seemsgood, closes #194

controllers/forms.js

@@ -62,6 +62,7 @@ const express  = require('express')
 	, appealController = require(__dirname+'/forms/appeal.js')
 	, globalActionController = require(__dirname+'/forms/globalactions.js')
 	, actionController = require(__dirname+'/forms/actions.js')
+	, addBanController = require(__dirname+'/forms/addban.js')
 	, addNewsController = require(__dirname+'/forms/addnews.js')
 	, deleteNewsController = require(__dirname+'/forms/deletenews.js')
 	, uploadBannersController = require(__dirname+'/forms/uploadbanners.js')
@@ -100,11 +101,13 @@ router.post('/board/:board/transfer', processIp, sessionRefresh, csrf, Boards.ex
 router.post('/board/:board/settings', processIp, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(2), paramConverter, boardSettingsController);
 router.post('/board/:board/addbanners', processIp, sessionRefresh, bannerFiles, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(2), paramConverter, numFiles, uploadBannersController); //add banners
 router.post('/board/:board/deletebanners', processIp, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(2), paramConverter, deleteBannersController); //delete banners
+router.post('/board/:board/addban', processIp, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(3), paramConverter, addBanController); //add ban manually without post
 router.post('/board/:board/editbans', processIp, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(3), paramConverter, editBansController); //edit bans
 router.post('/board/:board/deleteboard', processIp, sessionRefresh, csrf, Boards.exists, calcPerms, banCheck, isLoggedIn, hasPerms(2), deleteBoardController); //delete board
 
 //global management forms
 router.post('/global/editbans', sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, editBansController); //remove bans
+router.post('/global/addban', processIp, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, addBanController); //add ban manually without post
 router.post('/global/deleteboard', sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(1), deleteBoardController); //delete board
 router.post('/global/addnews', sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), addNewsController); //add new newspost
 router.post('/global/deletenews', sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, deleteNewsController); //delete news

controllers/forms/actions.js

@@ -46,7 +46,7 @@ module.exports = async (req, res, next) => {
 		if (req.body.delete && !res.locals.board.settings.userPostDelete) {
 			errors.push('Post deletion is disabled on this board');
 		}
-		if ((req.body.spoiler_all || req.body.spoiler) && !res.locals.board.settings.userPostSpoiler) {
+		if (req.body.spoiler && !res.locals.board.settings.userPostSpoiler) {
 			errors.push('File spoilers are disabled on this board');
 		}
 		if (req.body.unlink_file && !res.locals.board.settings.userPostUnlink) {

controllers/forms/addban.js

@@ -0,0 +1,50 @@
+'use strict';
+
+const { globalLimits, ipHashPermLevel } = require(__dirname+'/../../configs/main.js')
+	, addBan = require(__dirname+'/../../models/forms/addban.js')
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, { isIP } = require('net');
+
+module.exports = async (req, res, next) => {
+
+	const errors = [];
+
+	if (!req.body.ip || req.body.ip.length === 0) {
+		errors.push('Missing IP/hash input');
+	} else if (req.body.ip.length > 50) {
+		errors.push('IP/hash input must be less than 50 characters');
+	} else if (res.locals.permLevel > ipHashPermLevel && (isIP(req.body.ip) || req.body.ip.length !== 10)) {
+		errors.push('Invalid hash input');
+	}
+	if (req.body.ban_reason && req.body.ban_reason.length > globalLimits.fieldLength.ban_reason) {
+		errors.push(`Ban reason must be ${globalLimits.fieldLength.ban_reason} characters or less`);
+	}
+	if (req.body.log_message && req.body.log_message.length > globalLimits.fieldLength.log_message) {
+		errors.push(`Modlog message must be ${globalLimits.fieldLength.log_message} characters or less`);
+	}
+
+    let redirect = req.headers.referer;
+    if (!redirect) {
+        if (!req.params.board) {
+            redirect = '/globalmanage/bans.html';
+        } else {
+            redirect = `/${req.params.board}/manage/bans.html`;
+        }
+    }
+
+	if (errors.length > 0) {
+		return dynamicResponse(req, res, 400, 'message', {
+			'title': 'Bad request',
+			'errors': errors,
+			redirect,
+		});
+	}
+
+	try {
+		await addBan(req, res, redirect);
+	} catch (err) {
+		return next(err);
+	}
+
+}
+

helpers/addmodlogs.js

@@ -0,0 +1,63 @@
+'use strict';
+
+    //modlog
+    if (modlogActions.length > 0) {
+        const modlog = {};
+        const logDate = new Date(); //all events current date
+        const message = req.body.log_message || null;
+        let logUser;
+        if (res.locals.permLevel < 4) { //if staff
+            logUser = req.session.user.username;
+        } else {
+            logUser = 'Unregistered User';
+        }
+        for (let i = 0; i < res.locals.posts.length; i++) {
+            const post = res.locals.posts[i];
+            if (!modlog[post.board]) {
+                //per board actions, all actions combined to one event
+                modlog[post.board] = {
+                    postIds: [],
+                    actions: modlogActions,
+                    date: logDate,
+                    showUser: !req.body.hide_name || logUser === 'Unregistered User' ? true : false,
+                    message: message,
+                    user: logUser,
+                    ip: {
+                        single: res.locals.ip.single,
+                        raw: res.locals.ip.raw
+                    }
+                };
+            }
+            //push each post id
+            modlog[post.board].postIds.push(post.postId);
+        }
+        const modlogDocuments = [];
+        for (let i = 0; i < threadBoards.length; i++) {
+            const boardName = threadBoards[i];
+            const boardLog = modlog[boardName];
+            //make it into documents for the db
+            modlogDocuments.push({
+                ...boardLog,
+                'board': boardName
+            });
+        }
+        if (modlogDocuments.length > 0) {
+            //insert the modlog docs
+            await Modlogs.insertMany(modlogDocuments);
+            for (let i = 0; i < threadBoards.length; i++) {
+                const board = buildBoards[threadBoards[i]];
+                buildQueue.push({
+                    'task': 'buildModLog',
+                    'options': {
+                        'board': board,
+                    }
+                });
+                buildQueue.push({
+                    'task': 'buildModLogList',
+                    'options': {
+                        'board': board,
+                    }
+                });
+            }
+        }
+    }

