fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ref #356 deleteaccount, editaccounts, editbans, editnews, editpost

Browse Source
indiachan-spamvector
Thomas Lynch 3 years ago
parent 1f7da3f2b8
commit 28761f1934
5 changed files with 40 additions and 79 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      controllers/forms/deleteaccount.js
  2. 16
      controllers/forms/editaccounts.js
  3. 12
      controllers/forms/editbans.js
  4. 24
      controllers/forms/editnews.js
  5. 49
      controllers/forms/editpost.js

18
controllers/forms/deleteaccount.js
Unescape View File

@ -12,19 +12,17 @@ module.exports = {
controller: async (req, res, next) => {
if (!req.body.confirm) {
return dynamicResponse(req, res, 400, 'message', {
'title': 'Bad request',
'error': 'Missing confirmation',
'redirect': '/account.html',
});
}
const { modBoards, ownedBoards } = res.locals.user;
if (ownedBoards.length > 0 || modBoards.length > 0) {
const errors = await checkSchema([
{ result: existsBody(req.body.confirm), expected: true, error: 'Missing confirmation' },
{ result: (numberBody(ownedBoards.length, 0, 0) && numberBody(modBoards.length, 0, 0)), expected: true, error: 'You cannot delete your account while you hold staff position on any board' },
]);
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {
'title': 'Bad request',
'message': 'You cannot delete your account while you hold staff position on any board',
'errors': errors,
'redirect': '/account.html',
});
}

16
controllers/forms/editaccounts.js
Unescape View File

@ -15,17 +15,11 @@ module.exports = {
controller: async (req, res, next) => {
const errors = [];
if (!req.body.checkedaccounts || req.body.checkedaccounts.length === 0) {
errors.push('Must select at least one account');
}
if (typeof req.body.auth_level !== 'number' && !req.body.delete_account) {
errors.push('Missing auth level or delete action');
}
if (typeof req.body.auth_level === 'number' && req.body.auth_level < 0 || req.body.auth_level > 4) {
errors.push('Auth level must be 0-4');
}
const errors = await checkSchema([
{ result: lengthBody(req.body.checkedaccounts, 1), expected: false, error: 'Must select at least one account' },
{ result: numberBody(req.body.auth_level, 0, 4), expected: true, error: 'Auth level must be a number 0-4' },
{ result: (typeof req.body.auth_level === 'number' || req.body.delete_account), expected: true, error: 'Missing auth level or delete action' }
]);
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {

12
controllers/forms/editbans.js
Unescape View File

@ -17,14 +17,10 @@ module.exports = {
controller: async (req, res, next) => {
const errors = [];
if (!req.body.checkedbans || req.body.checkedbans.length === 0) {
errors.push('Must select at least one ban');
}
if (!req.body.option || (req.body.option !== 'unban' && req.body.option !== 'deny_appeal')) {
errors.push('Invalid ban action')
}
const errors = await checkSchema([
{ result: lengthBody(req.body.checkedbans, 1), expected: false, error: 'Must select at least one ban' },
{ result: inArrayBody(req.body.option, ['unban', 'deny_appeal']), expected: true, error: 'Invalid ban action' },
]);
const redirect = req.params.board ? `/${req.params.board}/manage/bans.html` : '/globalmanage/bans.html';

24
controllers/forms/editnews.js
Unescape View File

@ -16,23 +16,13 @@ module.exports = {
controller: async (req, res, next) => {
const errors = [];
if (!req.body.news_id) {
errors.push('Missing news id');
}
if (!req.body.message || res.locals.messageLength === 0) {
errors.push('Missing message');
}
if (res.locals.messageLength > 10000) {
errors.push('Message must be 10000 characters or less');
}
if (!req.body.title || req.body.title.length === 0) {
errors.push('Missing title');
}
if (req.body.title.length > 50) {
errors.push('Title must be 50 characters or less');
}
const errors = await checkSchema([
{ result: existsBody(req.body.news_id), expected: true, error: 'Missing news id' },
{ result: existsBody(req.body.message), expected: true, error: 'Missing message' },
{ result: numberBody(res.locals.messageLength, 1, 10000), expected: true, error: 'Message must be 10000 characters or less' },
{ result: existsBody(req.body.title), expected: true, error: 'Missing title' },
{ result: lengthBody(req.body.title, 1, 50), expected: false, error: 'Title must be 50 characters or less' },
]);
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {

49
controllers/forms/editpost.js
Unescape View File

@ -19,38 +19,21 @@ module.exports = {
controller: async (req, res, next) => {
const { rateLimitCost, globalLimits } = config.get;
const errors = [];
if ((!req.body.board || req.body.board.length === 0)
|| (!req.body.postId || typeof req.body.postId !== 'number')) {
errors.push('Missing board and postId form data');
}
// message, subject, email, name, limited length
if (req.body.message && res.locals.messageLength > globalLimits.fieldLength.message) {
errors.push(`Message must be ${globalLimits.fieldLength.message} characters or less`);
}
if (req.body.name && req.body.name.length > globalLimits.fieldLength.name) {
errors.push(`Name must be ${globalLimits.fieldLength.name} characters or less`);
}
if (req.body.subject && req.body.subject.length > globalLimits.fieldLength.subject) {
errors.push(`Subject must be ${globalLimits.fieldLength.subject} characters or less`);
}
if (req.body.email && req.body.email.length > globalLimits.fieldLength.email) {
errors.push(`Email must be ${globalLimits.fieldLength.email} characters or less`);
}
if (req.body.log_message && req.body.log_message.length > globalLimits.fieldLength.log_message) {
errors.push(`Modlog message must be ${globalLimits.fieldLength.log_message} characters or less`);
}
try {
res.locals.post = await Posts.getPost(req.body.board, req.body.postId);
} catch (err) {
return next(err);
}
if (!res.locals.board || !res.locals.post) {
errors.push(`Post doesn't exist`);
}
const errors = await checkSchema([
{ result: existsBody(res.locals.board, 1), expected: false, error: 'Missing board' },
{ result: lengthBody(req.body.board, 1), expected: false, error: 'Missing board' },
{ result: numberBody(req.body.postId), expected: false, error: 'Missing postId' },
{ result: lengthBody(req.body.message, 1, globalLimits.fieldLength.message), expected: false, error: `Message must be ${globalLimits.fieldLength.message} characters or less` },
{ result: lengthBody(req.body.name, 1, globalLimits.fieldLength.name), expected: false, error: `Name must be ${globalLimits.fieldLength.name} characters or less` },
{ result: lengthBody(req.body.subject, 1, globalLimits.fieldLength.subject), expected: false, error: `Subject must be ${globalLimits.fieldLength.subject} characters or less` },
{ result: lengthBody(req.body.email, 1, globalLimits.fieldLength.email), expected: false, error: `Email must be ${globalLimits.fieldLength.email} characters or less` },
{ result: lengthBody(req.body.log_message, 1, globalLimits.fieldLength.log_message), expected: false, error: `Modlog message must be ${globalLimits.fieldLength.log_message} characters or less` },
{ result: async () => {
res.locals.post = await Posts.getPost(req.body.board, req.body.postId);
return res.locals.post != null;
}, expected: true, error: `Post doesn't exist` }
]);
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {
@ -61,8 +44,8 @@ module.exports = {
if (res.locals.permLevel > 1) { //if not global staff or above
const ratelimitUser = await Ratelimits.incrmentQuota(req.session.user, 'edit', rateLimitCost.editPost);
// const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost);
if (ratelimitUser > 100 /* || ratelimitIp > 100 */) {
const ratelimitIp = res.locals.anonymizer ? 0 : (await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost));
if (ratelimitUser > 100 || ratelimitIp > 100) {
return dynamicResponse(req, res, 429, 'message', {
'title': 'Ratelimited',
'error': 'You are editing posts too quickly, please wait a minute and try again',

Write Preview
Loading…
Cancel
Save