Implemented permabans

Updated admin and mod flag system
Updated libraries
2021-03-28 08:32:28 +11:00 · 2021-03-24 08:22:47 +11:00 · 2021-03-24 01:52:17 +11:00 · 2021-03-22 16:43:39 +11:00 · 2021-03-14 04:35:03 +11:00 · 2021-03-12 15:04:01 +11:00
21 changed files with 327 additions and 79 deletions
@@ -6,15 +6,26 @@ DB_HOSTNAME=database
 DB_DATABASE=auth
 DB_USERNAME=auth
 DB_PASSWORD=venusaur
-DB_TIMEZONE=Australia/Sydney

 MAIL_SMTP=smtp.example.com
 MAIL_USERNAME=foobar@example.com
 MAIL_PASSWORD=examplepassword
 MAIL_PHYSICAL=42 Placeholder Ave, Placeholder, 0000, USA

+# Give this a value to generate the default admin account
 ADMIN_DEFAULT_USERNAME=admin
+
+# Give this a value to generate the default admin account (must be at least 8 characters)
 ADMIN_DEFAULT_PASSWORD=password

+# Select a "TZ database name" that suits your needs: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+DB_TIMEZONE=Australia/Sydney
+
+# Give this any value to enable database logging (such as "true")
+DB_LOGGING=
+
+# Make sure this value matches the system that you connect to
 SECRET_ACCESS=access
+
+# Make sure this value is kept secret
 SECRET_REFRESH=refresh
@@ -37,9 +37,13 @@ Content-Type: application/json
 	"refreshToken": "fghij"
 }

-//DOCS: Retreives the private account data, results vary
-GET /auth/account
-Authorization: Bearer accessToken
+//Replace an expired authToken pair with these values
+POST /auth/token
+Content-Type: application/json
+
+{
+	"token": "refreshToken"
+}

 //DOCS: After this is called, the refresh route will no longer work
 DELETE /auth/logout
@@ -49,13 +53,9 @@ Authorization: Bearer accessToken
 	"token": "refreshToken"
 }

-//Replace an expired authToken pair with these values
-POST /auth/token
-Content-Type: application/json
-
-{
-	"token": "refreshToken"
-}
+//DOCS: Retreives the private account data, results vary
+GET /auth/account
+Authorization: Bearer accessToken

 //Result
 {
@@ -64,17 +64,16 @@ Content-Type: application/json
 }

 //DOCS: Update account data, input varies, but is always JSON
-PATCH /auth/update
+PATCH /auth/account
 Content-Type: application/json
 Authorization: Bearer accessToken

 //DOCS: Sets the timer, account will be deleted after 2 days
-DELETE /auth/deletion
+DELETE /auth/account
 Authorization: Bearer accessToken
 Content-Type: application/json

