From 1eaa5769008e63fb5d2c3db46135afc8fdf3a42c Mon Sep 17 00:00:00 2001 From: Matthew R Date: Tue, 12 Jan 2021 00:54:50 -0500 Subject: [PATCH] add rid --- src/api/comm.libraryofcode.org/main.ts | 5 +-- .../comm.libraryofcode.org/routes/report.ts | 37 +++++++++++++++++-- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/src/api/comm.libraryofcode.org/main.ts b/src/api/comm.libraryofcode.org/main.ts index 50dfa27..f6c876e 100644 --- a/src/api/comm.libraryofcode.org/main.ts +++ b/src/api/comm.libraryofcode.org/main.ts @@ -1,6 +1,3 @@ import { Server, ServerManagement } from '../../class'; -export default (management: ServerManagement) => { - const server = new Server(management, 3895, `${__dirname}/routes`); - return server; -}; +export default (management: ServerManagement) => new Server(management, 3895, `${__dirname}/routes`); diff --git a/src/api/comm.libraryofcode.org/routes/report.ts b/src/api/comm.libraryofcode.org/routes/report.ts index 36132f6..706bc7b 100644 --- a/src/api/comm.libraryofcode.org/routes/report.ts +++ b/src/api/comm.libraryofcode.org/routes/report.ts @@ -8,19 +8,38 @@ import { ScoreHistoricalRaw } from '../../../models/ScoreHistorical'; import { getTotalMessageCount } from '../../../intervals/score'; export default class Report extends Route { - public timeout: Set; + public timeout: Map; public acceptedOffers: LocalStorage; constructor(server: Server) { super(server); - this.timeout = new Set(); + this.timeout = new Map(); this.acceptedOffers = new LocalStorage('accepted-offers'); this.conf = { path: '/report', }; } + protected check(userID: string) { + if (this.timeout.has(userID)) { + if (this.timeout.get(userID) >= 3) { + return true; + } + this.timeout.set(userID, this.timeout.get(userID) + 1); + } else { + this.timeout.set(userID, 1); + } + setTimeout(() => { + if (this.timeout.has(userID)) { + this.timeout.set(userID, this.timeout.get(userID) - 1); + } else { + this.timeout.delete(userID); + } + }, 30000); + return false; + } + public bind() { this.router.all('*', (_req, res, next) => { res.setHeader('Access-Control-Allow-Origin', '*'); @@ -47,6 +66,17 @@ export default class Report extends Route { if (member.locked) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); if (merchant?.type !== 1) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); + if (this.check(member.userID)) { + await this.server.client.db.Score.updateOne({ userID: member.userID }, { $set: { locked: true } }); + const chan = await this.server.client.getDMChannel(member.userID); + try { + await chan.createMessage(`__**Community Report Locked**__\nWe've detected suspicious activity on your Community Report, for the integrity of your report we have automatically locked it. To unlock your report, please run \`${this.server.client.config.prefix}score pref unlock\` in <#468759629334183956>.`); + } catch (err) { + this.server.client.util.signale.error(`Unable to DM user: ${member.userID} | ${err}`); + } + return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); + } + const flags = []; if (mem.user.publicFlags) { @@ -172,6 +202,7 @@ export default class Report extends Route { return res.status(200).json({ code: this.constants.codes.SUCCESS, message: { + id: reportID, userID: member.userID, memberInformation: { username: mem.user.username, @@ -442,7 +473,7 @@ export default class Report extends Route { if (this.timeout.has(req.ip)) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); if (!req.query.pin) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); const args = req.query.pin.toString(); - this.timeout.add(req.ip); + this.timeout.set(req.ip, 1); setTimeout(() => this.timeout.delete(req.ip), 1800000); let score = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec(); if (!score) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED });