From 80732ff90ad8dd0aebc986816f0afd87aecc4ffa Mon Sep 17 00:00:00 2001 From: Pitu Date: Tue, 26 Feb 2019 22:26:18 +0900 Subject: User promotion/demotion --- src/api/routes/admin/userDemote.js | 27 +++++++++++++++++++++++++++ src/api/routes/admin/userPromote.js | 27 +++++++++++++++++++++++++++ src/api/routes/admin/usersGET.js | 23 +++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 src/api/routes/admin/userDemote.js create mode 100644 src/api/routes/admin/userPromote.js create mode 100644 src/api/routes/admin/usersGET.js (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js new file mode 100644 index 0000000..e9c37a0 --- /dev/null +++ b/src/api/routes/admin/userDemote.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); + +class userDemote extends Route { + constructor() { + super('/admin/users/demote', 'get', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { id } = req.body; + if (!id) return res.status(400).json({ message: 'No name provided' }); + + try { + await db.table('users') + .where({ id }) + .update({ isAdmin: false }); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully promoted user' + }); + } +} + +module.exports = userDemote; diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js new file mode 100644 index 0000000..caae176 --- /dev/null +++ b/src/api/routes/admin/userPromote.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); + +class userPromote extends Route { + constructor() { + super('/admin/users/promote', 'get', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { id } = req.body; + if (!id) return res.status(400).json({ message: 'No name provided' }); + + try { + await db.table('users') + .where({ id }) + .update({ isAdmin: true }); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully promoted user' + }); + } +} + +module.exports = userPromote; diff --git a/src/api/routes/admin/usersGET.js b/src/api/routes/admin/usersGET.js new file mode 100644 index 0000000..52a707f --- /dev/null +++ b/src/api/routes/admin/usersGET.js @@ -0,0 +1,23 @@ +const Route = require('../../structures/Route'); + +class usersGET extends Route { + constructor() { + super('/admin/users', 'get', { adminOnly: true }); + } + + async run(req, res, db) { + try { + const users = await db.table('users') + .select('id', 'username', 'enabled', 'isAdmin', 'createdAt'); + + return res.json({ + message: 'Successfully retrieved users', + users + }); + } catch (error) { + return super.error(res, error); + } + } +} + +module.exports = usersGET; -- cgit v1.2.3 From 7a74647d3e5b5681b9d5d3fa9b6e12d062232683 Mon Sep 17 00:00:00 2001 From: Pitu Date: Tue, 26 Feb 2019 23:13:24 +0900 Subject: User management --- src/api/routes/admin/userDemote.js | 6 +++--- src/api/routes/admin/userDisable.js | 27 +++++++++++++++++++++++++++ src/api/routes/admin/userEnable.js | 27 +++++++++++++++++++++++++++ src/api/routes/admin/userPromote.js | 4 ++-- 4 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 src/api/routes/admin/userDisable.js create mode 100644 src/api/routes/admin/userEnable.js (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js index e9c37a0..fa288fc 100644 --- a/src/api/routes/admin/userDemote.js +++ b/src/api/routes/admin/userDemote.js @@ -2,13 +2,13 @@ const Route = require('../../structures/Route'); class userDemote extends Route { constructor() { - super('/admin/users/demote', 'get', { adminOnly: true }); + super('/admin/users/demote', 'post', { adminOnly: true }); } async run(req, res, db) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; - if (!id) return res.status(400).json({ message: 'No name provided' }); + if (!id) return res.status(400).json({ message: 'No id provided' }); try { await db.table('users') @@ -19,7 +19,7 @@ class userDemote extends Route { } return res.json({ - message: 'Successfully promoted user' + message: 'Successfully demoted user' }); } } diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js new file mode 100644 index 0000000..c7dffa8 --- /dev/null +++ b/src/api/routes/admin/userDisable.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); + +class userDisable extends Route { + constructor() { + super('/admin/users/disable', 'post', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { id } = req.body; + if (!id) return res.status(400).json({ message: 'No id provided' }); + + try { + await db.table('users') + .where({ id }) + .update({ enabled: false }); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully disabled user' + }); + } +} + +module.exports = userDisable; diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js new file mode 100644 index 0000000..7e5743d --- /dev/null +++ b/src/api/routes/admin/userEnable.