some stuff again

This commit is contained in:
Evert Prants 2017-08-30 15:23:45 +03:00
parent c12ed739c7
commit 95467dc041
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
9 changed files with 62 additions and 60 deletions

View File

@ -4,6 +4,8 @@
<p>Separate entities owned by Icy Network may have their own Terms and Conditions which you must read and comply with.</p> <p>Separate entities owned by Icy Network may have their own Terms and Conditions which you must read and comply with.</p>
<h2>Who May Use the Services</h2> <h2>Who May Use the Services</h2>
<p>You may use our Services only if you have not been previously unauthorized of doing so and that you are above the legal age of 13. Our Services may contain inappropriate language or images not suitable for minors.</p> <p>You may use our Services only if you have not been previously unauthorized of doing so and that you are above the legal age of 13. Our Services may contain inappropriate language or images not suitable for minors.</p>
<h3>Email Address</h3>
<p>When signing up for an Account, you must provide a valid Email Address. If you use disposable/one-time email addresses, your Account may be subject to deletion.</p>
<h2>Privacy</h2> <h2>Privacy</h2>
<p>Icy Network requires you to sign up for an account or log in using another external website. Please read our <a href="/docs/privacy-policy">Privacy Policies</a> before entering any information into our Services to understand what information we may collect and what it's used for.</p> <p>Icy Network requires you to sign up for an account or log in using another external website. Please read our <a href="/docs/privacy-policy">Privacy Policies</a> before entering any information into our Services to understand what information we may collect and what it's used for.</p>
<h2>Content on the Services</h2> <h2>Content on the Services</h2>

View File

@ -115,8 +115,6 @@ const API = {
return cleanClientObject(raw[0]) return cleanClientObject(raw[0])
}, },
updateClient: async function (id, data) { updateClient: async function (id, data) {
if (isNaN(id)) return {error: 'Invalid client ID'}
let fields = [ let fields = [
'title', 'description', 'url', 'redirect_url', 'scope' 'title', 'description', 'url', 'redirect_url', 'scope'
] ]
@ -207,7 +205,6 @@ const API = {
} }
}, },
removeBan: async function (banId) { removeBan: async function (banId) {
if (isNaN(banId)) return {error: 'Invalid number'}
return Models.Ban.query().delete().where('id', banId) return Models.Ban.query().delete().where('id', banId)
}, },
addBan: async function (data, adminId) { addBan: async function (data, adminId) {

View File

@ -94,7 +94,6 @@ const News = {
return result return result
}, },
edit: async (id, body) => { edit: async (id, body) => {
if (!body.content) return {error: 'Content required'}
let patch = { let patch = {
content: body.content, content: body.content,
updated_at: new Date() updated_at: new Date()

View File

@ -140,12 +140,15 @@ apiRouter.post('/client/new', wrap(async (req, res) => {
})) }))
apiRouter.post('/client/update', wrap(async (req, res) => { apiRouter.post('/client/update', wrap(async (req, res) => {
if (!req.body.id) return res.status(400).jsonp({error: 'ID missing'}) let id = parseInt(req.body.id)
if (!id || isNaN(id)) return res.status(400).jsonp({error: 'ID missing'})
if (req.body.csrf !== req.session.csrf) { if (req.body.csrf !== req.session.csrf) {
return res.status(400).jsonp({error: 'Invalid session'}) return res.status(400).jsonp({error: 'Invalid session'})
} }
let update = await API.updateClient(parseInt(req.body.id), req.body) let update = await API.updateClient(id, req.body)
if (update.error) { if (update.error) {
return res.status(400).jsonp({error: update.error}) return res.status(400).jsonp({error: update.error})
} }

