CMU-313 · RongYYYY · Sep 21, 2024 · Sep 22, 2024 · Sep 25, 2024
diff --git a/node_modules/.DS_Store b/node_modules/.DS_Store
diff --git a/node_modules/nodebb-theme-aawaa b/node_modules/nodebb-theme-aawaa
diff --git a/public/src/client/register.js b/public/src/client/register.js
@@ -149,18 +149,38 @@
 		const password_confirm_notify = $('#password-confirm-notify');
 		password_notify.text('');
 		password_confirm_notify.text('');
+
 		try {
+			// Check password against strength requirements
+			if (!/[a-z]/.test(password)) {
+				throw new Error('[user:password-no-lowercase]');
+			}
+			if (!/[A-Z]/.test(password)) {
+				throw new Error('[user:password-no-uppercase]');
+			}
+			if (!/[0-9]/.test(password)) {
+				throw new Error('[user:password-no-number]');
+			}
+			if (!/[\W_]/.test(password)) {
+				throw new Error('[user:password-no-special-character]');
+			}
+			if (password.length < 8) {
+				throw new Error('[user:password-too-short]');
+			}
+
 			utils.assertPasswordValidity(password, zxcvbn);
-
+	
 			if (password === $('#username').val()) {
-				throw new Error('[[user:password-same-as-username]]');
+				throw new Error('[user:password-same-as-username]');
 			}
-
+
+			// If all validations pass
 			showSuccess(passwordInput, password_notify, successIcon);
 		} catch (err) {
 			showError(passwordInput, password_notify, err.message);
 		}
-
+
+		// Confirm password match
 		if (password !== password_confirm && password_confirm !== '') {
 			showError(passwordInput, password_confirm_notify, '[[user:change-password-error-match]]');
 		}

diff --git a/public/src/modules/quickreply.js b/public/src/modules/quickreply.js
@@ -58,11 +58,17 @@
 			}
 
 			const replyMsg = components.get('topic/quickreply/text').val();
+			const anonCheckbox = document.getElementById('anonymousCheckbox').checked ? 'true' : 'false';
+
 			const replyData = {
 				tid: ajaxify.data.tid,
 				handle: undefined,
 				content: replyMsg,
+				anon: anonCheckbox,
 			};
+
+			console.log('Reply data being sent:', replyData);
+
 			const replyLen = replyMsg.length;
 			if (replyLen < parseInt(config.minimumPostLength, 10)) {
 				return alerts.error('[[error:content-too-short, ' + config.minimumPostLength + ']]');

diff --git a/src/api/topics.js b/src/api/topics.js
@@ -83,11 +83,43 @@ topicsAPI.create = async function (caller, data) {
 	return result.topicData;
 };
 
+const MIN_POST_LENGTH = 20; // Minimum content length
+const MAX_POST_LENGTH = 500; // Maximum content length
+const SENSITIVE_WORDS = ['badword1', 'badword2', 'offensive']; // Replace with actual sensitive words
+
+function isValidContent(content) {
+	// Check if content length is within the allowed range
+	if (content.length < MIN_POST_LENGTH || content.length > MAX_POST_LENGTH) {
+		throw new Error(`Post length must be between ${MIN_POST_LENGTH} and ${MAX_POST_LENGTH} characters.`);
+	}
+
+	// Check for sensitive words
+	const containsSensitiveWord = SENSITIVE_WORDS.some(word => content.includes(word));
+	if (containsSensitiveWord) {
+		throw new Error('Post contains sensitive content.');
+	}
+
+	// If both checks pass, return true
+	return true;
+}
+
+// Integrating the content verification into your reply function:
 topicsAPI.reply = async function (caller, data) {
 	if (!data || !data.tid || (meta.config.minimumPostLength !== 0 && !data.content)) {
 		throw new Error('[[error:invalid-data]]');
 	}
+
+	// Validate post content length and sensitive words
+	isValidContent(data.content);
+
 	const payload = { ...data };
+
+	if (data.anon === 'true') {
+		payload.username = 'Anonymous User';
+		payload.userslug = null;
+		console.log('Anonymous post detected, making it anonymous');
+	}
+
 	apiHelpers.setDefaultPostData(caller, payload);
 
 	await meta.blacklist.test(caller.ip);
@@ -96,7 +128,7 @@ topicsAPI.reply = async function (caller, data) {
 		return await posts.addToQueue(payload);
 	}
 
-	const postData = await topics.reply(payload); // postData seems to be a subset of postObj, refactor?
+	const postData = await topics.reply(payload);
 	const postObj = await posts.getPostSummaryByPids([postData.pid], caller.uid, {});
 
 	const result = {

diff --git a/src/controllers/write/topics.js b/src/controllers/write/topics.js
@@ -31,6 +31,17 @@
 Topics.reply = async (req, res) => {
 	const id = await lockPosting(req, '[[error:already-posting]]');
 	try {
+		const isAnonymous = req.body.anon;
+        console.log("Anonymous flag received:", isAnonymous);
+        let replyData = { ...req.body, tid: req.params.tid };
+        if (isAnonymous) {
+            console.log("Post is anonymous. Modifying the username and userslug.");
+            replyData.username = 'Anonymous User';
+            replyData.userslug = null;
+        } else {
+            console.log("Post is not anonymous.");
+        }
+        console.log("Final reply data being sent:", replyData);
 		const payload = await api.topics.reply(req, { ...req.body, tid: req.params.tid });
 		helpers.formatApiResponse(200, res, payload);
 	} finally {