http fixs, added ip ban to api, and admin panel

2024-11-22 20:10:40 +03:00 · 2022-08-29 21:32:57 +03:00 · 2022-08-29 21:32:57 +03:00 · ab1f062d9d
commit ab1f062d9d
parent e01ef642c3
17 changed files with 144 additions and 93 deletions
--- a/APIDOCS.md
+++ b/APIDOCS.md
@ -16,25 +16,30 @@ But in front end, the API will works with session.
 ## How to request?
 ### Request types:
 - GET `/api/bans/` fetch all bans.
 - GET `/api/bans/:id` fetch a ban.
 - POST `/api/bans/:id?reason=flood` for ban an IP adress.
 - DELETE `/api/bans/:id` for unban an IP adress.
 - GET `/api/users/:id` for fetch user.
- POST `/api/users/:id/delete` for delete user.
+- DELETE `/api/users/:id/` for delete user.
 - POST `/api/users/:id/undelete` for undelete user.
 - POST `/api/users/:id/admin` for give admin permissions for a user.
- POST `/api/users/:id/edit` for edit user.
+- PATCH `/api/users/:id/` for edit user.
 - GET `/api/threads/:id` for fetch thread.
 - GET `/api/threads/:id/messages/` for fetch messages in thread.
 - POST `/api/threads` for create thread.
- POST `/api/threads/:id/delete` for delete thread.
+- DELETE `/api/threads/:id/` for delete thread.
 - POST `/api/threads/:id/undelete` for undelete thread.
- POST `/api/threads/:id/edit` for edit thread.
+- PATCH `/api/threads/:id/` for edit thread.
 - GET `/api/messages/:id` for fetch message.
 - POST `/api/messages` for create message.
- POST `/api/messages/:id/delete` for delete message.
+- DELETE `/api/messages/:id/` for delete message.
 - POST `/api/messages/:id/undelete` for undelete message.
 - POST `/api/messages/:id/react/:type` for react to a message.
- POST `/api/messages/:id/edit` for edit message.
+- PATCH `/api/messages/:id/` for edit message.
 ### Example request:
 GET ```/api/messages/0```
--- a/README.md
+++ b/README.md
@ -37,6 +37,7 @@ Akf-forum has got an API for AJAX, other clients etc. And, you can learn about A
 - API, ?fast=
 - extra ratelimits
 - better edits
 - IP BAN CLI IN ADMIN PANEL
 ### Frontend
 #### User
--- a/index.js
+++ b/index.js
@ -34,8 +34,6 @@ app.use(session({ secret: 'secret', resave: true, saveUninitialized: true }),
    }
 );
 for (const file of fs.readdirSync("./routes"))
    app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
--- a/models/Ban.js
+++ b/models/Ban.js
@ -1,7 +1,9 @@
 const mongoose = require("mongoose")
 const schema = new mongoose.Schema({
-    ip: { type: String, unique: true }
+    ip: { type: String, unique: true },
    reason: { type: String, default: "No reason given" },
    authorID: { type: String }
 });
 module.exports = mongoose.model('ban', schema);
--- a/public/js/thread.js
+++ b/public/js/thread.js
@ -2,24 +2,30 @@ import request from "./request.js";
 window.edit_t = async function (id) {
    const title = prompt("Enter new title!");
-    const res = await request(`/api/threads/${id}/edit`, "POST", { title });
+    const res = await request(`/api/threads/${id}/edit`, "PATCH", { title });
    if (res.error) return;
    alert(`Thread updated`);
    document.getElementById("title").innerHTML = title;
 }
-
+window.delete_thread = async function (id) {
-
+    const res = await request(`/api/threads/${id}/`, "DELETE");
 window.thread = async function (id, un = "") {
    const res = await request(`/api/threads/${id}/${un}delete`);
    if (res.error) return;
-    alert(`Thread ${un}deleted`);
+    alert(`Thread deleted`);
    location.reload();
 }
 window.undelete_thread = async function (id) {
    const res = await request(`/api/threads/${id}/undelete`);
    if (res.error) return;
    alert(`Thread undeleted`);
    location.reload();
 }
 window.edit_message = async function (id) {
    const content = prompt("Enter new content!");
-    const res = await request(`/api/messages/${id}/edit`, "POST", { content });
+    const res = await request(`/api/messages/${id}/`, "PATCH", { content });
    if (res.error) return;
    alert(`Message updated`);
@ -36,7 +42,7 @@ window.undelete_message = async function (id) {
