Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
ic-ctbu-backend
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
ic-ctbu-backend
/
apis
/
User
/
Admin
/
SetUserBan.js

SetUserBan.js 2.7 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. const API = require("../../../lib/API")
    2. 

  2. const db = require("../../../plugin/DataBase/db")
    3. 

  3. const AccessControl = require("../../../lib/AccessControl")
    4. 

  4. const { BaseStdResponse } = require("../../../BaseStdResponse")
    5. 

  5. 

  6. class SetUserBan extends API {
    7. 

  7.     constructor() {
    8. 

  8.         super()
    9. 

  9.         this.setPath("/Admin/User/SetUserBan")
    10. 

  10.         this.setMethod("POST")
    11. 

  11.     }
    12. 

  12. 

  13.     async onRequest(req, res) {
    14. 

  14.         let { uuid, session, userid, is_banned } = req.body
    15. 

  15.         const flag = Number(is_banned)
    16. 

  16. 

  17.         if ([uuid, session, userid].some(value => value === "" || value === null || value === undefined))
    18. 

  18.             return res.json({ ...BaseStdResponse.MISSING_PARAMETER })
    19. 

  19. 

  20.         if (![0, 1].includes(flag))
    21. 

  21.             return res.json({ ...BaseStdResponse.ERR, msg: "参数错误" })
    22. 

  22. 

  23.         if (!await AccessControl.checkSession(uuid, session))
    24. 

  24.             return res.status(401).json({ ...BaseStdResponse.ACCESS_DENIED })
    25. 

  25. 

  26.         if (!await AccessControl.canAccess(uuid, ['action.user.ban']))
    27. 

  27.             return res.json({ ...BaseStdResponse.PERMISSION_DENIED })
    28. 

  28. 

  29.         if (userid === uuid)
    30. 

  30.             return res.json({ ...BaseStdResponse.ERR, msg: "不能封禁自己的账号" })
    31. 

  31. 

  32.         const targetRows = await db.query(
    33. 

  33.             "SELECT permission FROM users WHERE uuid = ? LIMIT 1",
    34. 

  34.             [userid]
    35. 

  35.         )
    36. 

  36.         if (!targetRows || targetRows.length === 0)
    37. 

  37.             return res.json({ ...BaseStdResponse.MISSING_FILE, msg: "未找到用户" })
    38. 

  38. 

  39.         const targetPermission = targetRows[0].permission || []
    40. 

  40.         if (targetPermission.includes("admin") || targetPermission.includes("service"))
    41. 

  41.             return res.json({ ...BaseStdResponse.ERR, msg: "不能封禁管理员或客服账号" })
    42. 

  42. 

  43.         const conn = await db.connect()
    44. 

  44.         try {
    45. 

  45.             const [r] = await conn.execute(
    46. 

  46.                 "UPDATE users SET is_banned = ? WHERE uuid = ?",
    47. 

  47.                 [flag, userid]
    48. 

  48.             )
    49. 

  49.             if (!r || r.affectedRows !== 1)
    50. 

  50.                 return res.json({ ...BaseStdResponse.MISSING_FILE, msg: "未找到用户或更新失败" })
    51. 

  51. 

  52.             if (flag === 1)
    53. 

  53.                 await AccessControl.invalidateSession(userid)
    54. 

  54. 

  55.             return res.json({
    56. 

  56.                 ...BaseStdResponse.OK,
    57. 

  57.                 msg: flag === 1 ? "已封禁该用户" : "已解除封禁"
    58. 

  58.             })
    59. 

  59.         } catch (err) {
    60. 

  60.             this.logger.error(`设置用户封禁状态失败: ${err.message || err}`)
    61. 

  61.             return res.json({ ...BaseStdResponse.ERR, msg: "操作失败,请稍后再试" })
    62. 

  62.         } finally {
    63. 

  63.             if (conn?.connection && typeof conn.connection.release === "function" && typeof conn?.release === "function") {
    64. 

  64.                 conn.release()
    65. 

  65.             }
    66. 

  66.         }
    67. 

  67.     }
    68. 

  68. }
    69. 

  69. 

  70. module.exports.SetUserBan = SetUserBan
    71.