fix: check ban status outside of discovery

PretendoNetwork · Jul 30, 2024 · 9cb644e · 9cb644e
1 parent 6bee19d
commit 9cb644e
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 8 deletions.
diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
@@ -1,8 +1,9 @@
 import express from 'express';
 import xmlbuilder from 'xmlbuilder';
+import moment from 'moment';
 import { z } from 'zod';
 import { GetUserDataResponse } from '@pretendonetwork/grpc/account/get_user_data_rpc';
-import { getEndpoint } from '@/database';
+import { getEndpoint, getUserSettings } from '@/database';
 import { getUserAccountData, getValueFromHeaders, decodeParamPack, getPIDFromServiceToken } from '@/util';
 import { HydratedEndpointDocument } from '@/types/mongoose/endpoint';
 
@@ -86,13 +87,6 @@ async function auth(request: express.Request, response: express.Response, next:
 		return serverError(response, discovery);
 	}
 
-	// TODO - This is temp, testing something. Will be removed in the future
-	if (request.path !== '/v1/endpoint') {
-		if (user.serverAccessLevel !== 'test' && user.serverAccessLevel !== 'dev') {
-			return badAuth(response, 16, 'BAD_TOKEN');
-		}
-	}
-
 	// * This is a false positive from ESLint.
 	// * Since this middleware is only ever called
 	// * per every request instance
@@ -101,6 +95,29 @@ async function auth(request: express.Request, response: express.Response, next:
 	// eslint-disable-next-line require-atomic-updates
 	request.paramPack = paramPackData;
 
+	const userSettings = await getUserSettings(request.pid);
+
+	if (!userSettings) {
+		return badAuth(response, 18, 'BAD_PARAM');
+	}
+
+	if (moment(userSettings.ban_lift_date) <= moment() && userSettings.account_status !== 3) {
+		userSettings.account_status = 0;
+		await userSettings.save();
+	}
+	// This includes ban checks for both Juxt specifically and the account server, ideally this should be squashed
+	// assuming we support more gradual bans on PNID's
+	if (userSettings.account_status < 0 || userSettings.account_status > 1 || user.accessLevel < 0) {
+		if (userSettings.account_status === 2 && request.method === 'GET') {
+			return next();
+		} else if (userSettings.account_status === 2) {
+			return badAuth(response, 8, 'PNID_POST_BAN');
+		} else {
+			return badAuth(response, 7, 'PNID_PERM_BAN');
+		}
+
+	}
+
 	return next();
 }
 

diff --git a/src/util.ts b/src/util.ts
@@ -64,6 +64,11 @@ export function getPIDFromServiceToken(token: string): number {
 			return 0;
 		}
 
+		// * Check if the token is expired
+		if (unpackedToken.expire_time < Date.now()) {
+			return 0;
+		}
+
 		return unpackedToken.pid;
 	} catch (e) {
 		console.error(e);