Block banned users from adding requests or voting
Also, some minor refactoring.master
parent
ccfcc57540
commit
7de73c9565
12
src/app.ts
12
src/app.ts
|
@ -71,6 +71,12 @@ app.post("/api/addRequest", async (request, response) => {
|
||||||
response.send("Must be logged in");
|
response.send("Must be logged in");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
|
||||||
|
if (banned) {
|
||||||
|
response.status(401);
|
||||||
|
response.send("You are banned; you may not add new requests.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (!request.body.url) {
|
if (!request.body.url) {
|
||||||
response.status(400);
|
response.status(400);
|
||||||
response.send("Missing url");
|
response.send("Missing url");
|
||||||
|
@ -186,6 +192,12 @@ app.post("/api/addVote", async (request,response) => {
|
||||||
response.send("Must be logged in");
|
response.send("Must be logged in");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
var banned = await db.query(queries.checkBan).then((result: pg.QueryResult) => result.rowCount > 0);
|
||||||
|
if (banned) {
|
||||||
|
response.status(401);
|
||||||
|
response.send("You are banned; you may not vote on requests.");
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (!request.body.url) {
|
if (!request.body.url) {
|
||||||
response.status(400);
|
response.status(400);
|
||||||
response.send("Missing url");
|
response.send("Missing url");
|
||||||
|
|
|
@ -5,6 +5,11 @@ export const updateUser = {
|
||||||
ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
|
ON CONFLICT (userid) DO UPDATE SET displayName = $2, imageUrl = $3"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export const checkBan = {
|
||||||
|
name: "checkBan",
|
||||||
|
text: "SELECT userid FROM bans WHERE userid = $1"
|
||||||
|
}
|
||||||
|
|
||||||
export const insertBan = {
|
export const insertBan = {
|
||||||
name: "insertBan",
|
name: "insertBan",
|
||||||
text: "INSERT INTO bans (userid) VALUES ($1)"
|
text: "INSERT INTO bans (userid) VALUES ($1)"
|
||||||
|
@ -55,7 +60,7 @@ export const getAllRequestsVoted = {
|
||||||
|
|
||||||
export const checkRequestExists = {
|
export const checkRequestExists = {
|
||||||
name: "checkRequestExists",
|
name: "checkRequestExists",
|
||||||
text: "SELECT * FROM requests WHERE url = $1"
|
text: "SELECT url FROM requests WHERE url = $1"
|
||||||
}
|
}
|
||||||
|
|
||||||
export const addRequest = {
|
export const addRequest = {
|
||||||
|
@ -65,7 +70,7 @@ export const addRequest = {
|
||||||
|
|
||||||
export const checkValidState = {
|
export const checkValidState = {
|
||||||
name: "checkValidState",
|
name: "checkValidState",
|
||||||
text: "SELECT * FROM states WHERE state = $1"
|
text: "SELECT state FROM states WHERE state = $1"
|
||||||
}
|
}
|
||||||
|
|
||||||
export const updateRequestState = {
|
export const updateRequestState = {
|
||||||
|
@ -85,5 +90,5 @@ export const deleteRequest = {
|
||||||
|
|
||||||
export const checkVoteExists = {
|
export const checkVoteExists = {
|
||||||
name: "checkVoteExists",
|
name: "checkVoteExists",
|
||||||
text: "SELECT * FROM votes WHERE requesturl = $1 AND userid = $2"
|
text: "SELECT userid FROM votes WHERE requesturl = $1 AND userid = $2"
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,7 +52,7 @@ export async function addRequest(url: string, requester: string): Promise<[numbe
|
||||||
export async function updateRequestState(url: string, state: string): Promise<[number,string]> {
|
export async function updateRequestState(url: string, state: string): Promise<[number,string]> {
|
||||||
var query = Object.assign(queries.checkValidState, { values: [state] });
|
var query = Object.assign(queries.checkValidState, { values: [state] });
|
||||||
var result = await db.query(query);
|
var result = await db.query(query);
|
||||||
if (result.rowCount < 1) {
|
if (result.rowCount == 0) {
|
||||||
return [400,"Invalid state"]
|
return [400,"Invalid state"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue