From 69d81ec836bbfc2693bf5bae797f0f9f344234fd Mon Sep 17 00:00:00 2001
From: knotteye <knotteye@airmail.cc>
Date: Sun, 10 Jan 2021 12:31:11 -0600
Subject: [PATCH] Switch to using MySQL instead of bans.db

---
 src/http.ts | 41 +++++++++++++++++++++++------------------
 1 file changed, 23 insertions(+), 18 deletions(-)

diff --git a/src/http.ts b/src/http.ts
index a331a9a..3bc1753 100644
--- a/src/http.ts
+++ b/src/http.ts
@@ -17,7 +17,6 @@ const app = express();
 const server = http.createServer(app);
 const io = socketio(server);
 const store = dirty();
-var banlist;
 var jwkey;
 try{
 	jwkey = JWK.asKey(readFileSync('./config/jwt.pem'));
@@ -77,7 +76,7 @@ async function init(){
 		else res.status(404).render('404.njk', njkconf);
 		//res.status(404).render('404.njk', njkconf);
 	});
-	banlist = new dirty('./config/bans.db').on('load', () => {initChat()});
+	await initChat();
 	server.listen(config['http']['port']);
 }
 
@@ -591,9 +590,10 @@ async function initChat() {
 		socket.on('JOINROOM', async (data) => {
 			let t: any = await db.query('select username from users where username='+db.raw.escape(data));
 			if(t[0]){
-				if(banlist.get(data) && banlist.get(data)[socket['handshake']['address']]){
-					if(Math.floor(banlist.get(data)[socket['handshake']['address']]['time'] + (banlist.get(data)[socket['handshake']['address']]['length'] * 60)) < Math.floor(Date.now() / 1000)){
-						banlist.set(data, Object.assign({}, banlist.get(data), {[socket['handshake']['address']]: null}));
+				let b = await db.query('select * from ch_bans where target='+db.raw.escape(socket['handshake']['address'])+' and channel='+db.raw.escape(data));
+				if(b[0]){
+					if(Math.floor(b[0].time + (b[0].length * 60)) < Math.floor(Date.now() / 1000)){
+						await db.query('delete from ch_bans where target='+db.raw.escape(b[0].target)+'and channel='+db.raw.escape(b[0].channel)+' and time='+db.raw.escape(b[0].time)+' and length='+db.raw.escape(b[0].length));
 					}
 					else {
 						socket.emit('ALERT', 'You are banned from that room');
@@ -682,23 +682,27 @@ async function initChat() {
 			}
 			else socket.emit('ALERT', 'Not authorized to do that.');
 		});
-		socket.on('BAN', (data: Object) => {
+		socket.on('BAN', async (data: Object) => {
 			if(socket.nick === data['room']){
 				let id: string = store.get(data['nick']);
 				if(id){
 					if(Array.isArray(id)) {
 						for(let i=0;i<id.length;i++){
 							let target = io.sockets.connected[id[i]];
-							if(typeof(data['time']) === 'number' && (data['time'] !== 0 && data['time'] !== NaN)) banlist.set(data['room'], Object.assign({}, banlist.get(data['room']), {[target.ip]: {time: Math.floor(Date.now() / 1000), length: data['time']}}));
-							else banlist.set(data['room'], Object.assign({}, banlist.get(data['room']), {[target.ip]: {time: Math.floor(Date.now() / 1000), length: 30}}));
+							if(typeof(data['time']) === 'number' && (data['time'] !== 0 && data['time'] !== NaN))
+								await db.query('insert into ch_bans (channel, target, time, length) VALUES ('+db.raw.escape(data['room'])+', '+db.raw.escape(target.ip)+', '+db.raw.escape(Math.floor(Date.now() / 1000))+', '+db.raw.escape(data['time'])+')');
+							else
+								await db.query('insert into ch_bans (channel, target, time, length) VALUES ('+db.raw.escape(data['room'])+', '+db.raw.escape(target.ip)+', '+db.raw.escape(Math.floor(Date.now() / 1000))+', '+db.raw.escape(30)+')');
 							target.leave(data['room']);
 						}
 						io.to(data['room']).emit('ALERT', data['nick']+' was banned.');
 						return;
 					}
 					let target = io.sockets.connected[id];
-					if(typeof(data['time']) === 'number' && (data['time'] !== 0 && data['time'] !== NaN)) banlist.set(data['room'], Object.assign({}, banlist.get(data['room']), {[target.ip]: {time: Math.floor(Date.now() / 1000), length: data['time']}}));
-					else banlist.set(data['room'], Object.assign({}, banlist.get(data['room']), {[target.ip]: {time: Math.floor(Date.now() / 1000), length: 30}}));
+					if(typeof(data['time']) === 'number' && (data['time'] !== 0 && data['time'] !== NaN))
+						await db.query('insert into ch_bans (channel, target, time, length) VALUES ('+db.raw.escape(data['room'])+', '+db.raw.escape(target.ip)+', '+db.raw.escape(Math.floor(Date.now() / 1000))+', '+db.raw.escape(data['time'])+')');
+					else
+						await db.query('insert into ch_bans (channel, target, time, length) VALUES ('+db.raw.escape(data['room'])+', '+db.raw.escape(target.ip)+', '+db.raw.escape(Math.floor(Date.now() / 1000))+', '+db.raw.escape(30)+')');
 					target.leave(data['room']);
 					io.to(data['room']).emit('ALERT', target.nick+' was banned.');
 				}
@@ -706,10 +710,11 @@ async function initChat() {
 			}
 			else socket.emit('ALERT', 'Not authorized to do that.');
 		});
-		socket.on('UNBAN', (data: Object) => {
+		socket.on('UNBAN', async (data: Object) => {
 			if(socket.nick === data['room']){
-				if(banlist.get(data['room']) && banlist.get(data['room'])[data['ip']]){
-					banlist.set(data['room'], Object.assign({}, banlist.get(data['room']), {[data['ip']]: null}));
+				let b = await db.query('select * from ch_bans where channel='+db.raw.escape(data['room'])+' and target='+db.raw.escape(data['ip']));
+				if(b[0]){
+					await db.query('delete from ch_bans where channel='+db.raw.escape(data['room'])+' and target='+db.raw.escape(data['ip']));
 					socket.emit('ALERT', data['ip']+' was unbanned.');
 				}
 				else
@@ -717,13 +722,13 @@ async function initChat() {
 			}
 			else socket.emit('ALERT', 'Not authorized to do that.');
 		});
-		socket.on('LISTBAN', (data: Object) => {
+		socket.on('LISTBAN', async (data: Object) => {
 			if(socket.nick === data['room']){
-				if(banlist.get(data['room'])) {
-					let bans = Object.keys(banlist.get(data['room']));
+				let b = await db.query('select target from ch_bans where channel='+db.raw.escape(data['room']));
+				if(b[0]) {
 					let str = '';
-					for(let i=0;i<bans.length;i++){
-						str += bans[i]+', ';
+					for(let i=0;i<b.length;i++){
+						str += b[i].target+', ';
 					}
 					socket.emit('ALERT', 'Banned IP adresses: '+str.substring(0, str.length - 2));
 					return;