mirror of https://gitgud.io/fatchan/jschan.git
parent
53144641c4
commit
84971cd274
15 changed files with 197 additions and 27 deletions
@ -0,0 +1,35 @@ |
||||
'use strict'; |
||||
|
||||
const Mongo = require(__dirname+'/db.js') |
||||
, { blockBypass } = require(__dirname+'/../configs/main.js') |
||||
, db = Mongo.client.db('jschan').collection('bypass'); |
||||
|
||||
module.exports = { |
||||
|
||||
db, |
||||
|
||||
checkBypass: (id) => { |
||||
return db.findOneAndUpdate({ |
||||
'_id': id, |
||||
'uses': { |
||||
'$lte': blockBypass.expireAfterUses |
||||
} |
||||
}, { |
||||
'$inc': { |
||||
'uses': 1, |
||||
} |
||||
}).then(r => r.value); |
||||
}, |
||||
|
||||
getBypass: () => { |
||||
return db.insertOne({ |
||||
'uses': 0, |
||||
'expireAt': new Date(Date.now() + blockBypass.expireAfterTime) |
||||
}).then(r => { return r.insertedId }); |
||||
}, |
||||
|
||||
deleteAll: () => { |
||||
return db.deleteMany({}); |
||||
}, |
||||
|
||||
} |
@ -0,0 +1,52 @@ |
||||
'use strict'; |
||||
|
||||
const { Bypass } = require(__dirname+'/../../db/') |
||||
, { ObjectId } = require(__dirname+'/../../db/db.js') |
||||
, { blockBypass } = require(__dirname+'/../../configs/main.js') |
||||
, dynamicResponse = require(__dirname+'/../dynamic.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
if (!blockBypass.enabled) { |
||||
return next(); |
||||
} |
||||
|
||||
//check if blockbypass exists and right length
|
||||
const bypassId = req.cookies.bypassid; |
||||
if (!bypassId || bypassId.length !== 24) { |
||||
return dynamicResponse(req, res, 403, 'message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Missing or invalid block bypass', |
||||
'redirect': '/bypass.html', |
||||
'link': '/bypass.html', |
||||
}); |
||||
} |
||||
|
||||
//try to get bypass from db and make sure uses < maxUses
|
||||
let bypass; |
||||
try { |
||||
const bypassMongoId = ObjectId(bypassId); |
||||
bypass = await Bypass.checkBypass(bypassMongoId); |
||||
} catch (err) { |
||||
return next(err); |
||||
} |
||||
|
||||
if (!bypass) { |
||||
return dynamicResponse(req, res, 403, 'message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Invalid or expired block bypass', |
||||
'redirect': '/bypass.html', |
||||
'link': '/bypass.html', |
||||
}); |
||||
} else if (bypass.uses >= blockBypass.expireAfterUses) { |
||||
return dynamicResponse(req, res, 403, 'message', { |
||||
'title': 'Forbidden', |
||||
'message': 'Block bypass exceeded max uses', |
||||
'redirect': '/bypass.html', |
||||
'link': '/bypass.html', |
||||
}); |
||||
} |
||||
|
||||
return next(); |
||||
|
||||
} |
@ -0,0 +1,22 @@ |
||||
'use strict'; |
||||
|
||||
const { Bypass } = require(__dirname+'/../../db/') |
||||
, { secureCookies, blockBypass } = require(__dirname+'/../../configs/main.js') |
||||
, production = process.env.NODE_ENV === 'production'; |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
const bypassId = await Bypass.getBypass(); |
||||
|
||||
return res |
||||
.cookie('bypassid', bypassId.toString(), { |
||||
'maxAge': blockBypass.expireAfterTime, |
||||
'secure': production && secureCookies, |
||||
'sameSite': 'strict' |
||||
}) |
||||
.render('message', { |
||||
'title': 'Success', |
||||
'message': 'Completed block bypass, you may go back and make your post.', |
||||
}); |
||||
|
||||
} |
@ -0,0 +1,16 @@ |
||||
'use strict'; |
||||
|
||||
const { buildBypass } = require(__dirname+'/../../helpers/tasks.js'); |
||||
|
||||
module.exports = async (req, res, next) => { |
||||
|
||||
let html; |
||||
try { |
||||
html = await buildBypass(); |
||||
} catch (err) { |
||||
return next(err); |
||||
} |
||||
|
||||
return res.send(html); |
||||
|
||||
} |
@ -0,0 +1,15 @@ |
||||
extends ../layout.pug |
||||
|
||||
block head |
||||
script(src='/js/all.js') |
||||
title Block Bypass |
||||
|
||||
block content |
||||
h1.board-title Block Bypass |
||||
.form-wrapper.flex-center.mv-10 |
||||
form.form-post(action='/forms/blockbypass' method='POST') |
||||
.row |
||||
.label Captcha |
||||
span.col |
||||
include ../includes/captcha.pug |
||||
input(type='submit', value='Submit') |
Loading…
Reference in new issue