 {
 	"password": "helloworld"
 }
-
 ```
@@ -50,9 +50,9 @@
      "integrity": "sha512-wE2v81i4C4Ol09RtsWFAqg3BUitWbHSpSlIo+bNdsCJijO9sjme+zm+73ZMCa/qMC8UEERxzGbvmr1cffo2SiQ=="
    },
    "node_modules/@types/node": {
-      "version": "14.14.31",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.31.tgz",
-      "integrity": "sha512-vFHy/ezP5qI0rFgJ7aQnjDXwAMrG0KqqIH7tQG5PPv3BWBayOPIQNBjVc/P6hhdZfMx51REc6tfDNXHUio893g=="
+      "version": "14.14.35",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.35.tgz",
+      "integrity": "sha512-Lt+wj8NVPx0zUmUwumiVXapmaLUcAk3yPuHCFVXras9k5VT9TdhJqKqGVUQCD60OTMCl0qxJ57OiTL0Mic3Iag=="
    },
    "node_modules/abbrev": {
      "version": "1.1.1",
@@ -760,9 +760,9 @@
      }
    },
    "node_modules/glob-parent": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz",
-      "integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==",
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "dependencies": {
        "is-glob": "^4.0.1"
@@ -1013,9 +1013,9 @@
      }
    },
    "node_modules/is-path-inside": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.2.tgz",
-      "integrity": "sha512-/2UGPSgmtqwo1ktx8NDHjuPwZWmHhO+gj0f93EkhLB5RgW9RZevWYYlIkS6zePc6U2WpOdQYIwHe9YC4DWEBVg==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz",
+      "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==",
      "dev": true,
      "engines": {
        "node": ">=8"
@@ -1407,9 +1407,6 @@
      },
      "bin": {
        "nopt": "bin/nopt.js"
-      },
-      "engines": {
-        "node": "*"
      }
    },
    "node_modules/normalize-path": {
@@ -1752,9 +1749,9 @@
      "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
    },
    "node_modules/sequelize": {
-      "version": "6.5.0",
-      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.5.0.tgz",
-      "integrity": "sha512-owBt8fnzVy8E1OvyCyfCdVk7OOLyPVrBCMEf+CvRReC5oCyo+UqeXCtwaex9L6LM9ifZ1i3TG3sFeM5MgLK0CQ==",
+      "version": "6.6.2",
+      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.6.2.tgz",
+      "integrity": "sha512-H/zrzmTK+tis9PJaSigkuXI57nKBvNCtPQol0yxCvau1iWLzSOuq8t3tMOVeQ+Ep8QH2HoD9/+FCCIAqzUr/BQ==",
      "dependencies": {
        "debug": "^4.1.1",
        "dottie": "^2.0.0",
@@ -1824,9 +1821,9 @@
      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
    },
    "node_modules/sequelize/node_modules/semver": {
-      "version": "7.3.4",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz",
-      "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==",
+      "version": "7.3.5",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
+      "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
      "dependencies": {
        "lru-cache": "^6.0.0"
      },
@@ -2185,9 +2182,9 @@
      "integrity": "sha512-wE2v81i4C4Ol09RtsWFAqg3BUitWbHSpSlIo+bNdsCJijO9sjme+zm+73ZMCa/qMC8UEERxzGbvmr1cffo2SiQ=="
    },
    "@types/node": {
-      "version": "14.14.31",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.31.tgz",
-      "integrity": "sha512-vFHy/ezP5qI0rFgJ7aQnjDXwAMrG0KqqIH7tQG5PPv3BWBayOPIQNBjVc/P6hhdZfMx51REc6tfDNXHUio893g=="
+      "version": "14.14.35",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.35.tgz",
+      "integrity": "sha512-Lt+wj8NVPx0zUmUwumiVXapmaLUcAk3yPuHCFVXras9k5VT9TdhJqKqGVUQCD60OTMCl0qxJ57OiTL0Mic3Iag=="
    },
    "abbrev": {
      "version": "1.1.1",
@@ -2747,9 +2744,9 @@
      }
    },
    "glob-parent": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz",
-      "integrity": "sha512-FnI+VGOpnlGHWZxthPGR+QhR78fuiK0sNLkHQv+bL9fQi57lNNdquIbna/WrfROrolq8GK5Ek6BiMwqL/voRYQ==",
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "requires": {
        "is-glob": "^4.0.1"
@@ -2934,9 +2931,9 @@
      "dev": true
    },
    "is-path-inside": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.2.tgz",
-      "integrity": "sha512-/2UGPSgmtqwo1ktx8NDHjuPwZWmHhO+gj0f93EkhLB5RgW9RZevWYYlIkS6zePc6U2WpOdQYIwHe9YC4DWEBVg==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz",
+      "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==",
      "dev": true
    },
    "is-typedarray": {
@@ -3524,9 +3521,9 @@
      }
    },
    "sequelize": {
-      "version": "6.5.0",
-      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.5.0.tgz",
-      "integrity": "sha512-owBt8fnzVy8E1OvyCyfCdVk7OOLyPVrBCMEf+CvRReC5oCyo+UqeXCtwaex9L6LM9ifZ1i3TG3sFeM5MgLK0CQ==",
+      "version": "6.6.2",
+      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.6.2.tgz",
+      "integrity": "sha512-H/zrzmTK+tis9PJaSigkuXI57nKBvNCtPQol0yxCvau1iWLzSOuq8t3tMOVeQ+Ep8QH2HoD9/+FCCIAqzUr/BQ==",
      "requires": {
        "debug": "^4.1.1",
        "dottie": "^2.0.0",
@@ -3557,9 +3554,9 @@
          "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
        },
        "semver": {
-          "version": "7.3.4",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz",
-          "integrity": "sha512-tCfb2WLjqFAtXn4KEdxIhalnRtoKFN7nAwj0B3ZXCbQloV2tq5eDbcTmT68JJD3nRJq24/XgxtQKFIpQdtvmVw==",
+          "version": "7.3.5",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz",
