rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Channel Rank/Auth base backend functional

Browse source
This commit is contained in:
rainbow napkin 2024-11-25 00:44:07 -05:00
parent 057537341a
commit 61fab57a6d
12 changed files with 318 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/controllers/api/channel/permissionsController.js
View file

@ -20,6 +20,7 @@ const {validationResult, matchedData} = require('express-validator');
//local imports
const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const channelModel = require('../../../schemas/channel/channelSchema.js');
const permissionModel = require('../../../schemas/permissionSchema.js');
//api account functions
module.exports.get = async function(req, res){
@ -53,15 +54,41 @@ module.exports.post = async function(req, res){
if(validResult.isEmpty()){
const data = matchedData(req);
const channel = await channelModel.findOne({name: data.chanName});
const permissionsMap = new Map(Object.entries(data.channelPermissionsMap));
//get channel document based on sanatized/validated input
const chanDB = await channelModel.findOne({name: data.chanName});
//get permissions map based on sanatized/validated input
const permissionsMap = data.channelPermissionsMap;
//get chanRank off off session user
const chanRank = await chanDB.getChannelRank(req.session.user);
//setup flag for permissions errors
var permError = null;
if(channel == null){
if(chanDB == null){
throw new Error("Channel not found.");
}
//For each permission submitted
Object.keys(permissionsMap).forEach((perm) => {
//Check to make sure no one is jumping perms (this should be admins only, but just in-case)
//Setting a boolean inside of an if statement seems fucked, until you realize it won't set it back false on the next loop :P
if(permissionModel.rankToNum(chanDB.permissions[perm]) > permissionModel.rankToNum(chanRank) || permissionModel.rankToNum(permissionsMap[perm]) > permissionModel.rankToNum(chanRank)){
permError = true;
}
//Set permissions in the permissions model
chanDB.permissions[perm] = permissionsMap[perm];
});
//Flip our shit if something's wrong.
if(permError){
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be equal to or below that of the user changing it.", date: new Date()}]});
}
await chanDB.save();
res.status(200);
return res.send(await channel.updateChannelPerms(permissionsMap));
return res.send(chanDB.permissions);
}else{
res.status(400);
res.send({errors: validResult.array()})

79
src/controllers/api/channel/rankController.js
View file

@ -34,24 +34,19 @@ module.exports.get = async function(req, res){
//Get channel document from validated/sanatized chanName querystring
const data = matchedData(req);
const chanDB = await channelModel.findOne({name: data.chanName});
//get userDB from session
if(req.session.user != null){
var userDB = await userModel.findOne({user: req.session.user.user});
}
//If for some reason there isn't any user found
if(userDB == null){
var userDB = {rank: "anon"};
}
//Setup empty array for our return data
const userList = [];
//Populate the user objects in our ranklist based off of their DB ID's
await chanDB.populate('rankList.user');
//For each rank object in the rank list
chanDB.rankList.forEach(async (rankObj) => {
//Create a new user object from rank object data
const userObj = {
id: rankObj.user.id,
user: rankObj.user.user,
rank: rankObj.rank
}
//Add our user object to the list
userList.push(userObj);
});
const userList = await chanDB.getRankList();
//Send out the userlist we created
res.status(200);
@ -66,3 +61,53 @@ module.exports.get = async function(req, res){
}
}
module.exports.post = async function(req, res){
try{
//Get validation results
const validResult = validationResult(req);
//If we don't have any validation errors
if(validResult.isEmpty()){
const data = matchedData(req);
//Get channel document from sanatized/validated data
const chanDB = await channelModel.findOne({name: data.chanName});
//Get user document from sanatized/validated data
const userDB = await userModel.findOne({user: data.user});
//Get requesting user rank from sanatized/validated data
const chanRank = await chanDB.getChannelRank(req.session.user);
//Get target user rank from sanatized/validated data
const targetChanRank = await chanDB.getChannelRankByUserDoc(userDB);
if(data.user == null || userDB == null){
//If the user is null, scream and shout
res.status(400);
return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(data.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
}else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(chanRank)){
//If the user is below the new rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
}else if(permissionModel.rankToNum(targetChanRank) >= permissionModel.rankToNum(chanRank)){
//If the user is below the original rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
}
//Set rank
var rankList = await chanDB.setRank(userDB, data.rank);
res.status(200);
res.send(rankList);
}else{
//If we received bad input, we have only one action: bitch, moan, and complain!
res.status(400);
res.send({errors: validResult.array()})
}
}catch(err){
console.log(err);
return exceptionHandler(res, err);
}
}