Client/scripts.js

@@ -38,7 +38,6 @@ async function getFromServer(bodyInfo, source="",password=adminPass) {
             // the currently set password is always included in every request
             bodyInfo["password"] = password;
         }
-        // console.log(bodyInfo);
         const response = await fetch("http://"+ip+"/"+source, {
             method: "POST",
             body: JSON.stringify(bodyInfo),

Server/webbyBits.py

@@ -13,6 +13,7 @@ portTheUserPicked=os.getenv("SERVER_PORT")
 
 ERR_NO_ADMIN = ({"error":"no-admin","data":None},401)
 ERR_200 = ({"error":"OK","data":None},200)
+ERR_MISSING_ARGS = ({"error":"Request missing required arguments","data":None}),400
 if args.admin:
     ADMIN_PASS = hashlib.sha256(bytes(args.admin,'utf-8')).hexdigest()
 else:
@@ -108,7 +109,7 @@ def playerControls():
     global skipNow
     global partyMode
     recieveData=request.get_json(force=True)
-    if recieveData["control"] != None:
+    try:
         if recieveData["control"] == "play-pause":
             if ADMIN_PASS == recieveData['password'] or controlPerms["PP"]:
                 player.pause()
@@ -131,8 +132,8 @@ def playerControls():
                 return ERR_NO_ADMIN
         else:
             return {"error":"Not a valid control","data":None},400
-    else:
-        return {"error":"No control sent","data":None},400
+    except KeyError:
+        return ERR_MISSING_ARGS
 
 @app.route("/settings", methods=['POST'])
 def settingsControl():
@@ -141,6 +142,7 @@ def settingsControl():
     global partyMode
     global player
     recieveData = request.get_json(force=True)
+    try:
         if recieveData["setting"] == "volume":
             if ADMIN_PASS == recieveData['password'] or controlPerms["VOL"]:
                 volumeLevel = int(recieveData["level"])
@@ -167,13 +169,16 @@ def settingsControl():
             # probably should have made this a different request type or something but it works
             return {"error":"ok","data":{"partymode":partyMode,"volume":player.audio_get_volume(),"admin":controlPerms}},200
         else:
-        return {"error":"Not a valid setting","data":None},422
+            return {"error":"Not a valid setting","data":None},400
+    except:
+        return ERR_MISSING_ARGS
 
 @app.route("/search", methods=['POST'])
 def searchSongDB():
     recieveData=request.get_json(force=True)
     fileofDB = sql.connect("songDatabase.db")
     songDatabase = fileofDB.cursor()
+    try:
         results = []
         if (recieveData['search'] == ""):
             songDatabase.execute("SELECT * FROM virtualSongs")
@@ -194,10 +199,18 @@ def searchSongDB():
         fileofDB.close()
 
         return {"error":"ok","data":tempdata},200
+    except KeyError:
+        fileofDB.close()
+        return ERR_MISSING_ARGS
+    except sql.OperationalError:
+        fileofDB.close()
+        return ({"error":"Invalid search, sorry!","data":None},422)
+
 
 @app.route("/songadd", methods=["POST"])
 def songadd():
     recieveData=request.get_json(force=True)
+    try:
         if (ADMIN_PASS == recieveData['password']) or controlPerms["AS"]:
             # Password exists and is correct, or it's not restricted
             # if (recieveData['song'] in playlist):
@@ -211,6 +224,8 @@ def songadd():
         else:
             # the password is incorrect (technically a password not existing falls into the above case because controlPerms is never changed)
             return ERR_NO_ADMIN
+    except KeyError:
+        return ERR_MISSING_ARGS
 
 @app.route("/playlist", methods=["POST"])
 def getPlaylist():