diff --git a/server/admin/ban-user.js b/server/admin/ban-user.js new file mode 100644 index 0000000..1128979 --- /dev/null +++ b/server/admin/ban-user.js @@ -0,0 +1,37 @@ +const { accounts, tokens } = require('../database/models'); +const Sequelize = require('sequelize'); +const Op = Sequelize.Op; + +//admin/banuser +const route = async (req, res) => { + const updated = await accounts.update({ + banned: true + }, { + where: { + username: { + [Op.eq]: req.body.username + }, + admin: { + [Op.not]: true + }, + mod: { + [Op.not]: true + } + } + }); + + if (!updated[0]) { + return res.status(500).send('Failed to set banned status'); + } + + //forcibly logout + tokens.destroy({ + where: { + username: req.body.username + } + }); + + res.status(200).end(); +}; + +module.exports = route; \ No newline at end of file diff --git a/server/admin/index.js b/server/admin/index.js index 6cdd939..0ca330d 100644 --- a/server/admin/index.js +++ b/server/admin/index.js @@ -1,10 +1,46 @@ const express = require('express'); const router = express.Router(); +const { accounts } = require('../database/models'); + //middleware const tokenAuth = require('../utilities/token-auth'); router.use(tokenAuth); + +//handle ban stuff +router.use(async (req, res, next) => { + const record = await accounts.findOne({ + where: { + username: req.user.username + } + }); + + if (!record) { + return res.status(500).send('Account not found in banning middleware'); + } + + if (record.banned) { + return res.status(403).send('This account has been banned'); + } + + next(); +}); + +//handle mod stuff +router.use((req, res, next) => { + //check the user's mod status + if (!req.user.mod) { + return res.status(401).send('Mods only'); + } + + next(); +}); + +//routes +router.post('/banuser', require('./ban-user')); + +//handle admin stuff router.use((req, res, next) => { //check the user's admin status if (!req.user.admin) { diff --git a/server/auth/index.js b/server/auth/index.js index ab07546..b0a79c6 100644 --- a/server/auth/index.js +++ b/server/auth/index.js @@ -1,6 +1,8 @@ const express = require('express'); const router = express.Router(); +const { accounts } = require('../database/models'); + //middleware const tokenAuth = require('../utilities/token-auth'); @@ -15,6 +17,24 @@ router.post('/token', require('./token')); //middleware router.use(tokenAuth); +router.use(async (req, res, next) => { + const record = await accounts.findOne({ + where: { + username: req.user.username + } + }); + + if (!record) { + return res.status(500).send('Account not found in banning middleware'); + } + + if (record.banned) { + return res.status(403).send('This account has been banned'); + } + + next(); +}); + //basic account management (needs a token) router.delete('/logout', require('./logout')); router.get('/account', require('./account-query')); diff --git a/server/auth/login.js b/server/auth/login.js index c2db5c9..8140da0 100644 --- a/server/auth/login.js +++ b/server/auth/login.js @@ -42,6 +42,11 @@ const route = async (req, res) => { } }); + //reject on banned + if (account.banned) { + return res.status(403).send('this account has been banned'); + } + //generate the JWT const tokens = generate(account.id, account.username, account.type, account.admin, account.mod); diff --git a/server/database/models/accounts.js b/server/database/models/accounts.js index 1f31a42..2bd7625 100644 --- a/server/database/models/accounts.js +++ b/server/database/models/accounts.js @@ -40,6 +40,12 @@ module.exports = sequelize.define('accounts', { defaultValue: false }, + banned: { + type: Sequelize.BOOLEAN, + allowNull: false, + defaultValue: false + }, + contact: { type: Sequelize.BOOLEAN, allowNull: false, diff --git a/server/database/models/tokens.js b/server/database/models/tokens.js index 9f2ce17..c7dfb8c 100644 --- a/server/database/models/tokens.js +++ b/server/database/models/tokens.js @@ -3,4 +3,5 @@ const sequelize = require('..'); module.exports = sequelize.define('tokens', { token: 'varchar(320)', + username: 'varchar(320)' }); diff --git a/server/utilities/token-generate.js b/server/utilities/token-generate.js index 8f83884..3f70394 100644 --- a/server/utilities/token-generate.js +++ b/server/utilities/token-generate.js @@ -14,7 +14,7 @@ module.exports = (id, username, type, admin, mod) => { const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m' }); const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d' }); - tokens.create({ token: refreshToken }); + tokens.create({ token: refreshToken, username: username }); return { accessToken, refreshToken }; }; \ No newline at end of file