 }
 window.delete_message = async function (id) {
-    const response = await request(`/api/messages/${id}/delete`);
+    const response = await request(`/api/messages/${id}/`,"DELETE");
    if (response.deleted) {
        alert("Message deleted");
        document.getElementById("dots-" + id).innerHTML = `
--- a/routes/admin.js
+++ b/routes/admin.js
@ -1,9 +1,9 @@
 const { Router } = require("express")
-
+const { BanModel } = require("../models");
 const app = Router();
 app.get("/", async (req, res) => {
    if (!req.user?.admin) return res.error(403, "You have not got permissions for view to this page.");
-    res.reply("admin")
+    res.reply("admin",{bans: await BanModel.find({})});
 });
 module.exports = app;
--- a/routes/api/index.js
+++ b/routes/api/index.js
@ -1,5 +1,6 @@
 const { Router, request, response } = require("express")
 const app = Router();
 const fs =require("fs")
 const bcrypt = require("bcrypt");
 const { SecretModel, UserModel } = require("../../models")
@ -32,11 +33,9 @@ app.use(async (req, res, next) => {
    next();
 });
-/* will add for loop */
+for (const file of fs.readdirSync("./routes/api/routes")) 
-app.use("/messages", require("./routes/messages"))
+    app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
-app.use("/users", require("./routes/users"))
+    
 app.use("/threads", require("./routes/threads"))
 app.all("*", (req, res) => res.error(400, "Bad request"));
 module.exports = app;
--- a/routes/api/routes/bans.js
+++ b/routes/api/routes/bans.js
@ -0,0 +1,35 @@
 const { BanModel } = require("../../../models");
 const { Router } = require("express")
 const app = Router();
 app.use((req, res, next) => {
    if (!req.user || !req.user.admin) return res.error(403, "You have not got permission for this.");
    next();
 });
 app.get("/", async (req, res) => {
    const bans = await BanModel.find({});
    res.complate(bans);
 });
 app.get("/:ip", async (req, res) => {
    const ban = await BanModel.findOne({ ip: req.params.ip });
    if (!ban) return res.error(400, "This ip is not banned.");
    res.complate(ban);
 });
 app.post("/:ip", async (req, res) => {
    if (await BanModel.exists({ ip: req.params.ip })) return res.error(400, "This ip is already banned.");
    res.complate(await BanModel.create({ ip: req.params.ip, reason: req.query.reason || "No reason given", authorID: req.user.id }));
 });
 app.delete("/:ip/", async (req, res) => {
    if (!await BanModel.exists({ ip: req.params.ip })) return res.error(400, "This ip is already not banned.");
    res.complate(await BanModel.deleteOne({ ip: req.params.ip }));
 });
 module.exports = app;
--- a/routes/api/routes/messages.js
+++ b/routes/api/routes/messages.js
@ -15,7 +15,7 @@ app.get("/:id", async (req, res) => {
    res.complate(message.toObject({ virtuals: true }));
 })
-app.post("/:id/edit", async (req, res) => {
+app.patch("/:id/", async (req, res) => {
    const message = await MessageModel.get(req.params.id);
@ -88,7 +88,7 @@ app.post("/:id/react/:type", async (req, res) => {
 });
-app.post("/:id/delete", async (req, res) => {
+app.delete("/:id/", async (req, res) => {
    const message = await MessageModel.get(req.params.id);
    if (!message || (message.deleted && req.user && !req.user.admin))
        return res.error(404, `We don't have any message with id ${req.params.id}.`);
--- a/routes/api/routes/threads.js
+++ b/routes/api/routes/threads.js
@ -53,7 +53,7 @@ app.post("/", async (req, res) => {
    res.complate(thread.toObject({ virtuals: true }));
 });
-app.post("/:id/edit", async (req, res) => {
+app.patch("/:id/", async (req, res) => {
    const thread = await ThreadModel.get(req.params.id);
@ -68,7 +68,7 @@ app.post("/:id/edit", async (req, res) => {
    res.complate(thread.toObject({ virtuals: true }));
 })
-app.post("/:id/delete", async (req, res) => {
+app.delete("/:id/", async (req, res) => {
    const thread = await ThreadModel.get(req.params.id);
