Akif9748/akf-forum
Akif9748/akf-forum
1
1
Fork 0
mirror of https://github.com/Akif9748/akf-forum.git synced 2024-11-22 20:10:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

http fixs, added ip ban to api, and admin panel

Browse source
This commit is contained in:
Akif9748 2022-08-29 21:32:57 +03:00
parent e01ef642c3
commit ab1f062d9d
17 changed files with 144 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
APIDOCS.md
View file

@ -16,25 +16,30 @@ But in front end, the API will works with session.
## How to request?
### Request types:
- GET `/api/bans/` fetch all bans.
- GET `/api/bans/:id` fetch a ban.
- POST `/api/bans/:id?reason=flood` for ban an IP adress.
- DELETE `/api/bans/:id` for unban an IP adress.
- GET `/api/users/:id` for fetch user.
- POST `/api/users/:id/delete` for delete user.
- DELETE `/api/users/:id/` for delete user.
- POST `/api/users/:id/undelete` for undelete user.
- POST `/api/users/:id/admin` for give admin permissions for a user.
- POST `/api/users/:id/edit` for edit user.
- PATCH `/api/users/:id/` for edit user.
- GET `/api/threads/:id` for fetch thread.
- GET `/api/threads/:id/messages/` for fetch messages in thread.
- POST `/api/threads` for create thread.
- POST `/api/threads/:id/delete` for delete thread.
- DELETE `/api/threads/:id/` for delete thread.
- POST `/api/threads/:id/undelete` for undelete thread.
- POST `/api/threads/:id/edit` for edit thread.
- PATCH `/api/threads/:id/` for edit thread.
- GET `/api/messages/:id` for fetch message.
- POST `/api/messages` for create message.
- POST `/api/messages/:id/delete` for delete message.
- DELETE `/api/messages/:id/` for delete message.
- POST `/api/messages/:id/undelete` for undelete message.
- POST `/api/messages/:id/react/:type` for react to a message.
- POST `/api/messages/:id/edit` for edit message.
- PATCH `/api/messages/:id/` for edit message.
### Example request:
GET ```/api/messages/0```

1
README.md
View file

@ -37,6 +37,7 @@ Akf-forum has got an API for AJAX, other clients etc. And, you can learn about A
- API, ?fast=
- extra ratelimits
- better edits
- IP BAN CLI IN ADMIN PANEL
### Frontend
#### User

2
index.js
View file

@ -34,8 +34,6 @@ app.use(session({ secret: 'secret', resave: true, saveUninitialized: true }),
}
);
for (const file of fs.readdirSync("./routes"))
app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));

4
models/Ban.js
View file

@ -1,7 +1,9 @@
const mongoose = require("mongoose")
const schema = new mongoose.Schema({
ip: { type: String, unique: true }
ip: { type: String, unique: true },
reason: { type: String, default: "No reason given" },
authorID: { type: String }
});
module.exports = mongoose.model('ban', schema);

22
public/js/thread.js
View file

@ -2,24 +2,30 @@ import request from "./request.js";
window.edit_t = async function (id) {
const title = prompt("Enter new title!");
const res = await request(`/api/threads/${id}/edit`, "POST", { title });
const res = await request(`/api/threads/${id}/edit`, "PATCH", { title });
if (res.error) return;
alert(`Thread updated`);
document.getElementById("title").innerHTML = title;
}
window.thread = async function (id, un = "") {
const res = await request(`/api/threads/${id}/${un}delete`);
window.delete_thread = async function (id) {
const res = await request(`/api/threads/${id}/`, "DELETE");
if (res.error) return;
alert(`Thread ${un}deleted`);
alert(`Thread deleted`);
location.reload();
}
window.undelete_thread = async function (id) {
const res = await request(`/api/threads/${id}/undelete`);
if (res.error) return;
alert(`Thread undeleted`);
location.reload();
}
window.edit_message = async function (id) {
const content = prompt("Enter new content!");
const res = await request(`/api/messages/${id}/edit`, "POST", { content });
const res = await request(`/api/messages/${id}/`, "PATCH", { content });
if (res.error) return;
alert(`Message updated`);
@ -36,7 +42,7 @@ window.undelete_message = async function (id) {
}
window.delete_message = async function (id) {
const response = await request(`/api/messages/${id}/delete`);
const response = await request(`/api/messages/${id}/`,"DELETE");
if (response.deleted) {
alert("Message deleted");
document.getElementById("dots-" + id).innerHTML = `

