rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Fixed vulnerability in changeRankController.js

Browse source
This commit is contained in:
rainbow napkin 2024-11-24 05:46:15 -05:00
parent 33026a1265
commit 9d401ae6a8
2 changed files with 16 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/controllers/api/admin/changeRankController.js
View file

@ -25,18 +25,31 @@ const userModel = require('../../../schemas/userSchema');
//api change rank functions //api change rank functions
module.exports.post = async function(req, res){ module.exports.post = async function(req, res){
try{ try{
//Get validation results
const validResult = validationResult(req); const validResult = validationResult(req);
//If we don't have any validation errors
if(validResult.isEmpty()){ if(validResult.isEmpty()){
//get validated/sanatized data and use it to find our user from the Database.
const data = matchedData(req); const data = matchedData(req);
const user = await userModel.findOne({user: data.user}); const user = await userModel.findOne({user: data.user});
if(user == null){ if(user == null){
//If the user is null, scream and shout
res.status(400); res.status(400);
res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]}); res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(user.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
}else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(req.session.user.rank)){ }else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the new rank of the user they're setting, scream and shout
res.status(401); res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]}); return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
}else if(permissionModel.rankToNum(user.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the original rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
} }
user.rank = data.rank; user.rank = data.rank;

26
src/schemas/channel/channelSchema.js
View file

@ -142,30 +142,10 @@ channelSchema.methods.updateChannelPerms = async function(permissionsMap){
return this.permissions; return this.permissions;
} }
channelSchema.methods.getChannelRankFromUser = async function(userDB){
}
channelSchema.methods.channelPermCheck = async function(user, perm){ channelSchema.methods.channelPermCheck = async function(user, perm){
const perms = await permissionSchema.getPerms();
//Set user to anon rank if no rank was found for the given user
if(user == null || user.rank == null){
user ={
rank: "anon"
};
}
//Check if this permission exists
if(this.permissions[perm] != null){
//if so get required rank as a number
requiredRank = permissionModel.rankToNum(this[perm]);
//get the required site-wide rank to override channel perms
requiredOverrideRank = permissionModel.rankToNum(perms.channeOverrides[perm]);
//get user site rank as a number
userRank = user ? permissionModel.rankToNum(user.rank) : 0;
}else{
//if not scream and shout
throw new Error(`Permission check '${perm}' not found!`);
}
} }
channelSchema.methods.nuke = async function(confirm){ channelSchema.methods.nuke = async function(confirm){