+          "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==",
          "requires": {
            "lru-cache": "^6.0.0"
          }
@@ -0,0 +1,37 @@
+const { accounts, tokens } = require('../database/models');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+//admin/banuser
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		banned: true
+	}, {
+		where: {
+			username: {
+				[Op.eq]: req.body.username
+			},
+			admin: {
+				[Op.not]: true
+			},
+			mod: {
+				[Op.not]: true
+			}
+		}
+	});
+
+	if (!updated[0]) {
+		return res.status(500).send('Failed to set banned status');
+	}
+
+	//forcibly logout
+	tokens.destroy({
+		where: {
+			username: req.body.username
+		}
+	});
+
+	res.status(200).end();
+};
+
+module.exports = route;
@@ -20,16 +20,18 @@ module.exports = async () => {
 	//check for an existing admin account
 	const adminRecord = await accounts.findOne({
 		where: {
-			privilege: 'administrator'
+			admin: true
 		}
 	});

 	if (adminRecord == null) {
 		await accounts.create({
-			privilege: 'administrator',
 			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}`,
 			username: `${process.env.ADMIN_DEFAULT_USERNAME}`,
-			hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11))
+			hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11)),
+			type: 'normal',
+			admin: true,
+			mod: true
 		});

 		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
@@ -0,0 +1,25 @@
+const { accounts } = require('../database/models');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+//admin/admin
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		admin: true,
+		mod: true
+	}, {
+		where: {
+			username: {
+				[Op.eq]: req.body.username
+			}
+		}
+	});
+
+	if (!updated[0]) {
+		return res.status(500).send('Failed to set admin status');
+	}
+
+	res.status(200).end();
+};
+
+module.exports = route;
@@ -0,0 +1,24 @@
+const { accounts } = require('../database/models');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+//admin/mod
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		mod: true
+	}, {
+		where: {
+			username: {
+				[Op.eq]: req.body.username
+			}
+		}
+	});
+
+	if (!updated[0]) {
+		return res.status(500).send('Failed to set mod status');
+	}
+
+	res.status(200).end();
+};
+
+module.exports = route;
@@ -1,3 +1,61 @@
-module.exports = {
-	defaultAccount: require('./default-account')
-};
+const express = require('express');
+const router = express.Router();
+
+const { accounts } = require('../database/models');
+
+//middleware
+const tokenAuth = require('../utilities/token-auth');
+
+router.use(tokenAuth);
+
+//handle ban stuff
+router.use(async (req, res, next) => {
+	const record = await accounts.findOne({
+		where: {
+			username: req.user.username
+		}
+	});
+
+	if (!record) {
+		return res.status(500).send('Account not found in banning middleware');
+	}
+
+	if (record.banned) {
+		return res.status(403).send('This account has been banned');
+	}
+
+	next();
+});
+
+//handle mod stuff
+router.use((req, res, next) => {
+	//check the user's mod status
+	if (!req.user.mod) {
+		return res.status(401).send('Mods only');
+	}
+
+	next();
+});
+
+//routes
+router.post('/banuser', require('./ban-user'));
+
+//handle admin stuff
+router.use((req, res, next) => {
+	//check the user's admin status
+	if (!req.user.admin) {
+		return res.status(401).send('Admin only');
+	}
+
+	next();
+});
+
+require('./default-account')(); //generate the default accouunt
+
+//basic route management
+router.post('/admin', require('./grant-admin'));
+router.delete('/admin', require('./remove-admin'));
+router.post('/mod', require('./grant-mod'));
+router.delete('/mod', require('./remove-mod'));
+
+module.exports = router;
@@ -0,0 +1,24 @@
+const { accounts } = require('../database/models');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+//admin/admin
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		admin: false
+	}, {
+		where: {
+			username: {
+				[Op.eq]: req.body.username
+			}
+		}
+	});
+
+	if (!updated[0]) {
+		return res.status(500).send('Failed to set admin status');
+	}
+
+	res.status(200).end();
+};
+
+module.exports = route;
@@ -0,0 +1,25 @@
+const { accounts } = require('../database/models');
+const Sequelize = require('sequelize');
+const Op = Sequelize.Op;
+
+//admin/admin
+const route = async (req, res) => {
+	const updated = await accounts.update({
+		admin: false,
+		mod: false
+	}, {
+		where: {
+			username: {
+				[Op.eq]: req.body.username
+			}
+		}
+	});
+
+	if (!updated[0]) {
+		return res.status(500).send('Failed to set mod status');
+	}
+
+	res.status(200).end();
+};
+
+module.exports = route;
@@ -9,12 +9,12 @@ const route = async (req, res) => {
 	});

 	if (!account) {
-		res.status(401).send('Unknown account');
+		return res.status(401).send('Unknown account');
 	}

 	//respond with the private-facing data
-	res.status(200).json({
-		contact: await account.contact
+	return res.status(200).json({
+		contact: account.contact
 	});
 };

@@ -1,8 +1,10 @@
 const express = require('express');