4
routes/admin.js
View file

@ -1,9 +1,9 @@
const { Router } = require("express")
const { BanModel } = require("../models");
const app = Router();
app.get("/", async (req, res) => {
if (!req.user?.admin) return res.error(403, "You have not got permissions for view to this page.");
res.reply("admin")
res.reply("admin",{bans: await BanModel.find({})});
});
module.exports = app;

7
routes/api/index.js
View file

@ -1,5 +1,6 @@
const { Router, request, response } = require("express")
const app = Router();
const fs =require("fs")
const bcrypt = require("bcrypt");
const { SecretModel, UserModel } = require("../../models")
@ -32,10 +33,8 @@ app.use(async (req, res, next) => {
next();
});
/* will add for loop */
app.use("/messages", require("./routes/messages"))
app.use("/users", require("./routes/users"))
app.use("/threads", require("./routes/threads"))
for (const file of fs.readdirSync("./routes/api/routes"))
app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
app.all("*", (req, res) => res.error(400, "Bad request"));

35
routes/api/routes/bans.js Normal file
View file

@ -0,0 +1,35 @@
const { BanModel } = require("../../../models");
const { Router } = require("express")
const app = Router();
app.use((req, res, next) => {
if (!req.user || !req.user.admin) return res.error(403, "You have not got permission for this.");
next();
});
app.get("/", async (req, res) => {
const bans = await BanModel.find({});
res.complate(bans);
});
app.get("/:ip", async (req, res) => {
const ban = await BanModel.findOne({ ip: req.params.ip });
if (!ban) return res.error(400, "This ip is not banned.");
res.complate(ban);
});
app.post("/:ip", async (req, res) => {
if (await BanModel.exists({ ip: req.params.ip })) return res.error(400, "This ip is already banned.");
res.complate(await BanModel.create({ ip: req.params.ip, reason: req.query.reason || "No reason given", authorID: req.user.id }));
});
app.delete("/:ip/", async (req, res) => {
if (!await BanModel.exists({ ip: req.params.ip })) return res.error(400, "This ip is already not banned.");
res.complate(await BanModel.deleteOne({ ip: req.params.ip }));
});
module.exports = app;

4
routes/api/routes/messages.js
View file

@ -15,7 +15,7 @@ app.get("/:id", async (req, res) => {
res.complate(message.toObject({ virtuals: true }));
})
app.post("/:id/edit", async (req, res) => {
app.patch("/:id/", async (req, res) => {
const message = await MessageModel.get(req.params.id);
@ -88,7 +88,7 @@ app.post("/:id/react/:type", async (req, res) => {
});
app.post("/:id/delete", async (req, res) => {
app.delete("/:id/", async (req, res) => {
const message = await MessageModel.get(req.params.id);
if (!message || (message.deleted && req.user && !req.user.admin))
return res.error(404, `We don't have any message with id ${req.params.id}.`);

4
routes/api/routes/threads.js
View file

@ -53,7 +53,7 @@ app.post("/", async (req, res) => {
res.complate(thread.toObject({ virtuals: true }));
});
app.post("/:id/edit", async (req, res) => {
app.patch("/:id/", async (req, res) => {
const thread = await ThreadModel.get(req.params.id);
@ -68,7 +68,7 @@ app.post("/:id/edit", async (req, res) => {
res.complate(thread.toObject({ virtuals: true }));
})
app.post("/:id/delete", async (req, res) => {
app.delete("/:id/", async (req, res) => {
const thread = await ThreadModel.get(req.params.id);
if (!thread || thread.deleted) return res.error(404, `We don't have any thread with id ${req.params.id}.`);
const user = req.user;

