diff --git a/handlers/oauth2/discord.js b/handlers/oauth2/discord.js index 12cf92e..95aa081 100644 --- a/handlers/oauth2/discord.js +++ b/handlers/oauth2/discord.js @@ -169,8 +169,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const blacklist_status = await process.db.blacklistStatusByDiscordID( userinfo.id ); - if (blacklist_status && !panelinfo.root_admin) + if (blacklist_status !== 'false' && !panelinfo.root_admin) { return functions.doRedirect(req, res, redirects.blacklisted); + } const newAcc = await process.db.updateDiscordId( account.email, @@ -348,8 +349,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const blacklist_status = await process.db.blacklistStatusByDiscordID( userinfo.id ); - if (blacklist_status && !panelinfo.root_admin) + if (blacklist_status !== 'false' && !panelinfo.root_admin) { return functions.doRedirect(req, res, redirects.blacklisted); + } req.session.data = { dbinfo: dbinfo, @@ -461,6 +463,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { if (check_if_banned === 200) { await process.db.toggleBlacklist(userinfo.id, true); + console.log('blacklisto'); } else if (check_if_banned === 404) { await fetch( `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, @@ -542,8 +545,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const blacklist_status = await process.db.blacklistStatusByDiscordID( userinfo.id ); - if (blacklist_status && !panelinfo.root_admin) + if (blacklist_status !== 'false' && !panelinfo.root_admin) { return functions.doRedirect(req, res, redirects.blacklisted); + } req.session.data = { dbinfo: dbinfo, diff --git a/handlers/oauth2/email.js b/handlers/oauth2/email.js index cd716dc..e95bb79 100644 --- a/handlers/oauth2/email.js +++ b/handlers/oauth2/email.js @@ -1,11 +1,11 @@ /* eslint-disable no-constant-condition */ /* eslint-disable camelcase */ -const fetch = require("node-fetch"); -const functions = require("../../functions.js"); -const suspendCheck = require("../servers/suspension_system.js"); -const nodemailer = require("nodemailer"); +const fetch = require('node-fetch'); +const functions = require('../../functions.js'); +const suspendCheck = require('../servers/suspension_system.js'); +const nodemailer = require('nodemailer'); module.exports.load = async function (app, ifValidAPI, ejs) { - app.post("/accounts/email/reset", async (req, res) => { + app.post('/accounts/email/reset', async (req, res) => { const email = req.body.email; const account = await process.db.fetchAccountByEmail(email); @@ -14,10 +14,10 @@ module.exports.load = async function (app, ifValidAPI, ejs) { req.session.variables = { error: { message: - "Account does not exist with that email, try signing up instead.", + 'Account does not exist with that email, try signing up instead.', }, }; - return res.redirect("/reset/password"); + return res.redirect('/reset/password'); } const dbSettings = await process.db.findOrCreateSettings( process.env.discord.guild @@ -41,9 +41,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { Kind regards,
${dbSettings.name} `; mailer.sendMail({ - from: "main@tovade.xyz", + from: 'main@tovade.xyz', to: email, - subject: "Reset password", + subject: 'Reset password', html: contentHTML, }); req.session.variables = { @@ -53,32 +53,32 @@ module.exports.load = async function (app, ifValidAPI, ejs) { }; await process.db.updateResetId(email, id); - return res.redirect("/reset/password"); + return res.redirect('/reset/password'); } catch (err) { req.session.variables = { error: { message: - "Something went wrong with the smtp config. Please contact an administrator to fix this issue.", + 'Something went wrong with the smtp config. Please contact an administrator to fix this issue.', }, }; - return res.redirect("/login"); + return res.redirect('/login'); } }); - app.post("/accounts/email/password/reset/:id", async (req, res) => { + app.post('/accounts/email/password/reset/:id', async (req, res) => { if (!req.params.id) { - return res.redirect("/login"); + return res.redirect('/login'); } const confirm = await process.db.fetchAccountByResetId(req.params.id); if (!confirm) { - return res.redirect("/login"); + return res.redirect('/login'); } if (req.body.password !== req.body.password_confirm) { req.session.variables = { error: { - message: "Password is not the same as the confirm password field.", + message: 'Password is not the same as the confirm password field.', }, }; return res.redirect(`/reset/password/form?id=${req.params.id}`); @@ -91,10 +91,10 @@ module.exports.load = async function (app, ifValidAPI, ejs) { message: `Your password is now ${req.body.password}`, }, }; - return res.redirect("/login"); + return res.redirect('/login'); }); - app.post("/accounts/email/login", async (req, res) => { + app.post('/accounts/email/login', async (req, res) => { const redirects = process.pagesettings.redirectactions.oauth2; const userinfo_withemail = await process.db.fetchAccountByEmail( req.body.email @@ -104,10 +104,10 @@ module.exports.load = async function (app, ifValidAPI, ejs) { req.session.variables = { error: { message: - "Looks like you signed up with discord, try using discord to login.", + 'Looks like you signed up with discord, try using discord to login.', }, }; - return res.redirect("/"); + return res.redirect('/'); } const userinfo = await process.db.fetchAccountByEmailAndPassword( req.body.email, @@ -116,26 +116,30 @@ module.exports.load = async function (app, ifValidAPI, ejs) { if (!userinfo) { req.session.variables = { error: { - message: "Wrong email or password, try again.", + message: 'Wrong email or password, try again.', }, }; - return res.redirect("/"); + return res.redirect('/'); } const panelinfo_raw = await fetch( `${process.env.pterodactyl.domain}/api/application/users/${userinfo.pterodactyl_id}?include=servers`, { - method: "get", + method: 'get', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } ); - if ((await panelinfo_raw.statusText) === "Not Found") + if ((await panelinfo_raw.statusText) === 'Not Found') return functions.doRedirect(req, res, redirects.cannotgetinfo); const panelinfo = (await panelinfo_raw.json()).attributes; + const blacklist_status = process.db.blacklistStatusByEmail(req.body.email); + if (blacklist_status !== 'false' && !panelinfo.root_admin) { + return functions.doRedirect(req, res, redirects.blacklisted); + } req.session.data = { dbinfo: userinfo, @@ -144,14 +148,14 @@ module.exports.load = async function (app, ifValidAPI, ejs) { return functions.doRedirect(req, res, redirects.success); }); - app.post("/accounts/email/singup", async (req, res) => { + app.post('/accounts/email/singup', async (req, res) => { const redirects = process.pagesettings.redirectactions.oauth2; if (req.body.password !== req.body.password_confirm) { req.session.variables = { - message: "Password is not the same as Confirm password input", + message: 'Password is not the same as Confirm password input', }; - return res.redirect("/signup"); + return res.redirect('/signup'); } const account = await process.db.fetchAccountByEmail(req.body.email); if (account) { @@ -159,7 +163,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { message: "Account already exis's with that email, try logging in instead.", }; - return res.redirect("/signup"); + return res.redirect('/signup'); } const userinfo = await process.db.createOrFindAccount( req.body.username, @@ -171,10 +175,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { ); if (!userinfo) { req.session.variables = { - message: "An error has occured, please report this to an admin", + message: 'An error has occured, please report this to an admin', }; - console.log(userinfo); - return res.redirect("/signup"); + return res.redirect('/signup'); } panel_id = userinfo.pterodactyl_id; @@ -196,7 +199,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { functions.doRedirect(req, res, redirects.success); }); - app.get("/accounts/logout", (req, res) => { + app.get('/accounts/logout', (req, res) => { delete req.session.data; // req.session.destroy(() => { diff --git a/handlers/servers/suspension_system.js b/handlers/servers/suspension_system.js index 006e14a..da8b86e 100644 --- a/handlers/servers/suspension_system.js +++ b/handlers/servers/suspension_system.js @@ -1,6 +1,6 @@ /* eslint-disable camelcase */ -const fetch = require("node-fetch"); -const functions = require("../../functions.js"); +const fetch = require('node-fetch'); +const functions = require('../../functions.js'); module.exports = async (email, isAdmin) => { // console.error()s should be impossible to get if you set it up properly. @@ -16,15 +16,15 @@ module.exports = async (email, isAdmin) => { const account_info_json = await fetch( `${process.env.pterodactyl.domain}/api/application/users/${userinfo.pterodactyl_id}?include=servers`, { - method: "get", + method: 'get', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } ); - if ((await account_info_json.statusText) === "Not Found") + if ((await account_info_json.statusText) === 'Not Found') return console.error( `[SERVER SUSPENSION] Could not find user panel information. | Email: ${email} | Pterodactyl Panel ID: ${userinfo.pterodactyl_id}` ); @@ -57,9 +57,9 @@ module.exports = async (email, isAdmin) => { await fetch( `${process.env.pterodactyl.domain}/api/application/servers/${id}/suspend`, { - method: "post", + method: 'post', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } @@ -73,16 +73,16 @@ module.exports = async (email, isAdmin) => { const renewal_date = await process.db.getSingleRenewalDate(id); if ( - renewal_date.action === "suspend" || - renewal_date.action === "auto" || - renewal_date.action === "???" + renewal_date.action === 'suspend' || + renewal_date.action === 'auto' || + renewal_date.action === '???' ) { await fetch( `${process.env.pterodactyl.domain}/api/application/servers/${id}/unsuspend`, { - method: "post", + method: 'post', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } diff --git a/index.js b/index.js index bc4178d..67e3ae4 100644 --- a/index.js +++ b/index.js @@ -1,20 +1,20 @@ /* eslint-disable camelcase */ -"use strict"; +'use strict'; // Hey! Use comments for everything you do. // Load packages. -const fs = require("fs"); -const glob = require("glob"); -const yaml = require("js-yaml"); -const express = require("express"); -const bodyParser = require("body-parser"); -const ejs = require("ejs"); -const session = require("express-session"); -const http = require("http"); -const expressWs = require("express-ws"); -const rateLimit = require("express-rate-limit"); +const fs = require('fs'); +const glob = require('glob'); +const yaml = require('js-yaml'); +const express = require('express'); +const bodyParser = require('body-parser'); +const ejs = require('ejs'); +const session = require('express-session'); +const http = require('http'); +const expressWs = require('express-ws'); +const rateLimit = require('express-rate-limit'); // Load prototypes Date.prototype.addDays = function (days) { var date = new Date(this.valueOf()); @@ -23,37 +23,37 @@ Date.prototype.addDays = function (days) { }; // Load settings. -process.env = yaml.load(fs.readFileSync("./settings.yml", "utf8")); +process.env = yaml.load(fs.readFileSync('./settings.yml', 'utf8')); -if (process.env.pterodactyl.domain.slice(-1) === "/") +if (process.env.pterodactyl.domain.slice(-1) === '/') process.env.pterodactyl.domain = process.env.pterodactyl.domain.slice(0, -1); -process.api_messages = yaml.load(fs.readFileSync("./api_messages.yml", "utf8")); +process.api_messages = yaml.load(fs.readFileSync('./api_messages.yml', 'utf8')); // Loads database. -const db = require("./db.js"); +const db = require('./db.js'); -const Sqlite = require("better-sqlite3"); -const SqliteStore = require("better-sqlite3-session-store")(session); -const session_db = new Sqlite("sessions.db"); +const Sqlite = require('better-sqlite3'); +const SqliteStore = require('better-sqlite3-session-store')(session); +const session_db = new Sqlite('sessions.db'); // Loads functions. -const functions = require("./functions.js"); +const functions = require('./functions.js'); // Loads page settings. process.pagesettings = yaml.load( - fs.readFileSync("./frontend/pages.yml", "utf8") + fs.readFileSync('./frontend/pages.yml', 'utf8') ); // Loads "settings.yml" and loads the yaml file as a JSON. setInterval(() => { process.pagesettings = yaml.load( - fs.readFileSync("./frontend/pages.yml", "utf8") + fs.readFileSync('./frontend/pages.yml', 'utf8') ); // This line of code is suppose to update any new pages.yml settings every minute. }, 60000); -const path = require("path"); +const path = require('path'); // Makes "process.db" have the database functions. process.db = db; @@ -73,7 +73,7 @@ app.use( express.json({ // Some settings for express. inflate: true, - limit: "500kb", + limit: '500kb', reviver: null, strict: true, // type: 'application/json', @@ -84,15 +84,15 @@ app.use( app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); -app.set("views", path.join(__dirname, "frontend", "pages")); +app.set('views', path.join(__dirname, 'frontend', 'pages')); app.use((err, req, res, next) => { - if (err instanceof SyntaxError && err.status === 400 && "body" in err) { + if (err instanceof SyntaxError && err.status === 400 && 'body' in err) { // https://stackoverflow.com/questions/53048642/node-js-handle-body-parser-invalid-json-error // console.error(err); res.status(400); return res.send({ - error: "An error has occured when trying to handle the request.", + error: 'An error has occured when trying to handle the request.', }); } @@ -120,7 +120,10 @@ app.use(async (req, res, next) => { const blacklist_status = await process.db.blacklistStatusByDiscordID( req.session.data.dbinfo.discord_id ); - if (blacklist_status && !req.session.data.panelinfo.root_admin) { + if ( + blacklist_status !== 'false' && + !req.session.data.panelinfo.root_admin + ) { delete req.session.data; functions.doRedirect( req, @@ -145,10 +148,10 @@ const listener = server.listen(process.env.website.port, function () { }.` ); // Message sent when the port is successfully listening and the website is ready. - const apiFiles = glob.sync("./handlers/**/**/*.js"); + const apiFiles = glob.sync('./handlers/**/**/*.js'); for (const file of apiFiles) { const api = require(file); - if (typeof api.load === "function") api.load(app, ifValidAPI, ejs); + if (typeof api.load === 'function') api.load(app, ifValidAPI, ejs); } }); @@ -164,9 +167,9 @@ function ifValidAPI(req, res, permission) { const auth = req.headers.authorization; if (auth) { - if (auth.startsWith("Bearer ") && auth !== "Bearer ") { + if (auth.startsWith('Bearer ') && auth !== 'Bearer ') { const validkeys = Object.entries(process.env.api).filter( - (key) => key[0] === auth.slice("Bearer ".length) + (key) => key[0] === auth.slice('Bearer '.length) ); if (validkeys.length === 1) { const validkey = validkeys[0][1];