From 923ecc2bf30f5ff3e0881df8dd0c2b8c609787e8 Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Fri, 3 May 2013 21:52:14 +0400
Subject: [PATCH] Add API endpoints for global ban management

---
 api.js      | 63 +++++++++++++++++++++++++++++++++++++++++++++++++-
 database.js | 66 ++++++++++++++++++++++++++++++++++++++---------------
 2 files changed, 110 insertions(+), 19 deletions(-)

diff --git a/api.js b/api.js
index 226c2e68..78223eeb 100644
--- a/api.js
+++ b/api.js
@@ -13,12 +13,15 @@ var Auth = require("./auth.js");
 var Server = require("./server.js");
 var Logger = require("./logger.js");
 var apilog = new Logger.Logger("api.log");
+var Database = require("./database.js");
 
 var jsonHandlers = {
     "channeldata": handleChannelData,
     "listloaded" : handleChannelList,
     "login"      : handleLogin,
-    "register"   : handleRegister
+    "register"   : handleRegister,
+    "globalbans" : handleGlobalBans,
+    "admreports" : handleAdmReports
 };
 
 function handle(path, req, res) {
@@ -212,3 +215,61 @@ function handleRegister(params, req, res) {
         }
     }
 }
+
+function handleGlobalBans(params, req, res) {
+    var name = params.name || "";
+    var pw = params.pw || "";
+    var session = params.session || "";
+    var row = Auth.login(name, pw, session);
+    if(!row || row.global_rank < 255) {
+        res.send(403);
+        return;
+    }
+
+    var action = params.action || "list";
+    if(action == "list") {
+        var gbans = Database.refreshGlobalBans();
+        sendJSON(res, gbans);
+    }
+    else if(action == "add") {
+        var ip = params.ip || "";
+        var reason = params.reason || "";
+        if(!ip.match(/\d+\.\d+\.(\d+\.(\d+)?)?/)) {
+            sendJSON(res, {
+                error: "Invalid IP address"
+            });
+            return;
+        }
+        var result = Database.addGlobalBan(ip, reason);
+        sendJSON(res, {
+            success: result,
+            ip: ip,
+            reason: reason
+        });
+    }
+    else if(action == "remove") {
+        var ip = params.ip || "";
+        if(!ip.match(/\d+\.\d+\.(\d+\.(\d+)?)?/)) {
+            sendJSON(res, {
+                error: "Invalid IP address"
+            });
+            return;
+        }
+        var result = Database.liftGlobalBan(ip);
+        sendJSON(res, {
+            success: result,
+            ip: ip,
+        });
+    }
+    else {
+        sendJSON(res,  {
+            error: "Invalid action: " + action
+        });
+    }
+}
+
+function handleAdmReports(params, req, res) {
+    sendJSON(res, {
+        error: "Not implemented"
+    });
+}
diff --git a/database.js b/database.js
index 9a8f9e75..682969e6 100644
--- a/database.js
+++ b/database.js
@@ -95,24 +95,7 @@ var gbans = {};
 exports.checkGlobalBan = function(ip) {
     // Check database at most once per 5 minutes
     if(new Date().getTime() > gbanTime + 300000) {
-        var db = exports.getConnection();
-        if(!db) {
-            return false;
-        }
-        // Check if channel exists
-        var query = "SELECT * FROM global_bans WHERE 1";
-        var results = db.querySync(query);
-        if(!results) {
-            Logger.errlog.log("loadGlobalBans: query failed");
-            return false;
-        }
-        var rows = results.fetchAllSync();
-        gbans = {};
-        for(var i = 0; i < rows.length; i++) {
-            gbans[rows[i].ip] = true;
-        }
-        db.closeSync();
-        gbanTime = new Date().getTime();
+        exports.refreshGlobalBans();
     }
     var parts = ip.split(".");
     var slash16 = parts[0] + "." + parts[1];
@@ -120,6 +103,53 @@ exports.checkGlobalBan = function(ip) {
     return (ip in gbans || slash16 in gbans || slash24 in gbans);
 }
 
+exports.refreshGlobalBans = function() {
+    var db = exports.getConnection();
+    if(!db) {
+        return false;
+    }
+    // Check if channel exists
+    var query = "SELECT * FROM global_bans WHERE 1";
+    var results = db.querySync(query);
+    if(!results) {
+        Logger.errlog.log("loadGlobalBans: query failed");
+        return false;
+    }
+    var rows = results.fetchAllSync();
+    gbans = {};
+    for(var i = 0; i < rows.length; i++) {
+        gbans[rows[i].ip] = rows[i].note;
+    }
+    db.closeSync();
+    gbanTime = new Date().getTime();
+    return gbans;
+}
+
+exports.addGlobalBan = function(ip, reason) {
+    var db = exports.getConnection();
+    if(!db) {
+        return false;
+    }
+    var query = "INSERT INTO global_bans VALUES ('{1}', '{2}')"
+        .replace("{1}", sqlEscape(ip))
+        .replace("{2}", sqlEscape(reason));
+    var result = db.querySync(query);
+    db.closeSync();
+    return result;
+}
+
+exports.liftGlobalBan = function(ip) {
+    var db = exports.getConnection();
+    if(!db) {
+        return false;
+    }
+    var query = "DELETE FROM global_bans WHERE ip='{}'"
+        .replace("{}", sqlEscape(ip))
+    var result = db.querySync(query);
+    db.closeSync();
+    return result;
+}
+
 exports.loadChannel = function(chan) {
     var db = exports.getConnection();
     if(!db) {