4
routes/api/routes/users.js
View file

@ -14,7 +14,7 @@ app.get("/:id", async (req, res) => {
});
app.post("/:id/delete/", async (req, res) => {
app.delete("/:id/", async (req, res) => {
const user = req.user;
if (!user.admin)
return res.error(403, "You have not got permission for this.");
@ -46,7 +46,7 @@ app.post("/:id/undelete/", async (req, res) => {
})
app.post("/:id/edit", async (req, res) => {
app.patch("/:id/", async (req, res) => {
const member = await UserModel.get(req.params.id);

2
routes/threads.js
View file

@ -12,7 +12,7 @@ app.get("/", async (req, res) => {
});
app.get("/create*", (req, res) => res.reply("create_thread"));
app.get("/create/", (req, res) => res.reply("create_thread"));
app.get("/:id/", async (req, res) => {

4
util/admin.js
View file

@ -6,9 +6,7 @@ mongoose.connect(process.env.MONGO_DB_URL, () => console.log("Database is connec
const { UserModel } = require("../models");
(async () => {
const member= await UserModel.get(0);
const member= await UserModel.get("0");
member.admin = true;
console.log(await member.save());
})();

12
util/reset.js
View file

@ -3,14 +3,6 @@ require("dotenv").config();
mongoose.connect(process.env.MONGO_DB_URL, () => console.log("Database is connected"));
const { SecretModel, UserModel, MessageModel, ThreadModel } = require("../models");
(async () => {
await UserModel.deleteMany({});
await ThreadModel.deleteMany({});
await MessageModel.deleteMany({});
await SecretModel.deleteMany({});
console.log("Success")
})();
const Models = require("../models");
Object.values(Models).forEach(model => model.deleteMany({}).then(console.log));

29
views/admin.ejs
View file

@ -6,8 +6,31 @@
<body style="text-align: center;">
<%- include("extra/navbar") %>
<b>SİLME LAN İT BEN SİLECEĞİM</b>
<h1 style="color: #4d18e6;">Welcome to the admin panel of the forum, <%= user.name %>!</h1>
<h2 style="color: #606060;">Write an ID to give someone admin permissions:</h2>
<b>SİLME LAN İT BEN SİLECEĞİM</b>
<h1 style="color: #4d18e6;">Welcome to the admin panel of the forum, <%= user.name %>!</h1>
<h2 style="color: #606060;">Banned users:</h2>
<table >
<tr>
<th>IP</th>
<th>Reason</th>
<th>AuthorID</th>
</tr>
<% for (const ban of bans) { %>
<tr>
<td><%=ban.ip%></td>
<td><%=ban.reason%></td>
<td><%=ban.authorID%></td>
</tr>
<% } %>
</table>
<script>
function ban() {
var id = document.getElementById("id").value;
window.location.href = "/ban/give/" + id;
}
</script>
</body>
</html>

6
views/thread.ejs
View file

@ -16,7 +16,7 @@
<div style="text-align:center;padding:8px">
<div class="title" id="title"><%= thread.title %></div>
<div class="date">
<%= new Date(thread.time).toLocaleString() %> • Views: <%= thread.views %>
<%= new Date(thread.time).toLocaleString() %> • Views: <%= thread.views %> <%= "• "+thread.edited %>
</div>
</div>
@ -25,11 +25,11 @@
<% if (user && !thread.deleted){ %>
<a onclick="thread('<%= thread.id %>')" class="btn-outline-primary" >DELETE</a>
<a onclick="delete_thread('<%= thread.id %>')" class="btn-outline-primary" >DELETE</a>
<a onclick="edit_t('<%= thread.id %>')" class="btn-outline-primary" >EDIT</a>
<% } else if (thread.deleted) { %>
<h3 style="display:inline;">This thread has been deleted</h3>
<a onclick="thread('<%= thread.id %>', 'un')" class="btn-primary" >UNDELETE</a>
<a onclick="undelete_thread('<%= thread.id %>')" class="btn-primary" >UNDELETE</a>
<% }; %>
</div>

