From 9a60cf0b8c7028c5b5428fdcd694bd13512fa0b1 Mon Sep 17 00:00:00 2001 From: tovade Date: Sun, 24 Apr 2022 16:56:47 +0200 Subject: [PATCH] Fix known bugs --- db.js | 134 ++++++------- frontend/pages/admin/main.ejs | 5 +- frontend/pages/server/modify.ejs | 84 +++++++-- handlers/oauth2/discord.js | 310 ++++++++++++++++--------------- 4 files changed, 301 insertions(+), 232 deletions(-) diff --git a/db.js b/db.js index d100235..5d69d11 100644 --- a/db.js +++ b/db.js @@ -1,6 +1,6 @@ /* eslint-disable camelcase */ -const fetch = require("node-fetch"); -const mysql = require("mysql2"); +const fetch = require('node-fetch'); +const mysql = require('mysql2'); const pool = mysql.createPool({ host: process.env.database.host, port: process.env.database.port, @@ -72,10 +72,10 @@ pool.query( async function createSettings(id) { return new Promise((resolve, reject) => { pool.query( - "INSERT INTO settings (id, name, smtp_server, smtp_port, smtp_user, smtp_pass) VALUES (?, ?, ?, ?, ?, ?)", + 'INSERT INTO settings (id, name, smtp_server, smtp_port, smtp_user, smtp_pass) VALUES (?, ?, ?, ?, ?, ?)', [ id, - "Fyreactyl", + 'Fyreactyl', process.env.mail.server, process.env.mail.port, process.env.mail.user, @@ -94,7 +94,7 @@ module.exports = { async findOrCreateSettings(id) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM settings WHERE id = ?", + 'SELECT * FROM settings WHERE id = ?', [id], async function (error, results, fields) { if (error) return reject(error); @@ -111,7 +111,7 @@ module.exports = { async updatePassword(email, password) { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET password = ? WHERE email = ?", + 'UPDATE accounts SET password = ? WHERE email = ?', [password, email], function (error, results, fields) { @@ -125,7 +125,7 @@ module.exports = { async updateDiscordId(email, newId) { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET discord_id = ? WHERE email = ?", + 'UPDATE accounts SET discord_id = ? WHERE email = ?', [newId, email], function (error, results, fields) { @@ -139,7 +139,7 @@ module.exports = { async updateResetId(email, newID) { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET reset_id = ? WHERE email = ?", + 'UPDATE accounts SET reset_id = ? WHERE email = ?', [newID, email], function (error, results, fields) { @@ -153,7 +153,7 @@ module.exports = { async updateName(id, name) { return new Promise((resolve, reject) => { pool.query( - "UPDATE settings SET name = ? WHERE id = ?", + 'UPDATE settings SET name = ? WHERE id = ?', [name, id], function (error, results, fields) { @@ -167,7 +167,7 @@ module.exports = { async updateSmtp(id, server, port, user, password) { return new Promise((resolve, reject) => { pool.query( - "UPDATE settings SET smtp_server = ?, smtp_port = ?, smtp_user = ?, smtp_pass = ? WHERE id = ?", + 'UPDATE settings SET smtp_server = ?, smtp_port = ?, smtp_user = ?, smtp_pass = ? WHERE id = ?', [server, port, user, password, id], function (error, results, fields) { @@ -187,12 +187,12 @@ module.exports = { ) { return new Promise((resolve, reject) => { pool.query( - "INSERT INTO accounts (email, discord_id, pterodactyl_id, blacklisted, coins, package, memory, disk, cpu, servers, name, password) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", + 'INSERT INTO accounts (email, discord_id, pterodactyl_id, blacklisted, coins, package, memory, disk, cpu, servers, name, password) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', [ email, discord_id, pterodactyl_id, - "false", + 'false', 0, null, 0, @@ -224,16 +224,22 @@ module.exports = { Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15); + const specialChars = containsSpecialChars(username); + + const generatedUsername = + Math.random().toString(36).substring(2, 15) + + Math.random().toString(36).substring(2, 15); + const account = await fetch( `${process.env.pterodactyl.domain}/api/application/users`, { - method: "post", + method: 'post', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, body: JSON.stringify({ - username: username, + username: specialChars ? generatedUsername : username, email: email, first_name: first_name, last_name: last_name, @@ -257,7 +263,7 @@ module.exports = { accountinfo.attributes.password = generated_password; accountinfo.attributes.relationships = { - servers: { object: "list", data: [] }, + servers: { object: 'list', data: [] }, }; return accountinfo.attributes; @@ -270,9 +276,9 @@ module.exports = { email )}`, { - method: "get", + method: 