From 0d04fb69cf6201399b2a0ee5e2b5003aef77b21d Mon Sep 17 00:00:00 2001 From: Evert Date: Sun, 27 Aug 2017 15:41:44 +0300 Subject: [PATCH] added bans --- server/api/external.js | 37 +++++++++++++++++++++++++++++++++++++ server/api/index.js | 27 +++++++++++++++++++++++++++ server/api/oauth2/model.js | 7 +++++++ views/user/banned.pug | 28 ++++++++++++++++++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 views/user/banned.pug diff --git a/server/api/external.js b/server/api/external.js index 0dd41fc..8e85c5b 100644 --- a/server/api/external.js +++ b/server/api/external.js @@ -28,6 +28,10 @@ const API = { return extr }, + getBan: async (user, ipAddress) => { + let banList = await UAPI.User.getBanStatus(ipAddress || user.id, ipAddress != null) + return banList + }, new: async (service, identifier, user) => { let data = { user_id: user.id, @@ -104,6 +108,10 @@ const API = { let exists = await API.Common.getExternal('fb', uid) if (user) { + // Get bans for user + let bans = await API.Common.getBan(user) + if (bans.length) return { banned: bans, ip: false } + if (exists) return {error: null, user: user} await API.Common.new('fb', uid, user) @@ -112,9 +120,16 @@ const API = { // Callback succeeded with user id and the external table exists, we log in the user if (exists) { + // Get bans for user + let bans = await API.Common.getBan(exists.user) + if (bans.length) return { banned: bans, ip: false } return {error: null, user: exists.user} } + // Get bans for IP address + let bans = await API.Common.getBan(null, data.ip_address) + if (bans.length) return { banned: bans, ip: true } + // Determine profile picture let profilepic = null if (fbdata.picture) { @@ -221,6 +236,10 @@ const API = { let exists = await API.Common.getExternal('twitter', uid) if (user) { + // Get bans for user + let bans = await API.Common.getBan(user) + if (bans.length) return { banned: bans, ip: false } + if (exists) return {error: null, user: user} await API.Common.new('twitter', uid, user) @@ -229,9 +248,16 @@ const API = { // Callback succeeded with user id and the external table exists, we log in the user if (exists) { + // Get bans for user + let bans = await API.Common.getBan(exists.user) + if (bans.length) return { banned: bans, ip: false } return {error: null, user: exists.user} } + // Get bans for IP + let bans = await API.Common.getBan(null, ipAddress) + if (bans.length) return { banned: bans, ip: true } + // Determine profile picture let profilepic = null if (twdata.profile_image_url_https) { @@ -338,6 +364,10 @@ const API = { let exists = await API.Common.getExternal('discord', uid) if (user) { + // Get bans for user + let bans = await API.Common.getBan(user) + if (bans.length) return { banned: bans, ip: false } + if (exists) return {error: null, user: user} await API.Common.new('discord', uid, user) @@ -346,9 +376,16 @@ const API = { // Callback succeeded with user id and the external table exists, we log in the user if (exists) { + // Get bans for user + let bans = await API.Common.getBan(exists.user) + if (bans.length) return { banned: bans, ip: false } return {error: null, user: exists.user} } + // Get bans for IP + let bans = await API.Common.getBan(null, ipAddress) + if (bans.length) return { banned: bans, ip: true } + // Determine profile picture let profilepic = null diff --git a/server/api/index.js b/server/api/index.js index 6148c6b..d8a4327 100644 --- a/server/api/index.js +++ b/server/api/index.js @@ -152,6 +152,33 @@ const API = { return API.User.update(user, {avatar_file: null}) }, + getBanStatus: async function (field, ip = false) { + let bans + if (ip === true) { + bans = await models.Ban.query().where('associated_ip', field) + } else { + bans = await models.Ban.query().where('user_id', field) + } + + let bansActive = [] + + for (let i in bans) { + let ban = bans[i] + + // Check expiry + if (ban.expires_at && new Date(ban.expires_at).getTime() < Date.now()) continue + + let banInfo = { + banned: ban.created_at, + reason: ban.reason, + expiry: ban.expires_at + } + + bansActive.push(banInfo) + } + + return bansActive + }, Login: { password: async function (user, password) { user = await API.User.ensureObject(user, ['password']) diff --git a/server/api/oauth2/model.js b/server/api/oauth2/model.js index 1eb06ba..1c7027d 100644 --- a/server/api/oauth2/model.js +++ b/server/api/oauth2/model.js @@ -208,6 +208,13 @@ const OAuthDB = { checkPassword: Users.User.Login.password, fetchFromRequest: async (req) => { if (!req.session.user) return null + let banStatus = await Users.User.getBanStatus(req.session.user.id) + + if (banStatus.length) { + delete req.session.user + return null + } + return req.session.user }, clientAllowed: async (userId, clientId, scope) => { diff --git a/views/user/banned.pug b/views/user/banned.pug new file mode 100644 index 0000000..8ec2529 --- /dev/null +++ b/views/user/banned.pug @@ -0,0 +1,28 @@ +extends ../layout.pug +block title + |Icy Network - Banned Account + +block body + .wrapper + .boxcont + .box#login + if ipban + h1 This IP Address is BANNED! + else + h1 This User is BANNED! + p This user currently has #{bans.length} ban(s) active + each ban in bans + .message.error.ban + label Banned + .date #{new Date(ban.banned)} + label Reason + .reason #{ban.reason} + label Expires at + .expiry + if !ban.expiry + b This ban is permanent. + else + |#{new Date(ban.expiry)} + if !ban.expiry + b This ban cannot be appealed. +