rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Finished up with IP-Ban functionality on the back-end. Just need to finish up with UI.

Browse source
This commit is contained in:
rainbow napkin 2025-01-01 17:36:43 -05:00
parent 756c42ceaa
commit 977e8e1e2e
16 changed files with 284 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

62
src/app/channel/channelManager.js
View file

@ -18,6 +18,7 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
const channelModel = require('../../schemas/channel/channelSchema');
const emoteModel = require('../../schemas/emoteSchema');
const {userModel} = require('../../schemas/user/userSchema');
const userBanModel = require('../../schemas/user/userBanSchema');
const loggerUtils = require('../../utils/loggerUtils');
const csrfUtils = require('../../utils/csrfUtils');
const activeChannel = require('./activeChannel');
@ -39,23 +40,29 @@ module.exports = class{
}
async handleConnection(socket){
//Prevent logged out connections and authenticate socket
if(socket.request.session.user != null){
try{
try{
//ensure unbanned ip and valid CSRF token
if(!(await this.validateSocket(socket))){
socket.disconnect();
return;
}
//Prevent logged out connections and authenticate socket
if(socket.request.session.user != null){
//Authenticate socket
const userDB = await this.authSocket(socket);
//Get the active channel based on the socket
var {activeChan, chanDB} = await this.getActiveChan(socket);
//Check for ban
//Check for chan ban
const ban = await chanDB.checkBanByUserDoc(userDB);
if(ban != null){
//Toss out banned user's
if(ban.expirationDays < 0){
socket.emit("kick", {type: "Banned", reason: "You have been permanently banned from this channel!"});
socket.emit("kick", {type: "kicked", reason: "You have been permanently banned from this channel!"});
}else{
socket.emit("kick", {type: "Banned", reason: `You have been temporarily banned from this channel, and will be unbanned in ${ban.getDaysUntilExpiration()} day(s)!`});
socket.emit("kick", {type: "kicked", reason: `You have been temporarily banned from this channel, and will be unbanned in ${ban.getDaysUntilExpiration()} day(s)!`});
}
socket.disconnect();
return;
@ -68,24 +75,41 @@ module.exports = class{
//Connect the socket to it's given channel
//Lil' hacky to pass chanDB like that, but why double up on DB calls?
activeChan.handleConnection(userDB, chanDB, socket);
}catch(err){
//Flip a table if something fucks up
return loggerUtils.socketCriticalExceptionHandler(socket, err);
}else{
//Toss out anon's
socket.emit("kick", {type: "disconnected", reason: "You must log-in to join this channel!"});
socket.disconnect();
return;
}
}else{
//Toss out anon's
socket.emit("kick", {type: "Disconnected", reason: "You must log-in to join this channel!"});
socket.disconnect();
return;
}catch(err){
//Flip a table if something fucks up
return loggerUtils.socketCriticalExceptionHandler(socket, err);
}
}
async validateSocket(socket){
//Look for ban by IP
const ipBanDB = await userBanModel.checkBanByIP(socket.handshake.address);
//If this ip is randy bobandy
if(ipBanDB != null){
//tell it to fuck off
socket.emit("kick", {type: "kicked", reason: "The IP address you are trying to connect from has been banned!"});
return false;
}
//Check for Cross-Site Request Forgery
if(!csrfUtils.isRequestValid(socket.request)){
socket.emit("kick", {type: "disconnected", reason: "Invalid CSRF Token!"});
return false;
}
return true;
}
async authSocket(socket){
//Check for Cross-Site Request Forgery
if(!csrfUtils.isRequestValid(socket.request)){
throw new Error("Invalid CSRF Token!");
}
//Find the user in the Database since the session won't store enough data to fulfill our needs :P
const userDB = await userModel.findOne({user: socket.request.session.user.user});