2026-04-14 17:41:39 +02:00

293 lines
11 KiB
JavaScript

/**
* @param {string} key
* @param {boolean} FullAccess
* @param {string} RoleName
* @returns {string}
*/
app.use("/CreateNewRole.lvorex", express.json())
app.post("/CreateNewRole.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 3)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
let result = await query(`
insert into \`madmin_permissions\` (
\`name\`,
${postBody.FullAccess ? '\`pattern\`,' : ''}
\`createdBy\`
) values (
'${postBody.RoleName.replaceAll("'", "\\'")}',
${postBody.FullAccess ? '\'{"FullPermission": true,"Dashboard":[true,true,true,true,true,true],"Players":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true],"Accounts":[true,true,true],"LiveMap":[true,true],"Vehicles":[true,true,true,true,true,true],"Items":[true,true],"Jobs":[true,true,true,true,true],"Factions":[true,true,true,true,true],"Logs":[true],"LiveConsole":[true],"Resources":[true,true],"Admins":[true,true,true],"Management":[true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true,true]}\',' : ''}
'${userKey.userName.replaceAll("'", "\\'")}'
)
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: `${postBody.RoleName} successfully created.` })
})
/**
* @param {string} key
* @param {JSON} AcceptedRequest
* @returns {string}
*/
app.use("/AcceptRegisterRequest.lvorex", express.json())
app.post("/AcceptRegisterRequest.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 2)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
const { AcceptedRequest } = postBody
let result = await query(`
insert into \`madmin_accounts\` (
\`username\`,
${AcceptedRequest.password ? '\`password\`,' : ''}
\`discord\`,
\`avatar\`,
\`rank\`,
\`ip\`,
\`accountType\`,
${AcceptedRequest.discord_token ? '\`discord_token\`,' : ''}
\`darkMode\`,
\`discord_avatar\`
) values (
'${AcceptedRequest.username.replaceAll("'", "\\'")}',
${AcceptedRequest.password ? "'"+sha1(AcceptedRequest.password)+"'," : ''}
'${AcceptedRequest.discord ? AcceptedRequest.discord : ''}',
'${AcceptedRequest.avatar}',
'${AcceptedRequest.rank.replaceAll("'", "\\'")}',
'${sha1(AcceptedRequest.ip)}',
'${AcceptedRequest.accountType}',
${AcceptedRequest.discord_token ? "'"+AcceptedRequest.discord_token+"'," : ''}
'${AcceptedRequest.darkMode}',
'${AcceptedRequest.discord_avatar}'
)
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
result = await query(`
update \`madmin_registers\`
set \`request\` = 0
where \`username\` = '${AcceptedRequest.username.replaceAll("'", "\\'")}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "Request successfully accepted." })
})
/**
* @param {string} key
* @param {string} DeniedName
* @returns {string}
*/
app.use("/DenyRegisterRequest.lvorex", express.json())
app.post("/DenyRegisterRequest.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 2)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
const { DeniedName } = postBody
let result = await query(`
update \`madmin_registers\`
set \`request\` = -1
where \`username\` = '${DeniedName.replaceAll("'", "\\'")}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "Request successfully denied." })
})
/**
* @param {string} key
* @param {JSON} ExpectedRole
* @returns {string}
*/
app.use("/DeleteRole.lvorex", express.json())
app.post("/DeleteRole.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 4)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
const { ExpectedRole } = postBody
let result = await query(`
delete from \`madmin_permissions\`
where \`name\` = '${ExpectedRole.name}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
result = await query(`
update \`madmin_accounts\`
set \`rank\` = 'Not Authorized'
where \`rank\` = '${ExpectedRole.name.replaceAll("'", "\\'")}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: `${ExpectedRole.name} Successfully deleted.` })
})
/**
* @param {string} key
* @param {JSON} NewPatternDraft
* @param {JSON} ChangedCategories
* @param {string} RoleName
* @returns {string}
*/
app.use("/UpdateRole.lvorex", express.json())
app.post("/UpdateRole.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const { NewPatternDraft, RoleName } = postBody
const CategoryToPerm = {
"Dashboard": 7,
"Players": 8,
"Accounts": 9,
"LiveMap": 10,
"Vehicles": 11,
"Items": 12,
"Jobs": 13,
"Factions": 14,
"Logs": 15,
"LiveConsole": 16,
"Resources": 17,
"Admins": 18,
"Management": 19
}
const RoleChangedCategories = {
"Dashboard": false,
"Players": false,
"Accounts": false,
"LiveMap": false,
"Vehicles": false,
"Items": false,
"Jobs": false,
"Factions": false,
"Logs": false,
"LiveConsole": false,
"Resources": false,
"Admins": false,
"Management": false
}
const NewPattern = {
FullPermission: false
}
Object.entries(NewPatternDraft).forEach(([k,v]) => {
NewPattern[k] = []
v.forEach(vv => {
NewPattern[k].push(vv.checkmark)
})
})
let falseFound = false
Object.entries(NewPattern).forEach(([k,v]) => {
if (k === "FullPermission") return
v.forEach(vv => {
if (vv === false) return falseFound = true
})
})
if (falseFound === false) {
NewPattern.FullPermission = true
}
const CurrentPermissions = await getAllPermissions(RoleName)
if (!CurrentPermissions) return res.json({ code: 404, message: "An error appeared. Control the console." })
Object.entries(NewPattern).forEach(([k,v]) => {
if (k === "FullPermission") return
if (JSON.stringify(NewPattern[k]) !== JSON.stringify(CurrentPermissions[k])) {
RoleChangedCategories[k] = true
}
})
for await (const [category, value] of Object.entries(RoleChangedCategories)) {
if (value === true) {
const PermissionCheck = await checkPermission(userKey.rank, "Management", CategoryToPerm[category])
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
} else continue
}
let result = await query(`
update \`madmin_permissions\`
set \`pattern\` = '${JSON.stringify(NewPattern)}'
where \`name\` = '${RoleName}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: "Role successfully updated." })
})
/**
* @param {string} key
* @param {string} ExpectedUser
* @returns {string}
*/
app.use("/TakeRoleFromUser.lvorex", express.json())
app.post("/TakeRoleFromUser.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 6)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
const { ExpectedUser } = postBody
let result = await query(`
update \`madmin_accounts\`
set \`rank\` = 'Not Authorized'
where \`username\` = '${ExpectedUser.replaceAll("'", "\\'")}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: `Role successfully taken.` })
})
/**
* @param {string} key
* @param {string} User
* @param {string} RoleName
* @returns {string}
*/
app.use("/SetRoleToUser.lvorex", express.json())
app.post("/SetRoleToUser.lvorex", async (req, res) => {
const postBody = req.body
const { keyFound, userKey } = await controlKey(req, postBody.key)
if (keyFound === false) return res.json({ code: 404, message: "Not authorized." })
const PermissionCheck = await checkPermission(userKey.rank, "Management", 5)
if (!PermissionCheck) return res.json({ code: 401, message: "Your rank is not enough." })
const { User, RoleName } = postBody
let result = await query(`
update \`madmin_accounts\`
set \`rank\` = '${RoleName.replaceAll("'", "\\'")}'
where \`username\` = '${User.replaceAll("'", "\\'")}'
`)
if (result === false) return res.json({ code: 404, message: "SQL Error Appeared." })
res.json({ code: 200, message: `${RoleName} successfully setted to ${User}.` })
})