'get', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } @@ -303,7 +309,7 @@ module.exports = { async fetchAccountPterodactylID(pterodactyl_id) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM accounts WHERE pterodactyl_id = ?", + 'SELECT * FROM accounts WHERE pterodactyl_id = ?', [pterodactyl_id], function (error, results, fields) { if (error) return reject(error); @@ -320,7 +326,7 @@ module.exports = { async fetchAccountByResetId(resetId) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM accounts WHERE reset_id = ?", + 'SELECT * FROM accounts WHERE reset_id = ?', [resetId], function (error, results, fields) { if (error) return reject(error); @@ -338,7 +344,7 @@ module.exports = { async fetchAccountDiscordID(discord_id) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM accounts WHERE discord_id = ?", + 'SELECT * FROM accounts WHERE discord_id = ?', [discord_id], function (error, results, fields) { if (error) return reject(error); @@ -355,7 +361,7 @@ module.exports = { async fetchAccountByEmail(email) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM accounts WHERE email = ?", + 'SELECT * FROM accounts WHERE email = ?', [email], function (error, results, fields) { if (error) return reject(error); @@ -372,7 +378,7 @@ module.exports = { async fetchAccountByEmailAndPassword(email, password) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM accounts WHERE email = ? AND password = ?", + 'SELECT * FROM accounts WHERE email = ? AND password = ?', [email, password], function (error, results, fields) { if (error) return reject(error); @@ -412,7 +418,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET coins = ? WHERE accounts.email = ?", + 'UPDATE accounts SET coins = ? WHERE accounts.email = ?', [coins, email], function (error, results, fields) { @@ -437,7 +443,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET coins = ? WHERE accounts.discord_id = ?", + 'UPDATE accounts SET coins = ? WHERE accounts.discord_id = ?', [coins, discord_id], function (error, results, fields) { @@ -460,7 +466,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET coins = ? WHERE email = ?", + 'UPDATE accounts SET coins = ? WHERE email = ?', [coins, email], function (error, results, fields) { @@ -483,7 +489,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET coins = ? WHERE discord_id = ?", + 'UPDATE accounts SET coins = ? WHERE discord_id = ?', [coins, discord_id], function (error, results, fields) { @@ -498,7 +504,7 @@ module.exports = { async setPackageByEmail(email, pkg) { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET package = ? WHERE email = ?", + 'UPDATE accounts SET package = ? WHERE email = ?', [pkg, email], function (error, results, fields) { @@ -513,7 +519,7 @@ module.exports = { async setPackageByDiscordID(discord_id, pkg) { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET package = ? WHERE discord_id = ?", + 'UPDATE accounts SET package = ? WHERE discord_id = ?', [pkg, discord_id], function (error, results, fields) { @@ -531,29 +537,29 @@ module.exports = { // Beautiful code that hurts my eyes, and I'm lazy af. - Two - if (typeof memory === "number") { - additions.push("memory = ?"); + if (typeof memory === 'number') { + additions.push('memory = ?'); the_array.push(memory); if (memory > 1073741823) memory = 1073741823; } - if (typeof disk === "number") { - additions.push("disk = ?"); + if (typeof disk === 'number') { + additions.push('disk = ?'); the_array.push(disk); if (disk > 1073741823) disk = 1073741823; } - if (typeof cpu === "number") { - additions.push("cpu = ?"); + if (typeof cpu === 'number') { + additions.push('cpu = ?'); the_array.push(cpu); if (cpu > 1073741823) cpu = 1073741823; } - if (typeof servers === "number") { - additions.push("servers = ?"); + if (typeof servers === 'number') { + additions.push('servers = ?'); the_array.push(servers); if (servers > 1073741823) servers = 1073741823; @@ -563,7 +569,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - `UPDATE accounts SET ${additions.join(", ")} WHERE email = ?`, + `UPDATE accounts SET ${additions.join(', ')} WHERE email = ?`, the_array, function (error, results, fields) { @@ -581,29 +587,29 @@ module.exports = { // Beautiful code that hurts my eyes, and I'm lazy af. - Two - if (typeof memory === "number") { - additions.push("memory = ?"); + if (typeof memory === 'number') { + additions.push('memory = ?'); the_array.push(memory); if (memory > 1073741823) memory = 1073741823; } - if (typeof disk === "number") { - additions.push("disk = ?"); + if (typeof disk === 'number') { + additions.push('disk = ?'); the_array.push(disk); if (disk > 1073741823) disk = 1073741823; } - if (typeof cpu === "number") { - additions.push("cpu = ?"); + if (typeof cpu === 'number') { + additions.push('cpu = ?'); the_array.push(cpu); if (cpu > 1073741823) cpu = 1073741823; } - if (typeof servers === "number") { - additions.push("servers = ?"); + if (typeof servers === 'number') { + additions.push('servers = ?'); the_array.push(servers); if (servers > 1073741823) servers = 1073741823; @@ -613,7 +619,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - `UPDATE accounts SET ${additions.join(", ")} WHERE discord_id = ?`, + `UPDATE accounts SET ${additions.join(', ')} WHERE discord_id = ?`, the_array, function (error, results, fields) { @@ -628,7 +634,7 @@ module.exports = { async getAllRenewalTimers() { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM renewal_timer", + 'SELECT * FROM renewal_timer', function (error, results, fields) { if (error) return reject(error); @@ -641,15 +647,15 @@ module.exports = { async getSingleRenewalDate(server_id) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM renewal_timer WHERE server_id = ?", + 'SELECT * FROM renewal_timer WHERE server_id = ?', [server_id], function (error, results, fields) { if (error) return reject(error); if (results.length !== 1) { return resolve({ - action: "???", - timer: "???", + action: '???', + timer: '???', }); } @@ -662,7 +668,7 @@ module.exports = { }); }, - async runDBTimerActions(server_id, date, action = "suspend") { + async runDBTimerActions(server_id, date, action = 'suspend') { await this.removeRenewTimerFromDB(server_id); await this.addRenewTimerToDB(server_id, date, action); return true; @@ -671,7 +677,7 @@ module.exports = { async addRenewTimerToDB(server_id, date, action) { return new Promise((resolve, reject) => { pool.query( - "INSERT INTO renewal_timer (server_id, date, action) VALUES (?, ?, ?)", + 'INSERT INTO renewal_timer (server_id, date, action) VALUES (?, ?, ?)', [server_id, date, action], function (error, results, fields) { @@ -686,7 +692,7 @@ module.exports = { async removeRenewTimerFromDB(server_id) { return new Promise((resolve, reject) => { pool.query( - "DELETE FROM renewal_timer WHERE server_id=?", + 'DELETE FROM renewal_timer WHERE server_id=?', [server_id], function (error, results, fields) { @@ -704,7 +710,7 @@ module.exports = { if (!check_if_coupon_exists) { return new Promise((resolve, reject) => { pool.query( - "INSERT INTO coupons (code, coins, memory, disk, cpu, servers) VALUES (?, ?, ?, ?, ?, ?)", + 'INSERT INTO coupons (code, coins, memory, disk, cpu, servers) VALUES (?, ?, ?, ?, ?, ?)', [code, coins, memory, disk, cpu, servers], function (error, results, fields) { @@ -717,7 +723,7 @@ module.exports = { } else { return new Promise((resolve, reject) => { pool.query( - "UPDATE coupons SET coins = ?, memory = ?, disk = ?, cpu = ?, servers = ? WHERE code = ?", + 'UPDATE coupons SET coins = ?, memory = ?, disk = ?, cpu = ?, servers = ? WHERE code = ?', [coins, memory, disk, cpu, servers, code], function (error, results, fields) { @@ -731,7 +737,7 @@ module.exports = { }, async allAccounts() { return new Promise((resolve, reject) => { - pool.query("SELECT * FROM accounts", function (error, results, fields) { + pool.query('SELECT * FROM accounts', function (error, results, fields) { if (error) return reject(error); resolve(results); @@ -744,7 +750,7 @@ module.exports = { if (check_if_coupon_exists) { return new Promise((resolve, reject) => { pool.query( - "DELETE FROM coupons WHERE code = ?", + 'DELETE FROM coupons WHERE code = ?', [code], async (error, results, fields) => { @@ -762,7 +768,7 @@ module.exports = { async getCouponInfo(code) { return new Promise((resolve, reject) => { pool.query( - "SELECT * FROM coupons WHERE code = ?", + 'SELECT * FROM coupons WHERE code = ?', [code], function (error, results, fields) { if (error) return reject(error); @@ -781,7 +787,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "DELETE FROM coupons WHERE code = ?", + 'DELETE FROM coupons WHERE code = ?', [code], async (error, results, fields) => { @@ -803,7 +809,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET blacklisted = ? WHERE email = ?", + 'UPDATE accounts SET blacklisted = ? WHERE email = ?', [ new_status.toString(), // Is .toString() required? Too lazy to check. email, @@ -823,7 +829,7 @@ module.exports = { return new Promise((resolve, reject) => { pool.query( - "UPDATE accounts SET blacklisted = ? WHERE discord_id = ?", + 'UPDATE accounts SET blacklisted = ? WHERE discord_id = ?', [ new_status.toString(), // Is .toString() required? Too lazy to check. discord_id, @@ -838,3 +844,7 @@ module.exports = { }); }, }; +function containsSpecialChars(str) { + const specialChars = /[`!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~]/; + return specialChars.test(str); +} diff --git a/frontend/pages/admin/main.ejs b/frontend/pages/admin/main.ejs index 95e558c..dcac034 100644 --- a/frontend/pages/admin/main.ejs +++ b/frontend/pages/admin/main.ejs @@ -140,7 +140,7 @@ - +
