Implemented permabans

2021-03-28 08:32:28 +11:00
parent e597974581
commit 547d5dba1c
7 changed files with 106 additions and 1 deletions
@@ -0,0 +1,37 @@
 const { accounts, tokens } = require('../database/models');
 const Sequelize = require('sequelize');
 const Op = Sequelize.Op;
 //admin/banuser
 const route = async (req, res) => {
 	const updated = await accounts.update({
 		banned: true
 	}, {
 		where: {
 			username: {
 				[Op.eq]: req.body.username
 			},
 			admin: {
 				[Op.not]: true
 			},
 			mod: {
 				[Op.not]: true
 			}
 		}
 	});
 	if (!updated[0]) {
 		return res.status(500).send('Failed to set banned status');
 	}
 	//forcibly logout
 	tokens.destroy({
 		where: {
 			username: req.body.username
 		}
 	});
 	res.status(200).end();
 };
 module.exports = route;
@@ -1,10 +1,46 @@
 const express = require('express');
 const router = express.Router();
 const { accounts } = require('../database/models');
 //middleware
 const tokenAuth = require('../utilities/token-auth');
 router.use(tokenAuth);
 //handle ban stuff
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
 			username: req.user.username
 		}
 	});
 	if (!record) {
 		return res.status(500).send('Account not found in banning middleware');
 	}
 	if (record.banned) {
 		return res.status(403).send('This account has been banned');
 	}
 	next();
 });
 //handle mod stuff
 router.use((req, res, next) => {
 	//check the user's mod status
 	if (!req.user.mod) {
 		return res.status(401).send('Mods only');
 	}
 	next();
 });
 //routes
 router.post('/banuser', require('./ban-user'));
 //handle admin stuff
 router.use((req, res, next) => {
 	//check the user's admin status
 	if (!req.user.admin) {
@@ -1,6 +1,8 @@
 const express = require('express');
 const router = express.Router();
 const { accounts } = require('../database/models');
 //middleware
 const tokenAuth = require('../utilities/token-auth');
@@ -15,6 +17,24 @@ router.post('/token', require('./token'));
 //middleware
 router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
 			username: req.user.username
 		}
 	});
 	if (!record) {
 		return res.status(500).send('Account not found in banning middleware');
 	}
 	if (record.banned) {
 		return res.status(403).send('This account has been banned');
 	}
 	next();
 });
 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
 router.get('/account', require('./account-query'));
@@ -42,6 +42,11 @@ const route = async (req, res) => {
 		}
 	});
 	//reject on banned
 	if (account.banned) {
 		return res.status(403).send('this account has been banned');
 	}
 	//generate the JWT
 	const tokens = generate(account.id, account.username, account.type, account.admin, account.mod);
@@ -40,6 +40,12 @@ module.exports = sequelize.define('accounts', {
 		defaultValue: false
 	},
 	banned: {
 		type: Sequelize.BOOLEAN,
 		allowNull: false,
 		defaultValue: false
 	},
 	contact: {
 		type: Sequelize.BOOLEAN,
 		allowNull: false,
@@ -3,4 +3,5 @@ const sequelize = require('..');
 module.exports = sequelize.define('tokens', {
 	token: 'varchar(320)',
 	username: 'varchar(320)'
 });
@@ -14,7 +14,7 @@ module.exports = (id, username, type, admin, mod) => {
 	const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m' });
 	const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d' });
-	tokens.create({ token: refreshToken });
+	tokens.create({ token: refreshToken, username: username });
 	return { accessToken, refreshToken };
 };