merge-requests/15/merge
Matthew 2021-01-12 00:54:50 -05:00
parent 18c7f1d071
commit 1eaa576900
No known key found for this signature in database
GPG Key ID: 210AF32ADE3B5C4B
2 changed files with 35 additions and 7 deletions

View File

@ -1,6 +1,3 @@
import { Server, ServerManagement } from '../../class'; import { Server, ServerManagement } from '../../class';
export default (management: ServerManagement) => { export default (management: ServerManagement) => new Server(management, 3895, `${__dirname}/routes`);
const server = new Server(management, 3895, `${__dirname}/routes`);
return server;
};

View File

@ -8,19 +8,38 @@ import { ScoreHistoricalRaw } from '../../../models/ScoreHistorical';
import { getTotalMessageCount } from '../../../intervals/score'; import { getTotalMessageCount } from '../../../intervals/score';
export default class Report extends Route { export default class Report extends Route {
public timeout: Set<string>; public timeout: Map<string, number>;
public acceptedOffers: LocalStorage; public acceptedOffers: LocalStorage;
constructor(server: Server) { constructor(server: Server) {
super(server); super(server);
this.timeout = new Set(); this.timeout = new Map();
this.acceptedOffers = new LocalStorage('accepted-offers'); this.acceptedOffers = new LocalStorage('accepted-offers');
this.conf = { this.conf = {
path: '/report', path: '/report',
}; };
} }
protected check(userID: string) {
if (this.timeout.has(userID)) {
if (this.timeout.get(userID) >= 3) {
return true;
}
this.timeout.set(userID, this.timeout.get(userID) + 1);
} else {
this.timeout.set(userID, 1);
}
setTimeout(() => {
if (this.timeout.has(userID)) {
this.timeout.set(userID, this.timeout.get(userID) - 1);
} else {
this.timeout.delete(userID);
}
}, 30000);
return false;
}
public bind() { public bind() {
this.router.all('*', (_req, res, next) => { this.router.all('*', (_req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', '*'); res.setHeader('Access-Control-Allow-Origin', '*');
@ -47,6 +66,17 @@ export default class Report extends Route {
if (member.locked) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); if (member.locked) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED });
if (merchant?.type !== 1) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); if (merchant?.type !== 1) return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED });
if (this.check(member.userID)) {
await this.server.client.db.Score.updateOne({ userID: member.userID }, { $set: { locked: true } });
const chan = await this.server.client.getDMChannel(member.userID);
try {
await chan.createMessage(`__**Community Report Locked**__\nWe've detected suspicious activity on your Community Report, for the integrity of your report we have automatically locked it. To unlock your report, please run \`${this.server.client.config.prefix}score pref unlock\` in <#468759629334183956>.`);
} catch (err) {
this.server.client.util.signale.error(`Unable to DM user: ${member.userID} | ${err}`);
}
return res.status(403).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED });
}
const flags = []; const flags = [];
if (mem.user.publicFlags) { if (mem.user.publicFlags) {
@ -172,6 +202,7 @@ export default class Report extends Route {
return res.status(200).json({ return res.status(200).json({
code: this.constants.codes.SUCCESS, code: this.constants.codes.SUCCESS,
message: { message: {
id: reportID,
userID: member.userID, userID: member.userID,
memberInformation: { memberInformation: {
username: mem.user.username, username: mem.user.username,
@ -442,7 +473,7 @@ export default class Report extends Route {
if (this.timeout.has(req.ip)) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); if (this.timeout.has(req.ip)) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED });
if (!req.query.pin) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); if (!req.query.pin) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED });
const args = req.query.pin.toString(); const args = req.query.pin.toString();
this.timeout.add(req.ip); this.timeout.set(req.ip, 1);
setTimeout(() => this.timeout.delete(req.ip), 1800000); setTimeout(() => this.timeout.delete(req.ip), 1800000);
let score = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec(); let score = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec();
if (!score) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); if (!score) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED });