From 7de73c95654e93512c76289dcd152812b3c8a0e0 Mon Sep 17 00:00:00 2001 From: Dessa Simpson Date: Mon, 14 Sep 2020 23:01:11 -0700 Subject: [PATCH] Block banned users from adding requests or voting Also, some minor refactoring. --- src/app.ts | 12 ++++++++++++ src/queries.ts | 11 ++++++++--- src/requests.ts | 2 +- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/app.ts b/src/app.ts index edc6e2a..3542f94 100644 --- a/src/app.ts +++ b/src/app.ts @@ -71,6 +71,12 @@ app.post("/api/addRequest", async (request, response) => { response.send("Must be logged in"); return; } + var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0); + if (banned) { + response.status(401); + response.send("You are banned; you may not add new requests."); + return; + } if (!request.body.url) { response.status(400); response.send("Missing url"); @@ -186,6 +192,12 @@ app.post("/api/addVote", async (request,response) => { response.send("Must be logged in"); return; } + var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0); + if (banned) { + response.status(401); + response.send("You are banned; you may not vote on requests."); + return; + } if (!request.body.url) { response.status(400); response.send("Missing url"); diff --git a/src/queries.ts b/src/queries.ts index 4f778c9..d30ef02 100644 --- a/src/queries.ts +++ b/src/queries.ts @@ -5,6 +5,11 @@ export const updateUser = { ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3" } +export const checkBan = { + name: "checkBan", + text: "SELECT userid FROM bans WHERE userid = $1" +} + export const insertBan = { name: "insertBan", text: "INSERT INTO bans (userid) VALUES ($1)" @@ -55,7 +60,7 @@ export const getAllRequestsVoted = { export const checkRequestExists = { name: "checkRequestExists", - text: "SELECT * FROM requests WHERE url = $1" + text: "SELECT url FROM requests WHERE url = $1" } export const addRequest = { @@ -65,7 +70,7 @@ export const addRequest = { export const checkValidState = { name: "checkValidState", - text: "SELECT * FROM states WHERE state = $1" + text: "SELECT state FROM states WHERE state = $1" } export const updateRequestState = { @@ -85,5 +90,5 @@ export const deleteRequest = { export const checkVoteExists = { name: "checkVoteExists", - text: "SELECT * FROM votes WHERE requesturl = $1 AND userid = $2" + text: "SELECT userid FROM votes WHERE requesturl = $1 AND userid = $2" } diff --git a/src/requests.ts b/src/requests.ts index bb5d834..e04ba64 100644 --- a/src/requests.ts +++ b/src/requests.ts @@ -52,7 +52,7 @@ export async function addRequest(url: string, requester: string): Promise<[numbe export async function updateRequestState(url: string, state: string): Promise<[number,string]> { var query = Object.assign(queries.checkValidState, { values: [state] }); var result = await db.query(query); - if (result.rowCount < 1) { + if (result.rowCount == 0) { return [400,"Invalid state"] }