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); + +class userEnable extends Route { + constructor() { + super('/admin/users/enable', 'post', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { id } = req.body; + if (!id) return res.status(400).json({ message: 'No id provided' }); + + try { + await db.table('users') + .where({ id }) + .update({ enabled: true }); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully enabled user' + }); + } +} + +module.exports = userEnable; diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js index caae176..4062dfa 100644 --- a/src/api/routes/admin/userPromote.js +++ b/src/api/routes/admin/userPromote.js @@ -2,13 +2,13 @@ const Route = require('../../structures/Route'); class userPromote extends Route { constructor() { - super('/admin/users/promote', 'get', { adminOnly: true }); + super('/admin/users/promote', 'post', { adminOnly: true }); } async run(req, res, db) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; - if (!id) return res.status(400).json({ message: 'No name provided' }); + if (!id) return res.status(400).json({ message: 'No id provided' }); try { await db.table('users') -- cgit v1.2.3 From 9f5a3d15f55fea03052627f3bd4d97a4284cdf7c Mon Sep 17 00:00:00 2001 From: Pitu Date: Thu, 28 Feb 2019 23:51:59 +0900 Subject: Purge user's files --- src/api/routes/admin/userPurge.js | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 src/api/routes/admin/userPurge.js (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userPurge.js b/src/api/routes/admin/userPurge.js new file mode 100644 index 0000000..90f6ec9 --- /dev/null +++ b/src/api/routes/admin/userPurge.js @@ -0,0 +1,26 @@ +const Route = require('../../structures/Route'); +const Util = require('../../utils/Util'); + +class userDemote extends Route { + constructor() { + super('/admin/users/purge', 'post', { adminOnly: true }); + } + + async run(req, res) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { id } = req.body; + if (!id) return res.status(400).json({ message: 'No id provided' }); + + try { + await Util.deleteAllFilesFromUser(id); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully deleted the user\'s files' + }); + } +} + +module.exports = userDemote; -- cgit v1.2.3 From 197e69f2f2194df4ad23bb913c9efd39e1501b96 Mon Sep 17 00:00:00 2001 From: Pitu Date: Tue, 12 Mar 2019 05:48:01 +0000 Subject: Prevent snowflakes from demoting/disabling themselves --- src/api/routes/admin/userDemote.js | 3 ++- src/api/routes/admin/userDisable.js | 1 + src/api/routes/admin/userEnable.js | 1 + src/api/routes/admin/userPromote.js | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js index fa288fc..b430a48 100644 --- a/src/api/routes/admin/userDemote.js +++ b/src/api/routes/admin/userDemote.js @@ -5,10 +5,11 @@ class userDemote extends Route { super('/admin/users/demote', 'post', { adminOnly: true }); } - async run(req, res, db) { + async run(req, res, db, user) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); + if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' }); try { await db.table('users') diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js index c7dffa8..65bcf4e 100644 --- a/src/api/routes/admin/userDisable.js +++ b/src/api/routes/admin/userDisable.js @@ -9,6 +9,7 @@ class userDisable extends Route { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); + if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' }); try { await db.table('users') diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js index 7e5743d..bdba7a6 100644 --- a/src/api/routes/admin/userEnable.js +++ b/src/api/routes/admin/userEnable.js @@ -9,6 +9,7 @@ class userEnable extends Route { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); + if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' }); try { await db.table('users') diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js index 4062dfa..6534d16 100644 --- a/src/api/routes/admin/userPromote.js +++ b/src/api/routes/admin/userPromote.js @@ -9,6 +9,7 @@ class userPromote extends Route { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); + if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' }); try { await db.table('users') -- cgit v1.2.3 From 79eb00f71cc18dbb195a29bd79871d35176f33d1 Mon Sep 17 00:00:00 2001 From: Pitu Date: Thu, 14 Mar 2019 23:14:24 +0900 Subject: Small fixes --- src/api/routes/admin/userDisable.js | 2 +- src/api/routes/admin/userEnable.js | 2 +- src/api/routes/admin/userPromote.