From 8467870b43a829e6d4e6e7ca334f7cc1d42282ad Mon Sep 17 00:00:00 2001
From: Wen Li <wenli936@gmail.com>
Date: Thu, 12 Mar 2015 01:24:00 -0700
Subject: [PATCH 1/2] added 10 second post limiting change

---
 app.js | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/app.js b/app.js
index 505446b..73892ce 100644
--- a/app.js
+++ b/app.js
@@ -12,7 +12,7 @@ var conString = process.env.DATABASE_URL || "postgres://localhost/action";
 var db;
 pg.connect(conString, function(err, client) {
   if (err) {
-    console.log(err);
+    //console.log(err);
   } else {
     db = client;
   }
@@ -25,8 +25,8 @@ app.get('/', function (req, res) {
 
 //get all messages in a type's channel
 app.get('/:type_token/:channel_token', function (req, res) {
-  console.log(db);
-  db.query("SELECT type_token, channel_token, user_name, message_text, message_timestamp FROM messages WHERE type_token = $1 AND channel_token = $2 ORDER BY message_timestamp", [req.params.type_token, req.params.channel_token], function(err, result) {
+  //console.log(db);
+  db.query("SELECT type_token, channel_token, user_name, user_ip, message_text, message_timestamp FROM messages WHERE type_token = $1 AND channel_token = $2", [req.params.type_token, req.params.channel_token], function(err, result) {
     if (err) {
       res.status(500).send(err);
     } else {
@@ -48,14 +48,25 @@ app.get('/:type_token', function (req, res) {
 
 //Create a new message
 app.post('/:type_token/:channel_token', function(req, res){
-  db.query("INSERT INTO messages (type_token, channel_token, user_name, message_text) VALUES ($1, $2, $3, $4)", [req.params.type_token, req.params.channel_token, req.body.user_name, req.body.message_text], function(err, result) {
-    if (err) {
-      if (err.code == "23502") {
-        err.explanation = "Didn't get all of the parameters in the request body. Send user_name and message_text in the request body (remember this is a POST request)."
+  var ipAddress = req.connection.remoteAddress;
+  db.query("SELECT COUNT(*) from messages WHERE user_ip = ($1) and message_timestamp >= now() - interval '10 second'", [ipAddress], function(err, result) {
+    if (err) { console.log(err) ; }
+    else {
+      if (result.rows[0].count <= 10){
+        db.query("INSERT INTO messages (type_token, channel_token, user_name, user_ip, message_text) VALUES ($1, $2, $3, $4, $5)", [req.params.type_token, req.params.channel_token, req.body.user_name, req.connection.remoteAddress, req.body.message_text], function(err, result) {
+          if (err) {
+            if (err.code == "23502") {
+              err.explanation = "Didn't get all of the parameters in the request body. Send user_name and message_text in the request body (remember this is a POST request)."
+            }
+            res.status(500).send(err);
+          } else {
+            res.send(result);
+          }
+        });
+      }
+      else{
+        res.send("can't post");
       }
-      res.status(500).send(err);
-    } else {
-      res.send(result);
     }
   });
 });

From fde9cbbc13f5f65810a516b81d58acade4e9ca9b Mon Sep 17 00:00:00 2001
From: Wen Li <wenli936@gmail.com>
Date: Thu, 12 Mar 2015 01:26:41 -0700
Subject: [PATCH 2/2] merged changes for timestamp order by

---
 app.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app.js b/app.js
index 73892ce..1429187 100644
--- a/app.js
+++ b/app.js
@@ -12,7 +12,7 @@ var conString = process.env.DATABASE_URL || "postgres://localhost/action";
 var db;
 pg.connect(conString, function(err, client) {
   if (err) {
-    //console.log(err);
+    console.log(err);
   } else {
     db = client;
   }
@@ -25,8 +25,8 @@ app.get('/', function (req, res) {
 
 //get all messages in a type's channel
 app.get('/:type_token/:channel_token', function (req, res) {
-  //console.log(db);
-  db.query("SELECT type_token, channel_token, user_name, user_ip, message_text, message_timestamp FROM messages WHERE type_token = $1 AND channel_token = $2", [req.params.type_token, req.params.channel_token], function(err, result) {
+  console.log(db);
+  db.query("SELECT type_token, channel_token, user_name, user_ip, message_text, message_timestamp FROM messages WHERE type_token = $1 AND channel_token = $2 ORDER BY message_timestamp", [req.params.type_token, req.params.channel_token], function(err, result) {
     if (err) {
       res.status(500).send(err);
     } else {