/** * @param {string} key * @param {boolean} FullAccess * @param {string} RoleName * @returns {string} */ app.use("/CreateNewRole.lvorex", express.json()) app.post("/CreateNewRole.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 3) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) let result = await query(` insert into \`madmin_permissions\` ( \`name\`, ${postBody.FullAccess ? '\`pattern\`,' : ''} \`createdBy\` ) values ( '${postBody.RoleName.replaceAll("'", "\\'")}', ${postBody.FullAccess ? '\'{"FullPermission": true,"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}\',' : ''} '${userKey.userName.replaceAll("'", "\\'")}' ) `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: `${postBody.RoleName} successfully created.` }) }) /** * @param {string} key * @param {JSON} AcceptedRequest * @returns {string} */ app.use("/AcceptRegisterRequest.lvorex", express.json()) app.post("/AcceptRegisterRequest.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 2) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) const { AcceptedRequest } = postBody let result = await query(` insert into \`madmin_accounts\` ( \`username\`, ${AcceptedRequest.password ? '\`password\`,' : ''} \`discord\`, \`avatar\`, \`rank\`, \`ip\`, \`accountType\`, ${AcceptedRequest.discord_token ? '\`discord_token\`,' : ''} \`darkMode\`, \`discord_avatar\` ) values ( '${AcceptedRequest.username.replaceAll("'", "\\'")}', ${AcceptedRequest.password ? "'"+sha1(AcceptedRequest.password)+"'," : ''} '${AcceptedRequest.discord ? AcceptedRequest.discord : ''}', '${AcceptedRequest.avatar}', '${AcceptedRequest.rank.replaceAll("'", "\\'")}', '${sha1(AcceptedRequest.ip)}', '${AcceptedRequest.accountType}', ${AcceptedRequest.discord_token ? "'"+AcceptedRequest.discord_token+"'," : ''} '${AcceptedRequest.darkMode}', '${AcceptedRequest.discord_avatar}' ) `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) result = await query(` update \`madmin_registers\` set \`request\` = 0 where \`username\` = '${AcceptedRequest.username.replaceAll("'", "\\'")}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "Request successfully accepted." }) }) /** * @param {string} key * @param {string} DeniedName * @returns {string} */ app.use("/DenyRegisterRequest.lvorex", express.json()) app.post("/DenyRegisterRequest.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 2) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) const { DeniedName } = postBody let result = await query(` update \`madmin_registers\` set \`request\` = -1 where \`username\` = '${DeniedName.replaceAll("'", "\\'")}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "Request successfully denied." }) }) /** * @param {string} key * @param {JSON} ExpectedRole * @returns {string} */ app.use("/DeleteRole.lvorex", express.json()) app.post("/DeleteRole.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 4) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) const { ExpectedRole } = postBody let result = await query(` delete from \`madmin_permissions\` where \`name\` = '${ExpectedRole.name}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) result = await query(` update \`madmin_accounts\` set \`rank\` = 'Not Authorized' where \`rank\` = '${ExpectedRole.name.replaceAll("'", "\\'")}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: `${ExpectedRole.name} Successfully deleted.` }) }) /** * @param {string} key * @param {JSON} NewPatternDraft * @param {JSON} ChangedCategories * @param {string} RoleName * @returns {string} */ app.use("/UpdateRole.lvorex", express.json()) app.post("/UpdateRole.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const { NewPatternDraft, RoleName } = postBody const CategoryToPerm = { "Dashboard": 7, "Players": 8, "Accounts": 9, "LiveMap": 10, "Vehicles": 11, "Items": 12, "Jobs": 13, "Factions": 14, "Logs": 15, "LiveConsole": 16, "Resources": 17, "Admins": 18, "Management": 19 } const RoleChangedCategories = { "Dashboard": false, "Players": false, "Accounts": false, "LiveMap": false, "Vehicles": false, "Items": false, "Jobs": false, "Factions": false, "Logs": false, "LiveConsole": false, "Resources": false, "Admins": false, "Management": false } const NewPattern = { FullPermission: false } Object.entries(NewPatternDraft).forEach(([k,v]) => { NewPattern[k] = [] v.forEach(vv => { NewPattern[k].push(vv.checkmark) }) }) let falseFound = false Object.entries(NewPattern).forEach(([k,v]) => { if (k === "FullPermission") return v.forEach(vv => { if (vv === false) return falseFound = true }) }) if (falseFound === false) { NewPattern.FullPermission = true } const CurrentPermissions = await getAllPermissions(RoleName) if (!CurrentPermissions) return res.json({ code: 404, message: "An error appeared. Control the console." }) Object.entries(NewPattern).forEach(([k,v]) => { if (k === "FullPermission") return if (JSON.stringify(NewPattern[k]) !== JSON.stringify(CurrentPermissions[k])) { RoleChangedCategories[k] = true } }) for await (const [category, value] of Object.entries(RoleChangedCategories)) { if (value === true) { const PermissionCheck = await checkPermission(userKey.rank, "Management", CategoryToPerm[category]) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) } else continue } let result = await query(` update \`madmin_permissions\` set \`pattern\` = '${JSON.stringify(NewPattern)}' where \`name\` = '${RoleName}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: "Role successfully updated." }) }) /** * @param {string} key * @param {string} ExpectedUser * @returns {string} */ app.use("/TakeRoleFromUser.lvorex", express.json()) app.post("/TakeRoleFromUser.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 6) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) const { ExpectedUser } = postBody let result = await query(` update \`madmin_accounts\` set \`rank\` = 'Not Authorized' where \`username\` = '${ExpectedUser.replaceAll("'", "\\'")}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: `Role successfully taken.` }) }) /** * @param {string} key * @param {string} User * @param {string} RoleName * @returns {string} */ app.use("/SetRoleToUser.lvorex", express.json()) app.post("/SetRoleToUser.lvorex", async (req, res) => { const postBody = req.body const { keyFound, userKey } = await controlKey(req, postBody.key) if (keyFound === false) return res.json({ code: 404, message: "Not authorized." }) const PermissionCheck = await checkPermission(userKey.rank, "Management", 5) if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." }) const { User, RoleName } = postBody let result = await query(` update \`madmin_accounts\` set \`rank\` = '${RoleName.replaceAll("'", "\\'")}' where \`username\` = '${User.replaceAll("'", "\\'")}' `) if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." }) res.json({ code: 200, message: `${RoleName} successfully setted to ${User}.` }) })