Added rankfighting to ban.

src/controllers/api/admin/banController.js

@@ -19,6 +19,7 @@ const {validationResult, matchedData} = require('express-validator');
 
 //local imports
 const banModel = require('../../../schemas/userBanSchema');
+const permissionModel = require('../../../schemas/permissionSchema');
 const {userModel} = require('../../../schemas/userSchema');
 const {exceptionHandler} = require('../../../utils/loggerUtils');
 
@@ -43,8 +44,17 @@ module.exports.post = async function(req, res){
             const userDB = await userModel.findOne({user});
 
             if(userDB == null){
+                //If the user is null, scream and shout
                 res.status(400);
                 return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
+            }else if(userDB.user == req.session.user.user){
+                //If some smart-ass is trying self-privelege escalation
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "Keep it up, maybe I will ban you!", date: new Date()}]});
+            }else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
+                //If the user is below the original rank of the user they're setting, scream and shout
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "You cannot ban peer/outranking users.", date: new Date()}]});
             }
 
             await banModel.banByUserDoc(userDB, permanent, expirationDays);

src/controllers/api/admin/changeRankController.js

@@ -32,13 +32,13 @@ module.exports.post = async function(req, res){
         if(validResult.isEmpty()){
             //get validated/sanatized data and use it to find our user from the Database.
             const data = matchedData(req);
-            const user = await userModel.findOne({user: data.user});
+            const userDB = await userModel.findOne({user: data.user});
 
-            if(user == null){
+            if(userDB == null){
                 //If the user is null, scream and shout
                 res.status(400);
                 res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
-            }else if(user.user == req.session.user.user){
+            }else if(userDB.user == req.session.user.user){
                 //If some smart-ass is trying self-privelege escalation
                 res.status(401);
                 return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
@@ -46,17 +46,17 @@ module.exports.post = async function(req, res){
                 //If the user is below the new rank of the user they're setting, scream and shout
                 res.status(401);
                 return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
-            }else if(permissionModel.rankToNum(user.rank) >= permissionModel.rankToNum(req.session.user.rank)){
+            }else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
                 //If the user is below the original rank of the user they're setting, scream and shout
                 res.status(401);
                 return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
             }
 
-            user.rank = data.rank;
-            await user.save();
+            userDB.rank = data.rank;
+            await userDB.save();
 
             res.status(200);
-            return res.send({user: user.user, id: user.id, rank: user.rank});
+            return res.send({user: userDB.user, id: userDB.id, rank: userDB.rank});
         }else{
             res.status(400);
             res.send({errors: validResult.array()})

src/controllers/api/channel/banController.js

@@ -21,6 +21,7 @@ const {validationResult, matchedData} = require('express-validator');
 const {exceptionHandler} = require('../../../utils/loggerUtils.js');
 const {userModel} = require('../../../schemas/userSchema.js');
 const channelModel = require('../../../schemas/channel/channelSchema');
+const permissionModel = require('../../../schemas/permissionSchema.js')
 
 //api account functions
 module.exports.get = async function(req, res){
@@ -55,10 +56,28 @@ module.exports.post = async function(req, res){
         if(validResult.isEmpty()){
             //Set channel object from sanatized/validated data, and get user document from session data
             const {chanName, user, expirationDays, banAlts} = matchedData(req);
-            const userDB = await userModel.findOne({user});
+            const initiatorDB = await userModel.findOne({user: req.session.user.user});
+            const targetDB = await userModel.findOne({user});
             const chanDB = await channelModel.findOne({name: chanName});
 
-            await chanDB.banByUserDoc(userDB, expirationDays, banAlts);
+            const initiatorRank = await chanDB.getChannelRankByUserDoc(initiatorDB);
+            const targetRank = await chanDB.getChannelRankByUserDoc(targetDB);
+
+            if(targetDB == null){
+                //If the user is null, scream and shout
+                res.status(400);
+                return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
+            }else if(targetDB.user == req.session.user.user){
+                //If some smart-ass is trying to self-ban
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "Keep it up, maybe I will ban you!", date: new Date()}]});
+            }else if(permissionModel.rankToNum(targetRank) >= permissionModel.rankToNum(initiatorRank)){
+                //If the user is trying to ban a peer/outranking user
+                res.status(401);
+                return res.send({errors:[{type: "Unauthorized", msg: "You cannot ban peer/outranking users.", date: new Date()}]});
+            }
+
+            await chanDB.banByUserDoc(targetDB, expirationDays, banAlts);
 
             res.status(200);
             return res.send(await chanDB.getChanBans());

src/schemas/channel/channelSchema.js

@@ -220,7 +220,7 @@ channelSchema.statics.reqPermCheck = function(perm, chanField = "chanName"){
                     }else{
                         //If not, prevent the request from going through and tell them why
                         res.status(401);
-                        return res.send({error:`You do not have a high enough rank to access this resource.`});
+                        return res.send({errors:[{type: "Unauthorized", msg: "You do not have a high enough rank to access this resource.", date: new Date()}]});
                     }
                 });
             });

src/schemas/permissionSchema.js

@@ -113,7 +113,7 @@ permissionSchema.statics.reqPermCheck = function(perm){
             next();
         }else{
             res.status(401);
-            res.send({error:`You do not have a high enough rank to access this resource.`});
+            return res.send({errors:[{type: "Unauthorized", msg: "You do not have a high enough rank to access this resource.", date: new Date()}]});
         }
     }
 }

src/schemas/userSchema.js

@@ -280,7 +280,7 @@ userSchema.methods.nuke = async function(pass){
         var oldUser = await module.exports.userModel.deleteOne(this);
 
         if(oldUser){
-            await this.killAllSessions("This account has been deleted. So long, and thanks for all the fish! <3");
+            await this.killAllSessions("If you're seeing this, your account has been deleted. So long, and thanks for all the fish! <3");
         }else{
             throw new Error("Server Error: Unable to delete account! Please report this error to your server administrator, and with timestamp.");
         }