Add account permission to bypass captcha ref #435 still TODO fixing it for anonymizers

2 years ago · 3a4737ad8e
parent 962481845d
commit 3a4737ad8e
6 changed files with 15 additions and 4 deletions
--- a/controllers/forms.js
+++ b/controllers/forms.js
@ -108,12 +108,12 @@ router.post('/global/settings', useSession, sessionRefresh, csrf, calcPerms, isL
 	hasPerms.one(Permissions.MANAGE_GLOBAL_SETTINGS), globalSettingsController.paramConverter, globalSettingsController.controller); //global settings

 //create board
-router.post('/create', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, isLoggedIn, verifyCaptcha, calcPerms, createBoardController.paramConverter, createBoardController.controller);
+router.post('/create', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, isLoggedIn, calcPerms, verifyCaptcha, createBoardController.paramConverter, createBoardController.controller);

 //accounts
 router.post('/login', useSession, loginController.paramConverter, loginController.controller);
 router.post('/logout', useSession, logoutForm);
-router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, calcPerms, registerController.paramConverter, registerController.controller);
+router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, calcPerms, verifyCaptcha, registerController.paramConverter, registerController.controller);
 router.post('/changepassword', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, changePasswordController.paramConverter, changePasswordController.controller);
 router.post('/resign', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, resignController.paramConverter, resignController.controller);
 router.post('/deleteaccount', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, deleteAccountController.controller);
--- a/lib/captcha/captcha.js
+++ b/lib/captcha/captcha.js
@ -2,7 +2,7 @@

 const { Captchas } = require(__dirname+'/../../db/')
 	, { ObjectId } = require(__dirname+'/../../db/db.js')
-	, config = require(__dirname+'/..//misc/config.js')
+	, config = require(__dirname+'/../misc/config.js')
 	, { hcaptcha, google } = require(__dirname+'/../../configs/secrets.js')
 	, FormData = require('form-data')
 	, fetch = require('node-fetch')
--- a/lib/middleware/captcha/verify.js
+++ b/lib/middleware/captcha/verify.js
@ -6,7 +6,8 @@ const { Ratelimits } = require(__dirname+'/../../../db/')
 	, remove = require('fs-extra').remove
 	, dynamicResponse = require(__dirname+'/../../misc/dynamic.js')
 	, deleteTempFiles = require(__dirname+'/../../file/deletetempfiles.js')
-	, uploadDirectory = require(__dirname+'/../../file/uploaddirectory.js');
+	, uploadDirectory = require(__dirname+'/../../file/uploaddirectory.js')
+	, Permissions = require(__dirname+'/../../permission/permissions.js');

 module.exports = async (req, res, next) => {

@ -15,6 +16,13 @@ module.exports = async (req, res, next) => {
 		return next();
 	}

+	//bypass captcha permission
+	//console.log(res.locals.permissions.toJSON());
+	if (res.locals.permissions.get(Permissions.BYPASS_CAPTCHA)) {
+		res.locals.solvedCaptcha = true;
+		return next();
+	}
+
 	//skip captcha if disabled on board for posts only
 	if (res.locals.board
 		&& req.path === `/board/${res.locals.board._id}/post`) {
--- a/lib/permission/permissions.js
+++ b/lib/permission/permissions.js
@ -9,6 +9,7 @@ const Permissions = {
 	BYPASS_SPAMCHECK: 5,
 	BYPASS_RATELIMITS: 6,
 	BYPASS_FILTERS: 7,
+	BYPASS_CAPTCHA: 8,
 	MANAGE_GLOBAL_GENERAL: 10,
 	MANAGE_GLOBAL_BANS: 11,
 	MANAGE_GLOBAL_LOGS: 12,
--- a/lib/permission/permissiontext.js
+++ b/lib/permission/permissiontext.js
@ -10,6 +10,7 @@ module.exports = {
 	BYPASS_SPAMCHECK: { label: 'Bypass Spamcheck', desc: 'Bypass the basic anti-flood spamcheck for too frequent similar posting.' },
 	BYPASS_RATELIMITS: { label: 'Bypass Ratelimits', desc: 'Bypass ratelimits for getting new captchas, editing posts, editing board settings, etc.' },
 	BYPASS_FILTERS: { label: 'Bypass Filters', desc: 'Bypass all post filters.' },
+	BYPASS_CAPTCHA: { label: 'Bypass Captcha', desc: 'Bypass captcha.' },
 	MANAGE_GLOBAL_GENERAL: { title: 'Global Management',label: 'Global Staff', desc: 'General global staff permission. Access to recent posts and reports. Ability to submit global actions.' },
 	MANAGE_GLOBAL_BANS: { label: 'Global Bans', desc: 'Access global bans. Ability to unban, edit, or deny appeals.' },
 	MANAGE_GLOBAL_LOGS: { label: 'Global Logs', desc: 'Access global logs. Ability to search/filter' },
--- a/models/forms/editaccount.js
+++ b/models/forms/editaccount.js
@ -20,6 +20,7 @@ module.exports = async (req, res) => {
 		updatingPermissions.set(Permissions.BYPASS_SPAMCHECK, (req.body.BYPASS_SPAMCHECK != null));
 		updatingPermissions.set(Permissions.BYPASS_RATELIMITS, (req.body.BYPASS_RATELIMITS != null));
 		updatingPermissions.set(Permissions.BYPASS_FILTERS, (req.body.BYPASS_FILTERS != null));
+		updatingPermissions.set(Permissions.BYPASS_CAPTCHA, (req.body.BYPASS_CAPTCHA != null));
 		updatingPermissions.set(Permissions.MANAGE_GLOBAL_GENERAL, (req.body.MANAGE_GLOBAL_GENERAL != null));
 		updatingPermissions.set(Permissions.MANAGE_GLOBAL_BANS, (req.body.MANAGE_GLOBAL_BANS != null));
 		updatingPermissions.set(Permissions.MANAGE_GLOBAL_LOGS, (req.body.MANAGE_GLOBAL_LOGS != null));