    if (!thread || thread.deleted) return res.error(404, `We don't have any thread with id ${req.params.id}.`);
    const user = req.user;
--- a/routes/api/routes/users.js
+++ b/routes/api/routes/users.js
@ -14,7 +14,7 @@ app.get("/:id", async (req, res) => {
 });
-app.post("/:id/delete/", async (req, res) => {
+app.delete("/:id/", async (req, res) => {
    const user = req.user;
    if (!user.admin)
        return res.error(403, "You have not got permission for this.");
@ -46,7 +46,7 @@ app.post("/:id/undelete/", async (req, res) => {
 })
-app.post("/:id/edit", async (req, res) => {
+app.patch("/:id/", async (req, res) => {
    const member = await UserModel.get(req.params.id);
--- a/routes/threads.js
+++ b/routes/threads.js
@ -12,7 +12,7 @@ app.get("/", async (req, res) => {
 });
-app.get("/create*", (req, res) => res.reply("create_thread"));
+app.get("/create/", (req, res) => res.reply("create_thread"));
 app.get("/:id/", async (req, res) => {
--- a/util/admin.js
+++ b/util/admin.js
@ -6,9 +6,7 @@ mongoose.connect(process.env.MONGO_DB_URL, () => console.log("Database is connec
 const { UserModel } = require("../models");
 (async () => {
-  const member= await UserModel.get(0);
+  const member= await UserModel.get("0");
  member.admin = true;
  console.log(await member.save());
-})();
+})();
--- a/util/reset.js
+++ b/util/reset.js
@ -3,14 +3,6 @@ require("dotenv").config();
 mongoose.connect(process.env.MONGO_DB_URL, () => console.log("Database is connected"));
-const { SecretModel, UserModel, MessageModel, ThreadModel } = require("../models");
+const Models = require("../models");
 (async () => {
    await UserModel.deleteMany({});
    await ThreadModel.deleteMany({});
    await MessageModel.deleteMany({});
    await SecretModel.deleteMany({});
    console.log("Success")
 })();
 Object.values(Models).forEach(model => model.deleteMany({}).then(console.log));
--- a/views/admin.ejs
+++ b/views/admin.ejs
@ -6,8 +6,31 @@
 <body style="text-align: center;">
  <%- include("extra/navbar") %>
-<b>SİLME LAN İT BEN SİLECEĞİM</b>
+  <b>SİLME LAN İT BEN SİLECEĞİM</b>
-    <h1 style="color: #4d18e6;">Welcome to the admin panel of the forum, <%= user.name %>!</h1>
+  <h1 style="color: #4d18e6;">Welcome to the admin panel of the forum, <%= user.name %>!</h1>
-    <h2 style="color: #606060;">Write an ID to give someone admin permissions:</h2>
+  <h2 style="color: #606060;">Banned users:</h2>
  <table >
    <tr>
      <th>IP</th>
      <th>Reason</th>
      <th>AuthorID</th>
    </tr>
    <% for (const ban of bans) { %>
      <tr>
        <td><%=ban.ip%></td>
        <td><%=ban.reason%></td>
        <td><%=ban.authorID%></td>
      </tr>
    <% } %>  
  </table>
  <script>
    function ban() {
      var id = document.getElementById("id").value;
      window.location.href = "/ban/give/" + id;
    }
  </script>
 </body> 
 </html>
--- a/views/thread.ejs
+++ b/views/thread.ejs
@ -16,7 +16,7 @@
  <div style="text-align:center;padding:8px">
    <div class="title" id="title"><%= thread.title %></div>
    <div class="date">
-      <%= new Date(thread.time).toLocaleString() %> • Views: <%= thread.views %>
+      <%= new Date(thread.time).toLocaleString() %> • Views: <%= thread.views %> <%= "• "+thread.edited %>
    </div>
  </div>
@ -25,11 +25,11 @@
   <% if (user && !thread.deleted){ %>
-    <a onclick="thread('<%= thread.id %>')" class="btn-outline-primary" >DELETE</a>
+    <a onclick="delete_thread('<%= thread.id %>')" class="btn-outline-primary" >DELETE</a>
    <a onclick="edit_t('<%= thread.id %>')" class="btn-outline-primary" >EDIT</a>
    <% } else if (thread.deleted) { %>
    <h3 style="display:inline;">This thread has been deleted</h3>
-    <a onclick="thread('<%= thread.id %>', 'un')" class="btn-primary" >UNDELETE</a>
+    <a onclick="undelete_thread('<%= thread.id %>')" class="btn-primary" >UNDELETE</a>
    <% }; %>
  </div>
--- a/views/user.ejs
+++ b/views/user.ejs
@ -36,52 +36,51 @@
