some stuff again
This commit is contained in:
parent
c12ed739c7
commit
95467dc041
@ -4,6 +4,8 @@
|
|||||||
<p>Separate entities owned by Icy Network may have their own Terms and Conditions which you must read and comply with.</p>
|
<p>Separate entities owned by Icy Network may have their own Terms and Conditions which you must read and comply with.</p>
|
||||||
<h2>Who May Use the Services</h2>
|
<h2>Who May Use the Services</h2>
|
||||||
<p>You may use our Services only if you have not been previously unauthorized of doing so and that you are above the legal age of 13. Our Services may contain inappropriate language or images not suitable for minors.</p>
|
<p>You may use our Services only if you have not been previously unauthorized of doing so and that you are above the legal age of 13. Our Services may contain inappropriate language or images not suitable for minors.</p>
|
||||||
|
<h3>Email Address</h3>
|
||||||
|
<p>When signing up for an Account, you must provide a valid Email Address. If you use disposable/one-time email addresses, your Account may be subject to deletion.</p>
|
||||||
<h2>Privacy</h2>
|
<h2>Privacy</h2>
|
||||||
<p>Icy Network requires you to sign up for an account or log in using another external website. Please read our <a href="/docs/privacy-policy">Privacy Policies</a> before entering any information into our Services to understand what information we may collect and what it's used for.</p>
|
<p>Icy Network requires you to sign up for an account or log in using another external website. Please read our <a href="/docs/privacy-policy">Privacy Policies</a> before entering any information into our Services to understand what information we may collect and what it's used for.</p>
|
||||||
<h2>Content on the Services</h2>
|
<h2>Content on the Services</h2>
|
||||||
|
@ -115,8 +115,6 @@ const API = {
|
|||||||
return cleanClientObject(raw[0])
|
return cleanClientObject(raw[0])
|
||||||
},
|
},
|
||||||
updateClient: async function (id, data) {
|
updateClient: async function (id, data) {
|
||||||
if (isNaN(id)) return {error: 'Invalid client ID'}
|
|
||||||
|
|
||||||
let fields = [
|
let fields = [
|
||||||
'title', 'description', 'url', 'redirect_url', 'scope'
|
'title', 'description', 'url', 'redirect_url', 'scope'
|
||||||
]
|
]
|
||||||
@ -207,7 +205,6 @@ const API = {
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
removeBan: async function (banId) {
|
removeBan: async function (banId) {
|
||||||
if (isNaN(banId)) return {error: 'Invalid number'}
|
|
||||||
return Models.Ban.query().delete().where('id', banId)
|
return Models.Ban.query().delete().where('id', banId)
|
||||||
},
|
},
|
||||||
addBan: async function (data, adminId) {
|
addBan: async function (data, adminId) {
|
||||||
|
@ -94,7 +94,6 @@ const News = {
|
|||||||
return result
|
return result
|
||||||
},
|
},
|
||||||
edit: async (id, body) => {
|
edit: async (id, body) => {
|
||||||
if (!body.content) return {error: 'Content required'}
|
|
||||||
let patch = {
|
let patch = {
|
||||||
content: body.content,
|
content: body.content,
|
||||||
updated_at: new Date()
|
updated_at: new Date()
|
||||||
|
@ -140,12 +140,15 @@ apiRouter.post('/client/new', wrap(async (req, res) => {
|
|||||||
}))
|
}))
|
||||||
|
|
||||||
apiRouter.post('/client/update', wrap(async (req, res) => {
|
apiRouter.post('/client/update', wrap(async (req, res) => {
|
||||||
if (!req.body.id) return res.status(400).jsonp({error: 'ID missing'})
|
let id = parseInt(req.body.id)
|
||||||
|
|
||||||
|
if (!id || isNaN(id)) return res.status(400).jsonp({error: 'ID missing'})
|
||||||
|
|
||||||
if (req.body.csrf !== req.session.csrf) {
|
if (req.body.csrf !== req.session.csrf) {
