forked from kaverti/website
117 lines
3.9 KiB
JavaScript
117 lines
3.9 KiB
JavaScript
let bcrypt = require('bcryptjs')
|
|
let multer = require('multer')
|
|
let express = require('express')
|
|
let router = express.Router()
|
|
var Recaptcha = require('express-recaptcha').RecaptchaV3;
|
|
var recaptcha = new Recaptcha('6LdlbrwZAAAAAKvtcVQhVl_QaNOqmQ4PgyW3SKHy', '6LdlbrwZAAAAAMAWPVDrL8eNPxrws6AMDtLf1bgd');
|
|
var reCAPTCHASecret = "6LdlbrwZAAAAAKvtcVQhVl_QaNOqmQ4PgyW3SKHy";
|
|
const Errors = require('../lib/errors.js')
|
|
var format = require('date-format');
|
|
let {
|
|
User, Post, ProfilePicture, StaffApplications, AdminToken, PassKey, Thread, Category, Sequelize, Ip, Ban, sequelize
|
|
} = require('../models')
|
|
let pagination = require('../lib/pagination.js')
|
|
|
|
router.all('*', (req, res, next) => {
|
|
if(req.session.admin) {
|
|
next()
|
|
} else {
|
|
res.status(401)
|
|
res.json({
|
|
errors: [Errors.requestNotAuthorized]
|
|
})
|
|
}
|
|
})
|
|
|
|
router.put('/user/scrub', async (req, res, next) => {
|
|
try {
|
|
if(!req.session.admin) {
|
|
throw Errors.requestNotAuthorized
|
|
}
|
|
await Ban.ReadOnlyMode(req.session.username)
|
|
|
|
if(req.autosan.body.description === "descscram") {
|
|
let user = await User.findOne({ where: {
|
|
username: req.autosan.body.user
|
|
}})
|
|
if(user.admin) {
|
|
throw Errors.modifyAdminUser
|
|
}
|
|
let userUpdate = await User.update({ description: "Description was removed by an administrator"}, { where: {
|
|
username: req.autosan.body.user
|
|
}})
|
|
res.status(200)
|
|
res.json({success: "true"})
|
|
|
|
} else if(req.autosan.body.username === "usernamescram") {
|
|
let user = await User.findOne({ where: {
|
|
username: req.autosan.body.user
|
|
}})
|
|
if(user.admin) {
|
|
throw Errors.modifyAdminUser
|
|
}
|
|
let userUpdate = await User.update({username: Math.random().toString(36).substring(2)}, {
|
|
where: {
|
|
username: req.autosan.body.user
|
|
}
|
|
})
|
|
res.json({success: true})
|
|
} else {
|
|
res.json({ success: false })
|
|
}
|
|
} catch (e) { next(e) }
|
|
})
|
|
|
|
router.put('/user/modify', async (req, res, next) => {
|
|
try {
|
|
if(!req.session.admin) {
|
|
throw Errors.requestNotAuthorized
|
|
}
|
|
|
|
await Ban.ReadOnlyMode(req.session.username)
|
|
|
|
if(req.body.username) {
|
|
let user = await User.findOne({ where: {
|
|
username: req.body.username
|
|
}})
|
|
if(!user) throw Errors.accountDoesNotExist
|
|
if(user.admin) {
|
|
throw Errors.modifyAdminUser
|
|
}
|
|
let userUpdate = await User.update({booster: req.body.booster, bot: req.body.bot, system: req.body.system}, {
|
|
where: {
|
|
username: req.body.username
|
|
}
|
|
})
|
|
res.status(200)
|
|
res.json({success: true})
|
|
} else {
|
|
res.status(500)
|
|
res.json({success: false})
|
|
}
|
|
|
|
} catch (e) { next(e) }
|
|
})
|
|
|
|
router.get('/logs', async (req, res, next) => {
|
|
try {
|
|
await Ban.isIpBanned(req.ip)
|
|
|
|
throw Errors.featureDisabled
|
|
} catch (e) { next(e) }
|
|
})
|
|
|
|
router.get('/', async (req, res, next) => {
|
|
try {
|
|
let reports = await Report.findAll({
|
|
include: [
|
|
{ model: User, as: 'User', attributes: { exclude: ['hash', 'email', 'emailVerified', 'koins', 'currency2', 'emailToken', 'passwordResetExpiry', 'passwordResetToken', 'experimentMode', 'developerMode'] } },
|
|
{ model: Post, include: Post.includeOptions(), attributes: { exclude: ['hash', 'email', 'emailVerified', 'koins', 'currency2', 'emailToken', 'passwordResetExpiry', 'passwordResetToken', 'experimentMode', 'developerMode'] } }
|
|
]
|
|
})
|
|
|
|
res.json(reports)
|
|
} catch (e) { next(e) }
|
|
})
|
|
module.exports = router;
|