fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix post history for tor user and remove manual addban form from non-global manage pages (for now)

Browse Source
merge-requests/208/head
Thomas Lynch 4 years ago
parent b50d39250a
commit f1db4f7317
5 changed files with 26 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      controllers/forms.js
  2. 16
      controllers/forms/addban.js
  3. 2
      helpers/decodequeryip.js
  4. 30
      models/forms/addban.js
  5. 6
      views/pages/managebans.pug

3
controllers/forms.js
Unescape View File

@ -71,7 +71,8 @@ router.post('/board/:board/deleteboard', /*geoAndTor, torPreBypassCheck, process
//global management forms
router.post('/global/editbans', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, editBansController); //remove bans
router.post('/global/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, addBanController); //add ban manually without post
//commented out for now, because we cant add a manual ban based on a non existing hash suffix (or fetch the full hash from a non existing post), and the user wouldnt know if it the post didn't exist so its pointless anyway.
//router.post('/global/addban', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(1), paramConverter, addBanController); //add ban manually without post
router.post('/global/deleteboard', useSession, sessionRefresh, csrf, paramConverter, calcPerms, isLoggedIn, hasPerms(1), deleteBoardController); //delete board
router.post('/global/addnews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), addNewsController); //add new newspost
router.post('/global/deletenews', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(0), paramConverter, deleteNewsController); //delete news

16
controllers/forms/addban.js
Unescape View File

@ -23,14 +23,14 @@ module.exports = async (req, res, next) => {
errors.push(`Modlog message must be ${globalLimits.fieldLength.log_message} characters or less`);
}
let redirect = req.headers.referer;
if (!redirect) {
if (!req.params.board) {
redirect = '/globalmanage/bans.html';
} else {
redirect = `/${req.params.board}/manage/bans.html`;
}
}
let redirect = req.headers.referer;
if (!redirect) {
if (!req.params.board) {
redirect = '/globalmanage/bans.html';
} else {
redirect = `/${req.params.board}/manage/bans.html`;
}
}
if (errors.length > 0) {
return dynamicResponse(req, res, 400, 'message', {

2
helpers/decodequeryip.js
Unescape View File

@ -7,7 +7,7 @@ const escapeRegExp = require(__dirname+'/escaperegexp.js')
module.exports = (query, permLevel) => {
if (query.ip && typeof query.ip === 'string') {
const decoded = decodeURIComponent(query.ip);
if (permLevel <= ipHashPermLevel && isIP(decoded)) { //if perms to view raw ip, allow querying
if (permLevel <= ipHashPermLevel && (isIP(decoded) || decoded.match(/[a-z0-9]{24}/i))) { //if perms to view raw ip or bypass, allow querying
return decoded;
} else if (decoded.length === 10) { //otherwise, only allow last 10 char substring
return new RegExp(`${escapeRegExp(decoded)}$`);

30
models/forms/addban.js
Unescape View File

@ -13,21 +13,21 @@ module.exports = async (req, res, redirect) => {
const banPromise = Bans.insertOne({
//note: raw ip and type single because of
'type': 'single',
'ip': {
'single': isIP(req.body.ip) ? hashIp(req.body.ip) : req.body.ip,
'raw': req.body.ip,
},
'reason': req.body.ban_reason || req.body.log_message || 'No reason specified',
'board': req.params.board || null,
'posts': null,
'issuer': req.session.user,
'date': actionDate,
'expireAt': new Date(actionDate.getTime() + (req.body.ban_duration || defaultBanDuration)),
'allowAppeal': req.body.no_appeal ? false : true,
'appeal': null,
'seen': false,
});
'type': 'single',
'ip': {
'single': isIP(req.body.ip) ? hashIp(req.body.ip) : req.body.ip,
'raw': req.body.ip,
},
'reason': req.body.ban_reason || req.body.log_message || 'No reason specified',
'board': req.params.board || null,
'posts': null,
'issuer': req.session.user,
'date': actionDate,
'expireAt': new Date(actionDate.getTime() + (req.body.ban_duration || defaultBanDuration)),
'allowAppeal': req.body.no_appeal ? false : true,
'appeal': null,
'seen': false,
});
const modlogPromise = Modlogs.insertOne({
'board': req.params.board || null,

6
views/pages/managebans.pug
Unescape View File

@ -11,12 +11,6 @@ block content
br
+managenav('bans')
hr(size=1)
h4.no-m-p Add Ban:
.form-wrapper.flexleft
form.form-post(action=`/forms/board/${board._id}/addban`, enctype='application/x-www-form-urlencoded', method='POST')
input(type='hidden' name='_csrf' value=csrf)
include ../includes/addbanform.pug
hr(size=1)
h4.no-m-p Bans & Appeals:
form(action=`/forms/board/${board._id}/editbans` method='POST' enctype='application/x-www-form-urlencoded')
include ../includes/managebanform.pug

Write Preview
Loading…
Cancel
Save