diff --git a/controllers/forms/deleteaccount.js b/controllers/forms/deleteaccount.js index 7562ff5e..c8b97d54 100644 --- a/controllers/forms/deleteaccount.js +++ b/controllers/forms/deleteaccount.js @@ -12,19 +12,17 @@ module.exports = { controller: async (req, res, next) => { - if (!req.body.confirm) { - return dynamicResponse(req, res, 400, 'message', { - 'title': 'Bad request', - 'error': 'Missing confirmation', - 'redirect': '/account.html', - }); - } - const { modBoards, ownedBoards } = res.locals.user; - if (ownedBoards.length > 0 || modBoards.length > 0) { + + const errors = await checkSchema([ + { result: existsBody(req.body.confirm), expected: true, error: 'Missing confirmation' }, + { result: (numberBody(ownedBoards.length, 0, 0) && numberBody(modBoards.length, 0, 0)), expected: true, error: 'You cannot delete your account while you hold staff position on any board' }, + ]); + + if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { 'title': 'Bad request', - 'message': 'You cannot delete your account while you hold staff position on any board', + 'errors': errors, 'redirect': '/account.html', }); } diff --git a/controllers/forms/editaccounts.js b/controllers/forms/editaccounts.js index 4fac7969..27aec7af 100644 --- a/controllers/forms/editaccounts.js +++ b/controllers/forms/editaccounts.js @@ -15,17 +15,11 @@ module.exports = { controller: async (req, res, next) => { - const errors = []; - - if (!req.body.checkedaccounts || req.body.checkedaccounts.length === 0) { - errors.push('Must select at least one account'); - } - if (typeof req.body.auth_level !== 'number' && !req.body.delete_account) { - errors.push('Missing auth level or delete action'); - } - if (typeof req.body.auth_level === 'number' && req.body.auth_level < 0 || req.body.auth_level > 4) { - errors.push('Auth level must be 0-4'); - } + const errors = await checkSchema([ + { result: lengthBody(req.body.checkedaccounts, 1), expected: false, error: 'Must select at least one account' }, + { result: numberBody(req.body.auth_level, 0, 4), expected: true, error: 'Auth level must be a number 0-4' }, + { result: (typeof req.body.auth_level === 'number' || req.body.delete_account), expected: true, error: 'Missing auth level or delete action' } + ]); if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { diff --git a/controllers/forms/editbans.js b/controllers/forms/editbans.js index d419ed30..0323b53d 100644 --- a/controllers/forms/editbans.js +++ b/controllers/forms/editbans.js @@ -17,14 +17,10 @@ module.exports = { controller: async (req, res, next) => { - const errors = []; - - if (!req.body.checkedbans || req.body.checkedbans.length === 0) { - errors.push('Must select at least one ban'); - } - if (!req.body.option || (req.body.option !== 'unban' && req.body.option !== 'deny_appeal')) { - errors.push('Invalid ban action') - } + const errors = await checkSchema([ + { result: lengthBody(req.body.checkedbans, 1), expected: false, error: 'Must select at least one ban' }, + { result: inArrayBody(req.body.option, ['unban', 'deny_appeal']), expected: true, error: 'Invalid ban action' }, + ]); const redirect = req.params.board ? `/${req.params.board}/manage/bans.html` : '/globalmanage/bans.html'; diff --git a/controllers/forms/editnews.js b/controllers/forms/editnews.js index 5b17282d..bf566710 100644 --- a/controllers/forms/editnews.js +++ b/controllers/forms/editnews.js @@ -16,23 +16,13 @@ module.exports = { controller: async (req, res, next) => { - const errors = []; - - if (!req.body.news_id) { - errors.push('Missing news id'); - } - if (!req.body.message || res.locals.messageLength === 0) { - errors.push('Missing message'); - } - if (res.locals.messageLength > 10000) { - errors.push('Message must be 10000 characters or less'); - } - if (!req.body.title || req.body.title.length === 0) { - errors.push('Missing title'); - } - if (req.body.title.length > 50) { - errors.push('Title must be 50 characters or less'); - } + const errors = await checkSchema([ + { result: existsBody(req.body.news_id), expected: true, error: 'Missing news id' }, + { result: existsBody(req.body.message), expected: true, error: 'Missing message' }, + { result: numberBody(res.locals.messageLength, 1, 10000), expected: true, error: 'Message must be 10000 characters or less' }, + { result: existsBody(req.body.title), expected: true, error: 'Missing title' }, + { result: lengthBody(req.body.title, 1, 50), expected: false, error: 'Title must be 50 characters or less' }, + ]); if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { diff --git a/controllers/forms/editpost.js b/controllers/forms/editpost.js index eb865af7..b57ccb9a 100644 --- a/controllers/forms/editpost.js +++ b/controllers/forms/editpost.js @@ -19,38 +19,21 @@ module.exports = { controller: async (req, res, next) => { const { rateLimitCost, globalLimits } = config.get; - const errors = []; - if ((!req.body.board || req.body.board.length === 0) - || (!req.body.postId || typeof req.body.postId !== 'number')) { - errors.push('Missing board and postId form data'); - } - // message, subject, email, name, limited length - if (req.body.message && res.locals.messageLength > globalLimits.fieldLength.message) { - errors.push(`Message must be ${globalLimits.fieldLength.message} characters or less`); - } - if (req.body.name && req.body.name.length > globalLimits.fieldLength.name) { - errors.push(`Name must be ${globalLimits.fieldLength.name} characters or less`); - } - if (req.body.subject && req.body.subject.length > globalLimits.fieldLength.subject) { - errors.push(`Subject must be ${globalLimits.fieldLength.subject} characters or less`); - } - if (req.body.email && req.body.email.length > globalLimits.fieldLength.email) { - errors.push(`Email must be ${globalLimits.fieldLength.email} characters or less`); - } - if (req.body.log_message && req.body.log_message.length > globalLimits.fieldLength.log_message) { - errors.push(`Modlog message must be ${globalLimits.fieldLength.log_message} characters or less`); - } - - try { - res.locals.post = await Posts.getPost(req.body.board, req.body.postId); - } catch (err) { - return next(err); - } - - if (!res.locals.board || !res.locals.post) { - errors.push(`Post doesn't exist`); - } + const errors = await checkSchema([ + { result: existsBody(res.locals.board, 1), expected: false, error: 'Missing board' }, + { result: lengthBody(req.body.board, 1), expected: false, error: 'Missing board' }, + { result: numberBody(req.body.postId), expected: false, error: 'Missing postId' }, + { result: lengthBody(req.body.message, 1, globalLimits.fieldLength.message), expected: false, error: `Message must be ${globalLimits.fieldLength.message} characters or less` }, + { result: lengthBody(req.body.name, 1, globalLimits.fieldLength.name), expected: false, error: `Name must be ${globalLimits.fieldLength.name} characters or less` }, + { result: lengthBody(req.body.subject, 1, globalLimits.fieldLength.subject), expected: false, error: `Subject must be ${globalLimits.fieldLength.subject} characters or less` }, + { result: lengthBody(req.body.email, 1, globalLimits.fieldLength.email), expected: false, error: `Email must be ${globalLimits.fieldLength.email} characters or less` }, + { result: lengthBody(req.body.log_message, 1, globalLimits.fieldLength.log_message), expected: false, error: `Modlog message must be ${globalLimits.fieldLength.log_message} characters or less` }, + { result: async () => { + res.locals.post = await Posts.getPost(req.body.board, req.body.postId); + return res.locals.post != null; + }, expected: true, error: `Post doesn't exist` } + ]); if (errors.length > 0) { return dynamicResponse(req, res, 400, 'message', { @@ -61,8 +44,8 @@ module.exports = { if (res.locals.permLevel > 1) { //if not global staff or above const ratelimitUser = await Ratelimits.incrmentQuota(req.session.user, 'edit', rateLimitCost.editPost); - // const ratelimitIp = await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost); - if (ratelimitUser > 100 /* || ratelimitIp > 100 */) { + const ratelimitIp = res.locals.anonymizer ? 0 : (await Ratelimits.incrmentQuota(res.locals.ip.single, 'edit', rateLimitCost.editPost)); + if (ratelimitUser > 100 || ratelimitIp > 100) { return dynamicResponse(req, res, 429, 'message', { 'title': 'Ratelimited', 'error': 'You are editing posts too quickly, please wait a minute and try again',