feat: add banned user privilege and enforce restrictions

net-escape/putong-oj#12
net-escape · Jan 26, 2025 · 1a56fb7 · 1a56fb7
1 parent 54ad640
commit 1a56fb7
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 6 deletions.
diff --git a/config/index.js b/config/index.js
@@ -7,6 +7,7 @@ const config = {
   secretKey: String(process.env.secretKey),
 
   privilege: {
+    Banned: 0,
     PrimaryUser: 1,
     Teacher: 2,
     Root: 3,

diff --git a/controllers/session.js b/controllers/session.js
@@ -1,6 +1,7 @@
 const only = require('only')
 const User = require('../models/User')
 const { generatePwd } = require('../utils/helper')
+const { privilege } = require('../config')
 
 // 登录
 const login = async (ctx) => {
@@ -11,12 +12,12 @@ const login = async (ctx) => {
     .findOne({ uid })
     .exec()
 
-  if (user == null) {
+  if (user == null)
     ctx.throw(400, 'No such a user')
-  }
-  if (user.pwd !== pwd) {
+  if (user.pwd !== pwd)
     ctx.throw(400, 'Wrong password')
-  }
+  if (user.privilege === privilege.Banned)
+    ctx.throw(403, 'Account banned')
 
   ctx.session.profile = only(user, 'uid nick privilege pwd')
   ctx.session.profile.verifyContest = []

diff --git a/test/controllers/session.test.js b/test/controllers/session.test.js
@@ -1,11 +1,23 @@
 const test = require('ava')
 const supertest = require('supertest')
 const app = require('../../app')
+const users = require('../seed/users')
 const config = require('../../config')
 
 const server = app.listen()
 const request = supertest.agent(server)
 
+test('Bannded user login', async (t) => {
+  const res = await request
+    .post('/api/session')
+    .send({
+      uid: users.data.banned.uid,
+      pwd: users.data.banned.pwd,
+    })
+
+  t.is(res.status, 403)
+})
+
 test.before(async (t) => {
   const res = await request
     .post('/api/session')

diff --git a/test/seed/users.js b/test/seed/users.js
@@ -18,7 +18,7 @@ const users = {
       nick: 'user',
       pwd: 'testtest',
     },
-    "hulllinda": { uid: "hulllinda", nick: "HULLLINDA", pwd: ")zD1d_mh)7" },
+    "banned": { uid: "banned", pwd: ")zD1d_mh)7", privilege: config.privilege.Banned },
     "kevin63": { uid: "kevin63", pwd: "^I^+6XYfGV" },
     "ugordon": { uid: "ugordon", nick: "UGORDON", pwd: "BwcTvXC%&8" },
     "hallpatrick": { uid: "hallpatrick", nick: "HALLPATRICK", pwd: "(7#gZxV)5+" },

diff --git a/utils/middlewares.js b/utils/middlewares.js
@@ -1,5 +1,6 @@
 const { RateLimit } = require('koa2-ratelimit')
 const { isAdmin, isRoot } = require('./helper')
+const { privilege } = require('../config')
 const User = require('../models/User')
 
 const login = async (ctx, next) => {
@@ -8,7 +9,10 @@ const login = async (ctx, next) => {
     ctx.throw(401, 'Login required')
   }
   const user = await User.findOne({ uid: ctx.session.profile.uid }).exec()
-  if (user == null || user.pwd !== ctx.session.profile.pwd) {
+  if (user == null ||
+    user.pwd !== ctx.session.profile.pwd ||
+    user.privilege == privilege.Banned
+  ) {
     delete ctx.session.profile
     ctx.throw(401, 'Login required')
   }