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js index 65bcf4e..e39c811 100644 --- a/src/api/routes/admin/userDisable.js +++ b/src/api/routes/admin/userDisable.js @@ -5,7 +5,7 @@ class userDisable extends Route { super('/admin/users/disable', 'post', { adminOnly: true }); } - async run(req, res, db) { + async run(req, res, db, user) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js index bdba7a6..cff622f 100644 --- a/src/api/routes/admin/userEnable.js +++ b/src/api/routes/admin/userEnable.js @@ -5,7 +5,7 @@ class userEnable extends Route { super('/admin/users/enable', 'post', { adminOnly: true }); } - async run(req, res, db) { + async run(req, res, db, user) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js index 6534d16..4a5ed88 100644 --- a/src/api/routes/admin/userPromote.js +++ b/src/api/routes/admin/userPromote.js @@ -5,7 +5,7 @@ class userPromote extends Route { super('/admin/users/promote', 'post', { adminOnly: true }); } - async run(req, res, db) { + async run(req, res, db, user) { if (!req.body) return res.status(400).json({ message: 'No body provided' }); const { id } = req.body; if (!id) return res.status(400).json({ message: 'No id provided' }); -- cgit v1.2.3 From cba7bf8586f59a049f79aba586db201ac6f3530b Mon Sep 17 00:00:00 2001 From: Pitu Date: Sun, 13 Oct 2019 02:53:45 +0900 Subject: This commit adds a bunch of features for admins: * banning IP * see files from other users if you are admin * be able to see details of an uploaded file and it's user * improved display of thumbnails for non-image files --- src/api/routes/admin/banIP.js | 25 +++++++++++++++++++++++++ src/api/routes/admin/unBanIP.js | 27 +++++++++++++++++++++++++++ src/api/routes/admin/userGET.js | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 src/api/routes/admin/banIP.js create mode 100644 src/api/routes/admin/unBanIP.js create mode 100644 src/api/routes/admin/userGET.js (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/banIP.js b/src/api/routes/admin/banIP.js new file mode 100644 index 0000000..692880d --- /dev/null +++ b/src/api/routes/admin/banIP.js @@ -0,0 +1,25 @@ +const Route = require('../../structures/Route'); + +class banIP extends Route { + constructor() { + super('/admin/ban/ip', 'post', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { ip } = req.body; + if (!ip) return res.status(400).json({ message: 'No ip provided' }); + + try { + await db.table('bans').insert({ ip }); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully banned the ip' + }); + } +} + +module.exports = banIP; diff --git a/src/api/routes/admin/unBanIP.js b/src/api/routes/admin/unBanIP.js new file mode 100644 index 0000000..493834b --- /dev/null +++ b/src/api/routes/admin/unBanIP.js @@ -0,0 +1,27 @@ +const Route = require('../../structures/Route'); + +class unBanIP extends Route { + constructor() { + super('/admin/unban/ip', 'post', { adminOnly: true }); + } + + async run(req, res, db) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { ip } = req.body; + if (!ip) return res.status(400).json({ message: 'No ip provided' }); + + try { + await db.table('bans') + .where({ ip }) + .delete(); + } catch (error) { + return super.error(res, error); + } + + return res.json({ + message: 'Successfully unbanned the ip' + }); + } +} + +module.exports = unBanIP; diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js new file mode 100644 index 0000000..895a565 --- /dev/null +++ b/src/api/routes/admin/userGET.js @@ -0,0 +1,32 @@ +const Route = require('../../structures/Route'); +const Util = require('../../utils/Util'); + +class usersGET extends Route { + constructor() { + super('/admin/users/:id', 'get', { adminOnly: true }); + } + + async run(req, res, db) { + const { id } = req.params; + if (!id) return res.status(400).json({ message: 'Invalid user ID supplied' }); + + try { + const user = await db.table('users').where({ id }).first(); + const files = await db.table('files').where({ userId: user.id }); + + for (let file of files) { + file = Util.constructFilePublicLink(file); + } + + return res.json({ + message: 'Successfully retrieved user', + user, + files + }); + } catch (error) { + return super.error(res, error); + } + } +} + +module.exports = usersGET; -- cgit v1.2.3 From 6da29eb7c1f9f39ca924330dc42400cdf0af16e1 Mon Sep 17 00:00:00 2001 From: Pitu Date: Sun, 10 May 2020 20:00:52 +0900 Subject: Sort files by newest --- src/api/routes/admin/userGET.