added bans

server/api/external.js

@@ -28,6 +28,10 @@ const API = {
 
       return extr
     },
+    getBan: async (user, ipAddress) => {
+      let banList = await UAPI.User.getBanStatus(ipAddress || user.id, ipAddress != null)
+      return banList
+    },
     new: async (service, identifier, user) => {
       let data = {
         user_id: user.id,
@@ -104,6 +108,10 @@ const API = {
       let exists = await API.Common.getExternal('fb', uid)
 
       if (user) {
+        // Get bans for user
+        let bans = await API.Common.getBan(user)
+        if (bans.length) return { banned: bans, ip: false }
+
         if (exists) return {error: null, user: user}
 
         await API.Common.new('fb', uid, user)
@@ -112,9 +120,16 @@ const API = {
 
       // Callback succeeded with user id and the external table exists, we log in the user
       if (exists) {
+        // Get bans for user
+        let bans = await API.Common.getBan(exists.user)
+        if (bans.length) return { banned: bans, ip: false }
         return {error: null, user: exists.user}
       }
 
+      // Get bans for IP address
+      let bans = await API.Common.getBan(null, data.ip_address)
+      if (bans.length) return { banned: bans, ip: true }
+
       // Determine profile picture
       let profilepic = null
       if (fbdata.picture) {
@@ -221,6 +236,10 @@ const API = {
       let exists = await API.Common.getExternal('twitter', uid)
 
       if (user) {
+        // Get bans for user
+        let bans = await API.Common.getBan(user)
+        if (bans.length) return { banned: bans, ip: false }
+
         if (exists) return {error: null, user: user}
 
         await API.Common.new('twitter', uid, user)
@@ -229,9 +248,16 @@ const API = {
 
       // Callback succeeded with user id and the external table exists, we log in the user
       if (exists) {
+        // Get bans for user
+        let bans = await API.Common.getBan(exists.user)
+        if (bans.length) return { banned: bans, ip: false }
         return {error: null, user: exists.user}
       }
 
+      // Get bans for IP
+      let bans = await API.Common.getBan(null, ipAddress)
+      if (bans.length) return { banned: bans, ip: true }
+
       // Determine profile picture
       let profilepic = null
       if (twdata.profile_image_url_https) {
@@ -338,6 +364,10 @@ const API = {
       let exists = await API.Common.getExternal('discord', uid)
 
       if (user) {
+        // Get bans for user
+        let bans = await API.Common.getBan(user)
+        if (bans.length) return { banned: bans, ip: false }
+
         if (exists) return {error: null, user: user}
 
         await API.Common.new('discord', uid, user)
@@ -346,9 +376,16 @@ const API = {
 
       // Callback succeeded with user id and the external table exists, we log in the user
       if (exists) {
+        // Get bans for user
+        let bans = await API.Common.getBan(exists.user)
+        if (bans.length) return { banned: bans, ip: false }
         return {error: null, user: exists.user}
       }
 
+      // Get bans for IP
+      let bans = await API.Common.getBan(null, ipAddress)
+      if (bans.length) return { banned: bans, ip: true }
+
       // Determine profile picture
       let profilepic = null
 

server/api/index.js

@@ -152,6 +152,33 @@ const API = {
 
       return API.User.update(user, {avatar_file: null})
     },
+    getBanStatus: async function (field, ip = false) {
+      let bans
+      if (ip === true) {
+        bans = await models.Ban.query().where('associated_ip', field)
+      } else {
+        bans = await models.Ban.query().where('user_id', field)
+      }
+
+      let bansActive = []
+
+      for (let i in bans) {
+        let ban = bans[i]
+
+        // Check expiry
+        if (ban.expires_at && new Date(ban.expires_at).getTime() < Date.now()) continue
+
+        let banInfo = {
+          banned: ban.created_at,
+          reason: ban.reason,
+          expiry: ban.expires_at
+        }
+
+        bansActive.push(banInfo)
+      }
+
+      return bansActive
+    },
     Login: {
       password: async function (user, password) {
         user = await API.User.ensureObject(user, ['password'])

server/api/oauth2/model.js

@@ -208,6 +208,13 @@ const OAuthDB = {
     checkPassword: Users.User.Login.password,
     fetchFromRequest: async (req) => {
       if (!req.session.user) return null
+      let banStatus = await Users.User.getBanStatus(req.session.user.id)
+
+      if (banStatus.length) {
+        delete req.session.user
+        return null
+      }
+
       return req.session.user
     },
     clientAllowed: async (userId, clientId, scope) => {

views/user/banned.pug

@@ -0,0 +1,28 @@
+extends ../layout.pug
+block title
+	|Icy Network - Banned Account
+
+block body
+	.wrapper
+		.boxcont
+			.box#login
+				if ipban
+					h1 This IP Address is BANNED!
+				else
+					h1 This User is BANNED!
+				p This user currently has #{bans.length} ban(s) active
+				each ban in bans
+					.message.error.ban
+						label Banned
+						.date #{new Date(ban.banned)}
+						label Reason
+						.reason #{ban.reason}
+						label Expires at
+						.expiry
+							if !ban.expiry
+								b This ban is permanent.
+							else
+								|#{new Date(ban.expiry)}
+						if !ban.expiry
+							b This ban cannot be appealed.
+