summary refs log tree commit diff
path: root/api/src/routes
diff options
context:
space:
mode:
authorunknownPerson115 <69736850+unknownPerson115@users.noreply.github.com>2021-12-27 14:16:07 -0600
committerErkin Alp Güney <erkinalp9035@gmail.com>2021-12-29 17:42:26 +0300
commitd842950b809f80d7cfd365022973da8fb285a06b (patch)
treee176f1b89cc9b7fccdfa2e8edefcc678d0382b3f /api/src/routes
parentMerge pull request #553 from TheArcaneBrony/master (diff)
downloadserver-d842950b809f80d7cfd365022973da8fb285a06b.tar.xz
Updated stop.ts
updated stop.ts so it checks for user rights instead of the SYSTEM flag which can possibly cause some unnecessary complications when it comes to instance management

*also has been tested with multiple tokens to be sure that this does NOT permit normal users to POST to the /stop API route
**NOTE**: instance owners will have to re-run `npm run setup` for these changes to take effect
Diffstat (limited to 'api/src/routes')
-rw-r--r--api/src/routes/stop.ts13
1 files changed, 7 insertions, 6 deletions
diff --git a/api/src/routes/stop.ts b/api/src/routes/stop.ts
index c6a3de50..a9024350 100644
--- a/api/src/routes/stop.ts
+++ b/api/src/routes/stop.ts
@@ -5,21 +5,22 @@ import { User } from "@fosscord/util";
 const router: Router = Router();
 
 router.post("/", route({}), async (req: Request, res: Response) => {
-	//TODO: have an "OPERATOR" platform permission implemented for this API route
-	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["flags"] });
-	if(user.flags == '4096') {
+	//EXPERIMENTAL: have an "OPERATOR" platform permission implemented for this API route
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["rights"] });
+	if(user.rights == '1') {
 		console.log("user that POSTed to the API was ALLOWED");
-		console.log(user.flags);
+		console.log(user.rights);
 		res.sendStatus(200)
 		process.kill(process.pid, 'SIGTERM')
 	}
 	else {
 		console.log("operation failed");
-		console.log(user.flags);
+		console.log(user.rights);
 		res.sendStatus(403)
 	}
 });
 
 export default router;
 
-//THIS API CAN ONLY BE USED BY USERS WITH THE 'SYSTEM' FLAG ONLY IF ANY OTHER FLAGS ARE ADDED THE REQUEST WILL RETURN 403 'FORBIDDEN'
+//THIS API CAN ONLY BE USED BY USERS WITH THE 'OPERATOR' RIGHT (which is the value of 1) ONLY IF ANY OTHER RIGHTS ARE ADDED OR IF THE USER DOESNT HAVE PERMISSION,
+//THE REQUEST WILL RETURN 403 'FORBIDDEN'