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js index 895a565..14a6c92 100644 --- a/src/api/routes/admin/userGET.js +++ b/src/api/routes/admin/userGET.js @@ -12,7 +12,9 @@ class usersGET extends Route { try { const user = await db.table('users').where({ id }).first(); - const files = await db.table('files').where({ userId: user.id }); + const files = await db.table('files') + .where({ userId: user.id }) + .orderBy('id', 'desc'); for (let file of files) { file = Util.constructFilePublicLink(file); -- cgit v1.2.3 From b886fda0793b8a26de58cd462acf6676a0a8e7ed Mon Sep 17 00:00:00 2001 From: Pitu Date: Mon, 11 May 2020 00:19:10 +0900 Subject: chore: cleanup and todo --- src/api/routes/admin/fileGET.js | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 src/api/routes/admin/fileGET.js (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/fileGET.js b/src/api/routes/admin/fileGET.js new file mode 100644 index 0000000..3bb8da4 --- /dev/null +++ b/src/api/routes/admin/fileGET.js @@ -0,0 +1,29 @@ +const Route = require('../../structures/Route'); +const Util = require('../../utils/Util'); + +class filesGET extends Route { + constructor() { + super('/file/:id', 'get', { adminOnly: true }); + } + + async run(req, res, db) { + const { id } = req.params; + if (!id) return res.status(400).json({ message: 'Invalid file ID supplied' }); + + let file = await db.table('files').where({ id }).first(); + const user = await db.table('users').where({ id: file.userId }).first(); + file = Util.constructFilePublicLink(file); + + // Additional relevant data + const filesFromUser = await db.table('files').where({ userId: user.id }).select('id'); + user.fileCount = filesFromUser.length; + + return res.json({ + message: 'Successfully retrieved file', + file, + user + }); + } +} + +module.exports = filesGET; -- cgit v1.2.3 From ad852de51a0d2dd5d29c08838d5a430c58849e74 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Wed, 8 Jul 2020 04:00:12 +0300 Subject: chore: linter the entire project using the new rules --- src/api/routes/admin/banIP.js | 2 +- src/api/routes/admin/fileGET.js | 2 +- src/api/routes/admin/unBanIP.js | 2 +- src/api/routes/admin/userDemote.js | 2 +- src/api/routes/admin/userDisable.js | 2 +- src/api/routes/admin/userEnable.js | 2 +- src/api/routes/admin/userGET.js | 2 +- src/api/routes/admin/userPromote.js | 2 +- src/api/routes/admin/userPurge.js | 2 +- src/api/routes/admin/usersGET.js | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/banIP.js b/src/api/routes/admin/banIP.js index 692880d..4dfe03c 100644 --- a/src/api/routes/admin/banIP.js +++ b/src/api/routes/admin/banIP.js @@ -17,7 +17,7 @@ class banIP extends Route { } return res.json({ - message: 'Successfully banned the ip' + message: 'Successfully banned the ip', }); } } diff --git a/src/api/routes/admin/fileGET.js b/src/api/routes/admin/fileGET.js index 3bb8da4..0d1b147 100644 --- a/src/api/routes/admin/fileGET.js +++ b/src/api/routes/admin/fileGET.js @@ -21,7 +21,7 @@ class filesGET extends Route { return res.json({ message: 'Successfully retrieved file', file, - user + user, }); } } diff --git a/src/api/routes/admin/unBanIP.js b/src/api/routes/admin/unBanIP.js index 493834b..725468c 100644 --- a/src/api/routes/admin/unBanIP.js +++ b/src/api/routes/admin/unBanIP.js @@ -19,7 +19,7 @@ class unBanIP extends Route { } return res.json({ - message: 'Successfully unbanned the ip' + message: 'Successfully unbanned the ip', }); } } diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js index b430a48..3f6623d 100644 --- a/src/api/routes/admin/userDemote.js +++ b/src/api/routes/admin/userDemote.js @@ -20,7 +20,7 @@ class userDemote extends Route { } return res.json({ - message: 'Successfully demoted user' + message: 'Successfully demoted user', }); } } diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js index e39c811..029e4af 100644 --- a/src/api/routes/admin/userDisable.js +++ b/src/api/routes/admin/userDisable.js @@ -20,7 +20,7 @@ class userDisable extends Route { } return res.json({ - message: 'Successfully disabled user' + message: 'Successfully disabled user', }); } } diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js