      <h2 class="box-value"><%= counts.thread %></h2>
    </div>
    <div class="box">
-      <h2 class="box-title">About:</h2><br>
+      <h2 class="box-title">About:</h2>
    </div>
    <p class="box-value">
      <%= member.about %>
    </p>
    <% if (user && (user.id === member.id ||user.admin)) {%>
    <a class="btn-outline-primary"  id="edit_n">Change name of the user!</a>
    <a class="btn-outline-primary"  id="edit_a">Change avatar of the user!</a>
    <% if (user?.admin && !member.deleted) {%>
    <a class="btn-outline-primary" id="edit_name">Change name of the user!</a>
    <a class="btn-outline-primary" id="edit_avatar">Change avatar of the user!</a>
    <a class="btn-outline-primary" id="edit_about">Change about of the user!</a>
    <a class="btn-outline-primary" id="admin">Give admin permissions!</a>
-    <a class="btn-outline-primary"  id="delete">Delete user!</a>
+    <a class="btn-outline-primary" id="delete">Delete user!</a>
    <script type="module">
      import request from "../../js/request.js";
      document.addEventListener("click", async e => {
-    if (e.target.id == "admin") {
+        if (e.target.id == "admin") {
          const response = await request("/api/users/<%= member.id %>/admin");
          if (response.admin)
            return alert("Making admin of " + response.name + " is success!");
-        }else if (e.target.id == "delete") {
+        } else if (e.target.id == "delete") {
-          const response = await request("/api/users/<%= member.id %>/delete");
+          const response = await request("/api/users/<%= member.id %>","DELETE");
          if (!response.deleted) return
          alert("User is deleted!");
          location.reload()
-        }else if (e.target.id == "edit_n") {
+        } else {
          const name = prompt("Enter new username!");
          const res =await request(`/api/users/<%= member.id %>/edit`, "POST", { name });
          if (res.error) return;
          alert(`User updated!`);
          location.reload();
          const body = {};
          if (e.target.id == "edit_name") 
            body.name = prompt("Enter new username!");
          else if (e.target.id == "edit_avatar") 
            body.avatar = prompt("Enter new avatar URL!");
          else if (e.target.id == "edit_avatar") 
            body.about = prompt("Enter new about text!");
          else return;
          const res = await request(`/api/users/<%= member.id %>`, "PATCH", body);
        }else if (e.target.id == "edit_a") {
          const avatar = prompt("Enter new avatar URL!");
          const res =await request(`/api/users/<%= member.id %>/edit`, "POST", { avatar });
          if (res.error) return;
          alert(`User updated!`);
          location.reload();
@ -89,33 +88,26 @@
      });
    </script>
-  <% }; %>
+    <% }; %>
-  <% if (member.deleted) {%>
+    <% if (member.deleted) {%>
-        <h1>This user has been deleted!</h1>
+    <h1>This user has been deleted!</h1>
-        <a onclick="undelete();" class="btn-primary"  >Undelete user! </a>
+    <a onclick="undelete();" class="btn-primary"  >Undelete user! </a>
- 
+    <script type="module">
-    
+      import request from "../../js/request.js";
-        <script type="module">
+      window.undelete= async function undelete(params) {
          import request from "../../js/request.js";
          window.undelete= async function undelete(params) {
-            const response = await request("/api/users/<%= member.id %>/undelete");
+      const response = await request("/api/users/<%= member.id %>/undelete");
-            if (response.deleted) return;
+      if (response.deleted) return;
-              alert("User is undeleted successfully!");
+        alert("User is undeleted successfully!");
-              location.reload()
+        location.reload()
-          }
+      }
-        
+    </script>
-    
+    <% }; %>
        </script>
  <% }; %>
-</div>
+  </div>
 </body>
 </html>