if (req.body.albumName === item.albumName) {
-                                if (req.body.kind === item.kind) {
+                }
+            })
+            if (dedupe.length === 0) {
+                // Verify
+                if (req.body.file.substring(0, 5) !== "data:") {
+                    res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
+                    return
+                }
+                for (const item of currentTask) {
+                    if (req.body.name === item.name) {
+                        if (req.body.albumName === item.albumName) {
+                            if (req.body.kind === item.kind) {
 
-                                    res.header("Access-Control-Allow-Origin", "*");
-                                    res.statusCode = 500
-                                    res.end("傻逼，重复了。请在盲目上传之前看看库里有没有好么傻逼？")
-                                    return
+                                res.header("Access-Control-Allow-Origin", "*");
+                                res.statusCode = 500
+                                res.end("傻逼，重复了。请在盲目上传之前看看库里有没有好么傻逼？")
+                                return
 
-                                }
                             }
                         }
                     }
-                    for (let prop of [req.body.name, req.body.albumName, req.body.artist]) {
-                        if (prop === undefined || prop === "" || prop === null) {
-                            res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
-                            return
-                        }
+                }
+                for (let prop of [req.body.name, req.body.albumName, req.body.artist]) {
+                    if (prop === undefined || prop === "" || prop === null) {
+                        res.status(500).header("Access-Control-Allow-Origin", "*").end("想都别想");
+                        return
                     }
+                }
 
 
-                    if (req.body.link === undefined) {
-                        req.body.link = ""
-                    }
+                if (req.body.link === undefined) {
+                    req.body.link = ""
+                }
 
 
-                    queue.add(() => {
-                        Submit(req)
-                    })
-                    currentTask.push({
-                        name: req.body.name,
-                        albumName: req.body.albumName,
-                        kind: req.body.kind,
-                        artist: req.body.artist,
-                        email: req.body.email !== undefined ? req.body.email : null,
-                    })
-
-                    console.log(queue.contents)
-                    console.log(currentTask)
-                    if (currentTask.length === 1) {
-                        queue.next()
-                    }
-                    res.header("Access-Control-Allow-Origin", "*");
-                    res.end("api_success")
-                } else {
-                    res.header("Access-Control-Allow-Origin", "*");
-                    res.statusCode = 500
-                    res.end("傻逼，重复了。请在盲目上传之前看看库里有没有好么傻逼？")
+                queue.add(() => {
+                    Submit(req)
+                })
+                currentTask.push({
+                    name: req.body.name,
+                    albumName: req.body.albumName,
+                    kind: req.body.kind,
+                    artist: req.body.artist,
+                    email: req.body.email !== undefined ? req.body.email : null,
+                })
+
+                console.log(queue.contents)
+                console.log(currentTask)
+                if (currentTask.length === 1) {
+                    queue.next()
                 }
+                res.header("Access-Control-Allow-Origin", "*");
+                res.end("api_success")
+            } else {
+                res.header("Access-Control-Allow-Origin", "*");
+                res.statusCode = 500
+                res.end("傻逼，重复了。请在盲目上传之前看看库里有没有好么傻逼？")
+            }
 
-            })
         })
-    }else{
-        res.header("Access-Control-Allow-Origin", "*");
-        res.end("api_success")
-    }
-
+    })
 
 
 }
@@ -303,7 +338,7 @@ app.post('/lyric', async (req, res) => {
         try {
             let fetched = (await (await fetch(`http://192.168.1.166:28883/jsonapi?title=${convertert2s.convertSync(name)}&artist=${convertert2s.convertSync(artist)}&album=${convertert2s.convertSync(album)}`)).text())
 
-                lrc = fetched
+            lrc = fetched
 
 
         } catch (err) {

test.js

@@ -5,4 +5,4 @@ queue1.autoRun = false;
 const cnchar = require('cnchar');
 const sortArray = require("sort-array");
 
-console.log( new Buffer.from([]))
+console.log( URL.canParse("data: "))