Block banned users from adding requests or voting

Also, some minor refactoring.
2020-09-14 23:01:11 -07:00 · 2020-09-14 23:01:11 -07:00 · 7de73c9565
parent ccfcc57540
commit 7de73c9565
3 changed files with 21 additions and 4 deletions
--- a/src/app.ts
+++ b/src/app.ts
@ -71,6 +71,12 @@ app.post("/api/addRequest", async (request, response) => {
 		response.send("Must be logged in");
 		return;
 	}
+	var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
+	if (banned) {
+		response.status(401);
+		response.send("You are banned; you may not add new requests.");
+		return;
+	}
 	if (!request.body.url) {
 		response.status(400);
 		response.send("Missing url");
@ -186,6 +192,12 @@ app.post("/api/addVote", async (request,response) => {
 		response.send("Must be logged in");
 		return;
 	}
+	var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
+	if (banned) {
+		response.status(401);
+		response.send("You are banned; you may not vote on requests.");
+		return;
+	}
 	if (!request.body.url) {
 		response.status(400);
 		response.send("Missing url");
--- a/src/queries.ts
+++ b/src/queries.ts
@ -5,6 +5,11 @@ export const updateUser = {
 	ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
 }

+export const checkBan = {
+	name: "checkBan",
+	text: "SELECT userid FROM bans WHERE userid = $1"
+}
+
 export const insertBan = {
 	name: "insertBan",
 	text: "INSERT INTO bans (userid) VALUES ($1)"
@ -55,7 +60,7 @@ export const getAllRequestsVoted = {

 export const checkRequestExists = {
 	name: "checkRequestExists",
- 	text: "SELECT * FROM requests WHERE url = $1"
+ 	text: "SELECT url FROM requests WHERE url = $1"
 }

 export const addRequest = {
@ -65,7 +70,7 @@ export const addRequest = {

 export const checkValidState = {
 	name: "checkValidState",
-	text: "SELECT * FROM states WHERE state = $1"
+	text: "SELECT state FROM states WHERE state = $1"
 }

 export const updateRequestState = {
@ -85,5 +90,5 @@ export const deleteRequest = {

 export const checkVoteExists = {
 	name: "checkVoteExists",
- 	text: "SELECT * FROM votes WHERE requesturl = $1 AND userid = $2"
+ 	text: "SELECT userid FROM votes WHERE requesturl = $1 AND userid = $2"
 }
--- a/src/requests.ts
+++ b/src/requests.ts
@ -52,7 +52,7 @@ export async function addRequest(url: string, requester: string): Promise<[numbe
 export async function updateRequestState(url: string, state: string): Promise<[number,string]> {
 	var query = Object.assign(queries.checkValidState, { values: [state] });
 	var result = await db.query(query);
-	if (result.rowCount < 1) {
+	if (result.rowCount == 0) {
 		return [400,"Invalid state"]
 	}