|
||||||
return res.status(400).jsonp({error: 'Invalid session'})
|
return res.status(400).jsonp({error: 'Invalid session'})
|
||||||
}
|
}
|
||||||
|
|
||||||
let update = await API.updateClient(parseInt(req.body.id), req.body)
|
let update = await API.updateClient(id, req.body)
|
||||||
if (update.error) {
|
if (update.error) {
|
||||||
return res.status(400).jsonp({error: update.error})
|
return res.status(400).jsonp({error: update.error})
|
||||||
}
|
}
|
||||||
|
@ -289,12 +289,18 @@ router.get('/news/all/', (req, res) => {
|
|||||||
})
|
})
|
||||||
|
|
||||||
router.post('/news/edit/:id', wrap(async (req, res, next) => {
|
router.post('/news/edit/:id', wrap(async (req, res, next) => {
|
||||||
|
let id = parseInt(req.params.id)
|
||||||
|
|
||||||
if (!req.session.user || req.session.user.privilege < 1) return next()
|
if (!req.session.user || req.session.user.privilege < 1) return next()
|
||||||
if (!req.params.id || isNaN(parseInt(req.params.id))) {
|
|
||||||
|
if (!id || isNaN(id)) {
|
||||||
return res.status(400).jsonp({error: 'Invalid ID number.'})
|
return res.status(400).jsonp({error: 'Invalid ID number.'})
|
||||||
}
|
}
|
||||||
|
|
||||||
let id = parseInt(req.params.id)
|
if (!req.body.content) {
|
||||||
|
return res.status(400).jsonp({error: 'Content is required.'})
|
||||||
|
}
|
||||||
|
|
||||||
let result = await News.edit(id, req.body)
|
let result = await News.edit(id, req.body)
|
||||||
if (result.error) {
|
if (result.error) {
|
||||||
return res.status(400).jsonp({error: result.error})
|
return res.status(400).jsonp({error: result.error})
|
||||||
|
@ -36,6 +36,18 @@ function setSession (req, user) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function redirectLogin (req, res) {
|
||||||
|
let uri = '/'
|
||||||
|
if (req.session.redirectUri) {
|
||||||
|
uri = req.session.redirectUri
|
||||||
|
delete req.session.redirectUri
|
||||||
|
} else if (req.query.redirect) {
|
||||||
|
uri = req.query.redirect
|
||||||
|
}
|
||||||
|
|
||||||
|
res.redirect(uri)
|
||||||
|
}
|
||||||
|
|
||||||
router.use(wrap(async (req, res, next) => {
|
router.use(wrap(async (req, res, next) => {
|
||||||
// Add form messages into the template rendering if present
|
// Add form messages into the template rendering if present
|
||||||
let messages = req.flash('message')
|
let messages = req.flash('message')
|
||||||
@ -104,6 +116,19 @@ function extraButtons (req, res, next) {
|
|||||||
next()
|
next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Retrieve form data if formError was called
|
||||||
|
function formKeep (req, res, next) {
|
||||||
|
let dataSave = req.flash('formkeep')
|
||||||
|
if (dataSave.length) {
|
||||||
|
dataSave = dataSave[0]
|
||||||
|
} else {
|
||||||
|
dataSave = {}
|
||||||
|
}
|
||||||
|
|
||||||
|
res.locals.formkeep = dataSave
|
||||||
|
next()
|
||||||
|
}
|
||||||
|
|
||||||
// Make sure the user is logged in
|
// Make sure the user is logged in
|
||||||
// Redirect to login page and store the current path in the session for redirecting later
|
// Redirect to login page and store the current path in the session for redirecting later
|
||||||
function ensureLogin (req, res, next) {
|
function ensureLogin (req, res, next) {
|
||||||
@ -113,30 +138,13 @@ function ensureLogin (req, res, next) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
router.get('/login', extraButtons, (req, res) => {
|
router.get('/login', extraButtons, (req, res) => {
|
||||||
if (req.session.user) {
|
if (req.session.user) return redirectLogin(req, res)
|
||||||
let uri = '/'
|
|
||||||
if (req.session.redirectUri) {
|
|
||||||
uri = req.session.redirectUri
|
|
||||||
delete req.session.redirectUri
|
|
||||||
}
|
|
||||||
|
|
||||||
return res.redirect(uri)
|
|
||||||
}
|
|
||||||
|
|
||||||
res.render('user/login')
|
res.render('user/login')
|
||||||
})
|
})
|
||||||
|
|
||||||
router.get('/register', extraButtons, (req, res) => {
|
router.get('/register', extraButtons, formKeep, (req, res) => {
|
||||||
if (req.session.user) return res.redirect('/')
|
if (req.session.user) return redirectLogin(req, res)
|
||||||
|
|
||||||
let dataSave = req.flash('formkeep')
|
|
||||||
if (dataSave.length) {
|
|
||||||
dataSave = dataSave[0]
|
|
||||||
} else {
|
|
||||||
dataSave = {}
|
|
||||||
}
|
|
||||||
|
|
||||||
res.locals.formkeep = dataSave
|
|
||||||
|
|
||||||
if (config.security.recaptcha && config.security.recaptcha.site_key) {
|
if (config.security.recaptcha && config.security.recaptcha.site_key) {
|
||||||
res.locals.recaptcha = config.security.recaptcha.site_key
|
res.locals.recaptcha = config.security.recaptcha.site_key
|
||||||
@ -316,31 +324,12 @@ router.post('/login/verify', wrap(async (req, res, next) => {
|
|||||||
let user = await API.User.get(req.session.totp_check)
|
let user = await API.User.get(req.session.totp_check)
|
||||||
delete req.session.totp_check
|
delete req.session.totp_check
|
||||||
|
|
||||||
// Set session
|
setSession(req, user)
|
||||||
req.session.user = {
|
redirectLogin(req, res)
|
||||||
id: user.id,
|
|
||||||
username: user.username,
|
|
||||||
display_name: user.display_name,
|
|
||||||
email: user.email,
|
|
||||||
avatar_file: user.avatar_file,
|
|
||||||
session_refresh: Date.now() + 1800000 // 30 minutes
|
|
||||||
}
|
|
||||||
|
|
||||||
let uri = '/'
|
|
||||||
if (req.session.redirectUri) {
|
|
||||||
uri = req.session.redirectUri
|
|
||||||
delete req.session.redirectUri
|
|
||||||
}
|
|
||||||
|
|
||||||
if (req.query.redirect) {
|
|
||||||
uri = req.query.redirect
|
|
||||||
}
|
|
||||||
|
|
||||||
res.redirect(uri)
|
|
||||||
}))
|
}))
|
||||||
|
|
||||||
// Log the user in
|
// Log the user in. Limited resource
|
||||||
router.post('/login', wrap(async (req, res, next) => {
|
router.post('/login', accountLimiter, wrap(async (req, res, next) => {
|
||||||
if (req.session.user) return next()
|
if (req.session.user) return next()
|
||||||
if (!req.body.username || !req.body.password || req.body.username === '') {
|
if (!req.body.username || !req.body.password || req.body.username === '') {
|
||||||
return res.redirect('/login')
|
return res.redirect('/login')
|
||||||
@ -401,6 +390,12 @@ router.post('/register', accountLimiter, wrap(async (req, res, next) => {
|
|||||||
return formError(req, res, 'Invalid session! Try reloading the page.')
|
return formError(req, res, 'Invalid session! Try reloading the page.')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ban check
|
||||||
|
let banStatus = await API.User.getBanStatus(req.realIP, true)
|
||||||
|
if (banStatus.length) {
|
||||||
|
return res.render('user/banned', {bans: banStatus, ipban: true})
|
||||||
|
}
|
||||||
|
|
||||||
// 1st Check: Username Characters and length
|
// 1st Check: Username Characters and length
|
||||||
let username = req.body.username
|
let username = req.body.username
|
||||||
if (!username || !username.match(/^([\w-_]{3,26})$/i)) {
|
if (!username || !username.match(/^([\w-_]{3,26})$/i)) {
|
||||||
@ -470,7 +465,7 @@ router.post('/register', accountLimiter, wrap(async (req, res, next) => {
|
|||||||
// Do not include activation link message when the user is already activated
|
// Do not include activation link message when the user is already activated
|
||||||
let registerMessage = 'Account created successfully!'
|
let registerMessage = 'Account created successfully!'