View File

@ -289,12 +289,18 @@ router.get('/news/all/', (req, res) => {
}) })
router.post('/news/edit/:id', wrap(async (req, res, next) => { router.post('/news/edit/:id', wrap(async (req, res, next) => {
let id = parseInt(req.params.id)
if (!req.session.user || req.session.user.privilege < 1) return next() if (!req.session.user || req.session.user.privilege < 1) return next()
if (!req.params.id || isNaN(parseInt(req.params.id))) {
if (!id || isNaN(id)) {
return res.status(400).jsonp({error: 'Invalid ID number.'}) return res.status(400).jsonp({error: 'Invalid ID number.'})
} }
let id = parseInt(req.params.id) if (!req.body.content) {
return res.status(400).jsonp({error: 'Content is required.'})
}
let result = await News.edit(id, req.body) let result = await News.edit(id, req.body)
if (result.error) { if (result.error) {
return res.status(400).jsonp({error: result.error}) return res.status(400).jsonp({error: result.error})

View File

@ -36,6 +36,18 @@ function setSession (req, user) {
} }
} }
function redirectLogin (req, res) {
let uri = '/'
if (req.session.redirectUri) {
uri = req.session.redirectUri
delete req.session.redirectUri
} else if (req.query.redirect) {
uri = req.query.redirect
}
res.redirect(uri)
}
router.use(wrap(async (req, res, next) => { router.use(wrap(async (req, res, next) => {
// Add form messages into the template rendering if present // Add form messages into the template rendering if present
let messages = req.flash('message') let messages = req.flash('message')
@ -104,6 +116,19 @@ function extraButtons (req, res, next) {
next() next()
} }
// Retrieve form data if formError was called
function formKeep (req, res, next) {
let dataSave = req.flash('formkeep')
if (dataSave.length) {
dataSave = dataSave[0]
} else {
dataSave = {}
}
res.locals.formkeep = dataSave
next()
}
// Make sure the user is logged in // Make sure the user is logged in
// Redirect to login page and store the current path in the session for redirecting later // Redirect to login page and store the current path in the session for redirecting later
function ensureLogin (req, res, next) { function ensureLogin (req, res, next) {
@ -113,30 +138,13 @@ function ensureLogin (req, res, next) {
} }
router.get('/login', extraButtons, (req, res) => { router.get('/login', extraButtons, (req, res) => {
if (req.session.user) { if (req.session.user) return redirectLogin(req, res)
let uri = '/'
if (req.session.redirectUri) {
uri = req.session.redirectUri
delete req.session.redirectUri
}
return res.redirect(uri)
}
res.render('user/login') res.render('user/login')
}) })
router.get('/register', extraButtons, (req, res) => { router.get('/register', extraButtons, formKeep, (req, res) => {
if (req.session.user) return res.redirect('/') if (req.session.user) return redirectLogin(req, res)
let dataSave = req.flash('formkeep')
if (dataSave.length) {
dataSave = dataSave[0]
} else {
dataSave = {}
}
res.locals.formkeep = dataSave
if (config.security.recaptcha && config.security.recaptcha.site_key) { if (config.security.recaptcha && config.security.recaptcha.site_key) {
res.locals.recaptcha = config.security.recaptcha.site_key res.locals.recaptcha = config.security.recaptcha.site_key
@ -316,31 +324,12 @@ router.post('/login/verify', wrap(async (req, res, next) => {
let user = await API.User.get(req.session.totp_check) let user = await API.User.get(req.session.totp_check)
delete req.session.totp_check delete req.session.totp_check
// Set session setSession(req, user)
req.session.user = { redirectLogin(req, res)
id: user.id,
username: user.username,
display_name: user.display_name,
email: user.email,
avatar_file: user.avatar_file,
session_refresh: Date.now() + 1800000 // 30 minutes
}
let uri = '/'
if (req.session.redirectUri) {
uri = req.session.redirectUri
delete req.session.redirectUri
}
if (req.query.redirect) {
uri = req.query.redirect
}
res.redirect(uri)
})) }))
// Log the user in // Log the user in. Limited resource
router.post('/login', wrap(async (req, res, next) => { router.post('/login', accountLimiter, wrap(async (req, res, next) => {
if (req.session.user) return next() if (req.session.user) return next()
if (!req.body.username || !req.body.password || req.body.username === '') { if (!req.body.username || !req.body.password || req.body.username === '') {
return res.redirect('/login') return res.redirect('/login')
@ -401,6 +390,12 @@ router.post('/register', accountLimiter, wrap(async (req, res, next) => {
return formError(req, res, 'Invalid session! Try reloading the page.') return formError(req, res, 'Invalid session! Try reloading the page.')
} }
// Ban check
let banStatus = await API.User.getBanStatus(req.realIP, true)
if (banStatus.length) {
return res.render('user/banned', {bans: banStatus, ipban: true})
}
// 1st Check: Username Characters and length // 1st Check: Username Characters and length
let username = req.body.username let username = req.body.username
if (!username || !username.match(/^([\w-_]{3,26})$/i)) { if (!username || !username.match(/^([\w-_]{3,26})$/i)) {
@ -470,7 +465,7 @@ router.post('/register', accountLimiter, wrap(async (req, res, next) => {
// Do not include activation link message when the user is already activated // Do not include activation link message when the user is already activated
let registerMessage = 'Account created successfully!' let registerMessage = 'Account created successfully!'
if (newUser.user && newUser.user.activated !== 1) { if (newUser.user && newUser.user.activated !== 1) {
registerMessage += ' Please check your email for an activation link.' registerMessage += ' Please check your inbox for an activation link. Also, make sure to look into spam folders.'
} }
req.flash('message', {error: false, text: registerMessage}) req.flash('message', {error: false, text: registerMessage})
@ -655,17 +650,17 @@ router.get('/docs/:name', (req, res, next) => {
======== ========
*/ */
function privileged (req, res, next) { function newsPrivilege (req, res, next) {
if (!req.session.user) return res.redirect('/news') if (!req.session.user) return res.redirect('/news')
if (req.session.user.privilege < 1) return res.redirect('/news') if (req.session.user.privilege < 1) return res.redirect('/news')
next() next()
} }
router.get('/news/writer', privileged, wrap(async (req, res) => { router.get('/news/compose', newsPrivilege, formKeep, wrap(async (req, res) => {
res.render('news/composer') res.render('news/composer')
})) }))
router.post('/news/writer', privileged, wrap(async (req, res) => { router.post('/news/compose', newsPrivilege, wrap(async (req, res) => {
if (req.body.csrf !== req.session.csrf) { if (req.body.csrf !== req.session.csrf) {
return formError(req, res, 'Invalid session! Try reloading the page.') return formError(req, res, 'Invalid session! Try reloading the page.')
} }

