Fixed vulnerability in changeRankController.js

2024-11-24 05:46:15 -05:00 · 2024-11-24 05:46:15 -05:00 · 9d401ae6a8
parent 33026a1265
commit 9d401ae6a8
2 changed files with 16 additions and 23 deletions
--- a/src/controllers/api/admin/changeRankController.js
+++ b/src/controllers/api/admin/changeRankController.js
@ -25,18 +25,31 @@ const userModel = require('../../../schemas/userSchema');
 //api change rank functions
 module.exports.post = async function(req, res){
    try{
+        //Get validation results
        const validResult = validationResult(req);

+        //If we don't have any validation errors
        if(validResult.isEmpty()){
+            //get validated/sanatized data and use it to find our user from the Database.
            const data = matchedData(req);
            const user = await userModel.findOne({user: data.user});

            if(user == null){
+                //If the user is null, scream and shout
                res.status(400);
                res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
+            }else if(user.user == req.session.user.user){
+                //If some smart-ass is trying self-privelege escalation
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
            }else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(req.session.user.rank)){
+                //If the user is below the new rank of the user they're setting, scream and shout
                res.status(401);
                return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
+            }else if(permissionModel.rankToNum(user.rank) >= permissionModel.rankToNum(req.session.user.rank)){
+                //If the user is below the original rank of the user they're setting, scream and shout
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
            }

            user.rank = data.rank;
--- a/src/schemas/channel/channelSchema.js
+++ b/src/schemas/channel/channelSchema.js
@ -142,30 +142,10 @@ channelSchema.methods.updateChannelPerms = async function(permissionsMap){
    return this.permissions;
 }

+channelSchema.methods.getChannelRankFromUser = async function(userDB){
+}
+
 channelSchema.methods.channelPermCheck = async function(user, perm){
-    const perms = await permissionSchema.getPerms();
-
-    //Set user to anon rank if no rank was found for the given user
-    if(user == null || user.rank == null){
-        user ={
-            rank: "anon"
-        };
-    }
-
-    //Check if this permission exists
-    if(this.permissions[perm] != null){
-        //if so get required rank as a number
-        requiredRank = permissionModel.rankToNum(this[perm]);
-        //get the required site-wide rank to override channel perms
-        requiredOverrideRank = permissionModel.rankToNum(perms.channeOverrides[perm]);
-
-        //get user site rank as a number
-        userRank = user ? permissionModel.rankToNum(user.rank) : 0;
-
-    }else{
-        //if not scream and shout
-        throw new Error(`Permission check '${perm}' not found!`);
-    }
 }

 channelSchema.methods.nuke = async function(confirm){