models/forms/actionhandler.js

@@ -269,6 +269,7 @@ module.exports = async (req, res, next) => {
 	}
 
 	const parallelPromises = [];
+
 	//modlog
 	if (modlogActions.length > 0) {
 		const modlog = {};

models/forms/addban.js

@@ -0,0 +1,69 @@
+'use strict';
+
+const { Bans, Modlogs } = require(__dirname+'/../../db/')
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, hashIp = require(__dirname+'/../../helpers/dynamic.js')
+	, buildQueue = require(__dirname+'/../../queue.js')
+	, { isIP } = require('net')
+	, { ipHashPermLevel, defaultBanDuration } = require(__dirname+'/../../configs/main.js');
+
+module.exports = async (req, res, redirect) => {
+
+	const actionDate = new Date();
+
+	const banPromise = Bans.insertOne({
+		//note: raw ip and type single because of 
+        'type': 'single',
+        'ip': {
+            'single': isIP(req.body.ip) ? hashIp(req.body.ip) : req.body.ip,
+            'raw':  req.body.ip,
+        },
+        'reason': req.body.ban_reason || req.body.log_message || 'No reason specified',
+        'board': req.params.board || null,
+        'posts': null,
+        'issuer': req.session.user.username,
+        'date': actionDate,
+        'expireAt': new Date(actionDate.getTime() + (req.body.ban_duration || defaultBanDuration)),
+        'allowAppeal': req.body.no_appeal ? false : true,
+        'appeal': null,
+        'seen': false,
+    });
+
+	const modlogPromise = Modlogs.insertOne({
+		'board': req.params.board || null,
+		'postIds': [],
+		'actions': [(req.params.board ? 'Ban' : 'Global Ban')],
+		'date': actionDate,
+		'showUser': !req.body.hide_name || res.locals.permLevel >= 4 ? true : false,
+		'message': req.body.log_message || null,
+		'user': res.locals.permLevel < 4 ? req.session.user.username : 'Unregistered User',
+		'ip': {
+			'single': res.locals.ip.single,
+			'raw': res.locals.ip.raw
+		}
+	});
+
+	await Promise.all([banPromise, modlogPromise]);
+
+	if (req.params.board) {
+		buildQueue.push({
+			'task': 'buildModLog',
+			'options': {
+				'board': res.locals.board,
+			}
+		});
+		buildQueue.push({
+			'task': 'buildModLogList',
+			'options': {
+				'board': res.locals.board,
+			}
+		});
+	}
+
+	return dynamicResponse(req, res, 200, 'message', {
+		'title': 'Success',
+		'message': 'Added ban',
+		redirect,
+	});
+
+}

views/includes/addbanform.pug

@@ -0,0 +1,22 @@
+.row
+	.label IP/Hash
+	input(type='text' name='ip' required)
+.row
+	.label Ban Reason
+	input(type='text' name='ban_reason')
+.row
+	.label Modlog Message
+	input(type='text' name='log_message')
+.row
+	.label Ban Duration
+	input(type='text' name='ban_duration' placeholder='e.g. 7d')
+.row
+	.label Non-appealable Ban
+	label.postform-style.ph-5
+		input(type='checkbox', name='no_appeal' value='1')
+.row
+	.label Hide Username In Modlog
+	label.postform-style.ph-5
+		input(type='checkbox', name='hide_name' value='1')
+input(type='submit', value='submit')
+

views/includes/managebanform.pug

@@ -7,12 +7,12 @@ else
 			+ban(ban)
 	.action-wrapper.mv-10
 		.row
-			label
+			.label Unban
+			label.postform-style.ph-5
 				input(type='radio' name='option' value='unban' checked='checked')
-				| Unban
 		.row
-			label
+			.label Deny Appeal
+			label.postform-style.ph-5
 				input(type='radio' name='option' value='deny_appeal')
-				| Deny Appeal
 	input(type='submit' value='submit')
 

views/pages/globalmanagebans.pug

@@ -10,6 +10,12 @@ block content
 	br
 	+globalmanagenav('bans')
 	hr(size=1)
+	h4.no-m-p Add Ban:
+	.form-wrapper.flexleft
+		form.form-post(action=`/forms/global/addban`, enctype='application/x-www-form-urlencoded', method='POST')
+			input(type='hidden' name='_csrf' value=csrf)
+			include ../includes/addbanform.pug
+	hr(size=1)
 	h4.no-m-p Global Bans & Appeals:
 	form(action=`/forms/global/editbans` method='POST' enctype='application/x-www-form-urlencoded')
 		include ../includes/managebanform.pug

views/pages/managebans.pug

@@ -11,6 +11,12 @@ block content
 	br
 	+managenav('bans')
 	hr(size=1)
+	h4.no-m-p Add Ban:
+	.form-wrapper.flexleft
+		form.form-post(action=`/forms/board/${board._id}/addban`, enctype='application/x-www-form-urlencoded', method='POST')
+			input(type='hidden' name='_csrf' value=csrf)
+			include ../includes/addbanform.pug
+	hr(size=1)
 	h4.no-m-p Bans & Appeals:
 	form(action=`/forms/board/${board._id}/editbans` method='POST' enctype='application/x-www-form-urlencoded')
 		include ../includes/managebanform.pug