From 0107530eaed10b27f6fc9ba9ee402542875a3c5e Mon Sep 17 00:00:00 2001 From: Miodec Date: Wed, 7 Jun 2023 14:53:53 +0200 Subject: [PATCH] added toggle banned endpoint --- backend/src/api/controllers/user.ts | 21 +++++++++++++++++++++ backend/src/api/routes/users.ts | 14 ++++++++++++++ backend/src/dal/user.ts | 8 ++++++++ backend/src/middlewares/rate-limit.ts | 7 +++++++ backend/src/queues/george-queue.ts | 6 ++++++ backend/src/types/types.d.ts | 1 + 6 files changed, 57 insertions(+) diff --git a/backend/src/api/controllers/user.ts b/backend/src/api/controllers/user.ts index 9868849e8..2d923a365 100644 --- a/backend/src/api/controllers/user.ts +++ b/backend/src/api/controllers/user.ts @@ -831,3 +831,24 @@ export async function reportUser( return new MonkeyResponse("User reported"); } + +export async function toggleBan( + req: MonkeyTypes.Request +): Promise { + const { uid } = req.body; + + const user = await UserDAL.getUser(uid, "toggle ban"); + const discordId = user.discordId; + + if (user.banned) { + UserDAL.setBanned(uid, false); + if (discordId) GeorgeQueue.userBanned(discordId, false); + } else { + UserDAL.setBanned(uid, true); + if (discordId) GeorgeQueue.userBanned(discordId, true); + } + + return new MonkeyResponse(`Ban toggled`, { + banned: !user.banned, + }); +} diff --git a/backend/src/api/routes/users.ts b/backend/src/api/routes/users.ts index b1481fe73..a45f9ceae 100644 --- a/backend/src/api/routes/users.ts +++ b/backend/src/api/routes/users.ts @@ -7,6 +7,7 @@ import { validateRequest, validateConfiguration, checkUserPermissions, + useInProduction, } from "../../middlewares/api-utils"; import * as RateLimit from "../../middlewares/rate-limit"; import { withApeRateLimiter } from "../../middlewares/ape-rate-limit"; @@ -15,6 +16,12 @@ import filterSchema from "../schemas/filter-schema"; const router = Router(); +const checkIfUserIsAdmin = checkUserPermissions({ + criteria: (user) => { + return !!user.admin; + }, +}); + const tagNameValidation = joi .string() .required() @@ -614,4 +621,11 @@ router.post( asyncHandler(UserController.sendForgotPasswordEmail) ); +router.post( + "/toggleBan", + RateLimit.onePerMin, + useInProduction([authenticateRequest(), checkIfUserIsAdmin]), + asyncHandler(UserController.toggleBan) +); + export default router; diff --git a/backend/src/dal/user.ts b/backend/src/dal/user.ts index 1c004e0a1..05bb12a29 100644 --- a/backend/src/dal/user.ts +++ b/backend/src/dal/user.ts @@ -991,3 +991,11 @@ export async function updateStreak( return streak.length; } + +export async function setBanned(uid: string, banned: boolean): Promise { + if (banned) { + await getUsersCollection().updateOne({ uid }, { $set: { banned: true } }); + } else { + await getUsersCollection().updateOne({ uid }, { $unset: { banned: "" } }); + } +} diff --git a/backend/src/middlewares/rate-limit.ts b/backend/src/middlewares/rate-limit.ts index 34a1fbe32..c30d8c98f 100644 --- a/backend/src/middlewares/rate-limit.ts +++ b/backend/src/middlewares/rate-limit.ts @@ -98,6 +98,13 @@ export async function incrementBadAuth( } catch (error) {} } +export const onePerMin = rateLimit({ + windowMs: 60 * 1000, + max: 1 * REQUEST_MULTIPLIER, + keyGenerator: getKeyWithUid, + handler: customHandler, +}); + // Config Routing export const configUpdate = rateLimit({ windowMs: ONE_HOUR_MS, diff --git a/backend/src/queues/george-queue.ts b/backend/src/queues/george-queue.ts index 512d93fac..bdccc90c9 100644 --- a/backend/src/queues/george-queue.ts +++ b/backend/src/queues/george-queue.ts @@ -45,6 +45,12 @@ class GeorgeQueue extends MonkeyQueue { await this.add(taskName, awardChallengeTask); } + async userBanned(discordId: string, banned: boolean): Promise { + const taskName = "userBanned"; + const userBannedTask = buildGeorgeTask(taskName, [discordId, banned]); + await this.add(taskName, userBannedTask); + } + async announceLeaderboardUpdate( newRecords: any[], leaderboardId: string diff --git a/backend/src/types/types.d.ts b/backend/src/types/types.d.ts index 3d52e27bd..a0d03f7b0 100644 --- a/backend/src/types/types.d.ts +++ b/backend/src/types/types.d.ts @@ -178,6 +178,7 @@ declare namespace MonkeyTypes { uid: string; quoteMod?: boolean; configurationMod?: boolean; + admin?: boolean; canReport?: boolean; banned?: boolean; canManageApeKeys?: boolean;