|
||||||
if (newUser.user && newUser.user.activated !== 1) {
|
if (newUser.user && newUser.user.activated !== 1) {
|
||||||
registerMessage += ' Please check your email for an activation link.'
|
registerMessage += ' Please check your inbox for an activation link. Also, make sure to look into spam folders.'
|
||||||
}
|
}
|
||||||
|
|
||||||
req.flash('message', {error: false, text: registerMessage})
|
req.flash('message', {error: false, text: registerMessage})
|
||||||
@ -655,17 +650,17 @@ router.get('/docs/:name', (req, res, next) => {
|
|||||||
========
|
========
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function privileged (req, res, next) {
|
function newsPrivilege (req, res, next) {
|
||||||
if (!req.session.user) return res.redirect('/news')
|
if (!req.session.user) return res.redirect('/news')
|
||||||
if (req.session.user.privilege < 1) return res.redirect('/news')
|
if (req.session.user.privilege < 1) return res.redirect('/news')
|
||||||
next()
|
next()
|
||||||
}
|
}
|
||||||
|
|
||||||
router.get('/news/writer', privileged, wrap(async (req, res) => {
|
router.get('/news/compose', newsPrivilege, formKeep, wrap(async (req, res) => {
|
||||||
res.render('news/composer')
|
res.render('news/composer')
|
||||||
}))
|
}))
|
||||||
|
|
||||||
router.post('/news/writer', privileged, wrap(async (req, res) => {
|
router.post('/news/compose', newsPrivilege, wrap(async (req, res) => {
|
||||||
if (req.body.csrf !== req.session.csrf) {
|
if (req.body.csrf !== req.session.csrf) {
|
||||||
return formError(req, res, 'Invalid session! Try reloading the page.')
|
return formError(req, res, 'Invalid session! Try reloading the page.')
|
||||||
}
|
}
|
||||||
|
@ -32,7 +32,7 @@ block body
|
|||||||
<div class="display_name">{{display_name}}</div>
|
<div class="display_name">{{display_name}}</div>
|
||||||
<div class="username">{{id}} - {{username}}</div>
|
<div class="username">{{id}} - {{username}}</div>
|
||||||
<div class="email">{{email}}</div>
|
<div class="email">{{email}}</div>
|
||||||
<div class="privilege">Privilege: {{nw_privilege}} points</div>
|
<div class="privilege">Privilege: level {{nw_privilege}}</div>
|
||||||
<div class="timestamp">{{created_at}}</div>
|
<div class="timestamp">{{created_at}}</div>
|
||||||
{{^password}}
|
{{^password}}
|
||||||
<div class="external"><b>Used external login</b></div>
|
<div class="external"><b>Used external login</b></div>
|
||||||
|
@ -19,11 +19,11 @@ block body
|
|||||||
form(action="", method="post")
|
form(action="", method="post")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="title") Title
|
label(for="title") Title
|
||||||
input(type="text", name="title", id="title")
|
input(type="text", name="title", id="title", value=formkeep.title)
|
||||||
label(for="composer1") Content
|
label(for="composer1") Content
|
||||||
textarea(name="content" id="composer1")
|
textarea(name="content" id="composer1") #{formkeep.content}
|
||||||
label(for="tags") Tags
|
label(for="tags") Tags
|
||||||
input(type="text", name="tags", id="tags")
|
input(type="text", name="tags", id="tags", value=formkeep.tags)
|
||||||
input(type="submit", value="Submit")
|
input(type="submit", value="Submit")
|
||||||
script.
|
script.
|
||||||
CKEDITOR.replace('composer1')
|
CKEDITOR.replace('composer1')
|
||||||
|
@ -7,7 +7,7 @@ block body
|
|||||||
.document
|
.document
|
||||||
.content
|
.content
|
||||||
if user && user.privilege && user.privilege > 0
|
if user && user.privilege && user.privilege > 0
|
||||||
a.button(style="float: right;" href="/news/writer") New Article
|
a.button(style="float: right;" href="/news/compose") New Article
|
||||||
h1 Icy Network News Archive
|
h1 Icy Network News Archive
|
||||||
if news.error
|
if news.error
|
||||||
span.error There are no articles to show.
|
span.error There are no articles to show.
|
||||||
|
Reference in New Issue
Block a user