rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Added rankfighting to ban.

Browse source
This commit is contained in:
rainbow napkin 2024-12-02 19:50:26 -05:00
parent b138b26f27
commit ef4894e409
6 changed files with 41 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/controllers/api/admin/banController.js
View file

@ -19,6 +19,7 @@ const {validationResult, matchedData} = require('express-validator');
//local imports //local imports
const banModel = require('../../../schemas/userBanSchema'); const banModel = require('../../../schemas/userBanSchema');
const permissionModel = require('../../../schemas/permissionSchema');
const {userModel} = require('../../../schemas/userSchema'); const {userModel} = require('../../../schemas/userSchema');
const {exceptionHandler} = require('../../../utils/loggerUtils'); const {exceptionHandler} = require('../../../utils/loggerUtils');
@ -43,8 +44,17 @@ module.exports.post = async function(req, res){
const userDB = await userModel.findOne({user}); const userDB = await userModel.findOne({user});
if(userDB == null){ if(userDB == null){
//If the user is null, scream and shout
res.status(400); res.status(400);
return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]}); return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(userDB.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "Keep it up, maybe I will ban you!", date: new Date()}]});
}else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the original rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot ban peer/outranking users.", date: new Date()}]});
} }
await banModel.banByUserDoc(userDB, permanent, expirationDays); await banModel.banByUserDoc(userDB, permanent, expirationDays);

14
src/controllers/api/admin/changeRankController.js
View file

@ -32,13 +32,13 @@ module.exports.post = async function(req, res){
if(validResult.isEmpty()){ if(validResult.isEmpty()){
//get validated/sanatized data and use it to find our user from the Database. //get validated/sanatized data and use it to find our user from the Database.
const data = matchedData(req); const data = matchedData(req);
const user = await userModel.findOne({user: data.user}); const userDB = await userModel.findOne({user: data.user});
if(user == null){ if(userDB == null){
//If the user is null, scream and shout //If the user is null, scream and shout
res.status(400); res.status(400);
res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]}); res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(user.user == req.session.user.user){ }else if(userDB.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation //If some smart-ass is trying self-privelege escalation
res.status(401); res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]}); return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
@ -46,17 +46,17 @@ module.exports.post = async function(req, res){
//If the user is below the new rank of the user they're setting, scream and shout //If the user is below the new rank of the user they're setting, scream and shout
res.status(401); res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]}); return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
}else if(permissionModel.rankToNum(user.rank) >= permissionModel.rankToNum(req.session.user.rank)){ }else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the original rank of the user they're setting, scream and shout //If the user is below the original rank of the user they're setting, scream and shout
res.status(401); res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]}); return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
} }
user.rank = data.rank; userDB.rank = data.rank;
await user.save(); await userDB.save();
res.status(200); res.status(200);
return res.send({user: user.user, id: user.id, rank: user.rank}); return res.send({user: userDB.user, id: userDB.id, rank: userDB.rank});
}else{ }else{
res.status(400); res.status(400);
res.send({errors: validResult.array()}) res.send({errors: validResult.array()})

23
src/controllers/api/channel/banController.js
View file

@ -21,6 +21,7 @@ const {validationResult, matchedData} = require('express-validator');
const {exceptionHandler} = require('../../../utils/loggerUtils.js'); const {exceptionHandler} = require('../../../utils/loggerUtils.js');
const {userModel} = require('../../../schemas/userSchema.js'); const {userModel} = require('../../../schemas/userSchema.js');
const channelModel = require('../../../schemas/channel/channelSchema'); const channelModel = require('../../../schemas/channel/channelSchema');
const permissionModel = require('../../../schemas/permissionSchema.js')
//api account functions //api account functions
module.exports.get = async function(req, res){ module.exports.get = async function(req, res){
@ -55,10 +56,28 @@ module.exports.post = async function(req, res){
if(validResult.isEmpty()){ if(validResult.isEmpty()){
//Set channel object from sanatized/validated data, and get user document from session data //Set channel object from sanatized/validated data, and get user document from session data
const {chanName, user, expirationDays, banAlts} = matchedData(req); const {chanName, user, expirationDays, banAlts} = matchedData(req);
const userDB = await userModel.findOne({user}); const initiatorDB = await userModel.findOne({user: req.session.user.user});
const targetDB = await userModel.findOne({user});
const chanDB = await channelModel.findOne({name: chanName}); const chanDB = await channelModel.findOne({name: chanName});
await chanDB.banByUserDoc(userDB, expirationDays, banAlts); const initiatorRank = await chanDB.getChannelRankByUserDoc(initiatorDB);
const targetRank = await chanDB.getChannelRankByUserDoc(targetDB);
if(targetDB == null){
//If the user is null, scream and shout
res.status(400);
return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(targetDB.user == req.session.user.user){
//If some smart-ass is trying to self-ban
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "Keep it up, maybe I will ban you!", date: new Date()}]});
}else if(permissionModel.rankToNum(targetRank) >= permissionModel.rankToNum(initiatorRank)){
//If the user is trying to ban a peer/outranking user
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot ban peer/outranking users.", date: new Date()}]});
}
await chanDB.banByUserDoc(targetDB, expirationDays, banAlts);
res.status(200); res.status(200);
return res.send(await chanDB.getChanBans()); return res.send(await chanDB.getChanBans());

2
src/schemas/channel/channelSchema.js
View file

@ -220,7 +220,7 @@ channelSchema.statics.reqPermCheck = function(perm, chanField = "chanName"){
}else{ }else{
//If not, prevent the request from going through and tell them why //If not, prevent the request from going through and tell them why
res.status(401); res.status(401);
return res.send({error:`You do not have a high enough rank to access this resource.`}); return res.send({errors:[{type: "Unauthorized", msg: "You do not have a high enough rank to access this resource.", date: new Date()}]});
} }
}); });
}); });

2
src/schemas/permissionSchema.js
View file

@ -113,7 +113,7 @@ permissionSchema.statics.reqPermCheck = function(perm){
next(); next();
}else{ }else{
res.status(401); res.status(401);
res.send({error:`You do not have a high enough rank to access this resource.`}); return res.send({errors:[{type: "Unauthorized", msg: "You do not have a high enough rank to access this resource.", date: new Date()}]});
} }
} }
} }

2
src/schemas/userSchema.js
View file

@ -280,7 +280,7 @@ userSchema.methods.nuke = async function(pass){
var oldUser = await module.exports.userModel.deleteOne(this); var oldUser = await module.exports.userModel.deleteOne(this);
if(oldUser){ if(oldUser){
await this.killAllSessions("This account has been deleted. So long, and thanks for all the fish! <3"); await this.killAllSessions("If you're seeing this, your account has been deleted. So long, and thanks for all the fish! <3");
}else{ }else{
throw new Error("Server Error: Unable to delete account! Please report this error to your server administrator, and with timestamp."); throw new Error("Server Error: Unable to delete account! Please report this error to your server administrator, and with timestamp.");
} }