Leahnaya/miiverse-api
1
0
Fork 0
mirror of https://github.com/PretendoNetwork/miiverse-api.git synced 2026-04-24 07:06:55 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: check ban status outside of discovery

Browse Source
This commit is contained in:
Jemma Poffinbarger 2024-07-29 20:57:03 -05:00
parent 6bee19dbf5
commit 9cb644e22f
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/middleware/auth.ts
View File

@ -1,8 +1,9 @@
import express from 'express';
import xmlbuilder from 'xmlbuilder';
import moment from 'moment';
import { z } from 'zod';
import { GetUserDataResponse } from '@pretendonetwork/grpc/account/get_user_data_rpc';
import { getEndpoint } from '@/database';
import { getEndpoint, getUserSettings } from '@/database';
import { getUserAccountData, getValueFromHeaders, decodeParamPack, getPIDFromServiceToken } from '@/util';
import { HydratedEndpointDocument } from '@/types/mongoose/endpoint';
@ -86,13 +87,6 @@ async function auth(request: express.Request, response: express.Response, next:
return serverError(response, discovery);
}
// TODO - This is temp, testing something. Will be removed in the future
if (request.path !== '/v1/endpoint') {
if (user.serverAccessLevel !== 'test' && user.serverAccessLevel !== 'dev') {
return badAuth(response, 16, 'BAD_TOKEN');
}
}
// * This is a false positive from ESLint.
// * Since this middleware is only ever called
// * per every request instance
@ -101,6 +95,29 @@ async function auth(request: express.Request, response: express.Response, next:
// eslint-disable-next-line require-atomic-updates
request.paramPack = paramPackData;
const userSettings = await getUserSettings(request.pid);
if (!userSettings) {
return badAuth(response, 18, 'BAD_PARAM');
}
if (moment(userSettings.ban_lift_date) <= moment() && userSettings.account_status !== 3) {
userSettings.account_status = 0;
await userSettings.save();
}
// This includes ban checks for both Juxt specifically and the account server, ideally this should be squashed
// assuming we support more gradual bans on PNID's
if (userSettings.account_status < 0 || userSettings.account_status > 1 || user.accessLevel < 0) {
if (userSettings.account_status === 2 && request.method === 'GET') {
return next();
} else if (userSettings.account_status === 2) {
return badAuth(response, 8, 'PNID_POST_BAN');
} else {
return badAuth(response, 7, 'PNID_PERM_BAN');
}
}
return next();
}

5
src/util.ts
View File

@ -64,6 +64,11 @@ export function getPIDFromServiceToken(token: string): number {
return 0;
}
// * Check if the token is expired
if (unpackedToken.expire_time < Date.now()) {
return 0;
}
return unpackedToken.pid;
} catch (e) {
console.error(e);