From 1a56fb73b761e974ffd5a523185232386e7f4569 Mon Sep 17 00:00:00 2001 From: luoingly Date: Sun, 26 Jan 2025 15:45:14 +0800 Subject: [PATCH] feat: add banned user privilege and enforce restrictions net-escape/putong-oj#12 --- config/index.js | 1 + controllers/session.js | 9 +++++---- test/controllers/session.test.js | 12 ++++++++++++ test/seed/users.js | 2 +- utils/middlewares.js | 6 +++++- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/config/index.js b/config/index.js index 93ca243..0ac4cb2 100644 --- a/config/index.js +++ b/config/index.js @@ -7,6 +7,7 @@ const config = { secretKey: String(process.env.secretKey), privilege: { + Banned: 0, PrimaryUser: 1, Teacher: 2, Root: 3, diff --git a/controllers/session.js b/controllers/session.js index 2c2afe4..8e39bd2 100644 --- a/controllers/session.js +++ b/controllers/session.js @@ -1,6 +1,7 @@ const only = require('only') const User = require('../models/User') const { generatePwd } = require('../utils/helper') +const { privilege } = require('../config') // 登录 const login = async (ctx) => { @@ -11,12 +12,12 @@ const login = async (ctx) => { .findOne({ uid }) .exec() - if (user == null) { + if (user == null) ctx.throw(400, 'No such a user') - } - if (user.pwd !== pwd) { + if (user.pwd !== pwd) ctx.throw(400, 'Wrong password') - } + if (user.privilege === privilege.Banned) + ctx.throw(403, 'Account banned') ctx.session.profile = only(user, 'uid nick privilege pwd') ctx.session.profile.verifyContest = [] diff --git a/test/controllers/session.test.js b/test/controllers/session.test.js index ca0fefc..4ef0534 100644 --- a/test/controllers/session.test.js +++ b/test/controllers/session.test.js @@ -1,11 +1,23 @@ const test = require('ava') const supertest = require('supertest') const app = require('../../app') +const users = require('../seed/users') const config = require('../../config') const server = app.listen() const request = supertest.agent(server) +test('Bannded user login', async (t) => { + const res = await request + .post('/api/session') + .send({ + uid: users.data.banned.uid, + pwd: users.data.banned.pwd, + }) + + t.is(res.status, 403) +}) + test.before(async (t) => { const res = await request .post('/api/session') diff --git a/test/seed/users.js b/test/seed/users.js index 2ea2003..8048c96 100644 --- a/test/seed/users.js +++ b/test/seed/users.js @@ -18,7 +18,7 @@ const users = { nick: 'user', pwd: 'testtest', }, - "hulllinda": { uid: "hulllinda", nick: "HULLLINDA", pwd: ")zD1d_mh)7" }, + "banned": { uid: "banned", pwd: ")zD1d_mh)7", privilege: config.privilege.Banned }, "kevin63": { uid: "kevin63", pwd: "^I^+6XYfGV" }, "ugordon": { uid: "ugordon", nick: "UGORDON", pwd: "BwcTvXC%&8" }, "hallpatrick": { uid: "hallpatrick", nick: "HALLPATRICK", pwd: "(7#gZxV)5+" }, diff --git a/utils/middlewares.js b/utils/middlewares.js index 50521ca..5fc2888 100644 --- a/utils/middlewares.js +++ b/utils/middlewares.js @@ -1,5 +1,6 @@ const { RateLimit } = require('koa2-ratelimit') const { isAdmin, isRoot } = require('./helper') +const { privilege } = require('../config') const User = require('../models/User') const login = async (ctx, next) => { @@ -8,7 +9,10 @@ const login = async (ctx, next) => { ctx.throw(401, 'Login required') } const user = await User.findOne({ uid: ctx.session.profile.uid }).exec() - if (user == null || user.pwd !== ctx.session.profile.pwd) { + if (user == null || + user.pwd !== ctx.session.profile.pwd || + user.privilege == privilege.Banned + ) { delete ctx.session.profile ctx.throw(401, 'Login required') }