index cff622f..aca7a0b 100644 --- a/src/api/routes/admin/userEnable.js +++ b/src/api/routes/admin/userEnable.js @@ -20,7 +20,7 @@ class userEnable extends Route { } return res.json({ - message: 'Successfully enabled user' + message: 'Successfully enabled user', }); } } diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js index 14a6c92..30c79f4 100644 --- a/src/api/routes/admin/userGET.js +++ b/src/api/routes/admin/userGET.js @@ -23,7 +23,7 @@ class usersGET extends Route { return res.json({ message: 'Successfully retrieved user', user, - files + files, }); } catch (error) { return super.error(res, error); diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js index 4a5ed88..3e14cb7 100644 --- a/src/api/routes/admin/userPromote.js +++ b/src/api/routes/admin/userPromote.js @@ -20,7 +20,7 @@ class userPromote extends Route { } return res.json({ - message: 'Successfully promoted user' + message: 'Successfully promoted user', }); } } diff --git a/src/api/routes/admin/userPurge.js b/src/api/routes/admin/userPurge.js index 90f6ec9..8f61ff9 100644 --- a/src/api/routes/admin/userPurge.js +++ b/src/api/routes/admin/userPurge.js @@ -18,7 +18,7 @@ class userDemote extends Route { } return res.json({ - message: 'Successfully deleted the user\'s files' + message: 'Successfully deleted the user\'s files', }); } } diff --git a/src/api/routes/admin/usersGET.js b/src/api/routes/admin/usersGET.js index 52a707f..4e9b954 100644 --- a/src/api/routes/admin/usersGET.js +++ b/src/api/routes/admin/usersGET.js @@ -12,7 +12,7 @@ class usersGET extends Route { return res.json({ message: 'Successfully retrieved users', - users + users, }); } catch (error) { return super.error(res, error); -- cgit v1.2.3 From 746a4546122be2ed79ad5858de6ce2c686f78ef0 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Thu, 9 Jul 2020 02:22:08 +0300 Subject: fix: stop leaking user's password and their apikey to admins --- src/api/routes/admin/userGET.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js index 30c79f4..2fb80d1 100644 --- a/src/api/routes/admin/userGET.js +++ b/src/api/routes/admin/userGET.js @@ -11,7 +11,10 @@ class usersGET extends Route { if (!id) return res.status(400).json({ message: 'Invalid user ID supplied' }); try { - const user = await db.table('users').where({ id }).first(); + const user = await db.table('users') + .select('id, username, enabled, createdAt, editeadAt, apiKeyEditedAt, isAdmin') + .where({ id }) + .first(); const files = await db.table('files') .where({ userId: user.id }) .orderBy('id', 'desc'); -- cgit v1.2.3 From 7e78a03931173437cd4aec5454663ee3cc3aee23 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Fri, 10 Jul 2020 01:13:23 +0300 Subject: fix: stop leaking user passwords to admins AGAIN --- src/api/routes/admin/fileGET.js | 5 ++++- src/api/routes/admin/userGET.js | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/fileGET.js b/src/api/routes/admin/fileGET.js index 0d1b147..239b128 100644 --- a/src/api/routes/admin/fileGET.js +++ b/src/api/routes/admin/fileGET.js @@ -11,7 +11,10 @@ class filesGET extends Route { if (!id) return res.status(400).json({ message: 'Invalid file ID supplied' }); let file = await db.table('files').where({ id }).first(); - const user = await db.table('users').where({ id: file.userId }).first(); + const user = await db.table('users') + .select('id', 'username', 'enabled', 'createdAt', 'editedAt', 'apiKeyEditedAt', 'isAdmin') + .where({ id: file.userId }) + .first(); file = Util.constructFilePublicLink(file); // Additional relevant data diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js index 2fb80d1..f5f2508 100644 --- a/src/api/routes/admin/userGET.js +++ b/src/api/routes/admin/userGET.js @@ -12,7 +12,7 @@ class usersGET extends Route { try { const user = await db.table('users') - .select('id, username, enabled, createdAt, editeadAt, apiKeyEditedAt, isAdmin') + .select('id', 'username', 'enabled', 'createdAt', 'editedAt', 'apiKeyEditedAt', 'isAdmin') .where({ id }) .first(); const files = await db.table('files') -- cgit v1.2.3 From c93ddb09008c45942544b13bbb03319c367f9cd8 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Sun, 19 Jul 2020 22:27:11 +0300 Subject: feat: Start working on a new album/tags/image info modal --- src/api/routes/admin/fileGET.