  • -
    • + + diff --git a/frontend/pages/server/modify.ejs b/frontend/pages/server/modify.ejs index ac3728d..255510b 100644 --- a/frontend/pages/server/modify.ejs +++ b/frontend/pages/server/modify.ejs @@ -117,25 +117,69 @@ -
  • - - -
    • +
  • + + +
    • @@ -146,7 +190,7 @@
    -

    Hello <%= data.userinfo.username %>#<%= data.userinfo.discriminator %>

    +

    Hello <%= data.dbinfo.name %>

    Welcome back!

    diff --git a/handlers/oauth2/discord.js b/handlers/oauth2/discord.js index e380fba..12cf92e 100644 --- a/handlers/oauth2/discord.js +++ b/handlers/oauth2/discord.js @@ -1,11 +1,11 @@ /* eslint-disable no-constant-condition */ /* eslint-disable camelcase */ -const fetch = require("node-fetch"); -const functions = require("../../functions.js"); -const suspendCheck = require("../servers/suspension_system.js"); -const express = require("express"); +const fetch = require('node-fetch'); +const functions = require('../../functions.js'); +const suspendCheck = require('../servers/suspension_system.js'); +const express = require('express'); module.exports.load = async function (app, ifValidAPI, ejs) { - app.get("/accounts/discord/signup", async (req, res) => { + app.get('/accounts/discord/signup', async (req, res) => { res.redirect( `https://discord.com/api/oauth2/authorize?client_id=${ process.env.discord.id @@ -14,7 +14,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { )}&response_type=code&scope=identify%20email%20guilds%20guilds.join` ); }); - app.get("/accounts/discord/login", async (req, res) => { + app.get('/accounts/discord/login', async (req, res) => { res.redirect( `https://discord.com/api/oauth2/authorize?client_id=${ process.env.discord.id @@ -23,7 +23,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { )}&response_type=code&scope=identify%20email%20guilds%20guilds.join` ); }); - app.get("/accounts/discord/link", async (req, res) => { + app.get('/accounts/discord/link', async (req, res) => { res.redirect( `https://discord.com/api/oauth2/authorize?client_id=${ process.env.discord.id @@ -33,7 +33,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { ); }); app.get( - "/accounts/discord/link/callback", + '/accounts/discord/link/callback', process.rateLimit({ windowMs: 1000, max: 1, @@ -48,15 +48,15 @@ module.exports.load = async function (app, ifValidAPI, ejs) { */ async (req, res) => { if (!req.session.data) { - return res.redirect("/login"); + return res.redirect('/login'); } const redirects = process.pagesettings.redirectactions.oauth2; if (req.query.error && req.query.error_description) { if ( - req.query.error === "access_denied" && + req.query.error === 'access_denied' && req.query.error_description === - "The resource owner or authorization server denied the request" + 'The resource owner or authorization server denied the request' ) { return functions.doRedirect(req, res, redirects.cancelledloginaction); } @@ -69,14 +69,14 @@ module.exports.load = async function (app, ifValidAPI, ejs) { req.session.data.dbinfo.email ); if (!account) { - return res.redirect("/"); + return res.redirect('/'); } if (account.discord_id) { - return res.redirect("/dashboard"); + return res.redirect('/dashboard'); } - const oauth2Token = await fetch("https://discord.com/api/oauth2/token", { - method: "post", + const oauth2Token = await fetch('https://discord.com/api/oauth2/token', { + method: 'post', body: `client_id=${process.env.discord.id}&client_secret=${ process.env.discord.secret }&grant_type=authorization_code&code=${encodeURIComponent( @@ -84,7 +84,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { )}&redirect_uri=${encodeURIComponent( process.env.discord.link_callback )}`, - headers: { "Content-Type": "application/x-www-form-urlencoded" }, + headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, }); if (!oauth2Token.ok) @@ -92,14 +92,14 