 const router = express.Router();

+const { accounts } = require('../database/models');
+
 //middleware
-const authToken = require('../utilities/token-auth');
+const tokenAuth = require('../utilities/token-auth');

 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -13,12 +15,30 @@ router.post('/login', require('./login'));
 router.post('/token', require('./token'));

 //middleware
-router.use(authToken);
+router.use(tokenAuth);
+
+router.use(async (req, res, next) => {
+	const record = await accounts.findOne({
+		where: {
+			username: req.user.username
+		}
+	});
+
+	if (!record) {
+		return res.status(500).send('Account not found in banning middleware');
+	}
+
+	if (record.banned) {
+		return res.status(403).send('This account has been banned');
+	}
+
+	next();
+});

 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
-router.get('/account', require('./account'));
-router.patch('/update', require('./update'));
-router.delete('/deletion', require('./deletion'));
+router.get('/account', require('./account-query'));
+router.patch('/account', require('./account-update'));
+router.delete('/account', require('./account-delete'));

 module.exports = router;
@@ -42,8 +42,13 @@ const route = async (req, res) => {
 		}
 	});

+	//reject on banned
+	if (account.banned) {
+		return res.status(403).send('this account has been banned');
+	}
+
 	//generate the JWT
-	const tokens = generate(account.id, account.username, account.privilege);
+	const tokens = generate(account.id, account.username, account.type, account.admin, account.mod);

 	//finally
 	res.status(200).json(tokens);
@@ -10,12 +10,6 @@ module.exports = sequelize.define('accounts', {
 		unique: true
 	},

-	privilege: {
-		type: Sequelize.ENUM,
-		values: ['administrator', 'moderator', 'alpha', 'beta', 'gamma', 'normal'],
-		defaultValue: 'normal'
-	},
-
 	email: {
 		type: 'varchar(320)',
 		unique: true
@@ -28,6 +22,30 @@ module.exports = sequelize.define('accounts', {

 	hash: 'varchar(100)', //for passwords

+	type: {
+		type: Sequelize.ENUM,
+		values: ['normal', 'alpha', 'beta', 'gamma'],
+		defaultValue: 'normal'
+	},
+
+	admin: {
+		type: Sequelize.BOOLEAN,
+		allowNull: false,
+		defaultValue: false
+	},
+
+	mod: {
+		type: Sequelize.BOOLEAN,
+		allowNull: false,
+		defaultValue: false
+	},
+
+	banned: {
+		type: Sequelize.BOOLEAN,
+		allowNull: false,
+		defaultValue: false
+	},
+
 	contact: {
 		type: Sequelize.BOOLEAN,
 		allowNull: false,
@@ -3,4 +3,5 @@ const sequelize = require('..');

 module.exports = sequelize.define('tokens', {
 	token: 'varchar(320)',
+	username: 'varchar(320)'
 });
@@ -15,8 +15,8 @@ app.use(cors());
 //database connection
 const database = require('./database');

-const admin = require('./admin');
-admin.defaultAccount();
+//access the admin
+app.use('/admin', require('./admin'));

 //access the auth
 app.use('/auth', require('./auth'));
@@ -6,16 +6,16 @@ module.exports = (req, res, next) => {
 	const token = authHeader?.split (' ')[1]; //'Bearer token'

 	if (!token) {
-		return res.status(401).end();
+		return res.status(401).send('No token found');
 	}

-	jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
+	return jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
 		if (err) {
-			return res.status(403).end();
+			return res.status(403).send(err);
 		}

 		req.user = user;

-		next();
+		return next();
 	});
 };
@@ -2,17 +2,19 @@ const jwt = require('jsonwebtoken');
 const { tokens } = require('../database/models');

 //generates a JWT token based on the given arguments
-module.exports = (id, username, privilege) => {
+module.exports = (id, username, type, admin, mod) => {
 	const content = {
 		id,
 		username,
-		privilege
+		type,
+		admin,
+		mod,
 	};

 	const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m' });
 	const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d' });

-	tokens.create({ token: refreshToken });
+	tokens.create({ token: refreshToken, username: username });

 	return { accessToken, refreshToken };
 };
@@ -24,7 +24,7 @@ module.exports = (token, callback) => {
 			return callback(403);
 		}

-		const result = generate(user.id, user.username, user.privilege);
+		const result = generate(user.id, user.username, user.type, user.admin, user.mod);

 		destroy(token);
Author	SHA1	Message	Date
Kayne Ruse	547d5dba1c	Implemented permabans	2021-03-28 08:32:28 +11:00
Kayne Ruse	e597974581	Updated admin and mod flag system	2021-03-24 08:22:47 +11:00
Kayne Ruse	f60833ec17	Updated libraries	2021-03-24 01:52:17 +11:00
Kayne Ruse	9ffa45f09d	Each microservice has received a tweak to .envdev, read more This should make it easier to set time zones and enable database logging. Related to krgamestudios/MERN-template#16	2021-03-22 16:43:39 +11:00
Kayne Ruse	b2bf1aaf92	Altered API, read more I moved /auth/account/privilege to /admin/privilege I also fixed PATCH and DELETE on /account	2021-03-14 04:35:03 +11:00
Kayne Ruse	61ddd5b38f	Added privilege modification to the API	2021-03-12 15:04:01 +11:00
Kayne Ruse	cbd3ed9d3e	Found a mistyped header	2021-03-11 00:41:24 +11:00