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/fileGET.js b/src/api/routes/admin/fileGET.js index 239b128..7e40659 100644 --- a/src/api/routes/admin/fileGET.js +++ b/src/api/routes/admin/fileGET.js @@ -3,7 +3,7 @@ const Util = require('../../utils/Util'); class filesGET extends Route { constructor() { - super('/file/:id', 'get', { adminOnly: true }); + super('/admin/file/:id', 'get', { adminOnly: true }); } async run(req, res, db) { -- cgit v1.2.3 From 90001c2df56d58e69fd199a518ae7f3e4ed327fc Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Thu, 24 Dec 2020 10:40:50 +0200 Subject: chore: remove trailing commas --- src/api/routes/admin/banIP.js | 2 +- src/api/routes/admin/fileGET.js | 2 +- src/api/routes/admin/unBanIP.js | 2 +- src/api/routes/admin/userDemote.js | 2 +- src/api/routes/admin/userDisable.js | 2 +- src/api/routes/admin/userEnable.js | 2 +- src/api/routes/admin/userGET.js | 2 +- src/api/routes/admin/userPromote.js | 2 +- src/api/routes/admin/userPurge.js | 2 +- src/api/routes/admin/usersGET.js | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src/api/routes/admin') diff --git a/src/api/routes/admin/banIP.js b/src/api/routes/admin/banIP.js index 4dfe03c..692880d 100644 --- a/src/api/routes/admin/banIP.js +++ b/src/api/routes/admin/banIP.js @@ -17,7 +17,7 @@ class banIP extends Route { } return res.json({ - message: 'Successfully banned the ip', + message: 'Successfully banned the ip' }); } } diff --git a/src/api/routes/admin/fileGET.js b/src/api/routes/admin/fileGET.js index 7e40659..9605da4 100644 --- a/src/api/routes/admin/fileGET.js +++ b/src/api/routes/admin/fileGET.js @@ -24,7 +24,7 @@ class filesGET extends Route { return res.json({ message: 'Successfully retrieved file', file, - user, + user }); } } diff --git a/src/api/routes/admin/unBanIP.js b/src/api/routes/admin/unBanIP.js index 725468c..493834b 100644 --- a/src/api/routes/admin/unBanIP.js +++ b/src/api/routes/admin/unBanIP.js @@ -19,7 +19,7 @@ class unBanIP extends Route { } return res.json({ - message: 'Successfully unbanned the ip', + message: 'Successfully unbanned the ip' }); } } diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js index 3f6623d..b430a48 100644 --- a/src/api/routes/admin/userDemote.js +++ b/src/api/routes/admin/userDemote.js @@ -20,7 +20,7 @@ class userDemote extends Route { } return res.json({ - message: 'Successfully demoted user', + message: 'Successfully demoted user' }); } } diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js index 029e4af..e39c811 100644 --- a/src/api/routes/admin/userDisable.js +++ b/src/api/routes/admin/userDisable.js @@ -20,7 +20,7 @@ class userDisable extends Route { } return res.json({ - message: 'Successfully disabled user', + message: 'Successfully disabled user' }); } } diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js index aca7a0b..cff622f 100644 --- a/src/api/routes/admin/userEnable.js +++ b/src/api/routes/admin/userEnable.js @@ -20,7 +20,7 @@ class userEnable extends Route { } return res.json({ - message: 'Successfully enabled user', + message: 'Successfully enabled user' }); } } diff --git a/src/api/routes/admin/userGET.js b/src/api/routes/admin/userGET.js index f5f2508..48c6e9b 100644 --- a/src/api/routes/admin/userGET.js +++ b/src/api/routes/admin/userGET.js @@ -26,7 +26,7 @@ class usersGET extends Route { return res.json({ message: 'Successfully retrieved user', user, - files, + files }); } catch (error) { return super.error(res, error); diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js index 3e14cb7..4a5ed88 100644 --- a/src/api/routes/admin/userPromote.js +++ b/src/api/routes/admin/userPromote.js @@ -20,7 +20,7 @@ class userPromote extends Route { } return res.json({ - message: 'Successfully promoted user', + message: 'Successfully promoted user' }); } } diff --git a/src/api/routes/admin/userPurge.js b/src/api/routes/admin/userPurge.js index 8f61ff9..90f6ec9 100644 --- a/src/api/routes/admin/userPurge.js +++ b/src/api/routes/admin/userPurge.js @@ -18,7 +18,7 @@ class userDemote extends Route { } return res.json({ - message: 'Successfully deleted the user\'s files', + message: 'Successfully deleted the user\'s files' }); } } diff --git a/src/api/routes/admin/usersGET.js b/src/api/routes/admin/usersGET.js index 4e9b954..52a707f 100644 --- a/src/api/routes/admin/usersGET.js +++ b/src/api/routes/admin/usersGET.js @@ -12,7 +12,7 @@ class usersGET extends Route { return res.json({ message: 'Successfully retrieved users', - users, + users }); } catch (error) { return super.error(res, error); -- cgit v1.2.3