74
views/user.ejs
View file

@ -36,52 +36,51 @@
<h2 class="box-value"><%= counts.thread %></h2>
</div>
<div class="box">
<h2 class="box-title">About:</h2><br>
<h2 class="box-title">About:</h2>
</div>
<p class="box-value">
<%= member.about %>
</p>
<% if (user && (user.id === member.id ||user.admin)) {%>
<a class="btn-outline-primary" id="edit_n">Change name of the user!</a>
<a class="btn-outline-primary" id="edit_a">Change avatar of the user!</a>
<% if (user?.admin && !member.deleted) {%>
<a class="btn-outline-primary" id="edit_name">Change name of the user!</a>
<a class="btn-outline-primary" id="edit_avatar">Change avatar of the user!</a>
<a class="btn-outline-primary" id="edit_about">Change about of the user!</a>
<a class="btn-outline-primary" id="admin">Give admin permissions!</a>
<a class="btn-outline-primary" id="delete">Delete user!</a>
<a class="btn-outline-primary" id="delete">Delete user!</a>
<script type="module">
import request from "../../js/request.js";
document.addEventListener("click", async e => {
if (e.target.id == "admin") {
if (e.target.id == "admin") {
const response = await request("/api/users/<%= member.id %>/admin");
if (response.admin)
return alert("Making admin of " + response.name + " is success!");
}else if (e.target.id == "delete") {
} else if (e.target.id == "delete") {
const response = await request("/api/users/<%= member.id %>/delete");
const response = await request("/api/users/<%= member.id %>","DELETE");
if (!response.deleted) return
alert("User is deleted!");
location.reload()
}else if (e.target.id == "edit_n") {
} else {
const name = prompt("Enter new username!");
const res =await request(`/api/users/<%= member.id %>/edit`, "POST", { name });
if (res.error) return;
alert(`User updated!`);
location.reload();
const body = {};
if (e.target.id == "edit_name")
body.name = prompt("Enter new username!");
else if (e.target.id == "edit_avatar")
body.avatar = prompt("Enter new avatar URL!");
else if (e.target.id == "edit_avatar")
body.about = prompt("Enter new about text!");
else return;
const res = await request(`/api/users/<%= member.id %>`, "PATCH", body);
}else if (e.target.id == "edit_a") {
const avatar = prompt("Enter new avatar URL!");
const res =await request(`/api/users/<%= member.id %>/edit`, "POST", { avatar });
if (res.error) return;
alert(`User updated!`);
location.reload();
@ -89,33 +88,26 @@
});
</script>
<% }; %>
<% if (member.deleted) {%>
<h1>This user has been deleted!</h1>
<a onclick="undelete();" class="btn-primary" >Undelete user! </a>
<% }; %>
<% if (member.deleted) {%>
<h1>This user has been deleted!</h1>
<a onclick="undelete();" class="btn-primary" >Undelete user! </a>
<script type="module">
import request from "../../js/request.js";
window.undelete= async function undelete(params) {
const response = await request("/api/users/<%= member.id %>/undelete");
<script type="module">
if (response.deleted) return;
alert("User is undeleted successfully!");
location.reload()
}
</script>
<% }; %>
import request from "../../js/request.js";
window.undelete= async function undelete(params) {
const response = await request("/api/users/<%= member.id %>/undelete");
if (response.deleted) return;
alert("User is undeleted successfully!");
location.reload()
}
</script>
<% }; %>
</div>
</div>
</body>
</html>