From 46eabc6194d1aad2abb532496433c0734c8a65f8 Mon Sep 17 00:00:00 2001 From: Matthew R Date: Sun, 20 Sep 2020 23:52:35 -0400 Subject: [PATCH] allow staff logins --- src/api/loc.sh/routes/internal.ts | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/api/loc.sh/routes/internal.ts b/src/api/loc.sh/routes/internal.ts index cdba43a..8bfe331 100644 --- a/src/api/loc.sh/routes/internal.ts +++ b/src/api/loc.sh/routes/internal.ts @@ -1,3 +1,4 @@ +/* eslint-disable no-shadow */ import { Route, Server } from '../../../class'; // import acknowledgements from '../../../configs/acknowledgements.json'; @@ -35,16 +36,26 @@ export default class Internal extends Route { this.router.get('/score', async (req, res) => { try { res.setHeader('Access-Control-Allow-Origin', '*'); - if (this.timeout.has(req.ip)) return res.status(429).json({ code: this.constants.codes.PERMISSION_DENIED, message: this.constants.messages.PERMISSION_DENIED }); - if (!req.query.pin) return res.status(400).json({ code: this.constants.codes.CLIENT_ERROR }); + if (this.timeout.has(req.ip)) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); + if (!req.query.pin) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); const args = req.query.pin.toString(); this.timeout.add(req.ip); setTimeout(() => this.timeout.delete(req.ip), 1800000); let score = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec(); if (!score) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); const member = await this.server.client.getRESTGuildMember(this.constants.discord.SERVER_ID, score.userID); - if (!member) return res.status(404).json({ code: this.constants.codes.ACCOUNT_NOT_FOUND }); - await this.server.client.db.Score.updateOne({ userID: score.userID }, { $addToSet: { softInquiries: { name: `${member.username} via report.libraryofcode.org @ IP ${req.ip}`, date: new Date() } } }); + if (!member) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); + + if (req.query.staff) { + const args = req.query.staff.toString(); + const staffScore = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec(); + if (!staffScore) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); + if (!staffScore.staff) return res.status(401).json({ code: this.constants.codes.UNAUTHORIZED, message: this.constants.messages.UNAUTHORIZED }); + this.timeout.delete(req.ip); + await this.server.client.db.Score.updateOne({ userID: staffScore.userID }, { $addToSet: { softInquiries: { name: 'Library of Code sp-us | Staff Team via report.libraryofcode.org', date: new Date() } } }); + } else { + await this.server.client.db.Score.updateOne({ userID: score.userID }, { $addToSet: { softInquiries: { name: `${member.username} via report.libraryofcode.org @ IP ${req.ip}`, date: new Date() } } }); + } score = await this.server.client.db.Score.findOne({ pin: [Number(args.split('-')[0]), Number(args.split('-')[1]), Number(args.split('-')[2])] }).lean().exec(); let totalScore = '0';