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const tokenInfo = JSON.parse(await oauth2Token.text()); const scopes = tokenInfo.scope; if ( - !scopes.includes("identify") || - !scopes.includes("guilds.join") || - !scopes.includes("email") || - !scopes.includes("guilds") + !scopes.includes('identify') || + !scopes.includes('guilds.join') || + !scopes.includes('email') || + !scopes.includes('guilds') ) return functions.doRedirect(req, res, redirects.badscopes); - const userinfo_raw = await fetch("https://discord.com/api/users/@me", { - method: "get", + const userinfo_raw = await fetch('https://discord.com/api/users/@me', { + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -111,9 +111,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { return functions.doRedirect(req, res, redirects.unverified); const guildinfo_raw = await fetch( - "https://discord.com/api/users/@me/guilds", + 'https://discord.com/api/users/@me/guilds', { - method: "get", + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -127,39 +127,44 @@ module.exports.load = async function (app, ifValidAPI, ejs) { userinfo.access_token = tokenInfo.access_token; userinfo.guilds = guilds; - if (process.env.discord.guild) { - - const check_if_banned = (await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, - { - method: 'get', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - } - } - )).status + if (process.env.discord.guild) { + const check_if_banned = ( + await fetch( + `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, + { + method: 'get', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + } + ) + ).status; if (check_if_banned === 200) { - await process.db.toggleBlacklist(userinfo.id, true) + await process.db.toggleBlacklist(userinfo.id, true); } else if (check_if_banned === 404) { await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, - { - method: 'put', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - }, - body: JSON.stringify({ - access_token: tokenInfo.access_token - }) - } - ) + `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, + { + method: 'put', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + body: JSON.stringify({ + access_token: tokenInfo.access_token, + }), + } + ); } else { - console.log('[AUTO JOIN SERVER] For some reason, the status code is ' + check_if_banned + ', instead of 200 or 404. You should worry about this.') + console.log( + '[AUTO JOIN SERVER] For some reason, the status code is ' + + check_if_banned + + ', instead of 200 or 404. You should worry about this.' + ); } - }; + } const blacklist_status = await process.db.blacklistStatusByDiscordID( userinfo.id @@ -179,21 +184,21 @@ module.exports.load = async function (app, ifValidAPI, ejs) { } ); app.get( - "/accounts/discord/login/callback", + '/accounts/discord/login/callback', process.rateLimit({ windowMs: 1000, max: 1, message: - "You have been requesting this endpoint too fast. Please try again.", + 'You have been requesting this endpoint too fast. Please try again.', }), async (req, res) => { const redirects = process.pagesettings.redirectactions.oauth2; if (req.query.error && req.query.error_description) { if ( - req.query.error === "access_denied" && + req.query.error === 'access_denied' && req.query.error_description === - "The resource owner or authorization server denied the request" + 'The resource owner or authorization server denied the request' ) { return functions.doRedirect(req, res, redirects.cancelledloginaction); } @@ -202,8 +207,8 @@ module.exports.load = async function (app, ifValidAPI, ejs) { if (!req.query.code) return functions.doRedirect(req, res, redirects.missingcode); - const oauth2Token = await fetch("https://discord.com/api/oauth2/token", { - method: "post", + const oauth2Token = await fetch('https://discord.com/api/oauth2/token', { + method: 'post', body: `client_id=${process.env.discord.id}&client_secret=${ process.env.discord.secret }&grant_type=authorization_code&code=${encodeURIComponent( @@ -211,7 +216,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { )}&redirect_uri=${encodeURIComponent( process.env.discord.login_callback )}`, - headers: { "Content-Type": "application/x-www-form-urlencoded" }, + headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, }); if (!oauth2Token.ok) @@ -221,15 +226,15 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const scopes = tokenInfo.scope; if ( - !scopes.includes("identify") || - !scopes.includes("guilds.join") || - !scopes.includes("email") || - !scopes.includes("guilds") + !scopes.includes('identify') || + !scopes.includes('guilds.join') || + !scopes.includes('email') || + !scopes.includes('guilds') ) return functions.doRedirect(req, res, redirects.badscopes); - const userinfo_raw = await fetch("https://discord.com/api/users/@me", { - method: "get", + const userinfo_raw = await fetch('https://discord.com/api/users/@me', { + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -241,9 +246,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { return functions.doRedirect(req, res, redirects.unverified); const guildinfo_raw = await fetch( - "https://discord.com/api/users/@me/guilds", + 'https://discord.com/api/users/@me/guilds', { - method: "get", + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -257,50 +262,54 @@ module.exports.load = async function (app, ifValidAPI, ejs) { userinfo.access_token = tokenInfo.access_token; userinfo.guilds = guilds; - if (process.env.discord.guild) { - - const check_if_banned = (await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, - { - method: 'get', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - } - } - )).status + if (process.env.discord.guild) { + const check_if_banned = ( + await fetch( + `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, + { + method: 'get', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + } + ) + ).status; if (check_if_banned === 200) { - await process.db.toggleBlacklist(userinfo.id, true) + await process.db.toggleBlacklist(userinfo.id, true); } else if (check_if_banned === 404) { await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, - { - method: 'put', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - }, - body: JSON.stringify({ - access_token: tokenInfo.access_token - }) - } - ) + `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, + { + method: 'put', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + body: JSON.stringify({ + access_token: tokenInfo.access_token, + }), + } + ); } else { - console.log('[AUTO JOIN SERVER] For some reason, the status code is ' + check_if_banned + ', instead of 200 or 404. You should worry about this.') + console.log( + '[AUTO JOIN SERVER] For some reason, the status code is ' + + check_if_banned + + ', instead of 200 or 404. You should worry about this.' + ); } - }; + } let dbinfo = await process.db.fetchAccountDiscordID(userinfo.id); - let emailinfo = await process.db.fetchAccountByEmail(userinfo.email); - if (!emailinfo) { + if (!dbinfo) { req.session.variables = { error: { message: - "No account was found linked with that discord account, please signup instead.", + 'No account was found linked with that discord account, please signup instead.', }, }; - return res.redirect("/"); + return res.redirect('/'); } let panel_id; let panelinfo; @@ -310,10 +319,10 @@ module.exports.load = async function (app, ifValidAPI, ejs) { req.session.variables = { error: { message: - "No account was found linked with that discord account, please signup instead.", + 'No account was found linked with that discord account, please signup instead.', }, }; - return res.redirect("/"); + return res.redirect('/'); } else { // Fetch account information. @@ -322,15 +331,15 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const panelinfo_raw = await fetch( `${process.env.pterodactyl.domain}/api/application/users/${panel_id}?include=servers`, { - method: "get", + method: 'get', headers: { - "Content-Type": "application/json", + 'Content-Type': 'application/json', Authorization: `Bearer ${process.env.pterodactyl.key}`, }, } ); - if ((await panelinfo_raw.statusText) === "Not Found") + if ((await panelinfo_raw.statusText) === 'Not Found') return functions.doRedirect(req, res, redirects.cannotgetinfo); panelinfo = (await panelinfo_raw.json()).attributes; @@ -356,13 +365,13 @@ module.exports.load = async function (app, ifValidAPI, ejs) { ); app.get( - "/accounts/discord/signup/callback", + '/accounts/discord/signup/callback', process.rateLimit({ windowMs: 1000, max: 1, message: - "You have been requesting this endpoint too fast. Please try again.", + 'You have been requesting this endpoint too fast. Please try again.', }), async (req, res) => { @@ -370,9 +379,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { if (req.query.error && req.query.error_description) { if ( - req.query.error === "access_denied" && + req.query.error === 'access_denied' && req.query.error_description === - "The resource owner or authorization server denied the request" + 'The resource owner or authorization server denied the request' ) { return functions.doRedirect(req, res, redirects.cancelledloginaction); } @@ -381,8 +390,8 @@ module.exports.load = async function (app, ifValidAPI, ejs) { if (!req.query.code) return functions.doRedirect(req, res, redirects.missingcode); - const oauth2Token = await fetch("https://discord.com/api/oauth2/token", { - method: "post", + const oauth2Token = await fetch('https://discord.com/api/oauth2/token', { + method: 'post', body: `client_id=${process.env.discord.id}&client_secret=${ process.env.discord.secret }&grant_type=authorization_code&code=${encodeURIComponent( @@ -390,7 +399,7 @@ module.exports.load = async function (app, ifValidAPI, ejs) { )}&redirect_uri=${encodeURIComponent( process.env.discord.signup_callback )}`, - headers: { "Content-Type": "application/x-www-form-urlencoded" }, + headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, }); if (!oauth2Token.ok) @@ -400,15 +409,15 @@ module.exports.load = async function (app, ifValidAPI, ejs) { const scopes = tokenInfo.scope; if ( - !scopes.includes("identify") || - !scopes.includes("guilds.join") || - !scopes.includes("email") || - !scopes.includes("guilds") + !scopes.includes('identify') || + !scopes.includes('guilds.join') || + !scopes.includes('email') || + !scopes.includes('guilds') ) return functions.doRedirect(req, res, redirects.badscopes); - const userinfo_raw = await fetch("https://discord.com/api/users/@me", { - method: "get", + const userinfo_raw = await fetch('https://discord.com/api/users/@me', { + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -420,9 +429,9 @@ module.exports.load = async function (app, ifValidAPI, ejs) { return functions.doRedirect(req, res, redirects.unverified); const guildinfo_raw = await fetch( - "https://discord.com/api/users/@me/guilds", + 'https://discord.com/api/users/@me/guilds', { - method: "get", + method: 'get', headers: { Authorization: `Bearer ${tokenInfo.access_token}`, }, @@ -436,39 +445,44 @@ module.exports.load = async function (app, ifValidAPI, ejs) { userinfo.access_token = tokenInfo.access_token; userinfo.guilds = guilds; -if (process.env.discord.guild) { - - const check_if_banned = (await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, - { - method: 'get', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - } - } - )).status + if (process.env.discord.guild) { + const check_if_banned = ( + await fetch( + `https://discord.com/api/guilds/${process.env.discord.guild}/bans/${userinfo.id}`, + { + method: 'get', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + } + ) + ).status; if (check_if_banned === 200) { - await process.db.toggleBlacklist(userinfo.id, true) + await process.db.toggleBlacklist(userinfo.id, true); } else if (check_if_banned === 404) { await fetch( - `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, - { - method: 'put', - headers: { - 'Content-Type': 'application/json', - Authorization: `Bot ${process.env.discord.token}` - }, - body: JSON.stringify({ - access_token: tokenInfo.access_token - }) - } - ) + `https://discord.com/api/guilds/${process.env.discord.guild}/members/${userinfo.id}`, + { + method: 'put', + headers: { + 'Content-Type': 'application/json', + Authorization: `Bot ${process.env.discord.token}`, + }, + body: JSON.stringify({ + access_token: tokenInfo.access_token, + }), + } + ); } else { - console.log('[AUTO JOIN SERVER] For some reason, the status code is ' + check_if_banned + ', instead of 200 or 404. You should worry about this.') + console.log( + '[AUTO JOIN SERVER] For some reason, the status code is ' + + check_if_banned + + ', instead of 200 or 404. You should worry about this.' + ); } - }; + } let dbinfo = await process.db.fetchAccountDiscordID(userinfo.id); let emailinfo = await process.db.fetchAccountByEmail(userinfo.email); @@ -476,10 +490,10 @@ if (process.env.discord.guild) { req.session.variables = { error: { message: - "You already have an account with that email please sign in!", + 'You already have an account with that email please sign in!', }, }; - return res.redirect("/"); + return res.redirect('/'); } let panel_id; let panelinfo; @@ -519,10 +533,10 @@ if (process.env.discord.guild) { req.session.variables = { error: { message: - "You already have an account with that email please sign in!", + 'You already have an account with that email please sign in!', }, }; - return res.redirect("/"); + return res.redirect('/'); } const blacklist_status = await process.db.blacklistStatusByDiscordID(