fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ban checks more strict and different perms for board staff and global bans

Browse Source
merge-requests/208/head
fatchan 5 years ago
parent 22e4033b82
commit 3e4ff79a8a
2 changed files with 17 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      controllers/forms.js
  2. 13
      helpers/checks/bancheck.js

18
controllers/forms.js
Unescape View File

@ -330,7 +330,7 @@ router.post('/board/:board/post', Boards.exists, banCheck, postFiles, paramConve
});
//board settings
router.post('/board/:board/settings', csrf, Boards.exists, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
router.post('/board/:board/settings', csrf, Boards.exists, banCheck, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
const errors = [];
@ -361,11 +361,11 @@ router.post('/board/:board/settings', csrf, Boards.exists, isLoggedIn, checkPerm
if (typeof req.body.captcha_mode === 'number' && (req.body.captcha_mode < 0 || req.body.captcha_mode > 2)) {
errors.push('Invalid captcha mode.');
}
if (typeof req.body.captcha_trigger === 'number' && (req.body.captcha_trigger < 0 || req.body.captcha_trigger > 10000)) {
errors.push('Invalid captcha trigger threshold.');
if (typeof req.body.tph_trigger === 'number' && (req.body.tph_trigger < 0 || req.body.tph_trigger > 10000)) {
errors.push('Invalid tph trigger threshold.');
}
if (typeof req.body.captcha_trigger_mode === 'number' && (req.body.captcha_trigger_mode < 0 || req.body.captcha_trigger_mode > 2)) {
errors.push('Invalid captcha trigger mode.')
if (typeof req.body.tph_trigger_action === 'number' && (req.body.tph_trigger_action < 0 || req.body.tph_trigger_action > 3)) {
errors.push('Invalid tph trigger action.')
}
if (typeof req.body.filter_mode === 'number' && (req.body.filter_mode < 0 || req.body.filter_mode > 2)) {
errors.push('Invalid filter mode.');
@ -391,7 +391,7 @@ router.post('/board/:board/settings', csrf, Boards.exists, isLoggedIn, checkPerm
});
//upload banners
router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, banCheck, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
if (req.files && req.files.file) {
if (Array.isArray(req.files.file)) {
@ -430,7 +430,7 @@ router.post('/board/:board/addbanners', bannerFiles, csrf, Boards.exists, isLogg
});
//delete banners
router.post('/board/:board/deletebanners', csrf, Boards.exists, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
router.post('/board/:board/deletebanners', csrf, Boards.exists, banCheck, isLoggedIn, checkPermsMiddleware(2), paramConverter, async (req, res, next) => {
const errors = [];
@ -467,7 +467,7 @@ router.post('/board/:board/deletebanners', csrf, Boards.exists, isLoggedIn, chec
//actions for a specific board
router.post('/board/:board/actions', Boards.exists, banCheck, paramConverter, verifyCaptcha, boardActionController); //Captcha on regular actions
router.post('/board/:board/modactions', csrf, Boards.exists, isLoggedIn, checkPermsMiddleware(3), paramConverter, boardActionController); //CSRF for mod actions
router.post('/board/:board/modactions', csrf, Boards.exists, banCheck, isLoggedIn, checkPermsMiddleware(3), paramConverter, boardActionController); //CSRF for mod actions
async function boardActionController(req, res, next) {
const errors = [];
@ -596,7 +596,7 @@ async function globalActionController(req, res, next) {
}
//unban
router.post('/board/:board/unban', csrf, Boards.exists, isLoggedIn, checkPermsMiddleware(3), paramConverter, async (req, res, next) => {
router.post('/board/:board/unban', csrf, Boards.exists, banCheck, isLoggedIn, checkPermsMiddleware(3), paramConverter, async (req, res, next) => {
//keep this for later in case i add other options to unbans
const errors = [];

13
helpers/checks/bancheck.js
Unescape View File

@ -6,13 +6,16 @@ const Bans = require(__dirname+'/../../db/bans.js')
module.exports = async (req, res, next) => {
const permLevel = hasPerms(req, res);
if (permLevel >= 4) {
if (permLevel > 1) {//global staff or admin bypass
const bans = await Bans.find(res.locals.ip, res.locals.board ? res.locals.board._id : null);
if (bans && bans.length > 0) {
//TODO: show posts banned for, expiry, etc
return res.status(403).render('ban', {
bans: bans
});
const globalBans = bans.filter(ban => { return board === null });
if (globalBans.length > 0 || (permLevel >= 4 && globalBans.length !== bans.length)) {
//board staff bypass bans on their own board, but not global bans
return res.status(403).render('ban', {
bans: bans
});
}
}
}
next();

Write Preview
Loading…
Cancel
Save