View File

@ -32,7 +32,7 @@ block body
<div class="display_name">{{display_name}}</div> <div class="display_name">{{display_name}}</div>
<div class="username">{{id}} - {{username}}</div> <div class="username">{{id}} - {{username}}</div>
<div class="email">{{email}}</div> <div class="email">{{email}}</div>
<div class="privilege">Privilege: {{nw_privilege}} points</div> <div class="privilege">Privilege: level {{nw_privilege}}</div>
<div class="timestamp">{{created_at}}</div> <div class="timestamp">{{created_at}}</div>
{{^password}} {{^password}}
<div class="external"><b>Used external login</b></div> <div class="external"><b>Used external login</b></div>

View File

@ -19,11 +19,11 @@ block body
form(action="", method="post") form(action="", method="post")
input(type="hidden", name="csrf", value=csrf) input(type="hidden", name="csrf", value=csrf)
label(for="title") Title label(for="title") Title
input(type="text", name="title", id="title") input(type="text", name="title", id="title", value=formkeep.title)
label(for="composer1") Content label(for="composer1") Content
textarea(name="content" id="composer1") textarea(name="content" id="composer1") #{formkeep.content}
label(for="tags") Tags label(for="tags") Tags
input(type="text", name="tags", id="tags") input(type="text", name="tags", id="tags", value=formkeep.tags)
input(type="submit", value="Submit") input(type="submit", value="Submit")
script. script.
CKEDITOR.replace('composer1') CKEDITOR.replace('composer1')

View File

@ -7,7 +7,7 @@ block body
.document .document
.content .content
if user && user.privilege && user.privilege > 0 if user && user.privilege && user.privilege > 0
a.button(style="float: right;" href="/news/writer") New Article a.button(style="float: right;" href="/news/compose") New Article
h1 Icy Network News Archive h1 Icy Network News Archive
if news.error if news.error
span.error There are no articles to show. span.error There are no articles to show.